>>The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This, we know this had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized protection. As a result moved away from things like perimeter based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerges a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies. >>And more specifically, CIOs quickly realized that their business resilient strategies were too narrowly DR focused that their DR approach was not cost efficient and needed to be modernized. And that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello, and welcome to Why Ransomware isn't your Only Problem, a service of the Cube made possible by dva. And in collaboration with idc. I'm your host, Dave Ante, and today we're present a three part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face. In today's new world, IDC Research Vice President Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. >>After that, we're gonna hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection. Generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field, from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at dva, Steven Manly and Anja Serenas. Steven is a 10 time cubo and Chief technology officer at dva. And Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how DVA is closing the gaps presented in the IDC survey through their product innovation. Or right now I'm gonna toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. >>Bill Goodwin joins me next, the VP of research at idc. We're gonna be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on the cube. >>Hey, Lisa, it's great to be here with you. >>So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >>You know, you, you really hit the, the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that that ransomware that has everybody's attention, and it has the attention not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also is accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022, but within idc we've been doing a lot of research around what are those impacts going to be. And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be, have the scale, upper scale, down on demand nature of cloud. So those are in a nutshell, kind of the three things that people are looking at. >>You mentioned ransomware, it's a topic we've been talking about a lot. It's a household word these days. It's now Phil, no longer if we're gonna get attacked. It's when it's how often it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? >>Well, what, what some of the research that we did is we found that about 77% of organizations have digital resilience as a, as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more, more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping keeping them awake at night. Quite honestly, if you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a, a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data >>And digital resilience, data resilience as every company these days has to be a data company to be competitive, digital resilience, data resilience. Are you using those terms interchangeably or data resilience to find as something a little bit different? >>Well, sometimes yeah, that we do get caught using them when, when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself and the context of of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You, you really, you can't have it resilience about data resilience. So that, that's where we're coming from on it >>Inextricably linked and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >>Well, one of the biggest is what, what you mentioned at the, at the top of the segment. And, and that is the, the area of ransomware, the research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it, that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to, to defend against these ransoms. The other thing about it is it's really a lot like whackamole. You know, they attack us in one area and and, and we defend against it. They, so they attack us in another area and we defend against it. >>And in fact, I had a, an individual come up to me at a show not long ago and said, You know, one of these days we're gonna get pretty well defended against ransomware and it's gonna go away. And I responded, I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't gonna just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that here is here for the long term and something that we, we have to address and have to get proactive about. >>You mentioned some stats there and, and recently IDC and DVA did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let, let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concern concerning ransomware. >>Yeah, this, this was a worldwide study. It was sponsored by DVA and conducted by IDC as an independent study. And what we did, we surveyed 500 is a little over 500 different individuals across the globe in North America select countries in in western Europe, as well as several in, in Asia Pacific. And we did it across industries with our 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of of infrastructure, you know, managers of data centers, things like that. And the, and the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they, when they get attacked. Some of the, some of the statistics that we learned from this, Lisa, include 83% of organizations believe or tell, told us that they have a, a playbook that, that they have for ransomware. >>I think 93% said that they have a high degree or a high or very high degree of confidence in their recovery tools and, and are fully automated. And yet when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't, aren't necessarily to be trusted. And, and so the software that they provide sometimes is, is fully recovered. Sometimes it's not. So you look at that and you go, Wow. On, on the one hand, people think they're really, really prepared, and on the other hand, the results are, are absolutely horrible. >>You know, two thirds of people having, having to pay their ransom. So you start to ask yourself, well, well, what is, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. Everybody has a plan until they get punched in the mouth. And I think that's kind of what happens with ransomware. You, you think you know what you're, you're doing, you think you're ready based on the information you have. And these people are smart people and, and they're professionals, but oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason, a lot of these have been successful. So that was kind of the key finding to me in kind of the aha moment really in this whole thing. Lisa, >>That's a massive disconnect with the vast majority saying we have a cyber recovery playbook, yet nearly half being the victims of ransomware in the last three years, and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience data resilience as it's, as we said, this is a matter of this is gonna happen just a matter of when and how often >>It it is a matter, Yeah, as you said, it's not if when or, or how often. It's really how badly. So I think what organizations are really do doing now is starting to turn more to cloud-based services. You know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of, of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to, to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of, of scanning, in terms of analysis and so forth. So they're, they're turning to professionals in the cloud much more in order to get that breadth of experience and, and to take advantage of cloud based services that are out there. >>Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why are is IDC seeing this big shift to cloud where, where data resilience is concerned? >>Well, the first and foremost is the economics of it. You know, you can, you can have on demand resources. And in the old days when we had disaster recoveries where there we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If your financial services, it might even be triple, the infrastructure is very complicated, very difficult by going to the cloud. Organizations can subscribe to disaster recovery as a service. It increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that that organizations think they're ready, but then all of a sudden they get hit and all of a sudden they have to engage with outside consultants or they have to bring in other experts and that, and that extends the time to recover that they have and it also complicates it. >>So if they have those resources in place, then they can simply turn them on, engage them, and get that recover going as quickly as possible. >>So what do you think the big issue here is, is it that these, these I p T practitioners over 500 that you surveyed across 20 industries is a global survey? Do they not know what they don't know? What's the the overlying issue here? >>Yeah, I think that's right. It's, you don't know what you don't know and until you get into a specific attack, you know, there, there are so many different ways that, that organizations can be attacked. And in fact, from this research that we found is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the, the issue is, once I have your data, what are you gonna do? I mean, there's no amount of recovery that is gonna help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and, and taking their chances. So best practice things like encryption, immutability, you know, things like that that organizations can put into place. Certainly air gaps. Having a, a solid backup foundation to, to where data is you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >>Given some of the, the, the disconnect that you articulated, the, the stats that show so many think we are prepared, we've got a playbook, yet so many are being, are being attacked. The vulnerabilities and the, and the, as the, the landscape threat landscape just gets more and more amorphous. Why, what do you recommend organizations? Do you talk to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry, we are vulnerable, this is gonna happen, we've gotta make sure that we are truly resilient and proactive? >>Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the, the, the consequences of ransom where it's not just the ransom, it's the loss productivity, it's, it's the loss of, of revenue. It's, it's the loss of, of customer faith and, and, and goodwill and organizations that have been attacked have, have suffered those consequences. And, and many of them are permanent. So people at the board level where it's, whether it's the ceo, the cfo, the cio, the c cso, you know, whoever it is, they're extremely concerned about these. And I can tell you they are fully engaged in addressing these issues within their organization. >>So all the way at the top critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, It's a big business business, it's very profitable. But what is IDCs prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they're, they really actually have i i functioning playbook? >>I i, I don't know if we'll ever get to the point where the CCC C suite is not involved. It's probably very important to have that, that level of executive sponsorship. But, but what we are seeing is, in fact, we predicted by 20 25, 50 5% of organizations we'll have shifted to a cloud centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and, and at the edge, and that's really where the growth is. So being able to take that cloud centric model and take advantage of, of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily and, and to be able to take that cloud centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >>Got it. We're just cracking the surface here. Phil, I wish we had more time, but I had a chance to read the Juba sponsored IDC White paper. Fascinating finds. I encourage all of you to download that, Take a read, you're gonna learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining >>Me. No problem. Thank you, Lisa. >>In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin and you are watching the Cube, the leader in live tech coverage. >>We live in a world of infinite data, sprawling, dispersed valuable, but also vulnerable. So how do organizations achieve data resiliency when faced with ever expanding workloads, increasing security threats and intensified regulations? Unfortunately, the answer often boils down to what flavor of complexity do you like best? The common patchwork approaches are expensive, convoluted, and difficult to manage. There's multiple software and hardware vendors to worry about different deployments for workloads running on premises or in the cloud. And an inconsistent security framework resulting in enterprises maintaining four of five copies of the same data, increasing costs and risk building to an incoherent mess of complications. Now imagine a world free from these complexities. Welcome to the dr. A data resiliency cloud where full data protection and beautiful simplicity converge. No hardware, no upgrades, no management, just total data resili. With just a few clicks, you can get started integrating all of your data resiliency workflows in minutes. >>Through a true cloud experience built on Amazon web services, the DR A platform automates and manages critical daily tasks giving you time to focus on your business. In other words, get simplicity, scalability, and security instantly with the dr A data resiliency cloud, your data isn't just backed up, it's ready to be used 24 7 to meet compliance needs and to extract critical insights. You can archive data for long term retention, be protected against device failure and natural disasters, and recover from ransomware lightning fast. DVA is trusted with billions of backups annually by thousands of enterprises, including more than 60 of the Fortune 500 costing up to 50% less in the convoluted hardware, software, and appliance solutions. As data grows and becomes more critical to your business advantage, a data resiliency plan is vital, but it shouldn't be complicated. Dr. A makes it simple. >>Welcome back everyone to the cube and the drew of a special presentation of why ransomware isn't your only problem. I'm John Furrier, host of the Cube. We're here with w Curtis Preston. Curtis Preston, he known in the industry Chief Technical Evangelist at Druva. Curtis, great to see you. We're here at why ransomware isn't your only problem. Great to see you. Thanks for coming on. >>Happy to be here. >>So we always see each other events now events are back. So it's great to have you here for this special presentation. The white paper from IDC really talks about this in detail. I to get your thoughts and I'd like you to reflect on the analysis that we've been covering here and the survey data, how it lines up with the real world that you're seeing out there. >>Yeah, I think it's the, the survey results really, I'd like to say, I'd like to say that they surprised me, but unfortunately they didn't. The, the, the, the data protection world has been this way for a while where there's this, this difference in belief or difference between the belief and the reality. And what we see is that there are a number of organizations that have been hit successfully, hit by ransomware, paid the ransom and, and, and or lost data. And yet the same people that were surveyed, they had to high degrees of confidence in their backup system. And I, you know, I, I could, I could probably go on for an hour as to the various reasons why that would be the case, but I, I think that this long running problem that as long as I've been associated with backups, which you know, has been a while, it's that problem of, you know, nobody wants to be the backup person. And, and people often just, they, they, they don't wanna have anything to do with the backup system. And so it sort of exists in this vacuum. And so then management is like, oh, the backup system's great, because the backup person often, you know, might say that it's great because maybe it's their job to say so. But the reality has always been very, very different. >>It's funny, you know, we're good boss, we got this covered. Good, >>It's all good, it's all good, >>You know, and the fingers crossed, right? So again, this is the reality and, and, and as it becomes backup and recovery, which we've talked about many times on the cube, certainly we have with you before, but now with ransomware also, the other thing is people get ransomware hit multiple times. So it's not, not only like they get hit once, so, you know, this is a constant chasing the tail on some ends, but there are some tools out there, You guys have a solution. And so let's get into that. You know, you have had hands on backup experience. What are the points that surprised you the most about what's going on in this world and the realities of how people should be going forward? What's your take? >>Well, I would say that the, the, the one part in the survey that surprised me the most was people that had a huge, you know, that there, there was a huge percentage of people that said that they had a, a, a, you know, a a a ransomware response, you know, in readiness program. And you look at that and you, how could you be, you know, that high percentage of people be comfortable with their ransomware readiness program and a, you know, which includes a number of things, right? There's the cyber attack aspect of responding to a ransomware attack, and then there's the recovery aspect. And so your, you believe that your company was ready for that, and then you go, and I, I think it was 67% of the people in the survey paid the ransom, which as, as a person who, you know, has spent my entire career trying to help people successfully recover their data, that number I think just hurt me the most is that because you, you talked about re infections, the surest way to guarantee that you get rein attacked and reinfected is to pay the ransom. This goes back all the way ransom since the beginning of time, right? Everyone knows if you pay the blackmail, all you're telling people is that you pay blackmail and >>You're in business, you're a good customer arr for ransomware. >>Yeah. So the, the fact that, you know, 60 what two thirds of the people that were attacked by ransomware paid the ransom. That one statistic just, just hurt my heart. >>Yeah. And I think this is the reality. I mean, we go back and even the psychology of the practitioners was, you know, it's super important to get back in recovery and that's been around for a long time, but now that's an attack vector, okay? And there's dollars involved, like I said, the arr joking, but there's recurring revenue for the, for the bad guys if they know you're paying up and if you're stupid enough not to change, you're tooling, right? So, so again, it works both ways. So I gotta ask you, why do you think so many are unable to successfully respond after an attack? Is it because they know it's coming? I mean, I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding and successfully to this? >>I I think it's a, it's a litany of thing starting with the, that aspect that I mentioned before, that nobody wants to have anything to do with the backup system, right? So nobody wants to be the one to raise their hand because if, if you're the one that raises their hand, you know what, that's a good idea, Curtis, why don't you look into that? Right. Nobody, nobody wants to be, Where's >>That guy now? He doesn't work here anymore. Yeah, but I I I hear where you come from exactly. Psychology. >>Yeah. So there, there's that. But then the second is that because of that, no one's looking at the fact that backups are the attack vector. They, they, they become the attack vector. And so because they're the attack vector, they have to be protected as much, if not more than the rest of the environment. The rest of the environment can live off of active directory and, you know, and things like Okta, so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate for from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment. Why? Because if you, if that production environment is compromised now knowing that the attacks or that the backup systems are a significant portion of the attack vector, then you've, if, if the production system is compromised, then the backup system is compromised. So you've got to segregate all of that. And I, and I just don't think that people are thinking about that. Yeah. You know, and they're using the same backup techniques that they've used for many, many years. >>So what you're saying is that the attack vectors and the attackers are getting smarter. They're saying, Hey, we'll just take out the backup first so they can backup. So we got the ransomware it >>Makes Yeah, exactly. The the largest ransomware group out there, the KTI ransomware group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored, and they are exfiltrating the backups first and then deleting them and then letting you know you have ransom. >>Okay, so you guys have a lot of customers, they all kind of have the same this problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? >>Well, again, you, you've got to fully segregate that data. There are, and, and everything about how that data is stored and everything about how that data's created and accessed. There are ways to do that with other, you know, with other commercial products, you can take a, a, a standard product and put a number of layers of defense on top of it, or you can switch to the, the way Druva does things, which is a SAS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account. And the, the, it's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically what you get by default with the, the way juva stores your backups is the best you can get after doing many, many layers of defense on the other side and having to do all that work with us. You just log in and you get all of that. >>I guess how do, how do you break the laws of physics? I guess that's the question here. >>Well, when, because that's the other thing is that by storing the data in the cloud, we, we do, and I've said this a few times, that you get to break the laws of physics and the, the only way to do that is to, is time travel and what, that's what it, so yeah, so Druva has time travel. What, and this is a criticism by the way. I don't think this is our official position, but Yeah. But the, the idea is that the only way to restore data as fast as possible is to restore it before you actually need it. And that's what kind of what I mean by time travel in that you basically, you configure your dr your disaster recovery environment in, in DVA one time. And then we are pre restoring your data as often as you tell us to do, to bring your DR environment up to the, you know, the, the current environment as quickly as we can so that in a disaster recovery scenario, which is part of your ransomware response, right? Again, there are many different parts, but when you get to actually restoring the data, you should be able to just push a button and go the, the data should already be restored. And that's the, i that's the way that you break the laws of physics is you break the laws of time. >>Well, I, everyone wants to know the next question, and this is the real big question, is, are you from the future? >>Yeah. Very much the future. >>What's it like in the future? Backup recovery as a restore, Is it air gaping? Everything? >>Yeah. It, it, it, Well it's a world where people don't have to worry about their backups. I I like to use the phrase, get outta the backup business. Just get into the ReSTOR business. I I, you know, I'm, I'm a grandfather now and I, and I love having a granddaughter and I often make the joke that if I don't, if I'd have known how great grandkids were, I would've skipped straight to them, right? Not possible. Just like this. Recoveries are great. Backups are really hard. So in the future, if you use a SAS data protection system and data resiliency system, you can just do recoveries and not have to worry about >>Backups. Yeah. And what's great about your background is you've got a lot of historical perspective. You've seen that been in the ways of innovation now it's really is about the recovery and real time. So a lot of good stuff going on. And God think automated thingss gotta be rocking and rolling. >>Absolutely. Yeah. I do remember, again, having worked so hard with many clients over the years, back then, we worked so hard just to get the backup done. There was very little time to work on the recovery. And I really, I kid you not that our customers don't have to do all of those things that all of our competitors have to do to, you know, to, to break, to try to break the laws of physics. I've been fighting the laws of physics my entire career to get the backup done in the first place. Then to secure all the data, right to air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible and they get to do a full test by simply pressing a single button. And you know, I, I wish that, I wish everybody had that ability. >>Yeah, I mean, security's a big part of it. Data's in the middle of it all. This is now mainstream front lines. Great stuff Chris, great to have you on, bring that perspective and thanks for the insight. Really >>Appreciate it. Always happy to talk about my favorite subject. >>All right, we'll be back in a moment. We'll have Steven Manley, the cto and on John Shva, the GM and VP of Product Manage will join me. You're watching the cube, the leader in high tech enterprise coverage. >>Ransomware is top of mind for everyone. Attacks are becoming more frequent and more sophisticated. It's a problem you can't solve alone anymore. Ransomware is built to exploit weaknesses in your backup solution, destroying data and your last line of defense. With many vendors, it can take a lot of effort and configuration to ensure your backup environment is secure. Criminals also know that it's easy to fall behind on best practices like vulnerability, scans, patches and updates. In fact, 42% of vulnerabilities are exploited after a patch has been released after an attack. Recovery can be a long and manual process that still may not restore clean or complete data. The good news is that you can keep your data safe and recover faster with the DR A data resiliency cloud on your side. The DR A platform functions completely in the cloud with no hardware, software, operating system, or complex configurations, which means there are none of the weaknesses that ransomware commonly uses to attack backups. >>Our software as a service model delivers 24 7 365 fully managed security operations for your backup environment. We handle all the vulnerability scans, patches and upgrades for you. DVA also makes zero trust security easy with builtin multifactor authentication, single sign-on and role-based access controls in the event of an attack. Druva helps you stop the spread of ransomware and quickly understand what went wrong. With builtin access insights and anomaly detection, then you can use industry first tools and services to automate the recovery of clean unencrypted data from the entire timeframe of the attack. Cyber attacks are a major threat, but you can make protection and recovery easy with dva. >>Welcome back everyone to the Cubes special presentation with DVA on why ransomware isn't your only problem. I'm John er, host of the Cube. Our next guest are Steven Manley, Chief Technology Officer of dva and I, John Trini VAs, who is the general manager and vice president of product management and Druva. Gentleman, you got the keys to the kingdom, the technology, ransomware, data resilience. This is the topic, the IDC white paper that you guys put together with IDC really kind of nails it out. I want to get into it right away. Welcome to this segment. I really appreciate it. Thanks for coming on. >>Great to be here John. >>So what's your thoughts on the survey's conclusion? I've obviously the resilience is huge. Ransomware is continues to thunder away at businesses and causes a lot of problems. Disruption, I mean just it's endless ransomware problems. What's your thoughts on the con conclusion? >>So I'll say the, the thing that pops out to me is, is on the one hand, everybody who sees the survey, who reads, it's gonna say, well that's obvious. Of course ransomware continues to be a problem. Cyber resilience is an issue that's plaguing everybody. But, but I think when you dig deeper and there and there's a lot of subtleties to look into, but, but one of the things that, that I hear on a daily basis from the customers is it's because the problem keeps evolving. It, it's not as if the threat was a static thing to just be solved and you're done because the threat keeps evolving. It remains top of mind for everybody because it's so hard to keep up with with what's happening in terms of the attacks. >>And I think the other important thing to note, John, is that people are grappling with this ransomware attack all of a sudden where they were still grappling with a lot of legacy in their own environment. So they were not prepared for the advanced techniques that these ransomware attackers were bringing to market. It's almost like these ransomware attackers had a huge leg up in terms of technology that they had in their favor while keeping the lights on was keeping it away from all the tooling that needed to do. A lot of people are even still wondering when that happens next time, what do I even do? So clearly not very surprising. Clearly I think it's here to stay and I think as long as people don't retool for a modern era of data management, this is going to stay this >>Way. Yeah, I mean I hear this whole time and our cube conversations with practitioners, you know there, it's kind of like the security pro give me more tools, I'll buy anything that comes in the market. I'm desperate. There's definitely attention but it doesn't seem like people are satisfied with the tooling that they have. Can you guys share kind of your insights into what's going on in the product side? Because you know, people claim that they have tools at fine points of, of recovery opportunities but they can't get there. So it seems to be that there's a confidence problem here in the market. What, how do you guys see that? Cuz I think this is where the rubber meets the road with ransomware cuz it's, it is a moving train, it's always changing but it doesn't seem as confidence. Can you guys talk about that? What's your reaction? >>Yeah, let me jump in first and Steven can add to it. What happens is I think this is a panic buying and they have accumulated this tooling now just because somebody said could solve your problem, but they haven't had a chance to take a re-look from a ground up perspective to see where are the bottlenecks, where are the vulnerabilities and which tooling set needs to lie? Where, where does the logic need to recite and what in Drew we are watching people do and people do it successfully, is that as they have adopted through our technology, which is ground up built for the cloud and really built in a way which is, you know, driven at a data insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really kind of mitigating this ransomware. >>And then there's a whole plethora of ecosystem players that kind of combine to really really finish the story so to say, right? So I think this has been a panic buying situation. This is like, get me any help you can give me. And I think as this settles down and people really understand that longer term as they really build out a true defense mechanism, they need to think really ground up. They will start to really see the value of technologies like Druva and tried to identify the right set of ecosystem to really bring together to solve it meaningfully. >>Steven, >>I was gonna say, I mean one, one of the, one of the really interesting things in the survey for me and, and, and for a moment, little more than a moment, it made me think was that the large number of respondents who said I've got a really efficient well run backup environment, who then on basically the next question said, and I have no confidence that I can recover from a ransomware attack. And you scratch your head and you think, well if your backup environment is so good, why do you have such low confidence? And, and, and I think that's the moment when we, we dug deeper and we realized, you know, if you've got a traditional architecture and let's face the dis base architecture's been around for almost two decades now in terms of dis based backup, you can have that tune to the help that can be running as efficiently, efficiently as you want it, but it was built before the ransomware attacks before, before all these cyber issues, you know, really start hitting companies. And so I have this really well run traditional backup environment that is not at all built for these modern threat vectors. And so that's really why customers are saying I'm doing the best I can, but as Angen pointed out, the architecture, the tooling isn't there to support what, what problems I need to solve today. Yeah, >>Great point. And so yeah, well that's a great point. Before we get into the customer side, I wanna get to in second, you know, I interviewed Jare, the the founder CEO many years ago, even before the pandemic. You mentioned modern, you guys have always had the cloud, which r this is huge. Now that you're past the pandemic, what is that modern cloud edge you guys have? Cuz that's a great point. A lot of stuff was built kind of Beckham recovery bolted on, not really kind of designed into the, the current state of the infrastructure and the cloud native application modern environment we're seeing. Right? Now's a huge issue >>I think. I think it's, it's to me there's, there's three things that come up over and over and over again as, as we talk to people in terms of, you know, being built in cloud, being cloud native, why is an advantage? The first one is, is security and ransomware. And, and, and we can go deeper, but the most obvious one that always comes up is every single backup you do with DVA is air gap offsite managed under a separate administrative domain so that you're not retrofitting any sort of air gap network and buying another appliance or setting up your own cloud environment to manage this. Every backup is ransomware protected, guaranteed. I think the second advantage is the scalability. And you know this, this certainly plays into account as your, your business grows or in some cases as you shrink or repurpose workloads, you're only paying for what you use. >>But it also plays a a big role again when you start thinking of ransomware recoveries because we can scale your recovery in cloud on premises as much or as little as you want. And then I think the third one is we're seeing a basically things evolving new workloads, data sprawl, new threat vectors. And one of the nice parts of being a SA service in the cloud is you're able to roll out new functionality every two weeks and there's no upgrade cycle, there's no waiting, you know, the customer doesn't have to say, Wow, I need it six months in the lab before I upgrade it and it's an 18 month, 24 month cycle before the functionality releases. You're getting it every two weeks and it's backed by Druva to make sure it works. >>That says on John, you know, you got the, the product side, you know, it's challenging job cuz you have so many customers asking for things probably on the roadmap you probably go hour for that one. But I wanna get your thoughts on what you're hearing and seeing from customers. You know, we just reviewed the IDC with Phil. How are you guys responding to your customer's needs? Because it seems that it's highly accelerated on the, probably on the feature request, but also structurally as as ransomware continues to evolve. What are you hearing, what's the key customer need? How are you guys responding? >>Yeah, actually I have two things that I hear very clearly when I talk to customers. One, I think after listening to their security problems and their vulnerability challenges because we see customers and help customers who are getting challenge by ransomware on a weekly basis. And what I find that this problem is not just a technology problem, it's an operating model problem. So in order to really secure themselves, they need a security operating model and a lot of them haven't figured out that security operating model in totality. Now where we come in as rua is that we are providing them the cloud operating model and a data protection operating model combined with a data insights operating model which all fit into their overall security operating model that they are really owning and they need to manage and operate because this is just not about a piece of technology. >>On top of that, I think our customers are getting challenged by all the same challenges of not just spending time on keeping the lights on but innovating faster with faster, with less. And that has been this age old problem, do more with less. But in this, in this whole, they're like trying to innovate in the middle of the war so to say, right, the war is happening, they're getting attacked, but there's also net new shadow IT challenges that's forcing them to make sure that they can manage all the new applications that are getting developed in the cloud. There is thousands of SaaS applications that they're consuming not knowing which data is critical to their success and which ones to protect and govern and secure. So all of these things are coming at them at a hundred miles per hour while they're just, you know, trying to live one day at a time. >>And unless they really develop this overall security operating model helped by cloud native technologies like Druva that really providing them a true cloud native model of really giving like a touchless and an invisible protection infrastructure. Not just beyond backups, beyond just the data protection that we all know of into this kind of this mindset of kind of being able to look at where each of those functionalities need to lie. That's where I think they're grappling with now. Drew is clearly helping them with keep up to pace with the public cloud innovations that they need to do and how to protect data. We just launched our EC two offering to protect EC two virtual machines back in aws and we are gonna be continuing to evolve that to further many services that public cloud software cuz our customers are really kind of consuming them at breakneck speed. >>So the new workloads, the new security capabilities. Love that. Good, good call out there. Steven, this still the issue of the disruption side of it, you guys have a guarantee there's a cost of ownership as you get more tools. Can you talk about that angle of it? Because this is, you got new workloads, you got the new security needs, what's the disruption impact? Cause you know, you won't avoid that. How much is it gonna cost you? And you guys have this guarantee, can you explain that? >>Yeah, absolutely. So, so Dr launched our 10 million data resiliency guarantee. And, and for us, you know, there were, there were really two key parts to this. The first obviously is 10 million means that, you know, again we're, we're we're willing to put our money where our mouth is and, and that's a big deal, right? That that, that we're willing to back this with the guarantee. But then the second part, and, and, and this is the part that I think reflects that, that sort of model that Angen was talking about, we, we sort of look at this and we say the goal of DVA is to do the job of protecting and securing your data for you so that you as a customer don't have to do it anymore. And so the guarantee actually protects you against multiple types of risks all with SLAs. So everything from, you know, your data's gonna be recoverable in the case of a ransomware attack. >>Okay, that's good. Of course for it to be recoverable, we're also guaranteeing, you know, your backup, your backup success rate. We're also guaranteeing the availability of the service. You know, we're, we're guaranteeing that the data that we're storing for you can't be compromised or leaked externally and you know, we're guaranteeing the long term durability of the data so that if you back up with us today and you need to recover 30 years from now, that data's gonna be recovered. So we wanted to really attack the end to end, you know, risks that, that, that affect our customers. Cybersecurity is a big deal, but it is not the only problem out there and the only way for this to work is to have a service that can provide you SLAs across all of the risks because that means, again, as a SAS vendor, we're doing the job for you so you're buying results as opposed to technology. >>That's great. Great point. Ransomware isn't the only problem that's the title of this presentation, but is a big one. People concerned about it. So great stuff. In the last five minutes guys, if you don't mind, I'd love to have you share what's on the horizon for dva. You mentioned the new workloads on John, you mentioned this new security hearing shift left DevOps is now the developer model, they're running it get data and security teams now stepping in and trying to be as vo high velocity as possible for the developers and enterprises. What's on the horizon, Ava? What trends is the company watching and how are you guys putting that together to stay ahead in the marketplace and the competition? >>Yeah, I think listening to our customers, what we realize is they need help with the public cloud. Number one. I think that's a big wave of consumption. People are consolidating their data centers, moving to the public cloud. They need help in expanding data protection, which becomes the basis of a lot of the security operating model that I talked about. They need that first from before they can start to get into much more advanced level of insights and analytics on that data to protect themselves and secure themselves and do interesting things with that data. So we are expanding our coverage on multiple fronts there. The second key thing is to really bring together a very insightful presentation layer, which I think is very unique to thwa because only we can look at multiple tenants, multiple customers because we are a SAS vendor and look at insights and give them best practices and guidances and analytics that nobody else can give. >>There's no silo anymore because we are able to take a good big vision view and now help our customers with insights that otherwise that information map is completely missing. So we are able to guide them down a path where they can optimize which workloads need, what kind of protection, and then how to secure them. So that is the second level of insights and analytics that we are building. And there's a whole plethora of security offerings that we are gonna build all the way from a feature level where we have things like recycle bin that's already available to our customers today to prevent any anomalous behavior and attacks that would delete their backups and then they still have a way to recover from it, but also things to curate and get back to that point in time where it is safe to recover and help them with a sandbox which they can recover confidently knowing it's not going to jeopardize them again and reinfect the whole environment again. So there's a whole bunch of things coming, but the key themes are public cloud, data insights and security and that's where my focus is to go and get those features delivered and Steven can add a few more things around services that Steven is looking to build in launch. >>Sure. So, so yeah, so, so John, I think one of the other areas that we see just an enormous groundswell of interest. So, so public cloud is important, but there are more and more organizations that are running hundreds if not thousands of SaaS applications and a lot of those SaaS applications have data. So there's the obvious things like Microsoft 365 Google workspace, but we're also seeing a lot of interest in protecting Salesforce because if you think about it, you know, if you, if if someone you know deletes some really important records in Salesforce, that's, that's actually actually kind of the record of your business. And so, you know, we're looking at more and more SaaS application protection and, and really getting deep in that application awareness. It's not just about backup and recovery. When you look at something like, like a sales force or something like Microsoft 365, you do wanna look into sandboxing, you wanna, you wanna look into long term archival because again, this is the new record of the business, what used to be in your on premises databases that all lives in cloud and SaaS applications now. >>So that's a really big area of investment for us. The second one, just to echo what, what engine said is, you know, one of the great things of being a SaaS provider is I have metadata that spans across thousands of customers and tens of billions of backups a year. And I'm tracking all sorts of interesting information that is going to enable us to do things like make backups more autonomous so that customers, again, I want to do the job for them, will do all the tuning, we'll do all the management for them to be able to better detect ransomware attacks, better respond to ransomware attacks because we're seeing across the globe. And then of course being able to give them more insight into what's happening in their data environment so they can get a better security posture before any attack happens. Because let's face it, if you can set your, your data up more cleanly, you're gonna be a lot less worried and a lot less exposed from that attack happens. So we want to be able to again, cover those SaaS applications in addition to the public cloud. And then we want to be able to use our metadata and use our analytics and use this massive pipeline. We've got to deliver value to our customers, not just charts and graphs, but actual services that enable them to focus their attention on other parts of the business. >>That's great stuff. Run John. >>And remember John, I think all this while keeping things really easy to consume consumer grade UI APIs and the, the really, the power of SaaS as a service simplicity to kind of continue on amongst kind of keeping these complex technologies together. >>Aj, that's a great call out. I was gonna mention ease of use is and self-service, big part of the developer and IT experience expected, it's the table stakes, love the analytic angle. I think that brings the scale to the table and faster time to value to get to learn best practices. But the end of the day automation, cross cloud protection and security to protect and recover. This is huge and this is big part of not only just protecting against ransomware and other things, but really being fast and being agile. So really appreciate the insights. Thanks for sharing on this segment, really under the hood and really kind of the value of of the product. Thanks for coming on. Appreciate it. >>Thank you very much. >>Okay, there it is. You got the experts talking about under the hood, the product, the value, the future of what's going on with Druva and the future of cloud native protecting and recovering. This is what it's all about. It's not just ransomware they have to worry about. In a moment, Dave Ante will give you some closing thoughts on the subject here you're watching the cube, the leader in high tech enterprise coverage. >>As organizations migrate their business processes to multi-cloud environments, they still face numerous threats and risks of data loss. With a growing number of cloud platforms and fragmented applications, it leads to an increase in data silos, sprawl, and management complexity. As workloads become more diverse, it's challenging to effectively manage data growth infrastructure, and resource costs across multiple cloud deployments. Using numerous backup vendor solutions for multiple cloud platforms can lead to management complexity. More importantly, the lack of centralized visibility and control can leave you exposed to security vulnerabilities, including ransomware that can cripple your business. The dr. A Data Resiliency Cloud is the only 100% SAS data resiliency platform that provides centralized, secure air gapped and immutable backup and recovery. With dva, your data is safe with multiple layers of protection and is ready for fast recovery from cyber attack, data corruption, or accidental data loss. Through a simple, easy to manage platform, you can seamlessly protect fragmented, diverse data at scale, across public clouds and your business critical SaaS applications. Druva is the only 100% SAS fender that can manage, govern, and protect data across multiple clouds and business critical SAS applications. It supports not just backup and recovery, but also data resiliency across high value use cases such as e-discovery, sensitive data governance, ransomware, and security. No other vendor can match Druva for customer experience, infinite scale storage optimization, data immutability and ransomware protection. The DVA data resiliency cloud your data always safe, always ready. Visit druva.com today to schedule a free demo. >>One of the big takeaways from today's program is that in the scramble to keep business flowing over the past two plus years, a lot of good technology practices have been put into place, but there's much more work to be done specifically because the frequency of attacks is on the rise and the severity of lost, stolen, or inaccessible data is so much higher. Today, business resilience must be designed into architectures and solutions from the start. It cannot be an afterthought. Well, actually it can be, but you won't be happy with the results. Now, part of the answer is finding the right partners, of course, but it also means taking a systems' view of your business, understanding the vulnerabilities and deploying solutions that can balance cost efficiency with appropriately high levels of protection, flexibility, and speed slash accuracy of recovery. You know, we hope you found today's program useful and informative. Remember, this session is available on demand in both its full format and the individual guest segments. All you gotta do is go to the cube.net and you'll see all the content, or you can go to druva.com. There are tons of resources available, including analyst reports, customer stories. There's this cool TCO calculator. You can find out what pricing looks like and lots more. Thanks for watching why Ransomware isn't your only problem Made possible by dva, a collaboration with IDC and presented by the Cube, your leader in enterprise and emerging tech coverage.

(upbeat music) >> Hey, everyone. Welcome to this CUBE Conversation that's part of the AWS startup showcase Season Two, Episode Four. I'm your host Lisa Martin. Chase Doelling joins me, the principles strategist at JumpCloud. Chase, welcome to theCUBE. It's great to have you. >> Chase: Perfect. Well, thank you so much, Lisa. I really appreciate the opportunity to come and hang out. >> Let's talk about JumpCloud. First of all, love the name. This is an open directory platform. Talk to the audience about what the platform is, obviously, the evolution of the domain controller. But give us that backstory? >> Yeah, absolutely. And so, company was started, and I think, from serial entrepreneurs, and after kind of last exit, taking a look around and saying, "Why is this piece of hardware still the dominant force when you're thinking about identities, especially when the world is moving to cloud, and all the different pieces that have been around it?" And so, over the years, we've evolved JumpCloud into an open directory platform. And what that is, is we're managing your identities, the devices that are associated to that, all the access points that employees need just to get their job done. And the best part is, is we're able to do that no matter where they are within the world. >> It seems like kind of a reinvention of how modern IT teams are getting worked done, especially in these days of remote work. Talk to me a little bit about the last couple of years particularly as remote work exploded, and here we are still probably, permanently, in that situation? >> Yeah, absolutely. And I think it's probably going to be one of those situations where we stick with it for quite a while. We had a very abrupt force in making sure that essentially every IT and security team could grapple with the fact of their users are no longer coming into the office. You know, how do we VPN into all of our different resources? Those are very common and unfortunate pain points that we've had over the last couple years. And so, now, people have starting to kind of get into the motion of it, working from home, having background and setups and other pieces. But one of the main areas of concern, especially as you're thinking about that, is how does it relate to my security infrastructure, or kind of my approach to my organization. And making sure that too, on the tail end, that a user's access and making sure that they can get into everything that they need to do in order to get work done, is still happening? And so, what we've done, is we've really taken, evolving and really kind of ripping apart this notion of what a directory was. 'Cause originally, it was just like, great, almost like a phone directory. It's where people lived they're going into all those different pieces. But it wasn't set up for the modern world, and kind of how we're approaching it, and how organizations now are started with a credit card and have all of their infrastructure. And essentially, all of their IP, is now hosted somewhere else. And so, we wanted to take a different approach where we're thinking about, not only managing that identity, but taking an open approach. So, matter where the identity's coming from, we can integrate that into the platform but then we're also managing and securing those devices, which is often the most important piece that we have sitting right in front of us in order to get into that. But then, also that final question, of when you're accessing networks applications, can you create the conditions for trust, right? And so, if you're looking at zero trust, or kind of going after different levels of compliance, ISO, SOC2, whatever that might be, making sure that you have all that put in place no matter where your employees are. So, in that way, as we kind of moved into this remote, now hybrid world, it wasn't the office as the gating point anymore, right? So, key cards, as much as we love 'em, final part, whereas the new perimeter, the kind of the new barrier for organizations especially how they're thinking about security, is the people's identities behind that. And so, that's the approach that we really wanted to take as we continue to evolve and really open up what a directory platform can do. >> Yeah. Zero trust security, remote work. Two things that have exploded in the last couple of years. But as employees, we expected to be able to still have the access that we needed to apps, to the network, to WiFi, et cetera. And, of course, on the security side, we saw massive changes in the threat landscape that really, obviously, security elevates to a board level conversation. So, I imagine zero trust security, remote work, probably compliance, you mentioned SOC2, are some of the the key use cases that you're helping organizations with? >> Those are a lot of the drivers. And what we do, is we're able to combine a lot of different aspects that you need for each one of those. And so, now you're thinking about essentially, the use case of someone joins an organization, they need access to all these different things. But behind the scenes, it's a combination of identity access management, device management, applications, networks, everything else, and creating those conditions for them to do their roles. But the other piece of that, is you also don't want to be overly cumbersome. I think a lot of us think about security as like great biometrics, so I'm going to add in these keys, I'm going to do everything else to kind of get into these secured resources. But the reality of it now, is those secure resources might be AWS infrastructure. It might be other Salesforce reporting tools. It might be other pieces, or kind of IP within the organization. And those are now your crown jewel. And so, if you're not thinking about the identities behind them and the security that you have in order to facilitate that transaction, it becomes a board level conversation very quickly. But you want to do it in a way that people can move forward with their lives, and they're not spending a ton of time battling the systems and procedures you put in place to protect it, but that it's working together seamlessly. And so, that's where, kind of this notion for us of bringing all these different technologies into one platform. You're able to consolidate a lot of those and remove a lot of the friction while maintaining the visibility, and answering the question, of who has access to what? And when did they do that? Those are the most critical pieces that IT and security teams are asking themselves when something happens. And hopefully, on the preventative side and not so much on the redacted side. >> Have you seen the escalation up the C-Suite change of the board in terms of really focusing on how do we do identity management? How do we do single sign on? How do we do device management and network access? Is that all the way up to the C-Suite board level as well? >> It certainly can be. And we've seen it in a lot of different conversations, because now you are thinking about all different portions of the organization. And then, two, as we're thinking about times we're currently in, there's also a cost associated to that. And so, when you start to consolidate all of those technologies into one area, now it becomes much more of total cost optimization types of story while you're still maintaining a lot of the security and basic blocking and tackling that you need for most organizations. So, everything you just mentioned, those are now table stakes for a lot of small, medium, startups to be at the table. So, how do you have access to enterprise level, essentially technology, without the cost that's associated to it. And that's a lot of the trade offs that organizations are facing and having those types of conversations as it relates to business preparedness and how we're making sure that we are putting our best foot forward, and we're able to be resilient in no matter what type, of either economic or security threat that the organization might be looking at. >> So, let's talk about the go-to market, the strategy from a sales and marketing perspective. Where are the customer conversations happening? Are they at the IT level? Are they higher up the stack? >> It's really at, I'd say the IT level. And so, by that, I mean the builders, the implementers, everyone that's responsible for putting devices in people's hands, and making sure that they can do their job effectively. And so, those are their, I'd say the IT admins the world as well as the managed service providers who support those organizations, making sure that we can enable them to making sure that their organizations or their client organizations have all the tools that their disposable to make sure that they have the security or the policies, and the technology behind them to enable all those different practices. >> Let's unpack the benefits from an IT perspective? Obviously, they're getting one console that they can manage at all. One user identity for email, and devices, and apps, and things. You mentioned regardless of location, but this is also regardless of operating system, correct? >> That's correct. And so, part of taking an open approach, is also the devices that you're running on. And so, we take a cross OS approach. So, Mac, Windows, Linux, iPhone, whatever it might be, we can make sure that, that device is secure. And so, it does a couple different things. So, one, is the employees have device choice, right? So, I'm a Mac person coming in. If forced into a Windows, it'd be an interesting experience. But then, also too, from the back end, now you have essentially one platform to manage your entire fleet. And also give visibility and data behind what's happening behind those. And then, from the end user perspective as well, everything's tied together. And so, instead of having, what we'll call user ID schizophrenia, it might be one employee, but hundreds of different identities and logins just to get their work done. We can now centralize that into one person, making sure you have one password to get into your advice, get into the network, to get into your single sign on. We also have push MFA associated with that. So, you can actually create the conditions for your most secured access, or you understand, say, "Hey, I'm actually in the office. I'm going to be a hybrid employee. Maybe I can actually relax some of those security concerns I might have for people outside of the network." And all we do, is making sure that we give all that optionality to our IT admins, manage service providers of the world to enable that type of work for their employees to happen. >> So, they have the ability to toggle that, is critically important in this day and age of the hybrid work model, that's probably here to stay? >> It is, yeah. And it's something that organizations change, right? Our own organizations, they grow, they change different. New threats might emerge, or same old existing threats continue to come back. And we need to just have better processes and automations put within that. And it's when you start to consolidate all of those technologies, not only are you thinking about the visibility behind that, but then you're automating a lot of those different pieces that are already tightly coupled together. And that actually is truly powerful for a lot of the IT admins of the world, because that's where they spend a lot of time, and they're able to spend more time helping users tackling big projects instead of run rate security, and blocking, and tackling. That should be enabled from the organization from the get go. >> You mentioned automation. And I think that there's got to be a TCO reduction aspect here with respect to security and IT practices. Can you talk about that a little bit? >> Yeah, absolutely. Let's think about the opposite of that. Let's say we have a laundry list of technology that we need to go out and source. One is, great, where the identity is, so we have an identity provider. Now, we need to make sure that we have application access that might look like single sign on. Now, we need to make sure, you are who you are no matter where you are in the world. Well, now we need multifactor authentication and that might involve either a push button, or biometrics. And then, well, great the device's in front of us, that's a huge component, making sure that I can understand, not only who's on the device, but that the device is secure, that there's certificates there, that there's policies that ensure the proper use of that wherever it might be. Especially, if I'm an employee, either, it used to be on the the jet center going between flying anywhere you need. Now, it's kind of cross country, cross domain, all those different areas. And when you start to have that, it really unlocks, essentially IT sprawl. You have a lot of different pieces, a lot of different contracts, trying to figure out one technology works, but the other might not. And you're now you're creating workarounds for all these different pieces. So, the opposite of that, is essentially, let's take all those technologies and consolidate that into one platform. So, not only is it cheaper essentially, looking after that and understanding all the different technologies, but now it's all the other soft costs around it that many people don't think about. It's all the other automations. It's all the workarounds that you didn't have to do in the first place. It's all the other pieces that you'd spend a lot of time trying to wire it together. Into the hopes of that, it creates some security model. But then again, you lose a lot of the visibility. So, you might have an incident happen over here, or a trigger, or alert, but it's not tied to the rest of the stack. And so, now you're spending a lot of time, especially, either trying to understand. And worse timing, is if you have an incident and you're trying to understand what's happening? Unraveling all of that as it happens, becomes impossible, especially if it's not consolidated with one platform. So, there's not only the hard cost aspect of bringing all that together, but also the soft costs of thinking about how your business can perform, or at least optimize for a lot of those different standard processes, including onboarding, offboarding, and everything else in between. >> Yeah. On the soft cost side, I can imagine. I can see huge benefits for HR onboarding, offboarding. I can see benefits for the employee experience period, which directly relates to the customer experience. So, in terms of the business impact that JumpCloud can make, it seems to be pretty horizontal across any type of organization? >> It is, and especially as you mentioned HR. Because when you think about, where does the origin of someone's identity start? Well, typically, it starts with a resume and that might be in applicant tracking software. Now, we're going to get hired, so we're going to move into HR, because, well, everyone likes payroll, and we need that in our lives, right? But now you get into the second phase, of great, now I've joined the organization. Now, I need access to all of these different pieces. But when you look at it, essentially horizontally, from HR, all the way into the employee experience, and their whole life cycle within the organization, now you're touching multiple different teams And that's one of the other, I'd say benefits of that, is now you're actually bringing in HR, and IT, and security, and everyone else that might be related within these kind of larger use cases of making work happen all coming under. And when they're tightly integrated, it's also a lot more secure, right? So, you're not passing notes along. You're not having a checklist of other stuff, especially when it relates to something as important as someone's identity, which is more often than not, the most common attack vector for people to go after. Because they know it's the keys to the kingdom. There's going to be a lot of different attempts, maybe malware and other pieces, but a lot of it comes back into, can I impersonate, or become the person that I want within the organization, because it's the identity allows you to access all those different pieces. And so, if it's coming from a disjointed process or something that's not as tightly as it could be, that's where it really opens up a lot of different vectors that organizations don't think about. >> Right, and those vectors are only growing and multiplying as we know, and here to stay. When you're in customer conversations what do you describe as maybe the top three differentiators of JumpCloud compared to the competition? >> Well, I think a lot of it is we take an open approach. And so, by that, I mean, it's one we're not locking into, I'd say different vendors or other areas. We're really looking into making sure that we can work within your environment as it stands today, or where you want to migrate in the future. And so, this could be a combination of on-prem resources, cloud resources, or nothing if you're starting a company from today. And the second, is again, coming back into how we're looking at devices. So, we take a cross OS approach that way, no matter what you're operating on, it all comes back from the same dashboard. But then, finally, we leverage a ton of different protocols to make sure it works with everything within your current technology stack, as well as it continues to elevate and evolve over time. So, it could be LD app and Radius, and Sam, and skim, and open ID Connect, and open APIs. And whatever that might be, we are able to tie in all those different pieces. So, now, all of a sudden, it's not just one platform, but you have your whole business tied into as that gives you some flexibility too, to evolve. Because even during the pandemic and the shift for remote, there's a lot of technology choices that shifted. A lot of people are like, "Okay, now's the time to go to the cloud." There might be other events that organizations change. There's other things that might happen. So, creating that flexibility for organizations to move and make those calls, is essentially how we're differentiating ourselves. And we're not locking you into this, walled garden of technology that's just our own. We really want to make sure that we can operate, and be that glue, so that way, no matter what you're trying to do and making sure that your work is being done, we can help facilitate that. >> Nice. No matter what happens. Because boy, at this day, anything's possible. One more question for you about your AWS partnership. Talk to me a little bit about that? >> Yeah, absolutely. So, we are preferred ADP identity provider and SSO provider for AWS. And so, now rebranded under their identity center. But it's crucial for a lot of our organizations and joint customers because again, when we think about a lot of organization IP and how they operate as a business, is tied into AWS. And so, really understanding, who has the right level of access? Who should be in there or not? And when too, you should challenge in making sure that actually there's something fishy there. Like let's make sure that they're not just traveling to Europe on a sabbatical, and it's really who they are instead of a threat actor. Those are some of the pieces when we're thinking about creating that authentication, but then also, the right authorization into those AWS resources. And so, that's actually something that we've been very close to, especially, I'd say that the origins of a company. Because a lot of startups, that's where they go. That's where they begin their journey. And so, we meet them where they are, and making sure that we're protecting not only everything else within their organization, but also what they're trying to get into, which is typically AWS >> Meeting customers where they are. It's all about that. Chase, thank you so much for joining me on the program talking about JumpCloud, it's open directory platform. The benefits, the capabilities, what's in it for IT, HR, security, et cetera. We appreciate all of your insights and time. Where do you want to point folks to go to learn more? >> Well, absolutely. Well, thank you so much for having us. And I'd say, if you're curious about any and all these different technologies, the best part is everything I talked about is free up to 10 users, 10 devices. So, just go to jumpcloud.com. You can create an organization, and it's great for startups, people at home. Any size company that you're at, we can help support all of those different facets in bringing in those different types of technologies all into one roof. >> Awesome. Chase, thank you so much. This is awesome, go to jumpcloud.com. For Chase Doelling, I'm Lisa Martin. We want to thank you so much for giving us some of your time and watching this CUBE Conversation. (upbeat music)

(upbeat music) >> Okay, welcome back everyone. CUBE's coverage here in Boston, Massachusetts, AWS re:inforce 22, security conference. It's AWS' big security conference. Of course, theCUBE's here, all the reinvent, reese, remars, reinforced. We cover 'em all now and the summits. I'm John Furrier, my host Dave Vellante. We have IDC weighing in here with their analysts. We've got some great guests here, Jay Bretzmann research VP at IDC and Philip Bues research manager for Cloud security. Gentlemen, thanks for coming on. >> Thank you. >> Appreciate it. Great to be here. >> Appreciate coming. >> Got a full circle, right? (all laughing) Security's more interesting than storage, isn't it? (all laughing) >> Dave and Jay worked together. This is a great segment. I'm psyched that you guys are here. We had Crawford and Matt Eastwood on at HPE Discover a while back and really the data you guys are getting and the insights are fantastic. So congratulations to IDC. You guys doing great work. We appreciate your time. I want to get your reaction to the event and the keynotes. AWS has got some posture and they're very aggressive on some tones. Some things that we didn't hear. What's your reaction to the keynote? Share your assessment. >> So, you know, I manage two different research services at IDC right now. They are both Cloud security and identity and digital security, right? And what was really interesting is the intersection between the two this morning, because every one of those speakers that came on had something to say about identity or least privileged access, or enable MFA, or make sure that you control who gets access to what and deny explicitly. And it's always been a challenge a little bit in the identity world because a lot of people don't use MFA. And in RSA, that was another big theme at the RSA conference, MFA everywhere. Why don't they use it? Because it introduces friction and all of a sudden people can't get their jobs done. And the whole point of a network is letting people on to get that data they want to get to. So that was kind of interesting, but as we have in the industry, this shared responsibility model for Cloud computing, we've got shared responsibility for between Philip and I. (Philip laughing) I have done in the past more security of the Cloud and Philip is more security in the Cloud. >> So yeah. >> And now with Cloud operation Super Cloud, as we call it, you have on premises, private Cloud coming back, or hasn't really gone anywhere, all that on premises, Cloud operations, public Cloud, and now edge exploding with new requirements. It's really an ops challenge right now. Not so much dev. So the sec and op side is hot right now. >> Yeah, well, we've made this move from monolithic to microservices based applications. And so during the keynote this morning, the announcement around the GuardDuty Malware Protection component, and that being built into the pricing of current GuardDuty, I thought was really key. And there was also a lot of talk about partnering in security certifications, which is also so very important. So we're seeing this move towards filling in that talent gap, which I think we're all aware of in the security industry. >> So Jake, square the circle for me. So Kirk Coofell talked about Amazon AWS identity, where does AWS leave off, and companies like Okta or Ping identity or Cybertruck pickup, how are they working together? Does it just create more confusion and more tools for customers? We know the overused word of seamless. >> Yeah, yeah. >> It's never seamless, so how should we think about that? >> So, identity has been around for 35 years or something like that. Started with the mainframes and all that. And if you understand the history of it, you make more sense to the current market. You have to know where people came from and the baggage they're carrying, 'cause they're still carrying a lot of that baggage. Now, when it comes to the Cloud Service providers, they're more an accommodation from the identity standpoint. Let's make it easy inside of AWS to let you single sign on to anything in the Cloud that they have, right? Let's also introduce an additional MFA capability to keep people safer whenever we can and provide people with tools, to get into those applications somewhat easily, while leveraging identities that may live somewhere else. So there's a whole lot of the world that is still active, directory-centric, right? There's another portion of companies that were born in the Cloud that were able to jump on things like Okta and some of the other providers of these universal identities in the Cloud. So, like I said, if you understand where people came from in the beginning, you start to say, "Yeah, this makes sense." >> It's interesting you talk about mainframe. I always think about Rack F, you know. And I say, "Okay, who did what, when, where?" And you hear about a lot of those themes. So what's the best practice for MFA, that's non-SMS-based? Is it you got to wear something around your neck, is it to have sort of a third party authenticator? What are people doing that you guys would recommend? >> Yeah, one quick comment about adoption of MFA. If you ask different suppliers, what percent of your base that does SSO also does MFA, one of the biggest suppliers out there, Microsoft will tell you it's under 25%. That's pretty shocking. All the messaging that's come out about it. So another big player in the market was called Duo, Cisco bought them. >> Yep. >> And because they provide networks, a lot of people buy their MFA. They have probably the most prevalent type of MFA, it's called Push. And Push can be a red X and a green check mark to your phone, it can be a QR code, somewhere, it can be an email push as well. So that is the next easiest thing to adopt after SMS. And as you know, SMS has been denigrated by NIST and others saying, it's susceptible to man and middle attacks. It's built on a telephony protocol called SS7. Predates anything, there's no certification either side. The other real dynamic and identity is the whole adoption of PKI infrastructure. As you know, certificates are used for all kinds of things, network sessions, data encryption, well, identity increasingly. And a lot of the consumers and especially the work from anywhere, people these days have access through smart devices. And what you can do there, is you can have an agent on that smart device, generate your private key and then push out a public key and so the private key never leaves your device. That's one of the most secure ways to- >> So if our SIM card gets hacked, you're not going to be as vulnerable? >> Yeah, well, the SIM card is another challenge associated with the older ways, but yeah. >> So what do you guys think about the open source connection and they mentioned it up top. Don't bolt on security, implying shift left, which is embedding it in like sneak companies, like sneak do that. Very container oriented, a lot of Kubernetes kind of Cloud native services. So I want to get your reaction to that. And then also this reasoning angle they brought up. Kind of a higher level AI reasoning decisions. So open source, and this notion of AI reasoning. or AI reason. >> And you see more open source discussion happening, so you have your building maintaining and vetting of the upstream open source code, which is critical. And so I think AWS talking about that today, they're certainly hitting on a nerve, as you know, open source continues to proliferate. Around the automated reasoning, I think that makes sense. You want to provide guide rails and you want to provide roadmaps and you want to have sort of that guidance as to, okay, what's a correlation analysis of different tools and products? And so I think that's going to go over really well, yeah. >> One of the other key points about open source is, everybody's in a multi-cloud world, right? >> Yeah. >> And so they're worried about vendor lock in. They want an open source code base, so that they don't experience that. >> Yeah, and they can move the code around, and make sure it works well on each system. Dave and I were just talking about some of the dynamics around data control planes. So they mentioned encrypt everything which is great and I message by the way, I love that one. But oh, and he mentioned data at rest. I'm like, "What about data in flight? "Didn't hear that one." So one of the things we're seeing with SuperCloud, and now multi-cloud kind of as destinations of that, is that in digital transformation, customers are leaning into owning their data flows. >> Yeah. >> Independent of say the control plane aspects of what could come in. This is huge implications for security, where sharing data is huge, even Schmidt on stage said, we have billions and billions of things happening that we see things that no one else sees. So that implies, they're sharing- >> Quad trillion. >> Trillion, 15 zeros. (Jay laughs) >> 15 zeros. >> So that implies they're sharing that or using that pushing that into something. So sharing is huge with cyber security. So that implies open data, data flows. How do you guys see this evolving? I know it's kind of emerging, but it's becoming a nuanced point, that's critical to the architecture. >> Well, yeah, I think another way to look at that is the sharing of intelligence and some of the recent directives, from the executive branch, making it easier for private companies to share data and intelligence, which I think strengthens the cyber community overall. >> Depending upon the supplier, it's either an aggregate level of intelligence that has been anonymized or it's specific intelligence for your environment that everybody's got a threat feed, maybe two or three, right? (John laughs) But back to the encryption point, I mean, I was working for an encryption startup for a little while after I left IBM, and the thing is that people are scared of it. They're scared of key management and rotation. And so when you provide- >> Because they might lose the key. >> Exactly. >> Yeah. >> It's like shooting yourself in the foot, right? So that's when you have things like, KMS services from Amazon and stuff that really help out a lot. And help people understand, okay, I'm not alone in this. >> Yeah, crypto owners- >> They call that hybrid, the hybrid key, they don't know how they call the data, they call it the hybrid. What was that? >> Key management service? >> The hybrid- >> Oh, hybrid HSM, correct? >> Yeah, what is that? What is that? I didn't get that. I didn't understand what he meant by the hybrid post quantum key agreement. >> Hybrid post quantum key exchange. >> AWS never made a product name that didn't have four words in it. (John laughs) >> But he did reference the new NIST algos. And I think I inferred that they were quantum proof or they claim to be, and AWS was testing those. >> Correct, yeah. >> So that was kind of interesting, but I want to come back to identity for a second. So, this idea of bringing traditional IAM and Privileged Access Management together, is that a pipe dream, is that something that is actually going to happen? What's the timeframe, what's your take on that? >> So, there are aspects of privilege in every sort of identity. Back when it was only the back office that used computers for calculations, right? Then you were able to control how many people had access. There were two types of users, admins and users. These days, everybody has some aspect of- >> It's a real spectrum, really. >> Yeah. >> Granular. >> You got the C-suite, the finance people, the DevOps people, even partners and whatever. They all need some sort of privileged access, and the term you hear so much is least-privileged access, right? Shut it down, control it. So, in some of my research, I've been saying that vendors who are in the PAM space, Privilege Access Management space, will probably be growing their suites, playing a bigger role, building out a stack, because they have the expertise and the perspective that says, "We should control this better." How do we do that, right? And we've been seeing that recently. >> Is that a combination of old kind of antiquated systems meets for proprietary hyper scale, or kind of like build your own? 'Cause I mean, Amazon, these guys, Facebook, they all build their own stuff. >> Yes, they do. >> Then enterprises buy services from general purpose identity management systems. >> So as we were talking about knowing the past and whatever, Privileged Access Management used to be about compliance reporting. Just making sure that I knew who accessed what? And could prove it, so I didn't fail at all. >> It wasn't a critical infrastructure item. >> No, and now these days, what it's transitioning into, is much more risk management, okay. I know what our risk is, I'm ahead of it. And the other thing in the PAM space, was really session monitor. Everybody wanted to watch every keystroke, every screen's scrape, all that kind of stuff. A lot of the new Privileged Access Management, doesn't really require that. It's a nice to have feature. You kind of need it on the list, but is anybody really going to implement it? That's the question, right. And then if you do all that session monitoring, does anybody ever go back and look at it? There's only so many hours in the day. >> How about passwordless access? (Jay laughs) I've heard people talk about that. I mean, that's as a user, I can't wait but- >> Well, it's somewhere we want to all go. We all want identity security to just disappear and be recognized when we log in. So the thing with passwordless is, there's always a password somewhere. And it's usually part of a registration action. I'm going to register my device with a username password, and then beyond that I can use my biometrics, right? I want to register my device and get a private key, that I can put in my enclave, and I'll use that in the future. Maybe it's got to touch ID, maybe it doesn't, right? So even though there's been a lot of progress made, it's not quote, unquote, truly passwordless. There's a group, industry standards group called Fido. Which is Fast Identity Online. And what they realized was, these whole registration passwords, that's really a single point of failure. 'Cause if I can't recover my device, I'm in trouble. So they just did new extension to sort of what they were doing, which provides you with much more of like an iCloud vault that you can register that device in and other devices associated with that same identity. >> Get you to it if you have to. >> Exactly. >> I'm all over the place here, but I want to ask about ransomware. It may not be your wheelhouse. But back in the day, Jay, remember you used to cover tape. All the backup guys now are talking about ransomware. AWS mentioned it today and they showed a bunch of best practices and things you can do. Air gaps wasn't one of them. I was really surprised 'cause that's all every anybody ever talks about is air gaps and a lot of times that air gap could be a guess to the Cloud, I guess, I'm not sure. What are you guys seeing on ransomware apps? >> We've done a lot of great research around ransomware as a service and ransomware, and we just had some data come out recently, that I think in terms of spending and spend, and as a result of the Ukraine-Russia war, that ransomware assessments rate number one. And so it's something that we encourage, when we talk to vendors and in our services, in our publications that we write about taking advantage of those free strategic ransomware assessments, vulnerability assessments, as well and then security and training ranked very highly as well. So, we want to make sure that all of these areas are being funded well to try and stay ahead of the curve. >> Yeah, I was surprised to not see air gaps on the list, that's all everybody talks about. >> Well, the old model for air gaping in the land days, the novel days, you took your tapes home and put them in the sock drawer. (all laughing) >> Well, it's a form of air gap. (all laughing) >> Security and no one's going to go there and clean out. >> And then the internet came around and ruined it. >> Guys, final question we want to ask you, guys, we kind of zoom out, great commentary by the way. Appreciate it. We've seen this in many markets, a collection of tools emerge and then there's its tool sprawl. So cyber we're seeing the trend now where mon goes up on stage of all the ecosystems, probably other vendors doing the same thing where they're organizing a platform on top of AWS to be this super platform, for super Cloud capability by building a more platform thing. So we're saying there's a platform war going on, 'cause customers don't want the complexity. I got a tool but it's actually making it more complex if I buy the other tool. So the tool sprawl becomes a problem. How do you guys see this? Do you guys see this platform emerging? I mean tools won't go away, but they have to be easier. >> Yeah, we do see a consolidation of functionality and services. And we've been seeing that, I think through a 2020 Cloud security survey that we released that was definitely a trend. And that certainly happened for many companies over the last six to 24 months, I would say. And then platformization absolutely is something we talk and write about all the time so... >> Couple of years ago, I called the Amazon tool set an erector set because it really required assembly. And you see the emphasis on training here too, right? You definitely need to go to AWS University to be competent. >> It wasn't Lego blocks yet. >> No. >> It was erector set. >> Yeah. >> Very good distinction. >> Loose. >> And you lose a few. (chuckles) >> But still too many tools, right? You see, we need more consolidation. It's getting interesting because a lot of these companies have runway and you look at sale point at stock prices held up 'cause of the Thoma Bravo acquisition, but all the rest of the cyber stocks have been crushed especially the high flyers, like a Sentinel-1 one or a CrowdStrike, but just still M and A opportunity. >> So platform wars. Okay, final thoughts. What do you, think is happening next? What's your outlook for the next year or so? >> So, in the identity space, I'll talk about, Philip can cover Cloud for us. It really is more consolidation and more adoption of things that are beyond simple SSO. It was, just getting on the systems and now we really need to control what you're able to get to and who you are. And do it as transparently as we possibly can, because otherwise, people are going to lose productivity. They're not going to be able to get to what they want. And that's what causes the C-suite to say, "Wait a minute," DevOps, they want to update the product every day. Make it better. Can they do that or did security get in the way? People, every once in a while call security, the Department of No, right? >> They ditch it on stage. They want to be the Department of Yes. >> Exactly. >> Yeah. >> And the department that creates additional value. If you look at what's going on with B2C or CIAM, consumer oriented identity, that is all about opening up new direct channels and treating people like their old friends, not like you don't know them, you have to challenge them. >> We always say, you want to be in the boat together, it sinks or not. >> Yeah. Exactly. >> Philip I'm glad- >> Okay, what's your take? What's your outlook for the year? >> Yeah, I think, something that we've been seeing as consolidation and integration, and so companies looking at from built time to run time, investing in shift left infrastructure is code. And then also in the runtime detection, makes perfect sense to have both the agent and agent lists so that you're covering any of the gaps that might exist. >> Awesome, Jay Phillip, thanks for coming on "theCUBE" with IDC and sharing your- >> Oh, our pleasure- >> Perspective, commentary and insights and outlook. Appreciate it. >> You bet. >> Thank you. >> Okay, we've got the great direction here from IDC analyst here on the queue. I'm John Furrier, Dave Vellante. Be back more after this short break. (bright upbeat music)

>>Okay, welcome back everyone. Cube's coverage here in Boston, Massachusetts, AWS reinforced 22, the security conference. It's ADOS big security conference. Of course, the cubes here, all the reinvent res re Mars reinforce. We cover 'em all now and the summits. I'm John. Very my host, Dave ante have IDC weighing in here with their analysis. We've got some great guests here, Jay Brisbane, research VP at IDC and Philip who research managed for cloud security. Gentlemen, thanks for coming on. Thank you. Appreciate it. Great >>To, to be here. I appreciate the got the full >>Circle, right? Just, security's more interesting >>Than storage. Isn't it? >>Dave, Dave and Jay worked together. This is a, a great segment. I'm psyched that you guys are here. We had Crawford and Matt Eastwood on at HPE discover a while back and really the, the, the data you guys are getting and the insights are fantastic. So congratulations to IDC. You guys doing great work. We appreciate your time. I wanna get your reaction to the event and the keynotes. AWS has got some posture and they're very aggressive on some tones. Some things that they didn't, we didn't hear. What's your reaction to the keynote, share your, your assessment. >>So, you know, I managed two different research services at IDC right now. They are both cloud security and identity and, and digital security. Right. And what was really interesting is the intersection between the two this morning, because every one of those speakers that came on had something to say about identity or least privileged access, or, you know, enable MFA, or make sure that you, you know, control who gets access to what and deny explicitly. Right? And it's always been a challenge a little bit in the identity world because a lot of people don't use MFA. And in RSA, that was another big theme at the RSA conference, right? MFA everywhere. Why don't they use it because it introduces friction and all of a sudden people can't get their jobs done. Right. And the whole point of a network is letting people on to get that data they want to get to. So that was kind of interesting, but, you know, as we have in the industry, this shared responsibility model for cloud computing, we've got shared responsibility for between Philip and I, I have done in the ke past more security of the cloud and Philip is more security in the cloud, >>So yeah. And it's, and now with cloud operation, super cloud, as we call it, you have on premises, private cloud coming back, or hasn't really gone anywhere, all that on premises, cloud operations, public cloud, and now edge exploding with new requirements. Yeah. It's really an ops challenge right now. Not so much dev. So the sick and op side is hot right now. >>Yeah. Well, we've made this move from monolithic to microservices based applications. And so during the keynote this morning, the announcement around the guard duty malware protection component, and that being built into the pricing of current guard duty, I thought was, was really key. And there was also a lot of talk about partnering in security certifications. Yeah. Which is also so very important. So we're seeing this move towards filling in that talent gap, which I think we're all aware of in the security industry. >>So Jake square, the circle for me. So Kirk, Coel talked about Amazon AWS identity, where does AWS leave off and, and companies like Okta or ping identity or crock pickup, how are they working together? Does it just create more confusion and more tools for customers? We, we have, we know the over word overused word of seamless. Yeah. Yeah. It's never seamless. So how should we think about that? >>So, you know, identity has been around for 35 years or something like that started with the mainframes and all that. And if you understand the history of it, you make more sense to the current market. You have to know where people came from and the baggage they're carrying, cuz they're still carrying a lot of that baggage. Now, when it comes to the cloud service providers, they're more an accommodation from the identity standpoint, let's make it easy inside of AWS to let you single sign on to anything in the cloud that they have. Right. Let's also introduce an additional MFA capability to keep people safer whenever we can and, you know, provide people the tools to, to get into those applications somewhat easily, right. While leveraging identities that may live somewhere else. So, you know, there's a whole lot of the world that is still active directory centric, right? There's another portion of companies that were born in the cloud that were able to jump on things like Okta and some of the other providers of these universal identities in the cloud. So, you know, like I said, you, if you understand where people came from in the beginning, you start to, to say, yeah, this makes sense. >>It's, it's interesting. You talk about mainframe. I, I always think about rack F you know, and I say, okay, who did what, when, where, yeah. And you hear about a lot of those themes. What, so what's the best practice for MFA? That's, that's non SMS based. Is it, you gotta wear something around your neck, is it to have sort of a third party authenticator? What are people doing that is that, that, that you guys would recommend? >>Yeah. One quick comment about adoption of MFA. You know, if you ask different suppliers, what percent of your base that does SSO also does MFA one of the biggest suppliers out there Microsoft will tell you it's under 25%. That's pretty shocking. Right? All the messaging that's come out about it. So another big player in the market was called duo. Cisco bought them. Yep. Right. And because they provide networks, a lot of people buy their MFA. They have probably the most prevalent type of MFA it's called push. Right. And push can be, you know, a red X and a green check mark to your phone. It can be a QR code, you know, somewhere, it can be an email push as well. So that is the next easiest thing to adopt after SMS. And as you know, SMS has been denigrated by N and others saying, you know, it's susceptible to man and middle attacks. >>It's built on a telephony protocol called SS seven. Yep. You know, predates anything. There's no certification, either side. The other real dynamic and identity is the whole adoption of PKI infrastructure. As you know, certificates are used for all kinds of things, network sessions, data encryption, well identity increasingly, and a lot of the, you know, consumers and especially the work from anywhere, people these days have access through smart devices. Right. And what you can do there is you can have an agent on that smart device, generate your private key and then push out a public key. And so the private key never leaves your device. That's one of the most secure ways to, so if your >>SIM card gets hacked, you're not gonna be as at vulnerable >>Or as vulnerable. Well, the SIM card is another, you know, challenge associated with the, the older waste. But yeah. Yeah. >>So what do you guys think about the open source connection and, and they, they mentioned it up top don't bolt on security implying shift left, which is embedding it in like sneak companies, like sneak do that, right. Container oriented, a lot of Kubernetes kind of cloud native services. So I wanna get your reaction to that. And then also this reasoning angle, they brought up kind of a higher level AI reasoning decisions. So open source and this notion of AI reasoning >>Automation. Yeah. And, and you see more open source discussion happening, right. So you, you know, you have your building maintaining and vetting of the upstream open source code, which is critical. And so I think AWS talking about that today, they're certainly hitting on a nerve as, you know, open source continues to proliferate around the automated reasoning. I think that makes sense. You know, you want to provide guiderails and you want to provide roadmaps and you wanna have sort of that guidance as to okay. What's the, you know, a correlation analysis of different tools and products. And so I think that's gonna go over really well. >>Yeah. One of the other, you know, key points of what open source is, everybody's in a multi-cloud world, right? Yeah. And so they're worried about vendor lockin, they want an open source code base so that they don't experience that. >>Yeah. And they can move the code around and make sure it works well on each system. Dave and I were just talking about some of the dynamics around data control planes. So yeah. They mentioned encrypt everything, which is great. And I message, by the way, I love that one, but oh. And he mentioned data at rest. I'm like, what about data in flight? Didn't hear that one. So one of the things we're seeing with super cloud, and now multi-cloud kind of, as destinations of that, is that in digital transformation, customers are leaning into owning their data flows. >>Yeah. >>Independent of say the control plane aspects of what could come in. This is huge implications for security, where sharing data is huge. Even Schmidt on Steve said we have billions and billions of things happening that we see things that no one else else sees. So that implies, they're >>Sharing quad trillion, >>Trillion, 15 zeros trillion. Yeah. 15 >>Zeros, 15 zeros. Yeah. >>So that implies, they're sharing that or using that, pushing that into something. So sharing's huge with cyber security. So that implies open data, data flows. What do, how do you guys see this evolving? I know it's kind of emerging, but it's becoming a, a nuanced point that's critical to the architecture. >>Well, I, yeah, I think another way to look at that is the sharing of intelligence and some of the recent directives, you know, from the executive branch, making it easier for private companies to share data and intelligence, which I think strengthens the cyber community overall, >>Depending upon the supplier. Right? Yeah. It's either an aggregate level of intelligence that has been, you know, anonymized or it's specific intelligence for your environment that, you know, everybody's got a threat feed, maybe two or three, right. Yeah. But back to the encryption point, I mean, I was working for an encryption startup for a little while. Right after I left IBM. And the thing is that people are scared of it. Right. They're scared of key management and rotation. And so when you provide, >>Because they might lose the key. >>Exactly. Yeah. It's like shooting yourself in the foot. Right. So that's when you have things like, you know, KMS services from Amazon and stuff, they really help out a lot and help people understand, okay, I'm not alone in this. >>Yeah. Crypto >>Owners, they call that hybrid, the hybrid key, they call the, what they call the, today. They call it the hybrid. >>What was that? The management service. Yeah. The hybrid. So hybrid HSM, correct. >>Yeah. What is that? What is that? I didn't, I didn't get that. I didn't understand what he meant by the hybrid post hybrid, post quantum key agreement. Right. That still notes >>Hybrid, post quantum key exchange, >>You know, AWS never made a product name that didn't have four words in it, >>But he did, but he did reference the, the new N algos. And I think I inferred that they were quantum proof or the claim it be. Yeah. And AWS was testing those. Correct. >>Yeah. >>So that was kind of interesting, but I wanna come back to identity for a second. Okay. So, so this idea of bringing traditional IAM and, and privilege access management together, is that a pipe dream, is that something that is actually gonna happen? What's the timeframe, what's your take on that? >>So, you know, there are aspects of privilege in every sort of identity back when, you know, it was only the back office that used computers for calculations, right? Then you were able to control how many people had access. There were two types of users, admins, and users, right? These days, everybody has some aspect of, >>It's a real spectrum, really >>Granular. You got the, you know, the C suite, the finance people, the DevOps, people, you know, even partners and whatever, they all need some sort of privileged access. And the, the term you hear so much is least privileged access. Right? Shut it down, control it. So, you know, in some of my research, I've been saying that vendors who are in the Pam space privilege access management space will probably be growing their suites, playing a bigger role, building out a stack because they have, you know, the, the expertise and the, and the perspective that says we should control this better. How do we do that? Right. And we've been seeing that recently, >>Is that a combination of old kind of antiquated systems meets for proprietary hyperscale or kind of like build your own? Cause I mean, Amazon, these guys, they Facebook, they all build their own stuff. >>Yes. They >>Do enterprises buy services from general purpose identity management systems. >>So as we were talking about, you know, knowing the past and whatever privileged access management used to be about compliance reporting. Yeah. Right. Just making sure that I knew who accessed what and could prove it. So I didn't fail in art. It wasn't >>A critical infrastructure item. >>No. And now these days, what it's transitioning into is much more risk management. Okay. I know what our risk is. I'm ahead of it. And the other thing in the Pam space was really session monitor. Right. Everybody wanted to watch every keystroke, every screen's scrape, all that kind of stuff. A lot of the new privilege access Mon management doesn't really require that it's nice to have feature. You kind of need it on the list, but is anybody really gonna implement it? That's the question. Right. And then, you know, if, if you do all that session monitor, does anybody ever go back and look at it? There's only so many hours in the day. >>How about passwordless access? You know? Right. I've heard people talk about that. Yeah. I mean, that's as a user, I can't wait, but >>It's somewhere we want to all go. Yeah. Right. We all want identity security to just disappear and be recognized when we log in. So the, the thing with password list is there's always a password somewhere and it's usually part of a registration, you know, action. I'm gonna register my device with a username password. And then beyond that, I can use my biometrics. Right. I wanna register my device and get a private key that I can put in my enclave. And I'll use that in the future. Maybe it's gotta touch ID. Maybe it doesn't. Right. So even though there's been a lot of progress made, it's not quote unquote, truly passwordless, there's a group industry standards group called Fido. Right. Which is fast identity online. And what they realized was these whole registration passwords. That's really a single point of failure. Cuz if I can't recover my device, I'm in trouble. Yeah. So they just did a, a new extension to sort of what they were doing, which provides you with much more of a, like an iCloud vault, right. That you can register that device in and other devices associated with that same iPad that you can >>Get you to it. If you >>Have to. Exactly. I had >>Another have all over the place here, but I, I want to ask about ransomware. It may not be your wheelhouse. Yeah. But back in the day, Jay, remember you used to cover tape. All the, all the backup guys now are talking about ransomware. AWS mentioned it today and they showed a bunch of best practices and things you can do air gaps. Wasn't one, one of 'em. Right. I was really surprised cuz that's all, every anybody ever talks about is air gaps. And a lot of times that air gaps that air gap could be a guess to the cloud. I guess I'm not sure. What are you guys seeing on ransomware >>Apps? You know, we've done a lot of great research around ransomware as a service and ransomware and, and you know, we just had some data come out recently that I think in terms of spending and, and spend and in as a result of the Ukraine, Russia war, that ransomware assessments rate number one. And so it's something that we encourage, you know, when we talk to vendors and in our services, in our publications that we write about taking advantage of those free strategic ransomware assessments, vulnerability assessments, right. As well, and then security and training ranked very highly as well. So we wanna make sure that all of these areas are being funded well to try and stay ahead of the curve. >>Yeah. I was surprised that not the air gaps on the list, that's all everybody >>Talks about. Well, you know, the, the old model for air gaping in the, the land days, the Noel days, you took your tapes home and put 'em in the sock drawer. >>Well, it's a form of air gap security and no one's gonna go there >>Clean. And then the internet came around >>Guys. Final question. I want to ask you guys, we kind zoom out. Great, great commentary by the way. Appreciate it. As the, we've seen this in many markets, a collection of tools emerge and then there's it's tool sprawl. Oh yeah. Right? Yeah. So cyber we're seeing trend now where Mon goes up on stage of all the E probably other vendors doing the same thing where they're organizing a platform on top of AWS to be this super platform. If you super cloud ability by building more platform thing. So we're saying there's a platform war going on, cuz customers don't want the complexity. Yeah. I got a tool, but it's actually making it more complex if I buy the other tool. So the tool sprawl becomes a problem. How do you guys see this? Do you guys see this platform emerging? I mean, tools won't go away, but they have to be >>Easier. Yeah. We do see a, a consolidation of functionality and services. And we've been seeing that, I think through a 20, 20 flat security survey that we released, that that was definitely a trend. And you know, that certainly happened for many companies over the last six to 24 months, I would say. And then platformization absolutely is something we talk 'em right. About all the time. So >>More M and a couple of years ago, I called the, the Amazon tool set in rector set. Yeah. Because it really required assembly. Yeah. And you see the emphasis on training here too, right? Yeah. You definitely need to go to AWS university to be competent. It >>Wasn't Lego blocks yet. No, it was a rector set. Very good distinction rules, you know, and, and you lose a few. It's >>True. Still too many tools. Right. You see, we need more consolidation. That's getting interesting because a lot of these companies have runway and you look, you look at sale point, its stock prices held up cuz of the Toma Bravo acquisition, but all the rest of the cyber stocks have been crushed. Yeah. You know, especially the high flyers, like a Senti, a one or a crowd strike, but yeah, just still M and a opportunity >>Itself. So platform wars. Okay. Final thoughts. What do you thinks happening next? What's what's your outlook for the, the next year or so? >>So in the, in the identity space, I'll talk about Phillip can cover cloud force. You know, it really is more consolidation and more adoption of things that are beyond simple SSO, right. It was, you know, just getting on the systems and now we really need to control what you're able to get to and who you are and do it as transparently as we possibly can because otherwise, you know, people are gonna lose productivity, right. They're not gonna be able to get to what they want. And that's what causes the C-suite to say, wait a minute, you know, DevOps, they want to update the product every day. Right. Make it better. Can they do that? Or did security get in the way people every once in a while I'll call security, the department of no, right? Yeah. Well, >>Yeah. They did it on stage. Yeah. They wanna be the department of yes, >>Exactly. And the department that creates additional value. If you look at what's going on with B to C or C IAM, consumer identity, that is all about opening up new direct channels and treating people like, you know, they're old friends, right. Not like you don't know 'em you have to challenge >>'em we always say you wanna be in the boat together. It sinks or not. Yeah. Right. Exactly. >>Phillip, >>Okay. What's your take? What's your outlook for the year? >>Yeah. I think, you know, something that we've been seeing as consolidation and integration, and so, you know, companies looking at from built time to run time investing in shift left infrastructure is code. And then also in the runtime detection makes perfect sense to have both the agent and agentless so that you're covering any of the gaps that might exist. >>Awesome. Jerry, Phillip, thanks for coming on the queue with IDC and sharing >>Your oh our pleasure perspective. >>Commentary, have any insights and outlook. Appreciate it. You bet. Thank you. Okay. We've got the great direction here from IDC analyst here on the queue. I'm John for a Dave, we're back more after this shirt break.

(upbeat music) >> Hello, and welcome to theCUBE special presentation of Unstoppable Domains Partner Showcase. I'm John Furrier, your host of theCUBE. We've got a great conversation talking about the future of the infrastructure of Web3, all around domains, non fungible tokens and more. Two great guests, Charlie Brooks with Business Development of Unstoppable Domains, and Michael Williams, Product Leader and Advisor with Unstoppable Domains. Gentlemen, thanks for coming on theCUBE, Partner Showcase with Unstoppable Domains. >> Thanks John, excited to be here. >> So I love what you guys are doing. Congratulations on all your success. You guys are on the leading edge of what is a major infrastructure. Shift to Web3 is being called, but people who have been doing this for a while know that you see the blockchain, you see decentralization, you see immutability all these future smart contracts. All the decentralized applications are now hitting the scene and NFTs are super hot as you can imagine, you guys in the middle of it. So you guys are in the sweet spot of what I call the Pragmatic pioneers. You guys are the building solutions that are making a difference, like single sign-on you have the login product, let's get into it. What is the path to a digital identity beyond the web? 'Cause we know what web identity is. But now that the web is being abstracted a away by this new Web3 layer, what is digital identity? >> I can take that one. So I think what we're really seeing is this transition away from a purely physical identity. Where your online identity is really just a reflection of the parts of your physical identity. Where you live, where you go to school, all of these things. And we're really seeing this world emerge where your online identity becomes much more of a primary. So if you have a way that you represent yourself in the online world, whether that's an Instagram account, or TikTok, or email address or username, all of these things together make up your digital identity. So congrats, if you have any of those things, you already have one. >> We see that all the time with Linktree, people put their Linktree out there and it's got the zillion handles. We all get up to Instagram. Everyone's got like zillion identities. Is that a problem or an opportunity? >> I think it's just a reality. The fact is our identities are spread across all of these different services and platforms that we use. The problem with something like Linktree is that it is owned by Linktree. If I won the lottery, purchased Linktree and decided I wanted to change your personal website, John, I could easily do that. Moving to the architecture that we have and NFT architecture, changes that significantly. It puts a lot of power back in the hands of the people who actually own those identities. I do a lot of CUBE showcases with folks around talking about machine learning and AI, and the number one conversation that they bring up, the number one issue, is data. And they say, when data's siloed and protected and owned, it is not optimized for machine learning. So I can almost imagine, as you bring NFTs to the digital identity, you mentioned you don't own your identity if someone else is managing the service like Linktree. This is a cultural shift, and infrastructure software shift at the same time. Can you guys expand more about what you guys are doing with the NFT and unstoppable domains with respect to that digital identity, because is that power shifting to the users now? And how does that compare to what's out there today? >> Sure, I think so. Our domains are NFTs, so they are ERC 721 tokens. And if you think about in the past Web2 identities are controlled by the platforms that we use. Twitter, Facebook, whatnot. There's really a lack of data portability there. Our accounts and data live on their servers, they can be deleted any time. So using an NFT to anchor your data identity, really gives you full control over your identity. It can't be deleted, it can't be revoked or edited, or changed without your permission. And really even better, the information you store on your entity domain can be plugged into the services you use, so that you never have to enter the same data twice. So when you go from platform to platform, everything can be tied to your existing domain. You're not going to a new site, entering their ecosystem and providing all this information time and time again, and not really having a clear understanding of how your data's being used and where it's being stored. >> So the innovation here is the NFT is your identity. And a non fungible token NFT is different than say a fungible token. So for the folks out there that's trying to follow the bouncing ball, Michael, what's the difference between an NFT and a fungible token? And why is that important for identity? >> My favorite metaphor here is baseball cards versus dollar bills. So a dollar bill is fungible. If I have a dollar and you have a dollar, we can trade dollars and none of us is richer or poorer. If I have a Babe Ruth and you have a Hank Aaron, and we swap baseball cards, we have changed something fundamental. So the important thing about NFTs is that they are non fungible. So if I have a domain and you have a domain, like I have that identity and you have that identity, they are unique, they're independent, they're owned by each one of us, and then we can't swap them interchangeably. >> And that's why you're seeing NFTs hot with art and artists, because it's like a property. It's a property issue, not so much- >> Absolutely >> Interchangeable or divisible kind of asset. >> Yep, it is ownership rights in digital form, yes. >> All right, so now let's get into what the identity piece. I think find that interesting because if I have something that's an NFT, it's non fungible, it's unique to me, it's property, my property my login, this sounds compelling. So how does login work with the NFT? Can you guys take us through that architecture, what does it do? How does it work? And what's the benefit? >> Good, so the way our login product works is it effectively uses your NFT domain. So Michael.crypto, for example, as the authentication piece of a login session. So basically when I go and I try to log in with my domain, I type in Michael.crypto, I sign it with my wallet which cryptographically proves that I am this human, this is me, I have the rights to log in. And then when I do so, I have the ability to share certain parts of my identity information with the applications that I use. So it really blends the ease of use from Web2 of just a standard like login with Gmail, SSO experience, with all of the security and privacy benefits of Web3. >> How important is single sign-on? Because right now people are used to seeing things like log with your GitHub handle or LinkedIn, or Google, Apple. You seeing people offering login. What's the difference here from those solutions and why does it make sense for the user? >> Sure, the big difference is what we're building is really user first. So if you think about traditional SSOs, you are the product. When you use their product, they're selling your data, they're tracking everything you do. Login with unstoppable handles not only authentication, but data sharing as well. So when you log in a domain owner can choose to share aspects of their online identities, such as first name, preferred language, profile picture, location. So this is a user controlled way of using a sign-on where their permissioning these different of their identity. And really apps can use this information to enable new experiences, such as, for example, website might automatically enable high contrast mode for someone visually impaired. It could pre-populate your friends from a decentralized social graph. So, what we're doing is taking the best parts of Web2 SSO and combining them with the best of Web3. So, no more losing your password, entering in the same data hundreds of times depending on other services to keep your information safe. Login with unstoppable really puts you in complete control of your data. And a big part of that is you're not going to have 80 plus usernames and passwords anymore. We have these tools like password managers that exist to put a bandaid on this issue, but it's not really a long term solution. So what we're building is really seamless onboarding where everything can be tied to your domains so that you can navigate to different apps in a much more seamless way. >> Michael, I got to get your thoughts on this because in the product side, it's interesting, my mind's connecting some dots. If I have first of all, great convenience to reduce all those logins. So, check their little pain reduction. But when you just think about what's different, I can now broker my data as well as login. So let's just say, hypothetically, I'm cruising around some dApps and I'm doing things in earning reputation, or attention, or points, or whatever utility tokens. There could be a way for me to control what I own. I'm the product, I own the data. Is that where this is going? >> I think it's definitely a direction it could go, say, for example, if I'm a e-commerce platform and I'm trying to figure out where I'm going to place a new billboard. One of the things that I could request from a user, is their address. I can figure out where they live, what city they're in, that will help inform me the decision that I need to make as a business. And in return, maybe I give that person a dollar off their purchase. We can start to build a stronger relationship between the applications that people use, and the people that use them. And try to optimize that whole experience, and try to just transfer information back and forth to make everyone's lives better. >> What's the roadmap on the business side Charlie, when you see companies adopting it, they're probably taking babies steps they're crawling before they walk, they're walking before they run. I can see decentralized applications in the future where there's FinTech or whatever, having new kinds of marketplaces that take advantage of the paradigm where the script flips to the user first. Okay, so I see that. How do people get started now? What are some of the success momentum points that you're seeing companies do now with unstoppable? >> Sure, so a lot of Web3 apps are very sensitive about respecting the information that their users are providing. So, what we're doing is offering different ways for apps can touch with their users in a way that is user controlled. So, an example there is that a lot of Web3 companies will use WalletConnect to allow users to log in using a wallet address. An issue there is that one person can have hundreds of wallet addresses, and it's impossible for the app to understand that. So, what we do is we use login, we attach an email address, some other pieces to a wallet address so that we can identify who our unique user is. And the app is able to collect that information, they don't have to deal with passwords or PII storage. They have access to a huge amount of new data for an improved UX. It's really simple to maintain as well. So one example there is if you are a DeFi platform and you want to reward your users for coming to their site for the first time, now that they can identify unique user, they can drop a token into that user's wallet. All because they're able to identify that user as unique. So they have a better way of understanding their customers. They enable their customers to share data. A lot of these companies will ask users to follow them on Twitter or Discord when they need to provide updates or bug bounties, all these different things. And login if unstoppable lets them permission email addresses so they can collect emails if they want to do a newsletter. And instead of harvesting data from elsewhere and forcing people to join this newsletter program, it's all user controlled. So each user saying, yes, you can use my email for your newsletter. I'm supporting your project, I want to be kept up to date with bugs or bounties or rewards programs. So really it's just a better way for users to share the data that they're willing to with dAPPs, and dAPPs can use it to create all sorts of incentives and really just understand their users on a different level. >> How is the development Michael, going on the smart contract side of the business? Ethereum has always been heralded as being very developer focused. There's been created innovations, you still got gas fees out there. You still got to do some things. How is the development environment? How are the applications coming? 'Cause I can see the flywheel kicking in as the developer front gets more streamlined, more efficient. And now you got the identity piece nailed down. I just see a lot of dominoes falling at the same time. What's the status on the DEV side. What you're doing. >> Good. The fascinating thing about crypto is how quickly it changes. When I joined Ethereum there was pretty reasonable still for transactions. It was very cheap to get things done very fast. With a look at last summer that things went completely out of control. This is a big reason that unstoppable for a long time has been working on a layer two. And we've moved over to the polygon as our primary source of record, which is built on top of Ethereum. Of course, I think saved well over a hundred million in gas fees for our users. We're constantly keeping an eye on new technologies that are emerging, weighing how we can incorporate those things. And really where of this industry is going to take us. In many ways we are just as much passengers as the other people floating around the ecosystem as well. >> It's certainly getting faster every day, I'm seeing a huge uptake on Ethereum. I heard a stat that most people at the university of California, Berkeley, 30% of the computer science students are dropping out to join Web3 companies. This goes to show you this cultural shift and you're going to see a lot more companies getting involved. So I got to ask you Charlie, on the BizDev front, how are companies getting started? What's the playbook? Are they putting their toe in the water? They jumping in full throttle? What's the roadmap? What's the best practice for people to get started with unstoppable? >> Absolutely. We're lucky that we get a lot of inbound interest from companies Web2 and Web3, because they first want to secure their domains. And we do a ton of work on the back end to protect trademark domains. We want to avoid squatting as much as possible. We don't think that's the spirit of Web3 at all. And certainly not what the original tension of the internet was. So, fair amount of companies will reach out to us to get their domain. And then we can have a longer conversation about some of the other integrations and ways we can collaborate. So certainly visiting our website, unstoppabledomains.com is a great starting point. We have an app submission page where apps can reach out to us, even request a grant. We have a grant program to help developers get started, provide them some resources to work with us and integrate some of our technology. We have great documentation as well on the site. So you can read all about what it takes to resolve domains, if you're a wallet and an exchange, as well as what it takes to integrate login with unstoppable, which is actually a super easy integration as well, which we're really excited about. So yeah, I'd say check out the website, apply for a grant if you think you're a fit there, then of course, people can always reach out to me directly on Twitter, on Telegram, email. We're very reachable and we're always happy to chat with projects and learn more about what they're doing. >> What's the coolest thing you see going on Charlie, with your partners right now? What's the number one use case that's cool that people are jumping on right now to get in and get some success out of the gate? >> Maybe GameFi play to earn is huge. It's blowing up and the gaming community is really passionate, vibrant, just expanding like crazy. Same with DeFi, there's all this cool new stuff you can do with DeFi where no matter how big your portfolio is, you're able to stake and use all these interesting tools to grow your book. So it's super exciting to see and talk to all these projects. And, there's certainly an energy in the community where everyone wants to onboard the general public to Web3. So we're all working on these school projects, but we need everyone to come over from Web2, understand the advantages of DeFi, of GameFi of having an entity domain. So, I'm lucky that I'm one of the first layers there of meeting new projects and helping get access to more users so that they can grow along with us. >> I remember the early days of Bitcoin and Ethereum, we were giving it away. The community mantra was, give a Bitcoin to someone. That was like, >> Right. >> When you can actually give a Bitcoin to someone. What's the word of mouth or organic viral? I won't say growth hack 'cause that's got negative connotations. But what's the community's way of putting forth the mission for unstoppable? Is it just more domains? You guys have any programs got going on? Is it give it away? Obviously you can get domains on your site, but what's the way to get people ingratiated in and getting comfortable? >> So much of what we do is really to solve that question, answer that question. We spend a ton of time and energy just on education and whether that's specifically around domains or just general Web3. We have a podcast which is pretty exceptional, which talks to Web3 leaders from across the space and makes the project that they're working on more accessible. I think we passed over a hundred episodes, not too long ago. There's a ton of stuff that we do that other people do. If anyone has questions, I'm happy to talk about our resources, of course. >> The pod, I think you guys are up to 117, but that's a deep dive. You guys go deep on the podcast. So that's where you go in. What else is new on digital identity? Where do you guys see the future going? Now that you get the baseline identity with the NFT. Makes a lot of sense, create innovation. Good logic, makes sense. Solid technically, what's next? >> I think this really boils down to the way that the internet has grown. Doesn't really feel like the way that the internet should be. Like our data shouldn't live in these wild gardens, controlled by these large companies. Ultimately people should be responsible for their own identities. They should have control over of things that they do online. The data that's shared, the benefit of that data. It's about the world that we are working towards, is very much that. Where we are giving people the ability to be paid for sharing their data with companies. We're giving applications the ability to request information from the people that use those applications to improve their experience. We're really just trying to make connections across the ecosystem through these products, to enable a better experience for everyone. So whether that's the use cases that I mentioned already, or maybe viewing reviews on something like Yelp or Amazon, that just confirm that the person that you are you're looking at is actually a real person, not some bot that's been paid to load a review. The interesting thing about these products is they're so universally applicable. There are so many different ways that we can try to plug them in. So we are- >> A bots is a great example, double-edged sword. You can have a metaverse image and have pre-programmed conversations with liquid audio and the video application. Or it's a real person. How do you know the difference? These are going to be questions around who solves that problem. Now there's time for bots and there's a time not for bots. We all know what happens when you get into the game of manipulation, but also it can be helpful. This is where you got to be smart. And identity's critical in this future. Charlie, what's your reaction to the future of digital identity? So much to look at here on the trajectory. >> I think a big part of it is data portability. If you go to a site like Instagram, you're giving them all this content that's very personal to you, and you can't just pack up and leave Instagram. So we want a future where most of these apps are just a front end and you can navigate from one to the other and bring your data with you. And not be beholden to the companies that operate centralized servers. So, I think data portability is huge and it's going to open up a lot of doors. And just going back to that thought on cleaning up Web2 for a better web three. When I think about the Amazons, the Yelps of the world, there are all these bots, there are all these awful fake reviews. There's a lot of gamification happening that is really just creating a lot of noise. And I want to bring transparency back to the internet where when you see a review, you should know that that's a real human. And blockchain technology is enabling us to do that. And certainly FT domains are going to play a huge part of that. So I think that having an experience where you know and trust the people that you're interacting with is going to be really powerful and just a better experience for everyone. And there's a lot of ramifications with that. politically speaking, we've all seen all the issues with attacking communities and using bots and fake accounts to hit people's pain points, it's sad and certainly not something that we want to see continue happening. So, whatever we can do to give people their digital identity and help people understand that this is a real person on the other end, I think is huge for the future of the internet and really for society as well. >> That's a great call out there Charlie. Cleaning up the mess of Web 2.0, Web2, actually it was 2.0 technically, now Web3 is no point zero in it. But I saw on or listened to the podcast with Matt. This recent one, he had a great metaphor that went back to when I was growing up in the internet, you had IP addresses. And the mess there was, you couldn't find what you want to look. And no one could remember what to type in, 'cause you could type in IP address in the browser back then. And then DNS came out and then keywords that's web. Now that mess, now is fraud, misinformation, bot manipulation, deep fakes, many other kind of unwanted time to innovate. And every year, every time you had these inflection points, there'd be an abstraction on top of it. So, similar thing happening here, is that how you guys see it too? >> I think we're going back to some of the foundational architecture of the internet, DNS. And really bringing that forward about 30, 40 years in terms of technology. So loading in some more cryptography and some other fancy things to help patch some of those issues from the previous versions of the web. >> Awesome. Well guys, thanks so much for coming on and the spirit of TikTok, Emily summarizes asking, can you guys give us a quick TikTok moment, short comment on where this is all going, where is login, single sign-on mean and what should people do to steps to secure their digital identity? >> Sure, I'll jump in here. So, it's time for people to secure their digital identity. The great first step is going to sample domains and getting an NFT domain. You can control your data. You can do a lot of cool different things with your domain, including posting your own website that you will own forever, no one can take it away from you. I would certainly recommend that people join our Discord, Telegram communities, check out our podcasts. It's really great especially if you're new to crypto Web3. We do a great job of explaining all the basic concepts and expanding on them. So yeah, I would say, the time is now to get your digital identity and start embracing Web3 because it's really exploding right now. And there's just so many incredible advantages, especially for the user. >> Michael, what's your take? >> But not, have said it better myself. >> Like we always say, if you're not on the next wave, you're driftwood. And this is a big wave that's happening. It's pretty clear guys, it's there, it's happening now. And again, very pragmatic implementations of solving problems. The sign-on, the app integration. Congratulations and we got our CUBE domain too, by the way. So I think we're good. >> Excellent. >> So, we got to put it to use. Appreciate it, Charlie, Michael, thanks for coming on and sharing the update. >> It's pleasure. >> Welcome. >> Okay, this is theCUBE, with Unstoppable Domains Partner Showcase I'm John for your host, got a lot of other great interviews. Check them out. We're going to continue our coverage and continue on with this great showcase. Thanks for watching. (upbeat music)

>> Hi, everyone. I'm really excited to be here today. My name is Jimmy McDermott. (bright music) Excited to be talking about logging analytics and how much ChaosSearch has helped us scale our data lake. So just by way of background for Transeo, our overarching mission is to eliminate the pencil and paper gaps in educational systems. And what that looks like in reality is storing a lot of data for school districts, because everything that's on paper right now can be converted to some kind of electronic digital process. Now we're part of a new ed tech product category that's been emerging over the last few years called Readiness Solutions. We pulled together all of these disparate data points that schools are housing on students and show it to students in a really consumable and digestible way for them to understand how close am I to graduation? What am I falling off track by picking a particular class or what have you? And so by doing that, you can just kind of start to grasp the sheer amount of data that we're pulling in per student, per district, across the country at scale. and why logging started to become really, really critical for us. When it comes to just the logs themselves, its actually pretty simple but the infrastructure and the requirements around it are not simple. You have one big monolithic service, but we've got many different types of logging outputs so things that are coming from our database driver, things that are coming directly from our application layer, our networking layer and all of those are coming in to currently kind of a central repository. We offer retention for data and for logs up to our longest customers' requirement. So our longest customer's data requirement right now is holding onto data seven years post-graduation. Before ChaosSearch, we had kind of this mismanaged way of bringing all these different items together. It was truly a mess. Like we were really kind of at our wit's end looking for a solution that was going to actually bring all these stuff together. We did consider spinning up a self managed elk stack. It really struggles at scale with that retention and that historical data. It's fine for spinning something up to analyze, you know, really hot data that's hot for like a day. And then it needs to get flushed out of that system so that it can stay hot and stay cost-effective because standing up those stacks yourself is something that was just going to break the bank for us. So we were truly lost looking for the right solution. And then perhaps most importantly, in a sense that it couldn't break the bank. ChaosSearch met all of those needs and then more. We stream our logs directly from our Kubernetes infrastructure, right into our S3 buckets, which is amazing by the way, because when we were setting up our new DevOps environment, we had engineers basically saying like, "why would we do that?" Like, "why not just ship it to this?" Like, "why go to the extra effort "of setting up a Fluentd connector to move things in S3 "and they're all sold." Now, it didn't take long for them to really see the value of why we were doing that. And then the cool thing is that we don't really have to worry about those retention policies being managed by us anymore because S3 has all of that built in. Our developers can actually iterate faster now because they're able to access real life production logs around certain features, around certain capabilities that they previously couldn't. And so they can actually make decisions about new architecture components or refactoring that are backed up by data. And that's really at the core of everything we're doing. On a super tangible level, we actually some recent technical diligence that we had went way faster because we own our logs. Usually, that's not something that ad tech companies are really thinking about and so making this move actually led to a faster turnaround time for us on that tech diligence which was really exciting. For the cost savings that you get for a solution like ChaosSearch and then the fact that you layer on those enterprise type of features like Abak and SSO and these other things that are part of the platform that with a different company you would pay ridiculous amounts of money for, that's incredibly appealing for a company that is dealing with intense data security and data governance requirements, but also not a super big company, right? We can't afford enterprise contracts. So this is exactly right and it's exactly one of the reasons that we were so drawn to ChaosSearch. (bright music)

(cheerful music) >> Hello everyone, welcome to today's session of theCUBE's presentation of AWS Startup Showcase, New Breakthroughs in DevOps, Data Analytics, Cloud Management Tools, featuring Okera from the cloud management migration track. I'm John Furrier, your host. We've got two great special guests today, Nong Li, founder and CTO of Okera, and Sanjeev Mohan, principal @SanjMo, and former research vice president of big data and advanced analytics at Gartner. He's a legend, been around the industry for a long time, seen the big data trends from the past, present, and knows the future. Got a great lineup here. Gentlemen, thank you for this, so, life in the trenches, lessons learned across compliance, cloud migration, analytics, and use cases for Fortune 1000s. Thanks for joining us. >> Thanks for having us. >> So Sanjeev, great to see you, I know you've seen this movie, I was saying that in the open, you've at Gartner seen all the visionaries, the leaders, you know everything about this space. It's changing extremely fast, and one of the big topics right out of the gate is not just innovation, we'll get to that, that's the fun part, but it's the regulatory compliance and audit piece of it. It's keeping people up at night, and frankly if not done right, slows things down. This is a big part of the showcase here, is to solve these problems. Share us your thoughts, what's your take on this wide-ranging issue? >> So, thank you, John, for bringing this up, and I'm so happy you mentioned the fact that, there's this notion that it can slow things down. Well I have to say that the old way of doing governance slowed things down, because it was very much about control and command. But the new approach to data governance is actually in my opinion, it's liberating data. If you want to democratize or monetize, whatever you want to call it, you cannot do it 'til you know you can trust said data and it's governed in some ways, so data governance has actually become very interesting, and today if you want to talk about three different areas within compliance regulatory, for example, we all know about the EU GDPR, we know California has CCPA, and in fact California is now getting even a more stringent version called CPRA in a couple of years, which is more aligned to GDPR. That is a first area we know we need to comply to that, we don't have any way out. But then, there are other areas, there is insider trading, there is how you secure the data that comes from third parties, you know, vendors, partners, suppliers, so Nong, I'd love to hand it over to you, and see if you can maybe throw some light into how our customers are handling these use cases. >> Yeah, absolutely, and I love what you said about balancing agility and liberating, in the face of what may be seen as things that slow you down. So we work with customers across verticals with old and new regulations, so you know, you brought up GDPR. One of our clients is using this to great effect to power their ecosystem. They are a very large retail company that has operations and customers across the world, obviously the importance of GDPR, and the regulations that imposes on them are very top of mind, and at the same time, being able to do effective targeting analytics on customer information is equally critical, right? So they're exactly at that spot where they need this customer insight for powering their business, and then the regulatory concerns are extremely prevalent for them. So in the context of GDPR, you'll hear about things like consent management and right to be forgotten, right? I, as a customer of that retailer should say "I don't want my information used for this purpose," right? "Use it for this, but not this." And you can imagine at a very, very large scale, when you have a billion customers, managing that, all the data you've collected over time through all of your devices, all of your telemetry, really, really challenging. And they're leveraging Okera embedded into their analytics platform so they can do both, right? Their data scientists and analysts who need to do everything they're doing to power the business, not have to think about these kind of very granular customer filtering requirements that need to happen, and then they leverage us to do that. So that's kind of new, right, GDPR, relatively new stuff at this point, but we obviously also work with customers that have regulations from a long long time ago, right? So I think you also mentioned insider trading and that supply chain, so we'll talk to customers, and they want really data-driven decisions on their supply chain, everything about their production pipeline, right? They want to understand all of that, and of course that makes sense, whether you're the CFO, if you're going to make business decisions, you need that information readily available, and supply chains as we know get more and more and more complex, we have more and more integrated into manufacturing and other verticals. So that's your, you're a little bit stuck, right? You want to be data-driven on those supply chain analytics, but at the same time, knowing the details of all the supply chain across all of your dependencies exposes your internal team to very high blackout periods or insider trading concerns, right? For example, if you knew Apple was buying a bunch of something, that's maybe information that only a select few people can have, and the way that manifests into data policies, 'cause you need the ability to have very, very scalable, per employee kind of scalable data restriction policies, so they can do their job easier, right? If we talk about speeding things up, instead of a very complex process for them to get approved, and approved on SEC regulations, all that kind of stuff, you can now go give them access to the part of the supply chain that they need, and no more, and limit their exposure and the company's exposure and all of that kind of stuff. So one of our customers able to do this, getting two orders of magnitude, a 100x reduction in the policies to manage the system like that. >> When I hear you talking like that, I think the old days of "Oh yeah, regulatory, it kind of slows down innovation, got to go faster," pretty basic variables, not a lot of combination of things to check. Now with cloud, there seems to be combinations, Sanjeev, because how complicated has the regulatory compliance and audit environment gotten in the past few years, because I hear security in a supply chain, I hear insider threats, I mean these are security channels, not just compliance department G&A kind of functions. You're talking about large-scale, potentially combinations of access, distribution, I mean it seems complicated. How much more complicated is it now, just than it was a few years ago? >> So, you know the way I look at it is, I'm just mentioning these companies just as an example, when PayPal or Ebay, all these companies started, they started in California. Anybody who ever did business on Ebay or PayPal, guess where that data was? In the US in some data center. Today you cannot do it. Today, data residency laws are really tough, and so now these organizations have to really understand what data needs to remain where. On top of that, we now have so many regulations. You know, earlier on if you were healthcare, you needed to be HIPAA compliant, or banking PCI DSS, but today, in the cloud, you really need to know, what data I have, what sensitive data I have, how do I discover it? So that data discovery becomes really important. What roles I have, so for example, let's say I work for a bank in the US, and I decide to move to Germany. Now, the old school is that a new rule will be created for me, because of German... >> John: New email address, all these new things happen, right? >> Right, exactly. So you end up with this really, a mass of rules and... And these are all static. >> Rules and tools, oh my god. >> Yeah. So Okera actually makes a lot of this dynamic, which reduces your cloud migration overhead, and Nong used some great examples, in fact, sorry if I take just a second, without mentioning any names, there's one of the largest banks in the world is going global in the digital space for the first time, and they're taking Okera with them. So... >> But what's the point? This is my next topic in cloud migration, I want to bring this up because, complexity, when you're in that old school kind of data center, waterfall, these old rules and tools, you have to roll this out, and it's a pain in the butt for everybody, it's a hassle, huge hassle. Cloud gives the agility, we know that, and cloud's becoming more secure, and I think now people see the on-premise, certainly things that'd be on-premises for secure things, I get that, but when you start getting into agility, and you now have cloud regions, you can start being more programmatic, so I want to get you guys' thoughts on the cloud migration, how companies who are now lifting and shifting, replatforming, what's the refactoring beyond that, because you can replatform in the cloud, and still some are kind of holding back on that. Then when you're in the cloud, the ones that are winning, the companies that are winning are the ones that are refactoring in the cloud. Doing things different with new services. Sanjeev, you start. >> Yeah, so you know, in fact lot of people tell me, "You know, we are just going to lift and shift into the cloud." But you're literally using cloud as a data center. You still have all the, if I may say, junk you had on-prem, you just moved it into the cloud, and now you're paying for it. In cloud, nothing is free. Every storage, every processing, you're going to pay for it. The most successful companies are the ones that are replatforming, they are taking advantage of the platform as a service or software as a service, so that includes things like, you pay as you go, you pay for exactly the amount you use, so you scale up and scale down or scale out and scale in, pretty quickly, you know? So you're handling that demand, so without replatforming, you are not really utilizing your- >> John: It's just hosting. >> Yeah, you're just hosting. >> It's basically hosting if you're not doing anything right there. >> Right. The reason why people sometimes resist to replatform, is because there's a hidden cost that we don't really talk about, PaaS adds 3x to IaaS cost. So, some organizations that are very mature, and they have a few thousand people in the IT department, for them, they're like "No, we just want to run it in the cloud, we have the expertise, and it's cheaper for us." But in the long run, to get the most benefit, people should think of using cloud as a service. >> Nong what's your take, because you see examples of companies, I'll just call one out, Snowflake for instance, they're essentially a data warehouse in the cloud, they refactored and they replatformed, they have a competitive advantage with the scale, so they have things that others don't have, that just hosting. Or even on-premise. The new model developing where there's real advantages, and how should companies think about this when they have to manage these data lakes, and they have to manage all these new access methods, but they want to maintain that operational stability and control and growth? >> Yeah, so. No? Yeah. >> There's a few topics that are all (indistinct) this topic. (indistinct) enterprises moving to the cloud, they do this maybe for some cost savings, but a ton of it is agility, right? The motor that the business can run at is just so much faster. So we'll work with companies in the context of cloud migration for data, where they might have a data warehouse they've been using for 20 years, and building policies over that time, right? And it's taking a long time to go proof of access and those kind of things, made more sense, right? If it took you months to procure a physical infrastructure, get machines shipped to your data center, then this data access taking so long feels okay, right? That's kind of the same rate that everything is moving. In the cloud, you can spin up new infrastructure instantly, so you don't want approvals for getting policies, creating rules, all that stuff that Sanjeev was talking about, that being slow is a huge, huge problem. So this is a very common environment that we see where they're trying to do that kind of thing. And then, for replatforming, again, they've been building these roles and processes and policies for 20 years. What they don't want to do is take 20 years to go migrate all that stuff into the cloud, right? That's probably an experience nobody wants to repeat, and frankly for many of them, people who did it originally may or may not be involved in this kind of effort. So we work with a lot of companies like that, they have their, they want stability, they got to have the business running as normal, they got to get moving into the new infrastructure, doing it in a new way that, you know, with all the kind of lessons learned, so, as Sanjeev said, one of these big banks that we work with, that classical story of on-premise data warehousing, maybe a little bit of Hadoop, moved onto AWS, S3, Snowflake, that kind of setup, extremely intricate policies, but let's go reimagine how we can do this faster, right? What we like to talk about is, you're an organization, you need a design that, if you onboarded 1000 more data users, that's got to be way, way easier than the first 10 you onboarded, right? You got to get it to be easier over time, in a really, really significant way. >> Talk about the data authorization safety factor, because I can almost imagine all the intricacies of these different tools creates specialism amongst people who operate them. And each one might have their own little authorization nuance. Trend is not to have that siloed mentality. What's your take on clients that want to just "Hey, you know what? I want to have the maximum agility, but I don't want to get caught in the weeds on some of these tripwires around access and authorization." >> Yeah, absolutely, I think it's real important to get the balance of it, right? Because if you are an enterprise, or if you have diversive teams, you want them to have the ability to use tools as best of breed for their purpose, right? But you don't want to have it be so that every tool has its own access and provisioning and whatever, that's definitely going to be a security, or at least, a lot of friction for you to get things going. So we think about that really hard, I think we've seen great success with things like SSO and Okta, right? Unifying authentication. We think there's a very, very similar thing about to happen with authorization. You want that single control plane that can integrate with all the tools, and still get the best of what you need, but it's much, much easier (indistinct). >> Okta's a great example, if people don't want to build their own thing and just go with that, same with what you guys are doing. That seems to be the dots that are connecting you, Sanjeev. The ease of use, but yet the stability factor. >> Right. Yeah, because John, today I may want to bring up a SQL editor to go into Snowflake, just as an example. Tomorrow, I may want to use the Azure Bot, you know? I may not even want to go to Snowflake, I may want to go to an underlying piece of data, or I may use Power BI, you know, for some reason, and come from Azure side, so the point is that, unless we are able to control, in some sort of a centralized manner, we will not get that consistency. And security you know is all or nothing. You cannot say "Well, I secured my Snowflake, but if you come through HTFS, Hadoop, or some, you know, that is outside of my realm, or my scope," what's the point? So that is why it is really important to have a watertight way, in fact I'm using just a few examples, maybe tomorrow I decide to use a data catalog, or I use Denodo as my data virtualization and I run a query. I'm the same identity, but I'm using different tools. I may use it from home, over VPN, or I may use it from the office, so you want this kind of flexibility, all encompassed in a policy, rather than a separate rule if you do this and this, if you do that, because then you end up with literally thousands of rules. >> And it's never going to stop, either, it's like fashion, the next tool's going to come out, it's going to be cool, and people are going to want to use it, again, you don't want to have to then move the train from the compliance side this way or that way, it's a lot of hassle, right? So we have that one capability, you can bring on new things pretty quickly. Nong, am I getting it right, this is kind of like the trend, that you're going to see more and more tools and/or things that are relevant or, certain use cases that might justify it, but yet, AppSec review, compliance review, I mean, good luck with that, right? >> Yeah, absolutely, I mean we certainly expect tools to continue to get more and more diverse, and better, right? Most innovation in the data space, and I think we... This is a great time for that, a lot of things that need to happen, and so on and so forth. So I think one of the early goals of the company, when we were just brainstorming, is we don't want data teams to not be able to use the tools because it doesn't have the right security (indistinct), right? Often those tools may not be focused on that particular area. They're great at what they do, but we want to make sure they're enabled, they do some enterprise investments, they see broader adoption much easier. A lot of those things. >> And I can hear the sirens in the background, that's someone who's not using your platform, they need some help there. But that's the case, I mean if you don't get this right, there are some consequences, and I think one of the things I would like to bring up on next track is, to talk through with you guys is, the persona pigeonhole role, "Oh yeah, a data person, the developer, the DevOps, the SRE," you start to see now, developers and with cloud developers, and data folks, people, however they get pigeonholed, kind of blending in, okay? You got data services, you got analytics, you got data scientists, you got more democratization, all these things are being kicked around, but the notion of a developer now is a data developer, because cloud is about DevOps, data is now a big part of it, it's not just some department, it's actually blending in. Just a cultural shift, can you guys share your thoughts on this trend of data people versus developers now becoming kind of one, do you guys see this happening, and if so, how? >> So when, John, I started my career, I was a DBA, and then a data architect. Today, I think you cannot have a DBA who's not a developer. That's just my opinion. Because there is so much of CICD, DevOps, that happens today, and you know, you write your code in Python, you put it in version control, you deploy using Jenkins, you roll back if there's a problem. And then, you are interacting, you're building your data to be consumed as a service. People in the past, you would have a thick client that would connect to the database over TCP/IP. Today, people don't want to connect over TCP/IP necessarily, they want to go by HTTP. And they want an API gateway in the middle. So, if you're a data architect or DBA, now you have to worry about, "I have a REST API call that's coming in, how am I going to secure that, and make sure that people are allowed to see that?" And that was just yesterday. >> Exactly. Got to build an abstraction layer. You got to build an abstraction layer. The old days, you have to worry about schema, and do all that, it was hard work back then, but now, it's much different. You got serverless, functions are going to show way... It's happening. >> Correct, GraphQL, and semantic layer, that just blows me away because, it used to be, it was all in database, then we took it out of database and we put it in a BI tool. So we said, like BusinessObjects started this whole trend. So we're like "Let's put the semantic layer there," well okay, great, but that was when everything was surrounding BusinessObjects and Oracle Database, or some other database, but today what if somebody brings Power BI or Tableau or Qlik, you know? Now you don't have a semantic layer access. So you cannot have it in the BI layer, so you move it down to its own layer. So now you've got a semantic layer, then where do you store your metrics? Same story repeats, you have a metrics layer, then the data centers want to do feature engineering, where do you store your features? You have a feature store. And before you know, this stack has disaggregated over and over and over, and then you've got layers and layers of specialization that are happening, there's query accelerators like Dremio or Trino, so you've got your data here, which Nong is trying really hard to protect, and then you've got layers and layers and layers of abstraction, and networks are fast, so the end user gets great service, but it's a nightmare for architects to bring all these things together. >> How do you tame the complexity? What's the bottom line? >> Nong? >> Yeah, so, I think... So there's a few things you need to do, right? So, we need to re-think how we express security permanence, right? I think you guys have just maybe in passing (indistinct) talked about creating all these rules and all that kind of stuff, that's been the way we've done things forever. We get to think about policies and mechanisms that are much more dynamic, right? You need to really think about not having to do any additional work, for the new things you add to the system. That's really, really core to solving the complexity problem, right? 'Cause that gets you those orders of magnitude reduction, system's got to be more expressive and map to those policies. That's one. And then second, it's got to be implemented at the right layer, right, to Sanjeev's point, close to the data, and it can service all of those applications and use cases at the same time, and have that uniformity and breadth of support. So those two things have to happen. >> Love this universal data authorization vision that you guys have. Super impressive, we had a CUBE Conversation earlier with Nick Halsey, who's a veteran in the industry, and he likes it. That's a good sign, 'cause he's seen a lot of stuff, too, Sanjeev, like yourself. This is a new thing, you're seeing compliance being addressed, and with programmatic, I'm imagining there's going to be bots someday, very quickly with AI that's going to scale that up, so they kind of don't get in the innovation way, they can still get what they need, and enable innovation. You've got cloud migration, which is only going faster and faster. Nong, you mentioned speed, that's what CloudOps is all about, developers want speed, not things in days or hours, they want it in minutes and seconds. And then finally, ultimately, how's it scale up, how does it scale up for the people operating and/or programming? These are three major pieces. What happens next? Where do we go from here, what's, the customer's sitting there saying "I need help, I need trust, I need scale, I need security." >> So, I just wrote a blog, if I may diverge a bit, on data observability. And you know, so there are a lot of these little topics that are critical, DataOps is one of them, so to me data observability is really having a transparent view of, what is the state of your data in the pipeline, anywhere in the pipeline? So you know, when we talk to these large banks, these banks have like 1000, over 1000 data pipelines working every night, because they've got that hundred, 200 data sources from which they're bringing data in. Then they're doing all kinds of data integration, they have, you know, we talked about Python or Informatica, or whatever data integration, data transformation product you're using, so you're combining this data, writing it into an analytical data store, something's going to break. So, to me, data observability becomes a very critical thing, because it shows me something broke, walk me down the pipeline, so I know where it broke. Maybe the data drifted. And I know Okera does a lot of work in data drift, you know? So this is... Nong, jump in any time, because I know we have use cases for that. >> Nong, before you get in there, I just want to highlight a quick point. I think you're onto something there, Sanjeev, because we've been reporting, and we believe, that data workflows is intellectual property. And has to be protected. Nong, go ahead, your thoughts, go ahead. >> Yeah, I mean, the observability thing is critically important. I would say when you want to think about what's next, I think it's really effectively bridging tools and processes and systems and teams that are focused on data production, with the data analysts, data scientists, that are focused on data consumption, right? I think bridging those two, which cover a lot of the topics we talked about, that's kind of where security almost meets, that's kind of where you got to draw it. I think for observability and pipelines and data movement, understanding that is essential. And I think broadly, on all of these topics, where all of us can be better, is if we're able to close the loop, get the feedback loop of success. So data drift is an example of the loop rarely being closed. It drifts upstream, and downstream users can take forever to figure out what's going on. And we'll have similar examples related to buy-ins, or data quality, all those kind of things, so I think that's really a problem that a lot of us should think about. How do we make sure that loop is closed as quickly as possible? >> Great insight. Quick aside, as the founder CTO, how's life going for you, you feel good? I mean, you started a company, doing great, it's not drifting, it's right in the stream, mainstream, right in the wheelhouse of where the trends are, you guys have a really crosshairs on the real issues, how you feeling, tell us a little bit about how you see the vision. >> Yeah, I obviously feel really good, I mean we started the company a little over five years ago, there are kind of a few things that we bet would happen, and I think those things were out of our control, I don't think we would've predicted GDPR security and those kind of things being as prominent as they are. Those things have really matured, probably as best as we could've hoped, so that feels awesome. Yeah, (indistinct) really expanded in these years, and it feels good. Feels like we're in the right spot. >> Yeah, it's great, data's competitive advantage, and certainly has a lot of issues. It could be a blocker if not done properly, and you're doing great work. Congratulations on your company. Sanjeev, thanks for kind of being my cohost in this segment, great to have you on, been following your work, and you continue to unpack it at your new place that you started. SanjMo, good to see your Twitter handle taking on the name of your new firm, congratulations. Thanks for coming on. >> Thank you so much, such a pleasure. >> Appreciate it. Okay, I'm John Furrier with theCUBE, you're watching today's session presentation of AWS Startup Showcase, featuring Okera, a hot startup, check 'em out, great solution, with a really great concept. Thanks for watching. (calm music)

>>Hold on. Welcome to this special cube conversation. I'm John ferry, host of the queue here in Palo Alto, California. Got a great deep dive conversation with multicloud, who we were featuring on our AWS showcase of cloud startups. Uh, Venkat Krista who's the CEO. And co-founder great to see you again and Candace Hendrix delivery architect at green pages, a partner customer. Great to see you. Thanks for coming on as always cube conversations are fun to get the deep dive. Good to see you. >>Oh, great to have, uh, have this opportunity, John. Thank you so much. Uh, Candace, thank you for joining us. It's been a pleasure work in pages, John, we're looking forward to this conversation today. >>Yeah. One of the things I'm really excited about that came out of our coupon cloud startups showcase was you guys talking about day two operations, which has been kicked around, but you guys drilled into it and put some quantification around the value proposition, but this is every company has a day to problem an opportunity and then usually our problems and most people see, but they're really opportunities to create this value proposition around something that's now going to be an operational, um, standard table-stakes. So let's get into it, take us through, uh, what you guys have with day two offers that, do a deep dive on this. Take, take it away. >>Thanks, John. Uh, John, we'll do a little bit of an involved conversation today. We'll switch between a little bit of a slide and, um, we are actually happy to show a quick demo as well. So our customers can, uh, what they see is what they get kind of demo. Um, so, uh, to give a quick background on context a day, two operations in the cloud are important for customers who are trying to get, uh, self-service provisioning, going standardization going, uh, have a way to help their developers move fast on the innovation. What we are experiencing now is developers are increasingly having a seat at the table and they would like their infrastructure architects and infrastructure solution providers to enable them to do things that they want to do with fewer friction points. What day two platform that we built does is it upskills our it teams so that they can deli work, uh, what the developers need so that the sandbox environments that they want comes to life quickly. >>And on top of that, developers can move fast with the innovation with guard rails that are in place, the guard rails that are it, administrators, it leaders are able to set for developers, include cost guard, rails, governance, guard, rails, security, and compliance guard rails, a, you know, bot based approach to getting out of the way of the developers so they can move fast while the, uh, technology provides them the Alcoa to go innovate without running into the common cloud problems, such as cost overruns or security or compliance challenges today, I'll go show and tell a little bit of all of this, and then we'll bring in partners or partner, canvas as well, so that she can talk about how we help the fortune 200, uh, innovate, uh, faster with our platform. >>Awesome. Well, let's get into it. I, you know, as you know, I, I think that day two operations is really a cloud, uh, lingua. Frank was going to be part of everyone's, uh, operational standard. And it's not just for making sure you've got cost-effectiveness, but innovation strategies that rely on cloud, they need to have new things in place. So take us through the show and tell. >>Great, well, let's switch to the slide deck here. So I'm going to give a quick background and then go from there. Great. So, um, uh, you know, Montclair is an intelligent cloud man and platform company. We help customers of all sizes. Uh, we are an AWS partner that is a cloud management tool, competency partner, super happy to be in a wedding on the AWS platform for AWS customers. Our platform is an autonomous cloud operations platform. What our mission is, we empower ID teams to go deliver to their developers and become cloud powerhouses. Uh, I'm going to go through a quick three sections of the Manticore platform that delivers value to our customers first with our platform without needing additional skillsets or hiring, uh, needing to hire, uh, you know, hard to find talent or having to use third party tools. Our customers can use AWS native solutions to achieve full visibility into their cloud environments. >>They can enable consistent self-service deployments and simplify them. They can also reduce the total cost of cloud operations, all in just a few clicks. Uh, I'm going to show and tell, uh, what customers get quickly moving into the slide where customers can get visibility into the footprint, a comprehensive security posture management and compliance posture management, click away and solve these problems. They can enable their innovation teams with operations ready environments that can provision anything from server-based workloads to serverless workloads, to containerized environments. All of that are available readily in the platform. And of course, uh, all of this can be done with a few clicks and no code. That's our platform. And a nutshell I'm happy to switch to a demo from here on John. How does that sound >>Great. Sounds awesome. Let's get the demo. Thanks for the overview. By the way, we cover that in a great video too, and a high level, um, in our new show startup showcase, people can check that out online, um, check it out, but let's get into the demo. >>Sounds good. So I'm going to switch to my laptop again here to show the browser window and go into the demo environment. Great. So this is Monte cloud.com. Uh, customers can go to app.monica.com. I'm going to move fast in a demo environment show and tell here, uh, customers split login, assuming they have signed up for the platform. It's free to sign up. Uh, the platform activates immediately. This is their full first run experience. Uh, customers can get started in about a couple of clicks. There's a welcome screen here. They can walk through this. What this provides is a way a guard had experience for customers to be able to gain visibility, security, compliance, and set up the cloud operations, uh, environment in just a couple of clicks. So in this case, customers can get continuous resource visibility. They click next from a security point of view, we'll assess about 2,220 plus security best practices and customers can select saying they would like to remediate the issues. >>We'll help do that. That's a bot based approach that does it click next compliance, a similar situation. We do compliance assessments in the platform. Customers can remediate it. Uh, click next. We have provisioning templates, John. We had a really good conversation yesterday about this, a whole set of, uh, well-architected, uh, templates that customers can click and provision anything from, uh, basic core networking, all the way up to high performance computing and minds that all is available in the platform. Again, click next to go select that customers can manage servers, windows, or Linux servers running on any cloud could be hybrid cloud, uh, Azure, AWS GCP. Again, we can manage them in a single interface and last but not the least application management, our ID operators and leaders want to have a position on how their cloud applications are performing. They want to react quickly to it best possible platform. Uh, that's it they've selected all the features. All the, which is free in the platform. Some features are available in the free trial. Customers can click and say they would like to try for 14 days. That's all. So click next platform sets itself up. This is how quick we can get to helping customers understanding what they need to do. I'm going to try and show you if I can go to the next screen here and say, this is my company name. >>So I'm going to enter some details here that, uh, helps, um, capture some basic information about, uh, our customers, uh, departments. Uh, let's say this is a demo account, or I'm going to say, um, HR, um, uh, account, let's say there's a human resources department that I'm trying to connect and manage their cloud environment, but click next >>And that's it. They connect to the AWS account. We now take our customers back to an AWS console where they're familiar interface. They're going to click next on this cloud formation stack here, which automatically starts creating what we need on the customer's account. And click, click a button here. It's going to run in the background, what my platform in this case, my view, the other view does is, uh, it instantly receives notification back from the customer's account. As you can see now, day two has recognized that, Hey, the customer is trying to connect the cloud account. It's a question. Do you want to manage these regions? We can manage 15 plus regions click next. Uh, that is pretty much it. Uh, I'm going to skip this one so that we can get to the dashboard. I'm going to skip this as well, because you can invite your team members. Uh, you can get weekly reports, uh, long story short, that's it about 10 clicks. We are already in, in a cloud environment where customers can begin to manage, operate and start taking control of the cloud footprint. >>Got it. And physical you, you skipped over the collaboration feature that's for what team members do. Kind of see the same dashboard. >>The great question. Uh, our customers can invite additional team members could be an educator who wants to look at the total cost of cloud operations. Uh, they could invite another team member who wants to be enabled only for certain parts of the platform. Very simple. We have SSO integration as well in the platform. So, uh, invite additional users start using day two in less than 10 minutes, no additional, uh, you know, configuration required. >>You know, Amazon's got that slogan always day one. You guys are always day to always go to >>About all about ensuring data was taken care of. >>Awesome. Great stuff. Candace, what's your take on this? How do you fit in here? Talk about what it's like to work with these guys. What's the, what's your perspective on this? A new multicloud day two operations dashboard. >>Hi, thank you, John. Hi, Ben Kat. Thank you very much for the introduction. Um, basically our interaction is collaborative and we're great team partners, and we work well with, with multicloud often and, and have been partners working together for quite some time and solutioning products for our clients. >>Great. Vinca you want to chime in as well and share some color commentary on, um, your partners value? >>Sure. Thanks Justin. So, uh, so green pages, uh, they offer cloud services and a whole suite of solutions to their customers. Some of the customers are ranging from fortune a hundred enterprises, uh, to a wide variety of customers. Perhaps we can actually switch over to a slide deck here, but Candace, if you're up for it, maybe we can walk through a liberal green pages and solutions that you've implemented. We can talk from the customer point of view, which we think would be more beneficial to our audience as well. >>Yes. Thank you. That's very helpful. Um, again, my name is Candice Hendrix and I'm a delivery architect here at green pages technology solutions. And what I'd like to do is share a few examples of collaboration that we have achieved through our partnership with Moni cloud first to give a better history of green pages we've been in business since 1992, we maintain a wide range of customer base, um, approximately 500 different, uh, customers and all different workflows from insurance to government to, um, um, manufacturing and the such. We've also made the CRN tech elite two 50 less for, uh, sense its inception in 2011. And basically what that is, is it's all of the companies and, or the top 250 companies in the U S and Canada, having the highest level of experience top of their game, maintaining the highest levels of training and certifications. We also offer managed services, support, professional services, cloud readiness assessments, and migrations, as well as growing a CSP or cloud service provider today, I would like to highlight a few innovative projects that we've executed with multicloud is our partner for AWS compliance needs as well as, um, AWS Dr. >>So this slide first outlines a business scenario that we dealt with with one of our clients to address cost security compliance standardization across a global AWS environment. And the challenge with this was that we experienced was the complexity of the cloud environment and the size of the environment and how can they stay compliant, optimize costs and scale the outcome with the teamwork of Mani cloud and green pages, we were able to achieve all the facets of the challenge, also enabling and, and creating what we coined it, the compliance bot and what that provided was a platform to easily parameterize some of the, um, options such as configurable schedules, configurable target servers, departments, um, options to choose between automated and manual remediation processes in compliance ability to choose whether that remediation process also, uh, auto reboots versus approval based reboots on, um, infrastructure or resources integrations into a Slack channel for manual remediation approval process, as well as daily noncompliance reporting the compliance bot also can ensure proper patching necessary agents required software versions and resources, um, that they maintain compliance through the use of tagging Lambda functions, AWS fleet manager, AWS config, and AWS CloudWatch. >>Uh, another, um, opportunity we've had to work with, um, Moni cloud in this use case, the scenario that the green pages customer needed to solve was the automation of Dr to address the requirement of an entire AWS regional failure within requirements was a RTO of four hours and an RPO of less than one minute uncertain ESE, two instances. So the challenge that we had was to develop this solution with only the use of AWS native services meeting the required RTO and RPO with no custom tooling integration. So with mighty clouds assistance and teamwork, what we were able to achieve is what we now refer to as the Dr. Bot, we solution the automation to replicate everything from their production, uh, environment in AWS to the Dr. Region in AWS, such as subnets, um, IP cider ranges, LAN IP addresses, security groups, load balancers, and all associated configuration settings. >>So with the pilot light scripting that runs daily through a Lambda function, we can manage those Delta copies into the Dr production or the Dr. Region from production and address any changes that may occur in the production environment to meet the RPO. What we used is cloud door, which is also a native AWS service. And we used AWS backup for the more static instances, we then created an integration to send any health alerts in the event of an AWS outage to their Slack channel. Then upon approval, um, they could kick off through a manual approval process. They could kick off and execute an end to end fail over from production to an AWS region and to their Dr. Region in AWS, both the compliance spot and the Dr. Bot automations can be ported and variabilize for any AWS environment. We welcome the opportunity to discuss this further and assist you in your cloud journey. I hope this explain some of the great innovation that we've been able to work with money cloud on. Thanks, Ben Capra, allowing me to speak and back to you. >>Thank you, Candace. This is fantastic. John Lassie Seesaw, right? The challenge with cloud operations is there's a lot of moving parts and, uh, visibility, compliance, security, uh, you know, all of that. Typically customers have to write custom code or integrate ten-plus tools, suddenly what, you know, customers we're seeing they're spinning up their own cloud operating teams. They're spinning up their own homegrown cloud operations model, which in invariably results in more attacks, symptoms of maintenance tasks, our platform can do all of this abstract, the complexity, and put this kind of automation within the reach of customers who are trying to transform their it departments by clicking away. That's the attack that we built on top. >>Yeah, I think that's a great example. I think Candace highlights some of the things we were talking about last time around intelligent applications, meeting, intelligent infrastructure, and to your point about operations, this comes up huge all the time in every conversation we're in and we're seeing it in the marketplace where there's a new operational model developing in real time. You're seeing people, um, homegrown ops, transforming ops. I mean, there's new roles and responsibilities are emerging and that's just the nature of the beast right now. This is kind of the new normal that it's not your traditional ops model. It's transitioning to a new, new way. This is a great example. Um, you see that the same way? >>Well, that's a, that's a great description, John you're right. That is the model that is evolving that, uh, once, um, that demands more from it teams and on the runway that is shrinking to transform and the cloud surface, it has grown how that's exactly where the becoming to help. And, uh, uh, we did do a little bit of a deep dive into what the platform does today to talk to our audience so that they can get this value. Thank you for that. Uh, you know, uh, depth in diving, happy to chat a little bit more if you'd like about, uh, where customers could go and that they can get started. >>Yeah. Looking forward to it. Vanco. Thanks for coming on, Candace. Thank you very much for sharing. Um, green pages. Congratulations. Love the Dr. Bot. That's phenomenal. I mean, I w I want a cube bottom. You're just doing these interviews is boss, but I'm looking forward to having a follow on conversation vanco. We're going to certainly see you out on the internet on Twitter. Um, maybe get you on our clubhouse, uh, chats, a lot of action out there. A lot of people talking about this, and you're seeing things from observability to new kinds of monitoring, to modern application development techniques that are just evolving in real time. So day two is here. Thanks for sharing. >>Looking forward, John, and, uh, where customers could go to is they could go to montclair.com today. They could get started in just a few place. We have a free version on the platform. They can activate this account in 10 months. They now have the power of the automation that we've built, and they can start taking control of the cloud operations in about 10 minutes. So we encourage persons to go find some free monitor.com and thank you candidates for taking the time, uh, uh, does it's fantastic that we'll be able to go solve some problems together. >>Mazi cloud turning teams into cloud powerhouses. That's their slogan. Check them out. I'm John Farrar with the cube. Thanks for watching.

>> From around the globe, it's theCUBE with coverage of KubeCon and CloudNativeCon Europe 2020, Virtual. Brought to you by Red Hat, The Cloud Native Computing Foundation and Ecosystem partners. >> Welcome back, I'm Stu Miniman and this is CUBEs coverage of KubeCon CloudNativeCon 2020 in Europe, the virtual edition and of course one of the things we love when we come to these conferences is to get to the actual practitioners, understanding how they're using the various technologies especially here at the CNCF show, so many projects, lots of things changing and really excited. We're going to talk about security in a slightly different way than we often do on theCUBE so happy to welcome to the program from Sera4 I have Jeff Klink who's the Vice President of Engineering and Cloud. Jeff, thanks so much for joining us. >> Thanks too, thanks for having me. >> All right so I teed you up there, give us if you could just a quick thumbnail on Sera4, what your company does and then your role there. >> Absolutely so we're a physical hardware product addressing the telco markets, utility space, all of those so we kind of differentiate herself as a Bluetooth lock for that higher end space, the highest security market where digital encryption is really an absolute must. So we have a few products including our physical lock here, this is a physical padlock, it is where door locks and controllers that all operate over the Bluetooth protocol and that people can just use simply through their mobile phones and operate at the enterprise level. >> Yeah, I'm guessing it's a little bit more expensive than the the padlock I have on my shed which is getting a little rusty and needs a little work but it probably not quite what I'm looking for but you have Cloud, you know, in your title so give us if you could a little bit you know, what the underlying technology that you're responsible for and you know, I understand you've rolled out Kubernetes over the last couple of years, kind of set us up with what were the challenges you were facing before you started using that? >> Absolutely so Stu We've grown over the last five years really as a company like in leaps and bounds and part of that has been the scalability concern and where we go with that, you know, originally starting in the virtual machine space and, you know, original some small customers in telco as we build up the locks and eventually we knew that scalability was really a concern for us, we needed to address that pretty quickly. So as we started to build out our data center space and in this market it's a bit different than your shed locks. Bluetooth locks are kind of everywhere now, they're in logistics, they're on your home and you actually see a lot of compromises these days actually happening on those kind of locks, the home security locks, they're not built for rattling and banging and all that kind of pieces that you would expect in a telco or utility market and in the nuclear space or so you really don't want to lock that, you know, when it's dropped or bang the boat immediately begins to kind of fall apart in your hands and two you're going to expect a different type of security much like you'd see in your SSH certificates, you know, a digital key certificate that arrives there. So in our as we grew up through that piece Kubernetes became a pretty big player for us to try to deal with some of the scale and also to try to deal with some of the sovereignty pieces you don't see in your shed locks. The data sovereignty meeting in your country or as close to you as possible to try to keep that data with the telco, with the utility and kind of in country or in continent with you as well. That was a big challenge for us right off the bat. >> Yeah, you know Jeff absolutely, I have some background from the telco space obviously, there's very rigorous certifications, there's lots of environments that I need to fit into. I want to poke at a word that you mentioned, scale. So scale means lots of things to lots of different people, this year at the KubeCon CloudNativeCon show, one of the scale pieces we're talking about is edge just getting to lots of different locations as opposed to when people first thought about, you know, scale of containers and the like, it was like, do I need to be like Google? Do I have to have that much a scale? Of course, there is only one Google and there's only a handful of companies that need that kind of scale, what was it from your standpoint, is it you know, the latency of all of these devices, is it you know, just the pure number of devices, the number of locations, what was what was the scale limiting factor that you were seeing? >> It's a bit of both in two things, one it was a scale as we brought new customers on, there were extra databases, there was extra identity services, you know, the more locks we sold and the more telcos we sold too suddenly what we started finding is that we needed all these virtual machines and sources in some way to tie them together and the natural piece to those is start to build shared services like SSO and single sign on was a huge driver for us of how do we unite these spaces where they may have maintenance technicians in that space that work for two different telcos. Hey, tower one is down could you please use this padlock on this gate and then this padlock on this cabinet in order to fix it. So that kind of scale immediately showed us, we started to see email addresses or other on two different places and say, well, it might need access into this carrier site because some other carrier has a equipment on that site as well. So the scale started to pick up pretty quickly as well as the space where they started to unite together in a way that we said, well, we kind of have to scale to parts, not only the individuals databases and servers and identity and the storage of their web service data but also we had to unite them in a way that was GDPR compliant and compliant with a bunch of other regulations to say, how do we get these pieces together. So that's where we kind of started to tick the boxes to say in North America, in Latin America, South America we need centralized services but we need some central tie back mechanism as well to start to deal with scale. And the scale came when it went from Let's sell 1000 locks to, by the way, the carrier wants 8000 locks in the next coming months. That's a real scalability concern right off the bat, especially when you start to think of all the people going along with those locks in space as well. So that's the that's the kind of first piece we had to address and single sign on was the head of that for us. >> Excellent, well you know, today when we talk about how do i do container orchestration Kubernetes of course, is the first word that comes to mind, can you bring us back though, how did you end up with Kubernetes, were there other solutions you you looked at when you made your decision? What were your kind of key criteria? How did you choose what partners and vendors you ended up working with? >> So the first piece was is that we all had a lot of VM backgrounds, we had some good DevOps backgrounds as well but nobody was yet into the the container space heavily and so what we looked at originally was Docker swarm, it became our desktop, our daily, our working environment so we knew we were working towards microservices but then immediately this problem emerged that reminded me of say 10, 15 years ago, HD DVD versus Blu-ray and I thought about it as simply as that, these two are fantastic technologies, they're kind of competing in this space, Docker Compose was huge, Docker Hub was growing and growing and we kind of said you got to kind of pick a bucket and go with it and figure out who has the best backing between them, you know from a security policy, from a usage and size and scalability perspective, we knew we would scale this pretty quickly so we started to look at the DevOps and the tooling set to say, scale up by one or scale up by 10, is it doable? Infrastructure as code as well, what could I codify against the best? And as we started looking at those Kubernetes took a pretty quick change for us and actually the first piece of tooling that we looked at was Rancher, we said well there's a lot to learn the Kubernetes space and the Rancher team, they were growing like crazy and they were actually really, really good inside some of their slack channels and some of their groups but they said, reach out, we'll help you even as a free tier, you know and kind of grow our trust in you and you know, vice versa and develop that relationship and so that was our first major relationship was with Rancher and that grew our love for Kubernetes because it took away that first edge of what am i staring at here, it looks like Docker swarm, they put a UI on it, they put some lipstick on it and really helped us get through that first hurdle a couple years ago. >> Well, it's a common pattern that we see in this ecosystem that you know, open source, you try it, you get comfortable with it, you get engaged and then when it makes sense to roll it into production and really start scaling out, that's when you can really formalize those relationships so bring us through the project if you will. You know, how many applications were you starting with? What was the timeline? How many people were involved? Were there, you know, the training or organizational changes, you know, bring us through under the first bits of the project. >> Sure, absolutely. So, like anything it was a series of VMs, we had some VM that were load balanced for databases in the back and protected, we had some manual firewalls through our cloud provider as well but that was kind of the edge of it. You had your web services, your database services and another tier segregated by firewalls, we were operating at a single DCs. As we started to expand into Europe from the North America, Latin America base and as well as Africa, we said this has got to kind of stop. We have a lot of Vms, a lot of machines and so a parallel effort went underway to actually develop some of the new microservices and at first glance was our proxies, our ingresses, our gateways and then our identity service and SSL would be that unifying factor. We honestly knew that moving to Kubernetes in small steps probably wasn't going to be an easy task for us but moving the majority of services over to Kubernetes and then leaving some legacy ones in VM was definitely the right approach for us because now we're dealing with ingressing around the world. Now we're dealing with security of the main core stacks, that was kind of our hardcore focus is to say, secure the stacks up front, ingress from everywhere in the world through like an Anycast Technology and then the gateways will handle that and proxy across the globe and we'll build up from there exactly as we did today. So that was kind of the key for us is that we did develop our micro services, our identity services for SSO, our gateways and then our web services were all developed in containers to start and then we started looking at complimentary pieces like email notification mechanisms, text notification, any of those that could be containerized later, which is dealt with a single one off restful services were moved at a later date. All right. >> So Jeff, yeah absolutely. What to understand, okay, we went through all this technology, we did all these various pieces, what does this mean to your your business projects? So you talked about I need to roll out 8000 devices, is that happening faster? Is it you know, what's the actual business impact of this technology that you've rolled out? >> So here's the key part and here's a differentiator for us is we have two major areas we differentiate in and the first one is asymmetric cryptography. We do own the patents for that one so we know our communication is secure, even when we're lying over Bluetooth. So that's kind of the biggest and foremost one is that how do we communicate with the locks on how do we ensure we can all the time. Two is offline access, some of the major players don't have offline access, which means you can download your keys and assign your keys, go off site do a site to a nuclear bunker wherever it may be and we communicate directly with the lock itself. Our core technology is in the embedded controllers in the lock so that's kind of our key piece and then the lock is a housing around it, it's the mechanical mechanism to it all. So knowing that we had offline technology really nailed down allowed us to do what many called the blue-green approach, which is we're going down for four hours, heads up everybody globally we really need to make this transition but the transition was easy to make with our players, you know, these enterprise spaces and we say we're moving to Kubernetes. It's something where it's kind of a badge of honor to them and they're saying these guys, you know, they really know what they're doing. They've got Kubernetes on the back end, some we needed to explain it to but as soon as they started to hear the words Docker and Kubernetes they just said, wow, this guys are serious about enterprise, we're serious about addressing it and not only that they're forefront of other technologies. I think that's part of our security plan, we use asymmetric encryption, we don't use the Bluetooth security protocol so every time that's compromised, we're not compromised and it's a badge of honor we were much alongside the Kubernetes. >> Alright, Jeff the thing that we're hearing from a lot of companies out there is that that transition that you're going through from VMs to containerization I heard you say that you've got a DevOps practice in there, there's some skill set challenges, there's some training pieces, there's often, you know, maybe a bump or two in the road, I'm sure your project went completely smoothly but what can you share about, you know, the personnel skill sets, any lessons learned along the way that might help others? >> There was a ton. Rancher took that first edge off of us, you know, cube-cuddle, get things up, get things going, RKE in the Rancher space so the Rancher Kubernetes engine, they were kind of that first piece to say how do I get this engine up and going and then I'll work back and take away some of the UI elements and do it myself, from scheduling and making sure that nodes came up to understanding a deployment versus a DaemonSet, that first UI as we moved from like a Docker swarm environment to the the Rancher environment was really kind of key for us to say, I know what these volumes are, I know the networking and I all know these pieces but I don't know how to put core DNS in and start to get them to connect and all of those aspects and so that's where the UI part really took over. We had guys that were good on DevOps, we had guys are like, hey how do I hook it up to a back end and when you have those UI, those clicks like your pod security policy on or off, it's incredible. You turn it on fine, turn on the pod security policy and then from there, we'll either use the UI or we'll go deeper as we get the skill sets to do that so it gave us some really good assurances right off the bat. There were some technologies we really had to learn fast, we had to learn the cube-cuddle command line, we had to learn Helm, new infrastructure pieces with Terraform as well, those are kind of like our back end now. Those are our repeatability aspects that we can kind of get going with. So those are kind of our cores now is it's a Rancher every day, it's cube-cuddle from our command lines to kind of do those, Terraform to make sure we're doing the same thing but those are all practices we, you know, we cut our teeth with Rancher, we looked at the configs that are generated and said, alright, that's actually pretty good configure, you know, maybe there's a team to tolerance or a tweak we could make there but we kind of work backwards that way to have them give us some best practices and then verify those. >> So the space you're in, you have companies that rely on what you do. Security is so important, if you talk about telecommunications, you know, many of the other environments they have, you know, rigid requirements. I want to get to your understanding from you, you're using some open source tools, you've been working with startups, one of your suppliers Rancher was just acquired by SUSE, how's that relationship between you know, this ecosystem? Is that something that is there any concerns from your end user clients and what are your own comfort level with the moves and changes that are happening? >> Having gone through acquisitions myself and knowing the SUSE team pretty well, I'd say actually it's a great thing to know that the startups are funded in a great source. It's great to hear internally, externally their marketing departments are growing but you never know if a startup is growing or not. Knowing this acquisitions taking place actually gives me a lot of security. The team there was healthy, they were growing all the time but sometimes that can just be a face on a company and just talking to the internals candidly as they've always done with us, it's been amazing. So I think that's a great part knowing that there's some great open source texts, Helm Kubernetes as well that have great backers towards them, it's nice to see part of the ecosystem getting back as well in a healthy way rather than a, you know, here's $10,000 Platinum sponsorship. To see them getting the backing from an open source company, I can't say enough for. >> All right, Jeff how about what's going forward from you, what projects you're looking at or what what additions to what you've already done are you looking at doing down the road? >> Absolutely. So the big thing for us is that we've expanded pretty dramatically across the world now. As we started to expand into South Africa, we've expanded into Asia as well so managing these things remotely has been great but we've also started to begin to see some latencies where we're, you know, heading back to our etcd clusters or we're starting to see little cracks and pieces here in some of our QA environment. So part of this is actually the introduction and we started looking into the fog and the edge compute. Security is one of these games where we try to hold the security as core and as tight as you can but trying to get them the best user experience especially in South Africa and serving them from either Europe or Asia, we're trying to move into those data centers and region as well, to provide the sovereignty, to provide the security but it's about latency as well. When I opened my phone to download my digital keys I want that to be quick, I want the administrators to assign quickly but also still giving them that aspect to say I could store this in the edge, I could keep it secure and I could make sure that you still have it, that's where it's a bit different than the standard web experience to say no problem let's put a PNG as close as possible to you to give you that experience, we're putting digital certificates and keys as close as possible to people as well so that's kind of our next generation of the devices as we upgrade these pieces. >> Yeah, there was a line that stuck with me a few years ago, if you look at edge computing, if you look at IoT, the security just surface area is just expanding by orders or magnitude so that just leaves, you know, big challenges that everyone needs to deal with. >> Exactly, yep. >> All right, give us the final word if you would, you know, final lessons learned, you know, you're talking to your peers here in the hallways, virtually of the show. Now that you've gone through all of this, is there anything that you say, boy I wish I had known this it would have been this good or I might have accelerated things or which things, hey I wish I pulled these people or done something a little bit differently. >> Yep, there's a couple actually a big parts right off the bat and one, we started with databases and containers, followed the advice of everyone out there either do managed services or on standalone boxes themselves. That was something we cut our teeth on over a period of time and we really struggled with it, those databases and containers they really perform as poorly as you think they might, you can't get the constraints on those guys, that's one of them. Two we are a global company so we operate in a lot of major geographies now and ETC has been a big deal for us. We tried to pull our ETC clusters farther apart for better resiliency, no matter how much we tweak and play with that thing, keep those things in a region, keep them in separate, I guess the right word would be availability zones, keep them make redundant as possible and protect those at all costs. As we expanded we thought our best strategy would do some geographical distribution, the layout that you have in your Kubernetes cluster as you go global for hub-and-spoke versus kind of centralized clusters and pods and pieces like that, look it over with a with an expert in Kubernetes, talk to them talk about latencies and measure that stuff regularly. That is stuff that kind of tore us apart early in proof of concept and something we had to learn from very quickly, whether it'll be hub-and-spoke and centralize ETC and control planes and then workers abroad or we could spread the ETC and control planes a little more, that's a strategy that needs to be played with if you're not just in North America, South America, Europe, Asia, those are my two biggest pieces because those are our big performance killers as well as discovering PSP, Pod Security Policies early. Get those in, lock it down, get your environments out of route out of, you know, Port 80 things like that on the security space, those are just your basic housecleaning items to make sure that your latency is low, your performances are high and your security's as tight as you can make it. >> Wonderful, well, Jeff thank you so much for sharing Sera4 for story, congratulations to you and your team and wish you the best luck going forward with your initiatives. >> Absolutely, thanks so much Stu. >> All right, thank you for watching. I'm Stu Miniman and thank you for watching theCUBE. (soft music)

(upbeat music) >> Narrator: Live, from Silicon Valley. It's the Cube. Covering Google Cloud X17. >> Okay welcome back, everyone. We are live in Palo Alto for two days of coverage of Google Next 2017. I'm John Furrier, we're here with Tom Kemp, CEO of Centrify. No longer a startup, they're scaling up. You guys do it very well. Tom, great to see you. Welcome to the Cube. >> Great to be here. >> Saw you at RSA, you guys had an exceptional event. One Presence to show, obviously a security show, you're in the security business. But also mobile world congress will try to get you on again security's hot, front and center at mobile world congress. >> Yeah. >> Security is front and center at Google Cloud Next. Security is front and center at blank event. It's happening everywhere right? So give us the update. What is Centrify, obviously the "No Breach" is your tagline. What's up with Centrify? Give us a quick update on what you're up to. >> Yeah, absolutely. So we're a security company focused, as you said, on identity. And we really address the issue of too many passwords and too much privilege. The fundamental issue that's happening within security, is like 75 billion dollars is being spent on it, it's one of the fastest growing market segments, but it's failing because the breaches are far outnumbering, and growing at a faster rate, than the amount of money being spent on that. And so, we're trying to rethink security by looking at where are the breaches are coming from, and they're coming in from, like in the case of Podesta, stealing usernames and passwords. And Verizon said two thirds of breaches involve stolen credentials. And Forrester just recently said that 80 percent of breaches involve the compromise of privileged accounts, the rude accounts for the infrastructure etc. So if two thirds, to 80 percent of breaches involve identity, we fundamentally believe you need to focus a lot more on that, and that's what we're all about. Focusing on identity. >> And what is this? Is this a new revelation, or is this something that you guys have felt was happening for a long time, or has it just been the matter of fact, that's what's happening? >> You know it's, we have some great investors, and we have Excel, Mayfield, Index, Sigma now called Jex, and Square Adventures. And one of the board members told me, the markets come to you, because we've been doing this for over 10 years. And focusing on identity, and people are like, "Oh okay, that's interesting." But now, if you look at just the massive number of breaches that are occurring, and the focus that identity is the leading attack vector, and then you couple it with the whole move to the Cloud, I know we're going to be talking about what Google is doing in the Cloud, etc. It actually makes the problem even worse. And so we feel that we've been plugging along, doing and focusing on identity, and now kind of the market has come to us, because of the move to Cloud, and the hackers are going after identities. >> Yeah it's interesting, I saw a Facebook friend, I won't say his name for privacy, because I don't have the right to talk about it, he's in bitcoin, so obviously that world is an underbelly in itself. Yeah but, interesting thing is that he had two factor authentication on his phone, and someone hacked his phone and they sent the password back to his phone, all his bank accounts are gone. >> Oh my goodness. >> So this is an example of that privileged identity. So that even two factor authentication, in that case, didn't work. So you starting to see this, right? So what's the answer, and how does it relate to cloud? There's no perimeter in the cloud. Is it federated identity, is it some blocked chain thing, is there new model? What's your view on this, and how you guys attacking it specifically? >> Yeah, I mean in a world in which we're increasingly moving to the cloud, what can you secure? Like if I'm at a Starbucks in Palo Alto, on my Ipad, talking to Google apps, talking to sales force etc., I don't have any Anti Virus, I'm not using any next gen firewall, or VPN etc. So the focus needs to shift to securing the user. And you really need to start integrating, and leveraging, from a multi factor authentication biometrics as well. Use that phone, use the touch ID, to actually ensure that. And then also, in the cloud, start analyzing user behavior. And actually determine, well wait a minute, this person normally doesn't login from China, but now he's accessing the sales force, or Facebook etc. So, it's becoming, evolving more to utilizing mobile device as part of your identity, and it's also leveraging machine learning to understand what normal behavior is, and blocking abnormal behavior. >> And also using big data techniques, because your point about China is interesting. Anyone who travels might have had this situation, we go to Vegas a lot for the Cube, but like I'm in Vegas then I pull out an ATM withdrawal, next I go to use my other credit card, and it says "woah fraud alert." >> Tom: Yes. >> Well, wait a minute, I made a cell phone call, I took money out of the bank, and yet the credit card didn't know that I'm in Vegas. Now that's interesting, so conversely, China's accessing my accounts, and I'm making phone calls in Palo Alto, that should be obvious. >> Yeah. >> That just seems like it's just so disfragmented data sets. >> So historically, the definition of identity was a username, and a password. But, in a Cloud world, identity should be redefined in terms of your applications, your device, your location, and your activity. So, if you are trying to access an app from China, it should ask you for four or five additional bits of information, instead of two factors, it should be multi-factor, and it should include biometrics as well. So, machine learning is this going to become even more critical to reduce fraud, and the compromise of credentials. >> So, let's talk about google next. Because one of the things that, I mean really we know Google, we're living in Palo Alto, they're all around us, they're in Mountain View, Larry Page lives in the hood here. Google has always been a technology innovator, and it's clear that that's the lead for their Cloud. But the enterprise, which they're by the way serious, Dian Green is very serious with enterprise, they're just starting to move down that road. You've been there for awhile, on mobile, and in the enterprise, what is some of the things that people should know about on how hard it is in the enterprise? Specifically with Cloud, what is some of the things that you see as table stakes? >> Yeah, it's actually having meat eating sales reps out in the field. Not relying on some person who's-- >> John: Some bot. >> Yeah some bot, or some 20 year old calling from Austin, or Mountain View, but it's actually having someone there, with a technical architect, that can hop on a subway, or be there within a half hour to spend some quality time. >> John: And strategic selling too right? >> Exactly. Because they have a challenge, which is they're competing with both Microsoft and Amazon. And obviously Microsoft has the enterprise people, and Amazon is really ramping up in that area. And I think that, so you can throw the technology, but enterprise accounts want to be able to have a conversation face to face, more so than executive coming out and having a dinner with someone. >> Take me through a sales motion, because this is important. You and I have talked about this in the past, and Dave Loth and I always talk about it on the Cube. And it used to be well known in the VC circles, that sales forces are expensive because the sales motions are different. What is the typical sales motion for an enterprise like Sell. Because it's not as simple as saying, "self service, Cloud, put your credit card down," and get you know, Cooper and Eddy's support, terminal access, static IP's, virtual servers, oh by the way I got a support DB2 as well. A non Oracle database, or Oracle. >> Well, look I mean, it's very easy to have that bite over the web for when you start a developer for a new application. And Amazon's done a great job at that, Microsoft's getting there as well. So if you really want the existing applications to move to the Cloud, you have to sit down and have conversations about a hybrid Cloud environment. Because people will have on premise active directory, they'll have a set of security policies, etc. And so the conversation needs to be had, is like how do you bridge on premise, with the Cloud as well, and make that heterogeneous environment look and feel and smell like it's homogeneous from authentication, authorization, audit perspective, compliance perspective, etc. So you certainly need to first and foremost be able to put architects out there, have that conversation, etc. And you just can't rely too much on partners. And I think from there service level agreements, and then also showing that your Cloud platform is incredibly secure as well. >> Yeah I would agree, I would just say one, on the meat eating sales rep, basically what that means people understand the domain, with an architect technically that's going to SC, and then you have to really kind of have an understanding that there's a multiple stakeholder role. One's a recommender, one's an influencer, one's a decision maker, and it is a campaign. It's a multi pronged campaign. >> Yeah you have to think-- >> John: Know their problems, give them a solution, value creation. >> Absolutely. >> John: Value selling. >> Because there's just a level of complexity. And again I'm not saying that Google for new projects, with the current sales motion, can't bring on an app, and maybe that app leverages their machine learning, which seems to be world class right? >> TensorFlow's getting great traction, Intel's building chips for that as well. >> Yeah. >> Google owns a great developer mind share, and I think they've really cracked the code on open source, and they have great empathy with the developers, we were talking about with Val earlier. But with operationally I just see a disconnect. And Amazon's quietly ramping up too, they're no spring chicken either when it comes to direct selling, but they're been working more years on that. >> And I think you seen the word Hybrid Cloud, and I know you spent time with the folks at Vmware, talking about the relationship with Ama... That's all about the Hybrid Cloud, which people need, the enterprises need a bridge and on ramp. And I think, from our perspective- >> Vmware is very solid with Gelsinger and their sales force. They're very, >> Yeah absolutely. >> Very strong with enterprise selling. >> And that's what we focus, cause we initially started on premise, we tied things in to active directory for example, but now we have a Cloud platform, and we advertise and promote ourselves as addressing identity for the Hybrid environment, and providing the bridge between the two, and I think that's critical. >> Now do you guys have an enterprise sales force, right? >> Absolutely. >> So you've invested in that, over ten years? >> Oh yeah, absolutely. So we have over 60 percent of the Fortune 50, and 80 percent of our sales comes from the Global 2000. We've grown, we're over 100 million in sales, so we're in there having that conversation with enterprises all the time. >> So Tom, so we know Diane Green lives in the neighborhood, so let's pretend she calls us up, "Hey Tom, John, come over. "We'll have a cocktail, and dinner. "I need your advice on how to ramp up my enterprise, "operational empathy, and strategy." What would we advise her? What would you advise her, I have my own opinion. But go to you first. >> I really think and focus on, obviously use the machine learning as a key wedge for new applications, but really focus on the concept of Hybrid. And she mastered going from physical to virtual. Now, everyone's virtualized, and so she needs to figure out how I can get virtual to Cloud, V to C, right? And have the people, and have the conversation, and provide bridging technologies as well. So I think that is going to require, not just purely Cloud based stuff, but it's going to probably provide, she's going to need, either through partnerships, or developer stuff. >> Or M and A. >> Or M and A, she's going to have to build connectors, to help facilitate the bridging, because she can go after definitely the 20 percent of the new stuff, but if you want to attack the 80 percent of the existing stuff, and she did a masterful job of going physical to virtual-- >> At VMware. >> At VMware, and now her challenge is to go V to C. Virtual to Cloud. >> So my advice, Diane if you're watching, is the following: One, don't screw up the Google formula. And I know she's transforming Google, and that's a good thing, they need that right now. But I think, what I like about what I'm seeing at Google Next right now is that they have great technology chops. In kind of the Google, pat themselves on the back kind of way, which is they got mojo, they've always had great technology mojo, and that comes down from the founder. So the machine learning stuff, the AI, the stuff that they're doing in their portfolio has, I call the coolness-relevant factor on the tech. What I would do, is I would specifically nurture that, cause she's also a good knack for doing innovative things, and she's very innovative manager, and I've seen that at Vmware, and other places that she's been advising. So she's got a knack for, "Ahh that's cool, look we should do that cool technology "that's going to have legs in the future." So she's got a good sage picking out the technology. I would do an M and A. I would just stop expanding the existing Google culture relative to that sales motions and the enterpriseness, and just go buy somebody. Spend the billion dollars, or more, take someone out whose got full global, regional sales force, why not? Because then those guys already have the relationships, so the buy, build, to the sales force might take too long. I'm not sure that they could get there. I mean, what do you think about that? >> Yeah I think it's, I think they've been public about it. I think they have to invest in their own, but I do think that M and A, I mean they're number three, and they got to do something. Clearly the machine learning AI stuff is going to be huge. We're actually very impressed, I got emails from the folks at the show, about this whole video stuff, in terms of their ability to use the machine learning, and AI to interpret video, which is pretty impressive. But again that's going to be more for a vertical. Or a specific type of application. And so I think they're going to need to do a combination . >> Here's the thing that I'm seeing though. There's a speed of Google, and there's a speed of enterprise. They might have to throttle down, I don't want to say dumb down, that's particularly not the issue, it's more of throttle down the cadence of what enterprises are comfortable with. For example, SLA's, their SLA's are a little bit gray area, but they're awesome on, "hey it only costs X dollars, "import this great data and crunch all this stuff." So they've got great pricing. >> They need to master, Diane did a masterful job of like, overnight she had a utility that could go P to V, and you flipped it up, and everything just magically worked. And they need to prove that they can forklift the applications, with minimal to no changes, and things magically work. And that requires a bunch of software partnership technology, that it's like flipping a switch to go the Cloud. And if you don't like it, then you can roll it back as well. >> What's their security in position in your mind? You've done an audit, you been keeping track of it, or they're secure. Or what's the needs of the enterprise that they should be addressing for security? Well you guys have a relationship with any other booth at the event. >> Yeah absolutely, and we integrate at multiple levels as well. I think they're doing a pretty good job, I think that other vendors like Microsoft are really more heavily investing in areas that we're in, such as identity, so Microsoft has basically replicated the playbook with active directory, and they have something called Azure AD, and so Google doesn't have anything that's equivalent. That's good for us, that actually leads to opportunities, but they could do more in the areas of identity. I think if you look at what Amazon's doing in terms of web application firewalls, and protecting applications that are being spun up in the cloud. I think those are areas that can be improved. Encryption, key management, etc. So if you look at the slide that they have where they say insecurity, I think they list three items, but then if you were to compare it to say Microsoft, or Amazon, they've got five, six, seven items right there as well. I think that there's definitely going to be needs and requirements that need to be met and addressed there. So it's good, for us. >> Well to me it's just a matter of their evolution, they can only go as fast as they can go. That's what the people that I tend to talk to don't get. They can be critical of Google, but at the end of the day they can only go so fast. >> Yeah, and also another bit of advice, is they do have a very good install base with Gsuite, formerly Google apps, but they got to do a better job of leveraging that when people try to move to infrastructure as a server-- >> I think they're taken that advice because it was clear that they're at this event, was they're showcasing a lot of the stats on Gsuite, they're also talking about the apps. And that's consistent with IBM, Oracle, and Microsoft. They're throwing in their Sass layers as part of the stack as well. That's how they can differentiate from Google. What else do they have right? >> Really it's almost like a startup company that's been around for a few years. They have their initial product, and they come out with their second product and the board members will say, "Well what's the adoption of cross selling "the new product with the existing?" And so it should be interesting to see if they can get people that bought in to the Gsuite vision, to say, "Oh okay, now I'm going to start firing up servers "on the Google Cloud platform." >> Well you bring up a good point about their Gsuite, and I mentioned Microsoft using Office 365 as an example. Oracle throws their apps into the blender, if you will. On the numbers and everything. It's interesting Wikibon research is showing that the past layers squeezing, that's a big debate in our own research team, but Gartner research that I just recently looked at from February. Basically there's a new talk about Sass, so if you start including Sass, then you got to open up the conversation to Salesforce, Adobe, and on and on and on. Because there's a Cloud service provider model out there. Linkedin's a service provider. So what is Sass, I always look at it like what's the Sass equation look like. I mean, what does Cloud really look like? >> I look at the statistics, because we address both infrastructure as a service, and software as a service as well, with our identity solutions. Clearly infrastructure as a service is a much bigger market, Sass is pretty significant, but if you add up Sass, infrastructure, and Pass, it's about 24 billionish right there. But guess what, Amazon already has over 10 of it last year. Amazon has 40 percent of the Cloud market as well. And they've proven that you don't have to have a Sass capability to be incredibly successful in the Cloud. >> Well they have their one Sass that was called Amazon.com, but they broke that out. Alright, Tom what's next for you guys at Centrify. What's on your, anything coming up, things you're working on, share some quick plug for Centrify, and the progress you're making in status? >> We've been doing this for 10 years, and we feel really good about providing basically a platform for identity. And one theme and trend that we're seeing a lot of in the security market is that buyers have security fatigue, they're so sick of dealing with point solutions, and I think that's working to our advantage, that people are looking at a vendor such as us, that can address, not only single sign up, but multi-factor authentication, privilege account management as well. So we're very much focused these days on providing a set of solutions that are all built on a platform, and just kind of filling in-- >> When you say fatigue, you mean sprawl and applications they're buying just another platform, because they do try to try everything, why wouldn't they? They're getting tired of that? >> In security you just have a lack of security knowledge. There's a huge skills gap when it comes to security. And if you have to buy a point solution to address every little bit of security, you just can't hire people, right? And then you find that you have air gaps that actually makes you less secure. And so we've over time built this platform up, and now we're really seeing that people are like, I don't have to get a standalone EMM, a standalone SSO, a standalone MFA solution, a standalone password vault solution etc. So we're very much focused on selling our platform to customers and with this whole mindset of customers wanting to consolidate vendors. Historically vendor consolidation was about buyers wanting that, but now IT people want that. And so we're really just focusing on, internally articulating how we can actually address a lot of problems that people have with too much privilege, and too many passwords. >> And you guys are expanding your sales force team? >> Oh absolutely. We've definitely hit the critical mass. We're over a hundred million sales, we're growing fast, we're cash flow positive as well. >> John: Alright, congratulations. The VC's happy. Time to go public, so what's your evaluation? Unicorn. >> No comment on that, rule 40 and all that fun stuff. We got a lot of checkboxes right there. >> I think your VC partner is right, your investor, the world is spinning towards you because if you look at the identity, and nearly everything in the digital world, whether it's Cloud, data, or packets or people. It's going to be a persona based focus. Not like, what company you work for. >> We had this huge trend of consumerization of IT, so it's really about the user. So focus on securing the user, not focusing on securing the network, because the network's gone. >> Finally, 30 years later, it's coming back to the user. It's been talked about, the passports, the digital wallet. >> Exactly. >> John: Tom Kemp, CEO of Centrify, a hot startup growing over 100 million in sales. Heard here on the Cube. Very successful company. Really have a nice approach, world's spinning towards them. Really hopefully a great solution for our security and our liberties so we don't get hacked over and over again. It's the Cube, bringing you all the coverage of Google Next, here in the studio I'm John Furrier. Be right back with more, after this short break. (resonant techno music)