(upbeat music) >> From our studios in the heart of Silicone Valley, Palo Alto, California, Nick is a Cube conversation. >> Hello, and welcome to the Palo Alto Cube Studios, I'm John Furrier, host of the Cube. We're here for great Cube conversation with Gilad Bracha who's a distinguished engineer at Shape Security, has a legacy in the programming world, one of the early folks working on Java, a variety of other great things: Small Talk, Newspeak, a variety of programming accomplishments. A legend in the industry, thanks for coming on. >> Well, thanks for having me, it's a pleasure to be here. >> You know, one of the things we always talk about on the Cube is how I work for a company, they do this, they do this great, here's our differentiator, here's our advantage, a lot of marketing speak, and then we also do a lot of interviews around disruption, around cloud computing, getting to DevOps, network effect, changes of network, moving packets around store and compute, all the benefits of cloud computing but we don't really talk about the underlying languages that are driving all the changes and this is something that you're an expert in and I want to get your thoughts on this because, you know, computer science is at an all time high. You can't go to Berkeley, you see what's going on at Berkeley, the number one major is computer science, the data classes, dreams of starting a company, but computer science is changing a lot. More people are coding but does that mean there still more computer science going on? So, a lot of people are trying to understand where the future is going to be and underneath it all is the programming languages themselves. >> Yeah, well-- >> Your thoughts on computer science and the languages out there. >> So, too much to say. But computer science is a lot, there are trends and there's a lot of emphasis now on machine learning and things like that. And it's interesting because that affects, which language you use can make these tasks a lot easier or a lot harder. And we've, you see certain languages being picked up for that purpose and new languages being done for numerical stuff like Julia, people are using R, God forbid and it's really interesting to see that. To me, it's interesting because there's a whole set of languages, the APL family of languages which really go back to the early 60s. But they're just phenomenally designed for these kind of large arrays of data for doing mathematical operations in parallel on large arrays or multi-dimensional arrays, essentially, tensors, back before that word was used in programming. And there's huge potential for doing better in terms of programming with those things. So that is one new, not new but area that's been kind of coming alive again. >> Yeah. >> That's really cool. >> You know, it's interesting, too, you bring up a point. We were talking before we came on camera about Lisp and all these other cool science out there. With, now, the advent of unlimited compute with cloud and, now, kind of new connected devices, a lot of the old science is coming back into vogue because of some of the use cases. I mean, I remember when I graduated college in the 80s, we had departments that were actually called data processing departments. And they used data processing, that's what they did, they processed data. That's the number one use case today is processing data. So, a lot of the old is coming back because it's relevant in this new era. So, I got to ask you, what is your favorite science and computer science that you think is relevant? You mentioned APL, what concepts, we TensorFlow with Google, things like that coming back, you see machine learning and AI, these are not new concepts. >> Well, some of them, I mean-- >> What's your thoughts? >> Machine learning, definitely, there have been breakthroughs in the past, I don't know, 10, 15 years and but the basis of it, the beauty of this is the basis of this is the real hardcore math in calculus and statistics, that stuff is golden and wherever it applies throughout the universe and you look at reasoning about these things and it comes up again. That's the root of it all. Making it so that you can manipulate things closer to level you can with math is really challenge for programming languages, so that you don't spend your life dealing with, sort of, irrelevant, boring details, oh, this has to be lowercase, that has to be tab, this tool doesn't work on that operating system. Most of our effort as software engineers goes, we're dealing with junk, really, and we should try and abstract over that and get over that. >> What are some of the exciting things that get you excited for programming language because there's a lot more excitement, a lot more opportunities now; you're seeing you can stand up software very quickly these days, and so there's some really quick and dirty ways to get software written with languages. Some want more principle-based design languages that have all the integrated components. What's the trade-off, what are some of the things you like around the new trends? >> So I'll give you something that meets both of the criteria that is both very principled but actually makes it much easier to put something together. One of my favorite new things that have come in the past few years is a thing called Elm which is a language, essentially, the main application, so far, has been to build websites, essentially, UI that's targeting a website but it is a functional programming language but it is much more approachable than the traditional academic stuff, even though the ideas are basically the same, but they're very well engineered. Actually, better engineered in many respects than a lot of the traditional stuff that you see like the Haskells and OCamls and stuff. And it started for the web, so it's a different game but it's a joy to use, it has great error messages, it has a time traveling debugger which is one of my favorite hobby horses, so you can actually go back and roll the computation back to where a problem occurred. And that, kind of, is interesting because it meets both of those points. >> Talk about this live programming, you mentioned rolling back and this is around live programming. >> Yeah. >> This is an exciting area. >> Oh, yeah. >> Your thoughts on live programming because we're seeing collaboration where I can have a screen open. I saw a demo at Amazon Reinvent last year or year before where people can be in different parts of the world or different offices in the same building and coding the same, I get the collaboration piece but there's also live programming languages that have built-in compile that's changing the old ways of debugging. Your thoughts. >> Right, so, definitely, that is something that people who have a heritage in small talk or Lisp, kind of, remember those systems or, if they're very lucky, still get to use them. And the thing is that most program languages don't have that level of interactivity when you work with them as a developer because there is too much of a feedback loop between when you actually specify what you want to happen by writing code and when you actually see what actually happen when you run your code and it typically doesn't do remotely what you wanted it to. That feedback loop is too long 'cause you have to go through compiles and bills and whatever, and the idea of live programming is to shorten that so that you, ideally, instantly see you change something and you can see the output and the output gets changed accordingly and you don't have to wait and, in particular, you don't have to go and rerun your program, get to the same point where you were, especially when you're debugging, right? That's the beauty of fix and continue debugging which is sort of a small but important piece of live programming where you can basically go and change a function and, immediately, proceed with the computation. You don't have to restart, you don't have to get to where you were, recreate the state, make sure the heap is in the same thing and that just, A, it's productive, it saves time. It's just a joy to watch and play with this thing, it's much more tactile, you actually feel-- >> It's faster, too, you don't have to, all the steps involved, classic debugging, restart, do it all over again. >> It's faster and it's less error prone 'cause those steps, you make mistakes, you went through all these steps and you forgot one thing or whatever or you did something wrong and didn't notice and you chased some, you know, went on a wild goose chase trying to figure out a bug, so it really is a huge H to product, a huge help to productivity and it's just so much fun to work with these systems. >> Well, I got to get this question for you while you're here because I get this question all the time and it's common. A lot of the young kids want to program, they see the future, they know that coding is a good skill to have. What's your advice to parents out there or kids, whether they're in elementary, or high school, or college, that might have a focus on, say, you know, I'm a neuroscience major or I'm doing this but I want to learn how to code? What's your advice for how to learn how to code because I've seen, oh, learn Java, I'm like, okay-- >> God, no. >> Not really my first choice. >> Eat spinach. Do 50 push-ups. No, it's not that comfortable. >> No, no. >> Java's not my first choice for recomm-- >> It's also 50 push-ups and spinach are better for you. Java is actually possibly damaging, at an early age, you should not be doing that. >> Doing Java, in particular? >> No, no. >> Why is that, it's just too complex? >> Because it's a lot of irrelevant boiler plate. It's a lot of stuff that should've been obsolete before and will be obsolete by the time you, hopefully, get to work for real and it's painful and if you aren't really into it, it'll just turn you off of the whole field. >> What's going to get someone excited, is it Elm, is it gaming, is it some sort of-- >> Yeah, so, Elm is good because you can run it, you don't need much setup, you can run in a web browser. I'm a Smalltalker and I still love the Smalltalk systems and they're still, overall, is a complete programming experience, they're still unmatched. Except for list machines which are kind of hard to come by. And so, I'd focus on those-- >> People tend to talk about Python, they talk about some of these languages. If someone's going to tinker around, what's going to be the addictive, if someone's going to-- >> So, people get addicted to all kinds of things but I would-- >> In terms of a good-- >> I tend to avoid the mainstream. People tend to latch on to the mainstream because they think it's a good career move or whatever. My advice is, you get good, learn the fundamentals in the cleanest way possible, then the mainstream stuff will be easy, rather than focusing on it, 'cause there's so much irrelevant detail in those systems and the programming experience is not that great. So, try something a little less meaty, closure is a lisp that you can use and there's closure script as a version that runs on the web. Try Elm. Try Smalltalk. >> And all these languages, they can actually produce something of value? >> Yeah, they can definitely, I think, still 70% of the world's container traffic is still run by a Smalltalk application. >> Really, I did not know that. >> Yeah, well, few people do. In Smalltalk, you find that that sort of heyday, in some sense, for commercial applications was in the 90s or 80s, whatever, but replacing those applications, a typical story is, someone says, ah, we should use Java 'cause everybody's using Java and we can get lots of programmers and they spend a lot of money and the new application doesn't work 'cause they can't actually rebuild the thing they built in Smalltalk at any reasonable cost, at any reasonable reliability. So, there are a lot of those systems out there, Morgan Stanley's still running Capital, their Smalltalk system for managing money. So, yeah, you can certainly build things. >> Well, Gilad, I love your commentary here, so I love that you're not shy to hold back. I've got to get your thoughts on cryptocurrency and the Blockchain world. >> Oh, dear. >> A lot of different languages, you got Ethereum, you have, some say, oh, I'm going to use Linux. If you're using Java, we're going to import it in, Javascript supports it, so there's been kind of like this, every kind of crypto currency, Blockchain, has their own language for decentralized applications. Your general thoughts on this. >> So, there's a need for, to slow down and be more careful, all right. Ethereum lost God knows how much money. I've heard quotes but I don't know if it's 50 million or 150 million but a fair amount of money due to problems that were classical distributed programming problems and could have been avoided by, essentially, more careful design of language in the system. There's a pressure now to turn things out in a hurry, right? In the old days, these systems took years and years of research in their little corner and, now, everybody has to do something too fast and that hurts. And, often, it's people who don't have the expertise and the background 'cause there's lots of research on all kinds of problems and smart people get snippets of those and they don't quite know what they're doing. And I don't think there's a cure for that because the incentives are there but that's why we're seeing these problems. >> So be careful, the message is be careful. >> Be careful. >> But they're rushing, all this cash is rolling in, they got to have some language. >> Sure, as long it's not their 150 million dollars that they lost, that's fine, but someone was probably upset. >> And, by the way, the security problem was software-error based. >> Most of them are. >> So, this transitions into Shape Security where you're not working as a distinguished engineer, working on some hard problems. I know it's pretty confidential but you guys do power 200 million iOS apps, this is from the PR statement. >> Probably more by now but yeah. >> Past 24 hours, you blocked more than two billion fraudulent login attempts, two million legitimate attempts. Essentially, defending intrusion detects and seems to be the company's value properties, but I don't want to get too much into the company because you're, obviously, on the engineering side. But security from a programming language side is software and people. >> Mm-hm. >> Right, software gets bugs. >> And people make them worse. >> And people make mistakes. >> People make them worse. >> Yeah. >> This is the central process problem in security. Your thoughts in computer science. >> So, most of the time, I mean, Shape does real security and this is fascinating to me but, most of the time, I've been looking at security at the programming language level because, you know, still, I think 70% of intrusions often, not the intrusions but, basically, these big software fiasco security problems get down to array buffer overflows. Which is ridiculous 'cause this is problem that was solved decades ago. Why are we still dealing with this? That's because, you know, programming language design, the whole approach to security, access control lists, whatever, there was another approach which was capability-based. And these two grew up together in the 60 and the world, as typically, it makes the wrong choices, it takes what seems appealing in the short term and not what is sort of a more thorough thing. So, object capabilities is a really interesting way of looking at this thing. There are people working on putting some of this into Javascript so that you could use it somehow. Great work by Mark Miller and company at Agoric. I'll do a shout-out to them. So, I've usually been on that side of things, but real security, there's a lot more to it, that's just one small layer of things and, above that, there's all the humans and the multiple systems they build. The configurations, they're just mistakes, the things that happen through social engineering about which, basically, I don't know much about but I will say that making things simpler is key because that's why people make mistakes. Things are too complicated. Every piece of the system has some bunch of clever engineers who really think it through and make it really sophisticated but when you compose these, it becomes, no one understands, a thing that no one understands what's going on and we need to simplify. My work is to try to simplify at that programming language level which the typical languages people use are too complex. >> And this is really where the software always has holes in it and you just got to be on top of it and make it tight, as it were. >> Right, basically, you can't understand the consequences when you have too many moving parts, as it were, too many constructs in the programming language. The composition is endless and you can't, it's very hard to foresee how they're going to interact and what someone will come up with, eventually. Oh, you could use this to attack that. Or, this crates this bad scenario that people don't notice. And, really, there's no remedy to that. You can work and you should be careful, you should test things, you should verify, if you can, formally, but if you just try and keep it simple, clean abstractions that are very simple and composed well, you will simply avoid, by definition, most of these problems. >> Final talk track around open source. It's been well-documented that proprietary software that's funded by companies when kind of stopped and innovating, kind of, dies on the vine. Open source is great, got leverage, you get out in the open, yeah, it's great. So, open source has been growing like a weed over the past couple decades and, recently, it's been phenomenal. The open source people say, oh, security is better in open source. At the same time, you bring up the notion of language security and those programming languages. How do you see that rectifying itself? How is the security paradigm with open source going to be stabler? What do companies need to do because open source is being used everywhere. >> Open source is used everywhere for good reason but open source is not, by itself, a magic thing, right. It's still, you get problems, open source is also open to malicious contributors, to problems, and the systems are too big for, even though there are code reviews and everything, so it's a double-edged sword, in some respects and sometimes the quality just suffers. These are social organization and each one is different and they have problems, so I don't know that that is, it's good that you shine light on something, it tends to purify it, and certainly that's a great strength of open source that you cant have things buried in there that you don't know. By the same token, it is not a panacea because the other thing is someone has to fund this somehow. All the open source models have to find somewhere to keep this going. So it's a more complicated thing to pull off. >> Especially with all these appliances now, okay, which version of Linux are you running, do I review the code? How do people ensure the security know that whether it's an appliance, or a device, or phone, or anything and it doesn't have some sort of back door or security vulnerability? >> Well, backdoor, I don't-- >> Backdoor, side door. >> Or just code-- >> This is a conspiracy theory. >> Or poor code. >> Poor code, well, poor code, you know, the open source is full of poor code is the truth. And the other thing is that, one problem with the open source is it also makes it easier for people to attack it because they can see how it's engineered. So, there is a reason that secure systems tend to, actually, maintain a certain level of secrecy. So I wouldn't go overboard on the open source ideology that it's inherently more secure. It has the advantage that you can see what you're getting. It has the disadvantage that everyone, including your adversaries, can see that. >> You don't know that going in, buyer beware kind of philosophy. >> Yes. >> And so, ultimately, you need to trust, like, it always comes down to trust at some level 'cause there's no way you're going to verify the software or the hardware, the bits, the you know. You can have problems in the hardware, this is a big problem nowadays, actually, with certain vendors. I don't want to get into those political footballs but-- >> Yeah, super micro. >> Yeah, and so, you really have to see who, you do have to take a risk in who do you trust. Who has a reputation, who is responsible for things that have worked? And there are no easy answers and it's beyond my pay grade. >> Let me get your thoughts on Capital One because we know that story, as of this week and they're on an Amazon estuary bucket, firewall filtering failed, someone just stumbled into it. I mean, the person that hacked it wasn't like, probably, a famous hacker, she was bragging on Twitter and message groups like, saying, hey, I just got in. So, door's open, keys are running in the car, walked right to the safe, safe was open. >> So, I don't know anything about that incident specifically and, I mean, beyond what you and I have read on the web or somewhere-- >> That's a human error. >> But they're usually there's always, almost always human error involved. It's also why you need, sort of, it's like countermeasures, right, and counter, counter, countermeasures. You simply have to monitor, right? So that when something, when you have an intrusion, you check it, now, that's not easy but there are lots of clever things that people are doing. You can have security as an afterthought. It's really hard. That's generally the problem is that people don't think about it early enough. >> Final question before we break: What's the human problem that you see most with developers? 'Cause if humans make mistakes, which they do, what's the common mistake developers, programmers make when coding that could be avoided with just a little bit sharper focus? >> Well, it's not about focus but I'd say null pointer exceptions are the biggest, like, after array buffers, they're the other, Tony Hoare called it billion dollar mistake in 1980 in his award speech, I think. And we're talking now, it's probably a trillion dollars, right? And this is something that can be mechanically checked by the programming language and it's probably the number bang-for-a-buck feature that you might throw in. >> Just say no to null? >> Yeah. >> That's the philosophy. >> Yeah. >> Gilad, thanks for coming on the Cube, appreciate the conversation. >> Thank you very much. >> I'm John Furrier, here in Palo Alto at the Cube Studios. This has been a Cube Conversation, thanks for watching. (upbeat music)

>> From the SiliconANGLE Media Office in Boston, Massachusetts, it's theCUBE. Now, here's your host, Dave Vellante. >> Hello everyone and welcome to this week's episode of theCUBE Insights, powered by ETR. In this Breaking Analysis I want to lay out my 2020 predictions using insights gleaned from theCUBE blended with ETR spending data. You know, 2019 marked our 10th year of doing theCUBE. Over that time we've had the pleasure of covering nearly 1000 events and milestones, including the exit from the great softness of 2008 and 2009. You know theCUBE has extensively tracked a 10 year bull market. We've covered the era of data. We saw the rise and profitless prosperity of the big data and opensource Hadoop movement, where we predicted the practitioners, not vendors, would benefit the most from big data. We've covered many dozens of acquisitions including the 60 billion dollar chess move made by Michael Dell acquiring EMC, and a launch of hundreds of startups in flash, hyper-converged, big data, AI, blockchain, crypto, security and SaaS. There'll be other days to talk about theCUBE and review that, today's all about predicting the future, using spending data and insights from the thousands of interviews we've done on theCUBE. So let's get right into the ETR data and start with the high-level spending. Remember in October, ETR released its survey results and stated that we're coming out of a multiyear investment cycle in digital transformation. Enterprise IT buyers have learned what works, and on which technologies they're going to double down. They're now narrowing their investments on emerging technologies, picking those winners for the next gen tech, and at the same time, they're cutting redundancies from legacy players that they were keeping on as a hedge. Buyers are picking bundled suites from a handful of mega vendors, and solidifying their investments. We're seeing a multi-generational dynamic repeat itself, where buyers are creating a balance between the convenience of packaged offerings, i.e. bundles, and leveraging best of breed technologies to drive innovation. So on balance, the ETR data shows that a contraction in spending and tepid CIO sentiment is impacting both emerging vendors as well as traditional players, and these trends are most pronounced in the very largest organizations, which have always been the best bellwether in ETR's data sets. Let me share with you what one IT executive said recently that I think really sums up the situation quite well. He said, "ETR's findings mirror what we're doing today, "in that we spend most of 2018 bringing in "a lot of the new, core technology. "I believe what you're seeing now is not a lull in spend, "but an operationalization of what we've already purchased. "We're not spending on what's next yet, "because we're still rolling out what we just bought." This is from a VP of global IT at a large public manufacturing company, I said he, it could be a she as well. I think that she's summing it up correctly, and it reflects many of what customers on theCUBE tell us. Now, let's take a look at the macroeconomy. GDP growth is going to come in at about 2.3% this year, give or take. It's not going to hit the Trump administration's goal of 3% plus, but consumers are clearly powering steady growth. At least for now. IT spending should grow at about a point or two above GDP, so let's put that at, say, 4%. We're right in the middle of a Santa Claus rally, and the S&P is above 3200 today. Tech has been a powerful tailwind for stocks, and I think stocks, tech stock's going to take a breath in early 2020, but I expect continued strong growth in the economy and tech spending after a Q1 pause. I could see the S&P flirting with 3700 or even higher in 2020, and I think the tech sector will be a benefactor of that momentum, providing an impetus for continued growth. Here's my thinking on that. So much of 2020 is going to be about the election, and to me the election is going to be really about the economy. And I predict the economy is going to remain steady. And as the IT leader I quoted earlier said, customers will be operationalizing what's been previously purchased. Here's what's different in 2020. Tech projects have historically been very risky investments, and have required higher internal rates of return, IRRs, to get approved by CFOs. But the cloud has altered two factors. One, is that it's allowed more experimentation for way less money. The second is cloud, by shifting CAPEX to OPEX, allows for much more incremental, lower risk investments. So I think you'll see continued steady growth, powered by the cloud, which allows experimentation, and importantly higher hit rates of success. These successful projects will throw off cash for companies, and CFOs are getting on board because they realize it's driving innovation. They also realize that IT does matter, maybe not in the form that Nick Carr envisioned, but a new generation of IT that creates competitive advantage. This brings me to my first main prediction, which is the growth of cloud computing is going to moderate, but the cloud will continue to steal significant share from on-prem spending. Now the narrative that the pendulum is swinging back in my view, is a false narrative. Rather, the pendulum has swung, and the cloud is the underpinning of innovation. Now having said that, I do think we're seeing a bit of an equilibrium in spending, where buyers have identified those workloads that are going to remain on-prem, which is why you see, for example, AWS, Azure, and Google making moves in hybrid. Hybrid slash on-prem offerings. What this chart here shows from ETR, so from 2010 through October '19 survey on cloud spending, I had to block out the 2020 survey as it's currently in the field, I'm not allowed to show that data. The yellow line is market share, which in ETR parlance, as you remember, is pervasiveness, or mentions in their survey. The blue line is spending momentum, measured as net score, which essentially subtracts the percent of customers spending less from those spending more. The long, steady march of cloud, as you can see, continues, and there's no indication that it's going to abate. That said, the penetration of cloud has become much more meaningful, so share gains will be more hard-fought for the cloud guys. Now, you may see this as a non-prediction, or a hedge. It's not, let me be clear. Cloud will continue to steal share from on-prem, but share gains for the cloud vendors will be more difficult. Which brings me to part B of this prediction. What I'm showing in this chart is market share from ETR's January 2016 survey through October '19. And I'm showing spending for three on-prem vendors within AWS, Azure, and Google Cloud accounts. And I'm picking on Oracle, IBM, and Dell EMC as three prominent on-prem proxies, and you can see the steady decline in market share for these companies. And even though there's a bit of an uptick in October, I don't see this as a reversal. What's going to happen is that traditional on-prem vendors are going to step up their cloud strategies. Specifically with multicloud management. This is going to be the case with Dell, who's going to leverage VMware, and in the case of IBM, they'll try to take advantage of Red Hat in that multicloud game. Now both IBM and Oracle, who each have public clouds are going to dig their heels in, they're going to get customers in a headlock, and provide big financial incentives for them to use their captive clouds. All right, so with the high-level spending comments that I made earlier, and that cloud discussion that we just had as a backdrop, the question is, which companies will do well in the coming year? I'm going to call out five companies, that I want to highlight where the ETR data intersects what we're seeing on theCUBE. The prediction is these five players will do well in 2020, they're going to power through any downturn in spending, and they're going to thrive in the face of the cloud share shift. So the chart here shows data from the ETR October 2019 survey, and it lays out net score or spending momentum for these companies, that I am predicting will be winners in 2020 and beyond. And the five companies are UIPath, Snowflake, Databricks, HashiCorp, and Rubrik. Let me start with UIPath. They are the leader in robotic process automation. I think RPA is going to do well even in a downturn, because more companies will be looking to automate and save money, even in a softer climate. Automation Anywhere is another player in this space, they're doing pretty well, and I predict that UIPath will come out on top of this space, but both UIPath and Automation Anywhere can thrive. Next company is Snowflake, they are changing the analytic database market, and I've covered them before in previous Breaking Analysis segments. They are going to continue to grow nicely in my view. They are 100% cloud-based, and they participate in all popular cloud platforms. Now ironically, they compete with AWS RedShift, who continues to copy some of the innovations that Snowflake has popularized. But AWS and Snowflake are strong partners, so there's room for both companies to thrive. Snowflake especially, as they play in clouds other than just AWS. Which brings me to Databricks. We're seeing a new type of workload emerge in the cloud for modern analytic databases, where organizations are taking all this data that they have, lots of it in the cloud, and they're structuring it within a Snowflake database, or RedShift, and they're bringing Databricks tooling to the equation to be able to query and visualize the data in near real time. Now of course, as I say, AWS plays here with RedShift, and they're selling a lot of EC2, so they love Snowflake. All major cloud players are seeing this type of workload enter the mix, and it's going to be a strong area of growth in 2020 and beyond. Next thing I want to talk about is HashiCorp. HashiCorp is capitalizing on this trend toward cloud-native computing. The company provides opensource tooling for developers, and is all about simplifying application deployment independent of the underlying platform, whether it's virtual, container, or cloud. Five years ago, the players in the space that got all the attention on theCUBE were Chef, Puppet, Ansible and Salt, and today, especially again on theCUBE, you hear the most about Hashi and Ansible, and in fact we were at AnsibleFest with theCUBE, and we heard lots about HashiCorp, so they both complement and compete with the older players. To me, this reminds me of Spark within the Hadoop ecosystem. Hashi has raised about 174 million in VC, and as you can see they have very strong spending momentum in the ETR dataset, with a net score, as shown, of 63%. Now finally, I want to talk about Rubrik, which has been a consistent performer in the ETR dataset. They're trying to transform backup into data management as a discipline. They compete with established players in the data protection space, guys like Veritas, Dell EMC, IBM and CommVault. Now Rubrik is not the only new or newish player here, that's doing very well, Cohesity, who's relatively new, Veeam, which has been around for a decade, both doing very well and showing up strong in ETR surveys, especially Veeam, but Rubrik has been a consistently strong performer and has been outpacing the others, so I want to call them out. Look for these five to do very well in 2020, and into the next decade. So that brings me to my next prediction, I want to talk about Kubernetes. This prediction is twofold. Kubernetes is going to continue its strong showing as this data from ETR shows. This is Kubernetes' market share in the October 2019 survey, so Kubernetes spend had a 76% net score. So very very strong. But the other part of the prediction is that Kubernetes will become embedded into virtually every platform, and people will stop thinking about it as a separate market. Already today, there's little discussion of the idea of a Kubernetes distro, I mean Anthos is an example of a Kubernetes stack, but it can be run in the cloud, it can be run on-prem, anywhere. VMware Tanzu, Microsoft Azure Arc are other examples, they're really not stacks, but they're management platforms that can manage anyone's Kubernetes instances. I like to think of this as kind of like flash. You remember when everyone looked at flash storage as a separate market, well today it's just embedded everywhere. And that's kind of what's happening with Kubernetes. So spending momentum is going to continue to be strong, but by 2023, Kubernetes will be ubiquitous, and not really thought of as a separate entity. All right, for my next prediction, I want to talk about cybersecurity. I did a Breaking Analysis earlier this year on security, and I showed this slide. And as you can see, I've added a little something in the red stars for my prediction. So what this chart shows is two views of net score, the left-hand side shows the ranking by net score, and you can see CrowdStrike, Okta, Shape Security, which was just, by the way, bought by F5, that was an announcement. Twistlock, which is now Palo Alto Networks, and you can see the others down that list. On the right-hand side is net score, but it's ranked by shared N, which is a measure of pervasiveness in the ETR dataset. What I've added is the four star companies, that is those companies that have both spending momentum and are pervasive in the ETR survey. So the prediction is 2020 we'll see the four star companies maintain their position and gain strength in 2020. These include established players with portfolios where they can bundle like Microsoft, Cisco, Palo Alto Networks, Splunk, Proofpoint, Fortinet, and CyberArk Software. And then the newer companies like Okta and CrowdStrike are going to continue to gain share faster than the larger players. Now you also may see companies like SailPoint, Illumio, and SentinelOne emerge as four star companies over the next 24 months. Now the one company that's not on this list that is a major player in security is AWS. AWS is the cloud security leader, and is in a category all by itself in many ways. As I said in my security segment earlier this year, the market is incredibly fragmented, and it's going to stay that way. Each year we look back and say "Did we spend more on security?" and "Are we more safe?" And every year the answer is yes, and no. And 2020 will be no different. Now if you look at the various data sources, we spend approximately 120 billion dollars annually on cybersecurity. The worldwide economy is about 85 trillion in dollar terms, so on balance, we spend about .14% on securing our economy, so we're barely scratching the surface. The market is going to remain highly fragmented, the rich will get richer if they have four stars, new players will continue to enter the space, and M&A will continue to be robust. Now if you exclude my long shot that the S&P will break through 3700 next year, that makes nine predictions. For my 10th and final prediction, I don't have hard data from ETR, but I have a strong opinion on this, and that is that the edge will be won by developers, you've heard me talk about this before. Specifically, platforms like Outposts, which are essentially programmable infrastructure which bring a cloud development platform to the edge, is how that space will evolve. It won't be won by shoving traditional servers and storage boxes out to the edge. Rather, it will grow by coders being able to build new applications and workloads on top of infrastructure as code. Okay, that wraps up my 2020 predictions. I'd very much like to hear your opinion, so you can leave your thoughts or your own predictions in the comments sections of this video, or go to my LinkedIn posts. You can reach me @DVellante on Twitter, love to hear your thoughts. And don't forget, this series is available on iTunes, Spotify, and other podcast platforms for your listening pleasure. I'd like to wish everyone a safe and restful holiday season and a prosperous, healthy 2020. Enjoy your families, enjoy this time, this is Dave Vellante, signing out from the latest episode of theCUBE Insights powered by ETR, thanks for watching, everybody. We'll see you next time. (techno music)