>> From theCUBE Studios in Palo Alto in Boston, bringing you data driven insights from theCUBE and ETR, This is "Breaking Analysis with Dave Vellante". >> Black Hat 22 was held in Las Vegas last week, the same time as theCUBE Supercloud event. Unlike AWS re:Inforce where words are carefully chosen to put a positive spin on security, Black Hat exposes all the warts of cyber and openly discusses its hard truths. It's a conference that's attended by technical experts who proudly share some of the vulnerabilities they've discovered, and, of course, by numerous vendors marketing their products and services. Hello, and welcome to this week's Wikibon CUBE Insights powered by ETR. In this "Breaking Analysis", we summarize what we learned from discussions with several people who attended Black Hat and our analysis from reviewing dozens of keynotes, articles, sessions, and data from a recent Black Hat Attendees Survey conducted by Black Hat and Informa, and we'll end with the discussion of what it all means for the challenges around securing the supercloud. Now, I personally did not attend, but as I said at the top, we reviewed a lot of content from the event which is renowned for its hundreds of sessions, breakouts, and strong technical content that is, as they say, unvarnished. Chris Krebs, the former director of Us cybersecurity and infrastructure security agency, CISA, he gave the keynote, and he spoke about the increasing complexity of tech stacks and the ripple effects that that has on organizational risk. Risk was a big theme at the event. Where re:Inforce tends to emphasize, again, the positive state of cybersecurity, it could be said that Black Hat, as the name implies, focuses on the other end of the spectrum. Risk, as a major theme of the event at the show, got a lot of attention. Now, there was a lot of talk, as always, about the expanded threat service, you hear that at any event that's focused on cybersecurity, and tons of emphasis on supply chain risk as a relatively new threat that's come to the CISO's minds. Now, there was also plenty of discussion about hybrid work and how remote work has dramatically increased business risk. According to data from in Intel 471's Mark Arena, the previously mentioned Black Hat Attendee Survey showed that compromise credentials posed the number one source of risk followed by infrastructure vulnerabilities and supply chain risks, so a couple of surveys here that we're citing, and we'll come back to that in a moment. At an MIT cybersecurity conference earlier last decade, theCUBE had a hypothetical conversation with former Boston Globe war correspondent, Charles Sennott, about the future of war and the role of cyber. We had similar discussions with Dr. Robert Gates on theCUBE at a ServiceNow event in 2016. At Black Hat, these discussions went well beyond the theoretical with actual data from the war in Ukraine. It's clear that modern wars are and will be supported by cyber, but the takeaways are that they will be highly situational, targeted, and unpredictable because in combat scenarios, anything can happen. People aren't necessarily at their keyboards. Now, the role of AI was certainly discussed as it is at every conference, and particularly cyber conferences. You know, it was somewhat dissed as over hyped, not surprisingly, but while AI is not a panacea to cyber exposure, automation and machine intelligence can definitely augment, what appear to be and have been stressed out, security teams can do this by recommending actions and taking other helpful types of data and presenting it in a curated form that can streamline the job of the SecOps team. Now, most cyber defenses are still going to be based on tried and true monitoring and telemetry data and log analysis and curating known signatures and analyzing consolidated data, but increasingly, AI will help with the unknowns, i.e. zero-day threats and threat actor behaviors after infiltration. Now, finally, while much lip service was given to collaboration and public-private partnerships, especially after Stuxsnet was revealed early last decade, the real truth is that threat intelligence in the private sector is still evolving. In particular, the industry, mid decade, really tried to commercially exploit proprietary intelligence and, you know, do private things like private reporting and monetize that, but attitudes toward collaboration are trending in a positive direction was one of the sort of outcomes that we heard at Black Hat. Public-private partnerships are being both mandated by government, and there seems to be a willingness to work together to fight an increasingly capable adversary. These things are definitely on the rise. Now, without this type of collaboration, securing the supercloud is going to become much more challenging and confined to narrow solutions. and we're going to talk about that little later in the segment. Okay, let's look at some of the attendees survey data from Black Hat. Just under 200 really serious security pros took the survey, so not enough to slice and dice by hair color, eye color, height, weight, and favorite movie genre, but enough to extract high level takeaways. You know, these strongly agree or disagree survey responses can sometimes give vanilla outputs, but let's look for the ones where very few respondents strongly agree or disagree with a statement or those that overwhelmingly strongly agree or somewhat agree. So it's clear from this that the respondents believe the following, one, your credentials are out there and available to criminals. Very few people thought that that was, you know, unavoidable. Second, remote work is here to stay, and third, nobody was willing to really jinx their firms and say that they strongly disagree that they'll have to respond to a major cybersecurity incident within the next 12 months. Now, as we've reported extensively, COVID has permanently changed the cybersecurity landscape and the CISO's priorities and playbook. Check out this data that queries respondents on the pandemic's impact on cybersecurity, new requirements to secure remote workers, more cloud, more threats from remote systems and remote users, and a shift away from perimeter defenses that are no longer as effective, e.g. firewall appliances. Note, however, the fifth response that's down there highlighted in green. It shows a meaningful drop in the percentage of remote workers that are disregarding corporate security policy, still too many, but 10 percentage points down from 2021 survey. Now, as we've said many times, bad user behavior will trump good security technology virtually every time. Consistent with the commentary from Mark Arena's Intel 471 threat report, fishing for credentials is the number one concern cited in the Black Hat Attendees Survey. This is a people and process problem more than a technology issue. Yes, using multifactor authentication, changing passwords, you know, using unique passwords, using password managers, et cetera, they're all great things, but if it's too hard for users to implement these things, they won't do it, they'll remain exposed, and their organizations will remain exposed. Number two in the graphic, sophisticated attacks that could expose vulnerabilities in the security infrastructure, again, consistent with the Intel 471 data, and three, supply chain risks, again, consistent with Mark Arena's commentary. Ask most CISOs their number one problem, and they'll tell you, "It's a lack of talent." That'll be on the top of their list. So it's no surprise that 63% of survey respondents believe they don't have the security staff necessary to defend against cyber threats. This speaks to the rise of managed security service providers that we've talked about previously on "Breaking Analysis". We've seen estimates that less than 50% of organizations in the US have a SOC, and we see those firms as ripe for MSSP support as well as larger firms augmenting staff with managed service providers. Now, after re:Invent, we put forth this conceptual model that discussed how the cloud was becoming the first line of defense for CISOs, and DevOps was being asked to do more, things like securing the runtime, the containers, the platform, et cetera, and audit was kind of that last line of defense. So a couple things we picked up from Black Hat which are consistent with this shift and some that are somewhat new, first, is getting visibility across the expanded threat surface was a big theme at Black Hat. This makes it even harder to identify risk, of course, this being the expanded threat surface. It's one thing to know that there's a vulnerability somewhere. It's another thing to determine the severity of the risk, but understanding how easy or difficult it is to exploit that vulnerability and how to prioritize action around that. Vulnerability is increasingly complex for CISOs as the security landscape gets complexified. So what's happening is the SOC, if there even is one at the organization, is becoming federated. No longer can there be one ivory tower that's the magic god room of data and threat detection and analysis. Rather, the SOC is becoming distributed following the data, and as we just mentioned, the SOC is being augmented by the cloud provider and the managed service providers, the MSSPs. So there's a lot of critical security data that is decentralized and this will necessitate a new cyber data model where data can be synchronized and shared across a federation of SOCs, if you will, or mini SOCs or SOC capabilities that live in and/or embedded in an organization's ecosystem. Now, to this point about cloud being the first line of defense, let's turn to a story from ETR that came out of our colleague Eric Bradley's insight in a one-on-one he did with a senior IR person at a manufacturing firm. In a piece that ETR published called "Saved by Zscaler", check out this comment. Quote, "As the last layer, we are filtering all the outgoing internet traffic through Zscaler. And when an attacker is already on your network, and they're trying to communicate with the outside to exchange encryption keys, Zscaler is already blocking the traffic. It happened to us. It happened and we were saved by Zscaler." So that's pretty cool. So not only is the cloud the first line of defense, as we sort of depicted in that previous graphic, here's an example where it's also the last line of defense. Now, let's end on what this all means to securing the supercloud. At our Supercloud 22 event last week in our Palo Alto CUBE Studios, we had a session on this topic on supercloud, securing the supercloud. Security, in our view, is going to be one of the most important and difficult challenges for the idea of supercloud to become real. We reviewed in last week's "Breaking Analysis" a detailed discussion with Snowflake co-founder and president of products, Benoit Dageville, how his company approaches security in their data cloud, what we call a superdata cloud. Snowflake doesn't use the term supercloud. They use the term datacloud, but what if you don't have the focus, the engineering depth, and the bank roll that Snowflake has? Does that mean superclouds will only be developed by those companies with deep pockets and enormous resources? Well, that's certainly possible, but on the securing the supercloud panel, we had three technical experts, Gee Rittenhouse of Skyhigh Security, Piyush Sharrma who's the founder of Accurics who sold to Tenable, and Tony Kueh, who's the former Head of Product at VMware. Now, John Furrier asked each of them, "What is missing? What's it going to take to secure the supercloud? What has to happen?" Here's what they said. Play the clip. >> This is the final question. We have one minute left. I wish we had more time. This is a great panel. We'll bring you guys back for sure after the event. What one thing needs to happen to unify or get through the other side of this fragmentation and then the challenges for supercloud? Because remember, the enterprise equation is solve complexity with more complexity. Well, that's not what the market wants. They want simplicity. They want SaaS. They want ease of use. They want infrastructure risk code. What has to happen? What do you think, each of you? >> So I can start, and extending to the previous conversation, I think we need a consortium. We need a framework that defines that if you really want to operate on supercloud, these are the 10 things that you must follow. It doesn't matter whether you take AWS, Slash, or TCP or you have all, and you will have the on-prem also, which means that it has to follow a pattern, and that pattern is what is required for supercloud, in my opinion. Otherwise, security is going everywhere. They're like they have to fix everything, find everything, and so on and so forth. It's not going to be possible. So they need a framework. They need a consortium, and this consortium needs to be, I think, needs to led by the cloud providers because they're the ones who have these foundational infrastructure elements, and the security vendor should contribute on providing more severe detections or severe findings. So that's, in my opinion, should be the model. >> Great, well, thank you, Gee. >> Yeah, I would think it's more along the lines of a business model. We've seen in cloud that the scale matters, and once you're big, you get bigger. We haven't seen that coalesce around either a vendor, a business model, or whatnot to bring all of this and connect it all together yet. So that value proposition in the industry, I think, is missing, but there's elements of it already available. >> I think there needs to be a mindset. If you look, again, history repeating itself. The internet sort of came together around set of IETF, RSC standards. Everybody embraced and extended it, right? But still, there was, at least, a baseline, and I think at that time, the largest and most innovative vendors understood that they couldn't do it by themselves, right? And so I think what we need is a mindset where these big guys, like Google, let's take an example. They're not going to win at all, but they can have a substantial share. So how do they collaborate with the ecosystem around a set of standards so that they can bring their differentiation and then embrace everybody together. >> Okay, so Gee's point about a business model is, you know, business model being missing, it's broadly true, but perhaps Snowflake serves as a business model where they've just gone out and and done it, setting or trying to set a de facto standard by which data can be shared and monetized. They're certainly setting that standard and mandating that standard within the Snowflake ecosystem with its proprietary framework. You know, perhaps that is one answer, but Tony lays out a scenario where there's a collaboration mindset around a set of standards with an ecosystem. You know, intriguing is this idea of a consortium or a framework that Piyush was talking about, and that speaks to the collaboration or lack thereof that we spoke of earlier, and his and Tony's proposal that the cloud providers should lead with the security vendor ecosystem playing a supporting role is pretty compelling, but can you see AWS and Azure and Google in a kumbaya moment getting together to make that happen? It seems unlikely, but maybe a better partnership between the US government and big tech could be a starting point. Okay, that's it for today. I want to thank the many people who attended Black Hat, reported on it, wrote about it, gave talks, did videos, and some that spoke to me that had attended the event, Becky Bracken, who is the EIC at Dark Reading. They do a phenomenal job and the entire team at Dark Reading, the news desk there, Mark Arena, whom I mentioned, Garrett O'Hara, Nash Borges, Kelly Jackson, sorry, Kelly Jackson Higgins, Roya Gordon, Robert Lipovsky, Chris Krebs, and many others, thanks for the great, great commentary and the content that you put out there, and thanks to Alex Myerson, who's on production, and Alex manages the podcasts for us. Ken Schiffman is also in our Marlborough studio as well, outside of Boston. Kristen Martin and Cheryl Knight, they help get the word out on social media and in our newsletters, and Rob Hoff is our Editor-in-Chief at SiliconANGLE and does some great editing and helps with the titles of "Breaking Analysis" quite often. Remember these episodes, they're all available as podcasts, wherever you listen, just search for "Breaking Analysis Podcasts". I publish each on wikibon.com and siliconangle.com, and you could email me, get in touch with me at david.vellante@siliconangle.com or you can DM me @dvellante or comment on my LinkedIn posts, and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching, and we'll see you next time on "Breaking Analysis". (upbeat music)

(gentle upbeat music) >> Welcome back everyone, to "theCUBE"'s live stage performance here in Palo Alto, California at "theCUBE" Studios. I'm John Furrier with Dave Vellante, kicking off our first inaugural Supercloud event. It's an editorial event, we wanted to bring together the best in the business, the smartest, the biggest, the up-and-coming startups, venture capitalists, everybody, to weigh in on this new Supercloud trend, this structural change in the cloud computing business. We're about to run the Ecosystem Speaks, which is a bunch of pre-recorded companies that wanted to get their voices on the record, so stay tuned for the rest of the day. We'll be replaying all that content and they're going to be having some really good commentary and hear what they have to say. I had a chance to interview and so did Dave. Dave, this is our closing segment where we kind of unpack everything or kind of digest and report. So much to kind of digest from the conversations today, a wide range of commentary from Supercloud operating system to developers who are in charge to maybe it's an ops problem or maybe Oracle's a Supercloud. I mean, that was debated. So so much discussion, lot to unpack. What was your favorite moments? >> Well, before I get to that, I think, I go back to something that happened at re:Invent last year. Nick Sturiale came up, Steve Mullaney from Aviatrix; we're going to hear from him shortly in the Ecosystem Speaks. Nick Sturiale's VC said "it's happening"! And what he was talking about is this ecosystem is exploding. They're building infrastructure or capabilities on top of the CapEx infrastructure. So, I think it is happening. I think we confirmed today that Supercloud is a thing. It's a very immature thing. And I think the other thing, John is that, it seems to me that the further you go up the stack, the weaker the business case gets for doing Supercloud. We heard from Marianna Tessel, it's like, "Eh, you know, we can- it was easier to just do it all on one cloud." This is a point that, Adrian Cockcroft just made on the panel and so I think that when you break out the pieces of the stack, I think very clearly the infrastructure layer, what we heard from Confluent and HashiCorp, and certainly VMware, there's a real problem there. There's a real need at the infrastructure layer and then even at the data layer, I think Benoit Dageville did a great job of- You know, I was peppering him with all my questions, which I basically was going through, the Supercloud definition and they ticked the box on pretty much every one of 'em as did, by the way Ali Ghodsi you know, the big difference there is the philosophy of Republicans and Democrats- got open versus closed, not to apply that to either one side, but you know what I mean! >> And the similarities are probably greater than differences. >> Berkely, I would probably put them on the- >> Yeah, we'll put them on the Democrat side we'll make Snowflake the Republicans. But so- but as we say there's a lot of similarities as well in terms of what their objectives are. So, I mean, I thought it was a great program and a really good start to, you know, an industry- You brought up the point about the industry consortium, asked Kit Colbert- >> Yep. >> If he thought that was something that was viable and what'd they say? That hyperscale should lead it? >> Yeah, they said hyperscale should lead it and there also should be an industry consortium to get the voices out there. And I think VMware is very humble in how they're putting out their white paper because I think they know that they can't do it all and that they do not have a great track record relative to cloud. And I think, but they have a great track record of loyal installed base ops people using VMware vSphere all the time. >> Yeah. >> So I think they need a catapult moment where they can catapult to the cloud native which they've been working on for years under Raghu and the team. So the question on VMware is in the light of Broadcom, okay, acquisition of VMware, this is an opportunity or it might not be an opportunity or it might be a spin-out or something, I just think VMware's got way too much engineering culture to be ignored, Dave. And I think- well, I'm going to watch this very closely because they can pull off some sort of rallying moment. I think they could. And then you hear the upstarts like Platform9, Rafay Systems and others they're all like, "Yes, we need to unify behind something. There needs to be some sort of standard". You know, we heard the argument of you know, more standards bodies type thing. So, it's interesting, maybe "theCUBE" could be that but we're going to certainly keep the conversation going. >> I thought one of the most memorable statements was Vittorio who said we- for VMware, we want our cake, we want to eat it too and we want to lose weight. So they have a lot of that aspirations there! (John laughs) >> And then I thought, Adrian Cockcroft said you know, the devs, they want to get married. They were marrying everybody, and then the ops team, they have to deal with the divorce. >> Yeah. >> And I thought that was poignant. It's like, they want consistency, they want standards, they got to be able to scale And Lori MacVittie, I'm not sure you agree with this, I'd have to think about it, but she was basically saying, all we've talked about is devs devs devs for the last 10 years, going forward we're going to be talking about ops. >> Yeah, and I think one of the things I learned from this day and looking back, and some kind of- I've been sauteing through all the interviews. If you zoom out, for me it was the epiphany of developers are still in charge. And I've said, you know, the developers are doing great, it's an ops security thing. Not sure I see that the way I was seeing before. I think what I learned was the refactoring pattern that's emerging, In Sik Rhee brought this up from Vertex Ventures with Marianna Tessel, it's a nuanced point but I think he's right on which is the pattern that's emerging is developers want ease-of-use tooling, they're driving the change and I think the developers in the devs ops ethos- it's never going to be separate. It's going to be DevOps. That means developers are driving operations and then security. So what I learned was it's not ops teams leveling up, it's devs redefining what ops is. >> Mm. And I think that to me is where Supercloud's going to be interesting- >> Forcing that. >> Yeah. >> Forcing the change because the structural change is open sources thriving, devs are still in charge and they still want more developers, Vittorio "we need more developers", right? So the developers are in charge and that's clear. Now, if that happens- if you believe that to be true the domino effect of that is going to be amazing because then everyone who gets on the wrong side of history, on the ops and security side, is going to be fighting a trend that may not be fight-able, you know, it might be inevitable. And so the winners are the ones that are refactoring their business like Snowflake. Snowflake is a data warehouse that had nothing to do with Amazon at first. It was the developers who said "I'm going to refactor data warehouse on AWS". That is a developer-driven refactorization and a business model. So I think that's the pattern I'm seeing is that this concept refactoring, patterns and the developer trajectory is critical. >> I thought there was another great comment. Maribel Lopez, her Lord of the Rings comment: "there will be no one ring to rule them all". Now at the same time, Kit Colbert, you know what we asked him straight out, "are you the- do you want to be the, the Supercloud OS?" and he basically said, "yeah, we do". Now, of course they're confined to their world, which is a pretty substantial world. I think, John, the reason why Maribel is so correct is security. I think security's a really hard problem to solve. You've got cloud as the first layer of defense and now you've got multiple clouds, multiple layers of defense, multiple shared responsibility models. You've got different tools for XDR, for identity, for governance, for privacy all within those different clouds. I mean, that really is a confusing picture. And I think the hardest- one of the hardest parts of Supercloud to solve. >> Yeah, and I thought the security founder Gee Rittenhouse, Piyush Sharrma from Accurics, which sold to Tenable, and Tony Kueh, former head of product at VMware. >> Right. >> Who's now an investor kind of looking for his next gig or what he is going to do next. He's obviously been extremely successful. They brought up the, the OS factor. Another point that they made I thought was interesting is that a lot of the things to do to solve the complexity is not doable. >> Yeah. >> It's too much work. So managed services might field the bit. So, and Chris Hoff mentioned on the Clouderati segment that the higher level services being a managed service and differentiating around the service could be the key competitive advantage for whoever does it. >> I think the other thing is Chris Hoff said "yeah, well, Web 3, metaverse, you know, DAO, Superclouds" you know, "Stupercloud" he called it and this bring up- It resonates because one of the criticisms that Charles Fitzgerald laid on us was, well, it doesn't help to throw out another term. I actually think it does help. And I think the reason it does help is because it's getting people to think. When you ask people about Supercloud, they automatically- it resonates with them. They play back what they think is the future of cloud. So Supercloud really talks to the future of cloud. There's a lot of aspects to it that need to be further defined, further thought out and we're getting to the point now where we- we can start- begin to say, okay that is Supercloud or that isn't Supercloud. >> I think that's really right on. I think Supercloud at the end of the day, for me from the simplest way to describe it is making sure that the developer experience is so good that the operations just happen. And Marianna Tessel said, she's investing in making their developer experience high velocity, very easy. So if you do that, you have to run on premise and on the cloud. So hybrid really is where Supercloud is going right now. It's not multi-cloud. Multi-cloud was- that was debunked on this session today. I thought that was clear. >> Yeah. Yeah, I mean I think- >> It's not about multi-cloud. It's about operationally seamless operations across environments, public cloud to on-premise, basically. >> I think we got consensus across the board that multi-cloud, you know, is a symptom Chuck Whitten's thing of multi-cloud by default versus multi- multi-cloud has not been a strategy, Kit Colbert said, up until the last couple of years. Yeah, because people said, "oh we got all these multiple clouds, what do we do with it?" and we got this mess that we have to solve. Whereas, I think Supercloud is something that is a strategy and then the other nuance that I keep bringing up is it's industries that are- as part of their digital transformation, are building clouds. Now, whether or not they become superclouds, I'm not convinced. I mean, what Goldman Sachs is doing, you know, with AWS, what Walmart's doing with Azure connecting their on-prem tools to those public clouds, you know, is that a supercloud? I mean, we're going to have to go back and really look at that definition. Or is it just kind of a SAS that spans on-prem and cloud. So, as I said, the further you go up the stack, the business case seems to wane a little bit but there's no question in my mind that from an infrastructure standpoint, to your point about operations, there's a real requirement for super- what we call Supercloud. >> Well, we're going to keep the conversation going, Dave. I want to put a shout out to our founding supporters of this initiative. Again, we put this together really fast kind of like a pilot series, an inaugural event. We want to have a face-to-face event as an industry event. Want to thank the founding supporters. These are the people who donated their time, their resource to contribute content, ideas and some cash, not everyone has committed some financial contribution but we want to recognize the names here. VMware, Intuit, Red Hat, Snowflake, Aisera, Alteryx, Confluent, Couchbase, Nutanix, Rafay Systems, Skyhigh Security, Aviatrix, Zscaler, Platform9, HashiCorp, F5 and all the media partners. Without their support, this wouldn't have happened. And there are more people that wanted to weigh in. There was more demand than we could pull off. We'll certainly continue the Supercloud conversation series here on "theCUBE" and we'll add more people in. And now, after this session, the Ecosystem Speaks session, we're going to run all the videos of the big name companies. We have the Nutanix CEOs weighing in, Aviatrix to name a few. >> Yeah. Let me, let me chime in, I mean you got Couchbase talking about Edge, Platform 9's going to be on, you know, everybody, you know Insig was poopoo-ing Oracle, but you know, Oracle and Azure, what they did, two technical guys, developers are coming on, we dig into what they did. Howie Xu from Zscaler, Paula Hansen is going to talk about going to market in the multi-cloud world. You mentioned Rajiv, the CEO of Nutanix, Ramesh is going to talk about multi-cloud infrastructure. So that's going to run now for, you know, quite some time here and some of the pre-record so super excited about that and I just want to thank the crew. I hope guys, I hope you have a list of credits there's too many of you to mention, but you know, awesome jobs really appreciate the work that you did in a very short amount of time. >> Well, I'm excited. I learned a lot and my takeaway was that Supercloud's a thing, there's a kind of sense that people want to talk about it and have real conversations, not BS or FUD. They want to have real substantive conversations and we're going to enable that on "theCUBE". Dave, final thoughts for you. >> Well, I mean, as I say, we put this together very quickly. It was really a phenomenal, you know, enlightening experience. I think it confirmed a lot of the concepts and the premises that we've put forth, that David Floyer helped evolve, that a lot of these analysts have helped evolve, that even Charles Fitzgerald with his antagonism helped to really sharpen our knives. So, you know, thank you Charles. And- >> I like his blog, by the I'm a reader- >> Yeah, absolutely. And it was great to be back in Palo Alto. It was my first time back since pre-COVID, so, you know, great job. >> All right. I want to thank all the crew and everyone. Thanks for watching this first, inaugural Supercloud event. We are definitely going to be doing more of these. So stay tuned, maybe face-to-face in person. I'm John Furrier with Dave Vellante now for the Ecosystem chiming in, and they're going to speak and share their thoughts here with "theCUBE" our first live stage performance event in our studio. Thanks for watching. (gentle upbeat music)

>>Okay, welcome back everyone to Supercloud 22, this is the cube studio's live performance. We streaming virtually@siliconangledotcomandthecube.net. I'm John for host the cube at Dave Alane with a distinguished panel talking about securing the Supercloud all cube alumni G written house was the CEO of Skyhigh security, Peter Sharma founder of, of QX sold to tenable and Tony qua who's investor. Co-founder former head of product at VMware chance. Thanks for coming on and to our, in all girls super cloud pilot event. >>Good to see you guys big topic. >>Okay. So before we get into secure in the cloud, one of the things that we were discussing before we came on camera was how cloud, the relationship between cloud and on premise and multi-cloud and how Supercloud fits into that. At the end of the day, security's driving a lot of the conversations at the op side and dev shift left is happening. We see that out there. So before we get into it, how do you guys see super cloud Tony? We'll start with you. We'll go down the line. What is Supercloud to you? >>Well, to me, super cloud is really the next evolution, the culmination of the services coming all together, right? As a application developer today, you really don't need to worry about where this thing is. Sit sitting or what's the latency cuz cuz the internet is fast enough. Now I really wanna know what services something provides. What, how do I get access to it now? Security. We'll talk about that later. That that becomes a, a big issue because of the fragmentation of how security is implemented across all the different vendors. So to me it's an IP address I program to it and you know, off we go, but there's a lot of >>You like that pipe happens >>Iceberg chart, right? Like I'm the developer touching the APIs up there. There's a bunch of other things. BU service. >>Okay. Looking forward again. Gee, what's your take? Obviously we've had many conversations on the cube. What's your super cloud update. >>Yeah, so I, I view it as just an extension of what we see today before like maybe 10 years ago we were mashing up applications built on other SAS applications and whatnot. Now we're just extending that down to further primitives, not, we don't really care where our mashup resides, what cloud platform, where it sits to Tony's point, as long as you have an IP address. But beyond that, we're just gonna start to get little micro services and deeper into the applications. >>BP, what should you take? >>I think, I think super cloud to me is something that don't don't exist. It exists only on my laptop. That's the super cloud means to me. I know it takes a lot behind the scene to get that working of and running. But, but essentially, essentially that the everything having be able to touch physically versus not being able to touch anything is super cloud to me. >>So we, what Victoria was saying. Yeah, we see serverless out there, all these cool things happening. Exactly. And you look at the, some of the successful companies that have come in, I call V two cloud. Some are, some are saying the next gen, they're all building on top of the CapEx. I mean, if, why would you not wanna leverage all that work AWS is doing and now Azure, and obviously Google's out there and you got other, other, other clouds out there. But in terms of AWS as a hyperscaler, they're spending all the money and they're getting better. They're getting lower level. We're talking about some of that yesterday, data bricks, snowflake, Goldman Sachs there's industry clouds that could be powerhouse service providers to themselves and their vertical. Then you got specialty clouds. Like there could be a data cloud, there could be an identity cloud. So yeah. How does this sort itself out? How do you guys see that? Because can they coexist? >>But I think they have to right, because I, I think, you know, eventually organizations will get big enough where they can be strong and really market leading in multiple segments. But if you think about what it takes to really build a massive scaled out database company that, that DNA doesn't just overnight translate to identity or translate to video, it takes years to build that up. So in the meantime, all these guys have to understand that they are one part of the service stack to power the next gen solutions. And if they don't play well with each other, then you're gonna have a problem. >>So security, I think is one of the hardest problems of, of super cloud. And not only do you have too many tools and a lack of talent, but you've now got this new first line of defense, which is the cloud. And the problem is you've got multiple clouds. So you've got multiple first lines of defense with multiple cloud provider tools. And then the CISO, I guess, is the next line of defense with the application development team. You know, there to be the pivot point between strategy and execution. And I guess audit is the third line of the defense. So it's an even more complicated environment. So gee, how do you see that CSO role changing and, and can there actually be a unified security layer in Supercloud? >>Yeah, so I believe that that they can be, the role is definitely changing because now a CSO actually has to have a basic understanding of how clouds work, the dependency of clouds on the, on the business that they serve. And, and this is to your point, not only do we have these new lines and opening up in a tax surface, but they're coupled together. So we have supply chain type connections between this. So there's a coherence across these systems that a CISO has to kind of think about not only these Bo cloud boundaries, but the trust boundaries between them. So classic example visibility, wh what, where are these things and what are the dependencies in my business then of course you mentioned compliance. Am I regulatory? And then of course protecting and responding to this, >>You know? Yeah. The, the, the supply chain piece that you just mentioned. I mean, I feel like there's like these milestones stocks, net was a milestone, you know, obvious obviously log four J was another one, the supply chain hack with solar winds. Yep. You know, it's just, the adversary just keeps getting stronger and stronger and, and, and more agile. So, so is this a data? Do we solve this as a data problem? Is it, you know, you can't just throw more infrastructure at it. What are your thoughts >>For it? I think, you know, great, great point that you're brought up. We need to look at things very fundamentally. What is happening is security has the most difficult job in the cloud, especially super cloud. The poor guys are managing some, managing something or securing something that they can't govern, right? Your, your custodian of the cloud as your developers and DevOps, they are the ones who are defining, creating, destroying things in the cloud. And that guy sitting at the end of the tunnel, looking at things that what he gets and he has to immediately respond. That's why it has to be fundamentally solve. Number one, we talked about supply chain. We talked about the, the, the stuck net to wanna cry, to sort of wins, to know the most recent one on the pipeline. Once the interesting phenomena is that the way industry has moved super cloud, the attackers are also moving them super attackers, right? They have stopped. They have not stopped, but they have started slowly moving to the left, which is the governance part. So they have started attacking your source code, you know, impersonating the codes, replacing the binary, finding one is there. So if they can, if the cloud is built so early, why can't I go early and, and, and inject myself. >>So super hackers is coming to super thinking Hollywood right now. I mean, that brings up a good point. I mean, this whole trust thing is huge. I mean, I hear zero trust. I think, wait a minute, that's not the conference I was just at, we went to, we managed, we work with DockerCon and they were talking about trust services. Yeah. So supply chain source code has trust brokering going on. And yet you got zero trust, which is which are they contextually different? I mean, what, what, >>What, from my perspective, though, the same in that zero trust is a framework that starts with minimum privileges and then build up those privileges over time. Normally in today's dialogue, zero trust is around access. I'm not having a broad access. I'm having a narrow access around an application, but you can also extend those principles to usage. What can, how much privilege do I have within an application? I have to build up my trust to enhance and, and get extended privileges within an application. Of course you can then extend this naturally to applications, APIs, applications, talking with each other. And so by you, you have to restrict the attack surface that is based on a trust model fundamentally. And then to your point, I mean, there's always this residual that you have to deal with afterwards. >>So, so super cloud implies more surface area. You're talking about private. So here we go. So how, and by the way, the AWS was supposed to be at this conference. They said they couldn't make it. They had a schedule issue, but they wanted to be here, but I would ask them, how do you differentiate AWS going forward? Do you go IAS all the way? Do you release the pass layer up? How does this solve? Because you have native clouds that are doing great, the complexity on super cloud, and multi-cloud has to be solved. >>Let me offer maybe a different argument. So if you think about we're all old enough to see the history sort of re pendulum shift and it shifting back in a way, if you're arguing that this culmination of all these services in the form of cloud today, essentially moving up stack, then really this is a architectural pattern that's emerging, right? And therefore there needs to be a super cloud, almost operating system. So operating systems, if you build one before you need a scheduler, you need process handler, you need process isolation, you need memory storage, compute all that together. Now that is our sitting in different parts of the internet. And, and there is no operating system. Yes. And that's the gap, right? And so if you don't even have an operating system, how do you implement security? And that's the pain. Yeah, because today it's one off, directly from service to service. Like how many times can you set up SAML orchestration? You can have an entire team doing that, right. If that's, that's what you have to do. So I think that's ultimately the gap and, and we're sort of just revolving around this concept that there's missing an operating system for superpower. >>It's like Maribel Lopez said in the previous panel that Lord of the rings, there will be no one ring rule the ball. Right. Probably there is needs one. Oh yeah. But, but, but, so what happens? So again, security's the hardest problem. So Snowflake's gotta implement its security, you know, data bricks with an open source model has to implement its security. So there's these multiple security models. You talk about zero trust, which I, if, if I infer what you said, gee, it's essentially, if you don't have privilege access, you don't get access. Yeah. Right. If you, okay. Okay. So that's the framework. Fine. And then you gotta earn it over time. Yeah. Now companies like Amazon, they have the, the talent and the skills to implement that zero trust framework. Exactly. So, so the, the industry, you, you guys with the R and D have to actually ultimately build that, that super cloud framework, don't you? >>Yeah. But I would just look all of the major cloud providers, the ones you mentioned and more will have their own framework within their own environment. Right? Yeah. The problem is with super cloud, you're extending it across multiple ones. There's no standards. There's no easy way to integrate that. So now all of that is left to the developer who is like throwing out code as fast as they can >>Is their, their job is to abstract that, I mean, they've gotta secure the, the run time, they gotta secure the container. >>You have to >>Abstract it. Right. Okay. But, but they're not security pros or ops. >>Exactly. They're haves. >>But to, but to G's point, right. If everyone's implementing their own little Z TNA, then inherently, there's a blind trust between two vendors. Right. That has to >>Be, >>That has to be >>Established. That's implicit. You're saying, >>Yeah. But, but it's, it's contractual, it's not technology. Right. Because I'm turning something out in my cloud, you're turning out something in your cloud that says we've got something, some token exchange, which gives us trust. But what happens if that breaks down and whatever happens to the third party comes in? I think that's the problem. >>Yeah. In fact, in fact, the, if I put the, you know, combine one of those commons, the zero trust was build, keeping identity authentication, then authorization in mind, right? Yeah. This needs to be extended because the zero test definition now probably go into integrity. Yeah, exactly. Right. Yeah. I authenticated. I worked well with Tony in the past, but how do I know that something has changed on the Tony's side? Yeah, exactly. Right, right. That, that integrity is going to be very, very foundational. Given developers are building those third party libraries, those source code pumping stuff. The only way I can validate is, Hey, what has changed? >>And then throw edge into the equation, John and IOT and machine to machine. Exactly. It's just, >>Well, >>Yeah. I think, I think we have another example to build on Tony's operating system model. Okay. And that is the cloud access service broker model for SAS. So we, we have these services sitting out there, we've brokered them together. They're normally on user policies. What I can have access to what I can do, what I can't do, but that can be extended down to services and have the same kind of broker arrangement all through APIs. You have to establish that trust and the, and the policies there, and they can be dynamic and all of this stuff. But you can from an, either an operating system or a SAS interaction and integration model come to these same kind of points. So who >>Builds the, the, the secure Supercloud? Is it new guys like you? Is it your old company giants like Palo Alto? Who, who actually builds the and secures the Supercloud it sounds like it's an ecosystem. >>Yeah. It is an ecosystem. Absolutely. It's an ecosystem. >>Yeah. There's no one security Supercloud >>As well. No, but I, I do think there's one, there's one difference in that historically security has always focused on that shiny object. The, the, the, a particular solution to a particular threat when you're dealing with a, a cloud or super cloud, like the number of that is incalculable. So you have to come into some sort of platform. And so you will see if it's not one, you know, a finite number of platform type solutions that are trying to solve this on behalf of the >>Customer. That to your point, then get connected. >>I think it's gonna be like Unix, right? Like how many flavors of Unix were there out there? All of them 'em had a scheduler. All of them had these processes. All of them had their little compilers. You can compile to that system, target to that system. And for a while, it's gonna be very fragmented until multiple parties decide to converge. >>Right? Well, this is, this is the final question we have one minute left. I wish we had more time. This is a great panel. We'll we'll bring you guys back for sure. After the event, what one thing needs to happen to unify or get through the other side of this fragmentation than the challenges for Supercloud. Because remember the enterprise equation is solve complexity with more complexity. Well, that's not what the market wants. They want simplicity. They want SA they want ease of use. They want infrastructure risk code. What has to happen? What do you think each of you? >>So I, I can start and extending to the previous conversation. I think we need a consortium. We need, we need a framework that defines that if you really want to operate in super cloud, these are the 10 things that you must follow. It doesn't matter whether you take AWS slash or GCP, or you have all, and you will have the on-prem also, which means that it has to follow a pattern. And that pattern is what is required for super cloud. In my opinion, otherwise security is going everywhere. They're like they have to fix everything, find everything and so on. So forth, it's not gonna be possible. So they need a, they need a framework. They need a consortium. And it, this consortium needs to be, I think, needs to led by the cloud providers, because they're the ones who have these foundational infrastructure elements and the security vendor should contribute on providing more severe detections or findings. So that's, in my opinion is, should be the model. >>Well, thank you G >>Yeah, I would think it's more along the lines of a business model we've seen in cloud that the scale matters. And once you're big, you get bigger. We haven't seen that coals around either a vendor, a business model, whatnot, to bring all of this and connect it all together yet. So that value proposition in the industry I think is missing, but there's elements of it already available. >>I, I think there needs to be a mindset. If you look again, history repeating itself, the internet sort of came together around set of I ETF, RSC standards, everybody embraced and extended it. Right. But still there was at least a baseline. Yeah. And I think at that time, the, the largest and most innovative vendors understood that they couldn't do it by themselves. Right. And so I think what we need is a mindset where these big guys like Google, let's take an example. They're not gonna win at all, but they can have a substantial share. So how do they collaborate with the ecosystem around a set of standards so that they can bring, bring their differentiation and then embrace everybody >>Together. Guys, this has been fantastic. I mean, I would just chime in back in the day, those was proprietary nosis proprietary network protocols. You had kind of an enemy to rally around. I'm not sure. I see an enemy out here right now. So the clouds are doing great. Right? So it's a tough one, but I think super OS super consortiums, super business models are gonna emerge. Thanks so much for spending the time. Great conversation. Thank you for having us to bring, keep going hour superclouds here in Palo Alto, live coverage stream virtually I'm John with Dave. Thanks for watching. Stay with us for more coverage. This break.

>> From theCUBE Studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE and ETR. This is "Breaking Analysis" with Dave Vallante. >> Welcome to this week's Wikibon CUBE Insights powered by ETR. As we exited the isolation economy last year, Supercloud is a term that we introduced to describe something new that was happening in the world of cloud. In this "Breaking Analysis," we address the 10 most frequently asked questions we get around Supercloud. Okay, let's review these frequently asked questions on Supercloud that we're going to try to answer today. Look at an industry that's full of hype and buzzwords. Why the hell does anyone need a new term? Aren't hyperscalers building out Superclouds? We'll try to answer why the term Supercloud connotes something different from hyperscale clouds. And we'll talk about the problems that Superclouds solve specifically, and we'll further define the critical aspects of a Supercloud architecture. We often get asked, "Isn't this just multi-cloud?" Well, we don't think so, and we'll explain why in this "Breaking Analysis." Now, in an earlier episode, we introduced the notion of super PaaS. Well, isn't a plain vanilla PaaS already a super PaaS? Again, we don't think so, and we'll explain why. Who will actually build and who are the players currently building Superclouds? What workloads and services will run on Superclouds? And eight A or number nine, what are some examples that we can share of Supercloud? And finally, we'll answer what you can expect next from us on Supercloud. Okay, let's get started. Why do we need another buzzword? Well, late last year ahead of re:Invent, we were inspired by a post from Jerry Chen called castles in the cloud. Now, in that blog post, he introduced the idea that there were submarkets emerging in cloud that presented opportunities for investors and entrepreneurs. That the cloud wasn't going to suck the hyperscalers, weren't going to suck all the value out of the industry. And so we introduced this notion of Supercloud to describe what we saw as a value layer emerging above the hyperscalers CAPEX gift, we sometimes call it. Now, it turns out that we weren't the only ones using the term, as both Cornell and MIT, have used the phrase in somewhat similar, but different contexts. The point is, something new was happening in the AWS and other ecosystems. It was more than IS and PaaS, and wasn't just SaaS running in the cloud. It was a new architecture that integrates infrastructure, platform and software as services, to solve new problems that the cloud vendors, in our view, weren't addressing by themselves. It seemed to us that the ecosystem was pursuing opportunities across clouds that went beyond conventional implementations of multi-cloud. And we felt there was a structural change going on at the industry level. The Supercloud metaphorically was highlighting. So that's the background on why we felt a new catch phrase was warranted. Love it or hate it, it's memorable and it's what we chose. Now, to that last point about structural industry transformation. Andy Rapaport is sometimes and often credited with identifying the shift from the vertically integrated IBM mainframe era to the fragmented PC microprocesor based era in his HBR article in 1991. In fact, it was David Moschella, who at the time was an IDC analyst who first introduced the concept in 1987, four years before Rapaport's article was published. Moschella saw that it was clear that Intel, Microsoft, Seagate and others would replace the system vendors and put that forth in a graphic that looked similar to the first two on this chart. We don't have to review the shift from IBM as the center of the industry to Wintel. That's well understood. What isn't as well known or accepted is what Moschella put out in his 2018 book called "Seeing Digital" which introduced the idea of the matrix that's shown on the right hand side of this chart. Moschella posited that new services were emerging, built on top of the internet and hyperscale clouds that would integrate other innovations and would define the next era of computing. He used the term matrix, because the conceptual depiction included, not only horizontal technology rows, like the cloud and the internet, but for the first time included connected industry verticals, the columns in this chart. Moschella pointed out that, whereas historically, industry verticals had a closed value chain or stack and ecosystem of R&D and production and manufacturing and distribution. And if you were in that industry, the expertise within that vertical generally stayed within that vertical and was critical to success. But because of digital and data, for the first time, companies were able to traverse industries jump across industries and compete because data enabled them to do that. Examples, Amazon and content, payments, groceries, Apple and payments, and content and so forth. There are many examples. Data was now this unifying enabler and this marked a change in the structure of the technology landscape. And Supercloud is meant to imply more than running in hyperscale clouds. Rather, it's the combination of multiple technologies, enabled by cloud scale with new industry participants from those verticals; financial services, and healthcare, and manufacturing, energy, media, and virtually all and any industry. Kind of an extension of every company is a software company. Basically, every company now has the opportunity to build their own cloud or Supercloud. And we'll come back to that. Let's first address what's different about Superclouds relative to hyperscale clouds. Now, this one's pretty straightforward and obvious, I think. Hyperscale clouds, they're walled gardens where they want your data in their cloud and they want to keep you there. Sure, every cloud player realizes that not all data will go to their particular cloud. So they're meeting customers where their data lives with initiatives like Amazon Outposts and Azure Arc and Google Antos. But at the end of the day, the more homogeneous they can make their environments, the better control, security, costs, and performance they can deliver. The more complex the environment, the more difficult it is to deliver on their brand promises. And, of course, the less margin that's left for them to capture. Will the hyperscalers get more serious about cross cloud services? Maybe, but they have plenty of work to do within their own clouds and within enabling their own ecosystems. They have a long way to go, a lot of runway. So let's talk about specifically, what problems Superclouds solve. We've all seen the stats from IDC or Gartner or whomever, that customers on average use more than one cloud, two clouds, three clouds, five clouds, 20 clouds. And we know these clouds operate in disconnected silos for the most part. And that's a problem, because each cloud requires different skills, because the development environment is different as is the operating environment. They have different APIs, different primitives, and different management tools that are optimized for each respective hyperscale cloud. Their functions and value props don't extend to their competitors' clouds for the most part. Why would they? As a result, there's friction when moving between different clouds. It's hard to share data. It's hard to move work. It's hard to secure and govern data. It's hard to enforce organizational edicts and policies across these clouds and on-prem. Supercloud is an architecture designed to create a single environment that enables management of workloads and data across clouds in an effort to take out complexity, accelerate application development, streamline operations, and share data safely, irrespective of location. It's pretty straightforward, but non-trivial, which is why I always ask a company's CEO and executives if stock buybacks and dividends will yield as much return as building out Superclouds that solve really specific and hard problems and create differential value. Okay, let's dig a bit more into the architectural aspects of Supercloud. In other words, what are the salient attributes of Supercloud? So, first and foremost, a Supercloud runs a set of specific services designed to solve a unique problem, and it can do so in more than one cloud. Superclouds leverage the underlying cloud native tooling of a hyperscale cloud, but they're optimized for a specific objective that aligns with the problem that they're trying to solve. For example, Supercloud might be optimized for lowest cost or lowest latency or sharing data or governing or securing that data or higher performance for networking, for example. But the point is, the collection of services that is being delivered is focused on a unique value proposition that is not being delivered by the hyperscalers across clouds. A Supercloud abstracts the underlying and siloed primitives of the native PaaS layer from the hyperscale cloud, and then using its own specific platform as a service tooling, creates a common experience across clouds for developers and users. And it does so in the most efficient manner, meaning it has the metadata knowledge and management capabilities that can optimize for latency, bandwidth, or recovery or data sovereignty, or whatever unique value that Supercloud is delivering for the specific use case in their domain. And a Supercloud comprises a super PaaS capability that allows ecosystem partners through APIs to add incremental value on top of the Supercloud platform to fill gaps, accelerate features, and of course, innovate. The services can be infrastructure related, they could be application services, they could be data services, security services, user services, et cetera, designed and packaged to bring unique value to customers. Again, that hyperscalers are not delivering across clouds or on premises. Okay, so another common question we get is, "Isn't that just multi-cloud?" And what we'd say to that is yeah, "Yes, but no." You can call it multi-cloud 2.0, if you want. If you want to use, it's kind of a commonly used rubric. But as Dell's Chuck Whitten proclaimed at Dell Technologies World this year, multi-cloud, by design, is different than multi-cloud by default. Meaning, to date, multi-cloud has largely been a symptom of what we've called multi-vendor or of M&A. You buy a company and they happen to use Google cloud. And so you bring it in. And when you look at most so-called multi-cloud implementations, you see things like an on-prem stack, which is wrapped in a container and hosted on a specific cloud. Or increasingly, a technology vendor has done the work of building a cloud native version of their stack and running it on a specific cloud. But historically, it's been a unique experience within each cloud, with virtually no connection between the cloud silos. Supercloud sets out to build incremental value across clouds and above hyperscale CAPEX that goes beyond cloud compatibility within each cloud. So, if you want to call it multi-cloud 2.0, that's fine, but we chose to call it Supercloud. Okay, so at this point you may be asking, "Well isn't PaaS already a version of Supercloud?" And again, we would say, "No." That Supercloud and its corresponding super PaaS layer, which is a prerequisite, gives the freedom to store, process, and manage and secure and connect islands of data across a continuum with a common experience across clouds. And the services offered are specific to that Supercloud and will vary by each offering. OpenShift, for example, can be used to construct a super PaaS, but in and of itself, isn't a super PaaS, it's generic. A super PaaS might be developed to support, for instance, ultra low latency database work. It would unlikely, again, taking the OpenShift example, it's unlikely that off the shelf OpenShift would be used to develop such a low latency, super PaaS layer for ultra low latency database work. The point is, Supercloud and its inherent super PaaS will be optimized to solve specific problems like that low latency example for distributed databases or fast backup in recovery for data protection and ransomware, or data sharing or data governance. Highly specific use cases that the Supercloud is designed to solve for. Okay, another question we often get is, "Who has a Supercloud today and who's building a Supercloud and who are the contenders?" Well, most companies that consider themselves cloud players will, we believe, be building or are building Superclouds. Here's a common ETR graphic that we like to show with net score or spending momentum on the Y axis, and overlap or pervasiveness in the ETR surveys on the X axis. And we've randomly chosen a number of players that we think are in the Supercloud mix. And we've included the hyperscalers because they are enablers. Now, remember, this is a spectrum of maturity. It's a maturity model. And we've added some of those industry players that we see building Superclouds like Capital One, Goldman Sachs, Walmart. This is in deference to Moschella's observation around the matrix and the industry structural changes that are going on. This goes back to every company being a software company. And rather than pattern match and outdated SaaS model, we see new industry structures emerging where software and data and tools specific to an industry will lead the next wave of innovation and bring in new value that traditional technology companies aren't going to solve. And the hyperscalers aren't going to solve. We've talked a lot about Snowflake's data cloud as an example of Supercloud. After being at Snowflake Summit, we're more convinced than ever that they're headed in this direction. VMware is clearly going after cross cloud services, perhaps creating a new category. Basically, every large company we see either pursuing Supercloud initiatives or thinking about it. Dell showed Project Alpine at Dell Tech World. That's a Supercloud. Snowflake introducing a new application development capability based on their super PaaS, our term, of course. They don't use the phrase. Mongo, Couchbase, Nutanix, Pure Storage, Veeam, CrowdStrike, Okta, Zscaler. Yeah, all of those guys. Yes, Cisco and HPE. Even though on theCUBE at HPE Discover, Fidelma Russo said on theCUBE, she wasn't a fan of cloaking mechanisms. (Dave laughing) But then we talked to HPE's head of storage services, Omer Asad, and he's clearly headed in the direction that we would consider Supercloud. Again, those cross cloud services, of course, their emphasis is connecting as well on-prem. That single experience, which traditionally has not existed with multi-cloud or hybrid. And we're seeing the emergence of smaller companies like Aviatrix and Starburst and Clumio and others that are building versions of Superclouds that solve for a specific problem for their customers. Even ISVs like Adobe, ADP, we've talked to UiPath. They seem to be looking at new ways to go beyond the SaaS model and add value within their cloud ecosystem, specifically around data as part of their and their customer's digital transformations. So yeah, pretty much every tech vendor with any size or momentum, and new industry players are coming out of hiding and competing, building Superclouds that look a lot like Moschella's matrix, with machine intelligence and blockchains and virtual realities and gaming, all enabled by the internet and hyperscale cloud CAPEX. So it's moving fast and it's the future in our opinion. So don't get too caught up in the past or you'll be left behind. Okay, what about examples? We've given a number in the past but let's try to be a little bit more specific. Here are a few we've selected and we're going to answer the two questions in one section here. What workloads and services will run in Superclouds and what are some examples? Let's start with analytics. Our favorite example of Snowflake. It's one of the furthest along with its data cloud, in our view. It's a Supercloud optimized for data sharing and governance, and query performance, and security, and ecosystem enablement. When you do things inside of that data cloud, what we call a super data cloud. Again, our term, not theirs. You can do things that you could not do in a single cloud. You can't do this with Redshift. You can't do this with SQL server. And they're bringing new data types now with merging analytics or at least accommodate analytics and transaction type data and bringing open source tooling with things like Apache Iceberg. And so, it ticks the boxes we laid out earlier. I would say that a company like Databricks is also in that mix, doing it, coming at it from a data science perspective trying to create that consistent experience for data scientists and data engineering across clouds. Converge databases, running transaction and analytic workloads is another example. Take a look at what Couchbase is doing with Capella and how it's enabling stretching the cloud to the edge with arm based platforms and optimizing for low latency across clouds, and even out to the edge. Document database workloads, look at Mongo DB. A very developer friendly platform that where the Atlas is moving toward a Supercloud model, running document databases very, very efficiently. How about general purpose workloads? This is where VMware comes into play. Very clearly, there's a need to create a common operating environment across clouds and on-prem and out to the edge. And I say, VMware is hard at work on that, managing and moving workloads and balancing workloads, and being able to recover very quickly across clouds for everyday applications. Network routing, take a look at what Aviatrix is doing across clouds. Industry workloads, we see Capital One. It announced its cost optimization platform for Snowflake, piggybacking on Snowflake's Supercloud or super data cloud. And in our view, it's very clearly going to go after other markets. It's going to test it out with Snowflake, optimizing on AWS, and it's going to expand to other clouds as Snowflake's business and those other clouds grows. Walmart working with Microsoft to create an on-premed Azure experience that's seamless. Yes, that counts, on-prem counts. If you can create that seamless and continuous experience, identical experience from on-prem to a hyperscale cloud, we would include that as a Supercloud. We've written about what Goldman is doing. Again, connecting its on-prem data and software tooling, and other capabilities to AWS for scale. And you can bet dollars to donuts that Oracle will be building a Supercloud in healthcare with its Cerner acquisition. Supercloud is everywhere you look. So I'm sorry, naysayers, it's happening all around us. So what's next? Well, with all the industry buzz and debate about the future, John Furrier and I have decided to host an event in Palo Alto. We're motivated and inspired to further this conversation. And we welcome all points of view, positive, negative, multi-cloud, Supercloud, HyperCloud, all welcome. So theCUBE on Supercloud is coming on August 9th out of our Palo Alto studios. We'll be running a live program on the topic. We've reached out to a number of industry participants; VMware, Snowflake, Confluent, Skyhigh Security, G. Written House's new company, HashiCorp, CloudFlare. We've hit up Red Hat and we expect many of these folks will be in our studios on August 9th. And we've invited a number of industry participants as well that we're excited to have on. From industry, from financial services, from healthcare, from retail, we're inviting analysts, thought leaders, investors. We're going to have more detail in the coming weeks, but for now, if you're interested, please reach out to me or John with how you think you can advance the discussion, and we'll see if we can fit you in. So mark your calendars, stay tuned for more information. Okay, that's it for today. Thanks to Alex Myerson who handles production and manages the podcast for "Breaking Analysis." And I want to thank Kristen Martin and Cheryl Knight. They help get the word out on social and in our newsletters. And Rob Hof is our editor in chief over at SiliconANGLE, who does a lot of editing and appreciate you posting on SiliconANGLE, Rob. Thanks to all of you. Remember, all these episodes are available as podcasts wherever you listen. All you got to do is search, breaking analysis podcast. I publish each week on wikibon.com and siliconangle.com. Or you can email me directly at david.vellante@siliconangle.com. Or DM me @DVallante, or comment on my LinkedIn post. And please, do check out etr.ai for the best survey data in the enterprise tech business. We'll be at AWS NYC summit next Tuesday, July 12th. So if you're there, please do stop by and say hello to theCUBE. It's at the Javits Center. This is Dave Vallante for theCUBE Insights, powered by ETR. Thanks for watching. And we'll see you next time on "Breaking Analysis." (slow music)

>> Announcer: Live from San Francisco, it's theCUBE covering RSA Conference 2020, San Francisco. Brought to you by SiliconANGLE Media. >> Welcome back everybody, Jeff Frick with theCUBE. We're at RSA 2020. It's day four, it's Thursday. This is a crazy long conference, 40,000 people. Even with the challenges presented by coronavirus, and there's a lot of weird stuff going on, the team pulled it together, they went forward. And even though there was drops out here and there, I think all in all, most people will tell you, it's been a pretty successful conference. And we're excited to be joined by really one of the top level sponsors here, that's still here and still doing good things. It's Vittorio Viare... Viarengo, sorry, the new interim CMO of McAfee. >> Yeah. >> Vittorio, I just call you Vittorio all the time. I never look past your first name. Great to see you. >> Likewise. It's always a pleasure to be here with an institution of Silicon Valley-- >> Oh thank you, thank you. So interim CMO, I always think of like interim football coaches that they get pulled in halfway through the season, so the good news is you kind of got the job and all the responsibilities. The bad news is, you still have that interim thing, but you don't care, you just go to work, right? >> Now whenever you have an interim job, you have to just do the job and then that's the best way to operate. >> Yeah, so again, I couldn't help but go back and look at that conversation that we had at Xerox Parc, which is interesting. That's pretty foundational, everything that happens in Silicon Valley, and so many discoveries up there. And you touched on some really key themes in the way you manage your teams, but I think they're really much more valuable, and worth bringing back up again. And the context was using scrum as a way to manage people, but more importantly, what you said is it forced you as a leader to set first priorities and have great communication; and to continually do that on this two week pace, to keep everybody moving down the road. I think that is so powerful and so lacking unfortunately, in a lot of organizations today. >> Yeah, look, I think that when you hire smart people, if you just make sure that they understand what their priorities are, and then remove the obstacle and get out of the way, magical things happen. And I give you example that is very close to your heart. When I took over a great team at Skyhigh, that got bought by McAfee, they had content marketing down to a science, but they were lacking videos. So I brought that in. I said, "Guys, people watch videos, "people engage with videos, "we need to start telling the story through videos." And I started pushing, pushing, pushing, and then I pulled back, and these guys took it to a whole new level. And then they're doing videos, they're very creative, they are crisp. And I'm like, "Yeah, my job is done." >> It is really wild how video has become such an important way for education. I mean it used to be... I remember the first time I ever saw an engineer use Google to answer a question on writing code. I had never seen that before. I'm not a coder. Wow, I thought it was just for finding my local store or whatever. And now to see what really... I think YouTube has pushed people to expect that the answer to any question should be in a video. >> So, yesterday literally, somebody from a company I don't even know stopped me and said, "I watch you to videos on container. "Thank you very much." I was like, "What, you?" And the genesis of that was the sales people ask me, "Hey, we're selling container security and all that," but I don't even understand what containers are. Okay, sure. So I shot a video and I'm the CMO, I was the vice president. I think you have to put your face on your content. It doesn't matter how senior you are, you're not in a corner office, you're down there with the team. So I got into the studio, based on my background at VMware, I knew virtual machine, and I said, "Okay, how do you explain this "to somebody who's not technical?" And next thing you know, it makes its way out there, not just to our sales force, but to the market at large. That's fantastic. >> Right, and let me ask you to follow up on that because it seems like the world is very divergent as to those who kind of want their face, and more their personality to be part of their business culture and their business messaging, and those that don't. And you know, as part of our process, we always are looking at people's LinkedIn, and looking at people's Twitter. I get when people don't have Twitter, but it really surprises me when professionals, senior professionals within the industry aren't on LinkedIn. And is just like, wow! That is such a different kind of world. >> LinkedIn right now is... and I'm stealing this from Gary on the Chuck, as a big believer in this. LinkedIn right now is like Facebook 10 years ago. You get amazing organic distribution, and it's a crime not to use it. And the other thing is if you don't use it, how are you going to inspire your team to do the right thing? Modern marketing is all about organic distribution with a great content. If you're not doing it yourself... I grew up in a bakery. I used to look at my mom, we have a big bakery. We had eight people working, and I said, "Ma, why are you workin' so hard? "Your first day, last hour?" And she said, "Look, you cannot ask your people, "to work harder than you do." That was an amazing lesson. So it's not just about working hard, and harder than your team, it's about are you walking the walk? Are you doing the content? Are you doing the modern marketing things that work today, if you expect your people to also do it? >> Yeah, it's just funny 'cause, when we talk to them, I'm like, "If you don't even have a LinkedIn account, "we shouldn't even be talking to you "because you just won't get what we do. "You won't see the value, you won't understand it "and if you're not engaging at least "a little bit in the world then..." And then you look at people say like Michael Dell, I'll pick on or Pat Gelsinger who use social media, and put their personalities out there. And I think it's, people want to know who these people are, they want to do business with people that they they like, right? >> Absolutely. You know what's the worst to me? I can tell when an executive as somebody else manages their account, I can tell from a mile away. That's the other thing. You have to be genuine. You have to be who you are on your social and all your communication because people resonate with that, right? >> Right. All right, so what are you doing now? You got your new title, you've got some new power, you've got a great brand, leading brand in the industry, been around for a while, what are some of your new priorities? What's some of the energy that you're bringing in and where you want to to go with this thing? >> Well, my biggest priority right now is to get the brand and our marketing to catch up with what the products and the customers are already which is, Cloud, Cloud, Cloud. So when we spun off from Intel two years ago, we had this amazing heritage in the endpoint security. And then we bought Skyhigh, and Skyhigh was transformational for us because it became the foundation for us to move to become a cloud-first organization. And is in the process of becoming a cloud-first organization, and creating a business that is growing really fast. We also brought along the endpoint, which now is all delivered from the Cloud, to the cloud-first open unified approach, which is exciting. >> And we see Edge is just an extension of endpoints, I would assume. It just changes the game. >> Yeah, so if you think about today modern work gets done with the backend in the Cloud, and accessing those backends from the device, right? >> Right. >> And so, our strategy is to secure data where modern work gets done, and it's in the device, in the Cloud, and on the edge. Because data moves in and out of the Cloud, and that's kind of the edge of the Cloud. That's what we launched this week at RSA we launched Unified Cloud Edge, which is our kind of a, Gartner call's it SaaS-y, so that we are kind of the security. We believe we have the most complete and unified security part of the SaaS-y world. >> Okay, I just laugh at Gartner and the trough of disillusion men and Jeff and I always go back to a Mars law. Mar does not get enough credit for a Mars law. We've got a lot of laws, but Mars law, we tend to overestimate in the short term, the impact of these technologies, and they completely underestimate really the long tail of this technology improvements, and we see it here. So let's shift gears a little bit. When you have your customers coming in here, and they walk into RSA for the first time, how do you tell people to navigate this crazy show and the 5,000 vendors and the more kind of solutions and spin vocabulary, then is probably save for anyone to consume over three days? >> Look, security is tough because you look around and say, "You have six, 700 vendors here." It's hard to stand out from the crowd. So what I tell our customers is use this as a way to meet with your strategic vendors in the booth upstairs. That's where you conduct business and all that. And I walk around to see from the ground up, send your more junior team out there to see what's happening because some of these smaller companies that are out here will be the big transformational companies or the future like Skyhigh was three four years ago, and now we're part of McAfee, and leading the charge there. >> Yeah, just how do you find the diamond in the rough, right? >> Yeah. >> 'Cause there's just so much. But it's still the little guys that are often on the leading edge and the bleeding edge, of the innovation so you want to know what's going on so that you're kind of walking into the back corners of the floor as well. >> That's why I am lifelong learner, so I go around to see what people do from a marketing perspective because, the last thing I want to do, I want to become obsolete. (Jeff laughs) And the way you don't become obsolete is to see what the new kids on the block do and steal their ideas, steal their tactics take them to the next level. >> Right, so I want to ask you a sensitive question about the conference itself and the coronavirus thing and we all saw what happened in Mobile World Congress. I guess it just got announced today that Facebook pulled F8, their developer conference. We're in the conference business. You go to a lot of conferences. Did you have some thought process? There were some big sponsors that pulled out of this thing. How did you guys kind of approach the situation? >> It's a tough one. >> It's a really tough one. >> It's a very tough one 'cause last thing you want to do is to put your employees and your customers at risk. But the way we looked at it was there were zero cases of coronavirus in San Francisco. And we saw what the rest of the industry was doing, and we made the call to come here, give good advice to our employees, wash their hands, and usual and this too will pass. >> Yeah, yeah. Well Vittorio, it's always great to catch up with you. >> Likewise. >> I just loved the energy, and congratulations. I know you'll do good things, and I wouldn't be at all surprised if that interim title fades away like we see with most great coaches. >> Good. >> So thanks for stopping by. >> My pleasure. >> All right, he's Vittorio, I'm Jeff. You're watching theCUBE, we're at RSA 2020 in San Francisco. Thanks for watching, we'll see you next time. (upbeat music)

>> Live from Las Vegas, it's theCUBE, covering AWS re:Invent 2018. Brought to you by Amazon Web Services, Intel, and their ecosystem partners. (upbeat music) >> Welcome back, here on theCUBE, (mumbles) to continue our coverage at AWS re:Invent with Sands. This is actually one of seven sites all around town, that are hosting various sessions. We heard a lot our guests saying, "it's so exciting." There's this spot for this particular expertise. Then I boo, Uber across town, I go to this spot, because that's how big this show's become, and how dynamic this show has become. We are on day three, and I'm here with Rebecca Knight, and also joined by Eric Boerger, who is a technology specialist at McAfee. Hello Eric good to see you. >> Hello, thanks for having me today, this is wonderful. >> You bet, well we've had a couple of your colleagues on already. I mean Markus Strauss is one who comes to mind. Talk about the database you're on the cloud side of things, cloud security. >> I am. I'm a technology specialist here at McAfee. My role is to help our customers as they're moving into the cloud, understanding where their security pitfalls may be, and implementing the right technologies and security tools to help make sure that their transition into the cloud is as secure as possible. >> So what's the big picture on that? Alright so security first and foremost in the cloud, that's probably, well certainly one of the big questions people have right. >> Absolutely, that tends to be the biggest question is, "how can I make sure that as I'm doing this transition to the cloud, that I'm not just throwing assets out there, and finding that I have issues later, but how can I bake security into them from the beginning." And that's really where we at McAfee are trying to sit back and identify where customers are having their challenges, and make sure that our tools are able to be positioned and developed correctly to address those issues. >> So what are some of the most common challenges that you see? >> So some of the most common challenges that we see in terms of problems are misconfigured accounts. That's a very common issue that we see in a lot of breach reports. Somebody setup a data repository, doesn't put the right security mechanisms in place, and all of a sudden now all of the confidential data that's been breached. >> Out the door. >> A second problem we see is a lot of, especially within the IAS space, organizations are standing up new instances of workloads, and the security teams aren't necessarily being informed that they're actually putting these workloads, or computer assets online, so now they're coming online without any protections, or any audit capability in place to make sure they're meeting their own security best practices guidelines that their organizations may have developed. >> Yeah we were talking earlier with probably one of your competitors actually, and they were talking about breaches. We're talking about. They said, "Their estimation 90 percent, are created, or made possible by mistakes." >> Absolutely. >> I mean, you agree with that? Is that our... >> I cannot agree anymore with that. Because the problem is, is that, the ability and the agility of the cloud, is both a positive, it allows us to be extremely flexible and agile as we're developing, but it also allows us to move so fast that we may be outpacing what our own knowledge levels are for being able to secure those. And that's tended to be one of the biggest hindrances that we see, is a developer gets enabled to go through and create a MS3 Bucket, put a lot of data in there, but at the same point they don't implement any tools behind it, or any security behind that. So it's not necessarily their fault, it's just they don't understand what security requirements are to implement in the cloud. >> And that's where you come in. So talk a little bit about your solutions and about how you approach the problem. >> Absolutely. So we have a wide variety of solutions here at McAfee, to help address those issues. That's everything from our Skyhigh McAfee Casb product, to help do account identifications and discovery of rogue accounts. And then some of our tools, like our virtual network IPS. That's able to do packet level inspection to apply a deeper level of security onto those systems. And then of course our Cloud Workload Security Product. That's something that is able to help you discover any of those rogue assets, and identify systems that may have already been breached based upon the network communication that's already occurring on those systems. >> Yeah you're kind of this cat and mouse game, aren't you, in terms of security, because you're trying to stay one step ahead of some actors who are very skilled at maintaining an edge. >> Absolutely. >> I mean how do you sleep at night Eric? >> So moving to the cloud is an area that once you feel that... Once you have the right tools in place, it'll help you actually sleep a lot easier, knowing that there's audit tools in the background, that are able to continuously monitor your workloads, identify if you have misconfigured accounts, if you have systems that are missing, needed information. You may have a requirement to have something like an integrity monitoring tool in place for some of your workloads, and this is a, with our tools, we can actually monitor and tell you if you're out of compliance with any of those baseline requirements. >> So how do you help the companies, the customers that want to move to the cloud, but also be sort of a hybrid, or maybe keep some of their stuff on PRIM, how do you make it easier for them? >> And that's a very common question that we hear over and over is, "I want to move to the cloud, but I'm not ready to go all in yet." So what we've actually done, is we've developed a lot of same discovery tools, can be used on premise. So that as they're building out their private clouds, whether it's in an open sac implementation, or via VMware, we can still do the same discovery, the same identification of misconfigured workloads. Now that also brings us to, as they move more into the cloud, it's already there, it's able to help them with their hybrid environment space, and that can either be managed on premise or from the cloud directly. So that when they're ready to move all their management infrastructure to the cloud, our tools are already there and ready for them. >> Now you're really good at what you do, but as you know, you're not the only game in town. >> We're not. >> So what's your differentiation then in terms of your cloud offering? What do you think this is what McAfee does better than anybody else? >> So what we feel that we really do better than anybody else, is be able to integrate a full security picture in a unified console management. So this is giving us the ability to do deployment of our own tool sets. Being able to do things such as integration with our Skyhigh product, and being able to pull back from the Casb view to help pull in a unified view. That's where we really feel that we've got a lot of unique factors in the cloud space to help our customers as they're moving. Plus the ability to be not just cloud focused, but still hybrid. Being able to protect those private data centers. We see a lot of companies who are going pure cloud, but they say, "Well if you had something on a premise, we don't care about it anymore, because it's not in the cloud." We feel with our background and our strengths in security we can really help address those concerns. >> So you're a technology specialist, that is your job title, >> It is. >> but in so many of these migrations and big digital transformations, the technology is really the easy part. And what's so much harder is getting the people onboard with the changes. Getting them to adopt and embrace and keep using the solutions. First of all, do you see this kind of resistance, and then also how do you overcome those challenges? >> Absolutely, the challenge is getting people to adopt to the cloud, and then continually be integrative with the newest tools that are coming available from the security standpoint and side is always a problem. The developers are very agile, they want to move at the speed of development. Which means going back and talking to security and saying, "hey by the way, I'm doing these things," doesn't always happen. So this is where we want to be able to give you a continuous monitoring ability to say hey, "somebody went through and stood something up." Security was completely outside of the loop. Bring them back in so that they can get the visibility, the alerting. And this is even where we've created some new features, that we announced on stage yesterday to be able to be integrated with the Amazon security hub. This is where we really feel that being able to help augment as Amazon's developing tools providing our security insight, to make sure that once again, as the developers are taking advantage of some of the newest features, we're there with them. >> And what was the driver of that? I mean how did you get to that point? >> So this is part of our partnership with Amazon. We actually have a great foundational relationship where we have a lot of our products have gone through a best practices review. And we have well architecture review stamps on a lot of the products that we have in the marketplace. This is due to the tight security integrations that we've had work with Amazon. That we're invited to be one of the first partners into the security hub, and you're going to see this out of additional products as we move forward with our new capabilities in the cloud. >> Yeah I hate to, I mean we have just a few minutes left, and I hate to dive into a big topic here, but on the other side of that security coin is compliance. Right, you got to be concerned about that. It's governments, you got to be concerned about that. And that's a whole new can of worms especially today with whether you're dealing with company concerns, state, federal concerns, and even European concerns. >> Absolutely, and the data privacy is another major concern with the compliance. It's not just what do I have, but how is it being used, how's it being utilized, and that's where with some of our products we've actually gone through and have build our full DLP engine into discovery of any of your data that exists within the cloud. So if you put data in as three, we can go through, scan it, identify if there's any PII data, alert upon it, give you controls of that. And then from a workload perspective side, we have tools that can go through and feed in your own templates. To say that I need to be PCI compliant, I need to meet HIPAA compliance. Be able to audit that workload, and give a continuance summary report back to the management teams to say hey, "I have auditors coming in, how am I in compliance, and then tell me what I need to do to address those gaps that I found from my cloud workloads." >> Solving problems. >> Solving problems. >> That's what it's all about right there. >> He's the best, that's right. >> Alright, I want you around more often. (laughing) We got a lot of problems to be solved, we appreciate it Eric, thank you for your time here at AWS re:Invent. >> Thank you very much for the time today. >> Good to have you, thanks for the McAfee story. Back with more from Las Vegas right after this. You're watching theCUBE. (upbeat music)

>> Narrator: Live from Las Vegas, its theCUBE covering IBM Think 2018. Brought to you by IBM >> Welcome back to IBM Think 2018, you're watching theCUBE, the leader in live tech coverage. My name is Dave Vellante and I'm here with my co-host Peter Burris, this is day three of our coverage. Mohammad Farooq is here, he's the general manager of Brokerage Services GTS at IBM. Mohammad, great to see you again, thanks for coming back on theCUBE. >> Thank you very much, appreciate for having me here. >> You're very welcome. So, big show. All the clients come together in one big tent. >> Yes. >> What do you think? >> It's very exciting. I think we're doing some interesting things with our technology. We have learned a lot from our clients the last two years. We are working very closely with our partners because we believe not one company can do everything in this massive transformation that's underway. So, working with our partners, with our clients on new technologies to specifically accelerate enterprized option of the cloud model and that's exciting for us. >> Partnering, it seems to have new, energized momentum at IBM. I sense a change, is it palpable? I mean, how can you comment on that? >> I think partnering is critical for everybody's success because the industry itself is transforming, and one company cannot achieve all the requirements that clients are asking for, and we have our core competencies. Service Now, our VMWare, our Amazon, our Azure They have their core competencies. But IBM, as a company, is a company that enterprisers trust to move them to cloud and operate them in the cloud. So what we are doing is, to keep that goal in mind, we are saying okay, we are going to take a client from point A, which is non-cloud, to point B, which is cloud native, and in that journey, we will take everybody our partners helped to get there. So that's why, based on client request, we are leveraging our partners, and it has a special meaning for us because it makes our clients successful. >> OK, so, describe exactly what brokerage services does. Is it your job to get people to the cloud? But talk more about that; add some color please. >> I think the brokerage has evolved since I last talked to you a year ago. At this conference, right? A lot of people think brokerage is arbitrage. >> Peter: Is what? >> Arbitrage of services from one provider to the other, that's the limited definition of brokerage. So what we're really calling it is Hybrid Cloud Management System, not brokerage. Brokerage is one part of it. So the Hybrid Cloud Management System is the go-forward strategy of IBM in 2019, 2018 and beyond. Which includes three, four components. One is: how do you bring the entire cloud ecosystem into a federated management maodel? Which includes: business management of IT and cloud, our hybrid. Consumption: a standard consumption model through one point of access to all clouds, internal or external. Third: delivery, how do we deliver services, either automated or workflow? Bi-model, as Gartner calls it, in one model. And four: operations management across public, private, hybrid, internal or external. >> Let me make sure I got this, so, business services in the sense of running IT more like a business, >> Mohammad: Right! >> A consumption model in terms of presenting this in a way that's simple and easy for a business-person to use, a delivery model, in the sense that it's very simple and straightforward and fast to deliver, and then an operations model which makes sure that everything above it works well. >> Yes, and the consumers, in this case, are developers, IT operations people, and DevApp teams, and from a delivery perspective, it is automated or people-work-flow, so you support both, so bringing this federated model together is a very complex undertaking, and IBM services is the strategic partner clients are asking to take them on this journey. Hey, bring this together for us. It's very complex at all layers. It's not a simple thing, and in that bringing it together, partners have a big role to play. Azure, Amazon, Google, Service Now, VMWare, Cisco, they all have critical pieces of it that make this model work, and clients have made choices. Clients already have VMWare. Clients already have Service Now Clients already have Amazon, Azure. But there is no system that brings it together and manages it on an ongoing basis, and the important thing is, the clouds keep changing very fast, and keeping up with the clouds, leveraging the power of the clouds to the right teams within the enterprise to deliver new digital apps, to delivery revenue, is what IBM is enabling our clients to do. >> So wikibot has actually done a fair amount of research around what we call the cloud operating model, we call the Digital Business Platform. AWS has an example of that, as you mention. They all have their approaches to handle those four things that you mentioned. >> Mohammad: Yes! >> But when you get to a customer, who also has to marry across these clouds, sustain some on-premises assets, perhaps some near-premises assets within the cost-service provider, it's what you're trying to do is ensure that they have their operating model that is the appropriate mix of all these different capabilities for their business, we got that right? >> Exactly, you got it. So what we said was every cloud provider, internal or external, or even hosting cloud providers, IBM is a hosting cloud provider. >> Right! >> With the adjustment of business. They had their own model across those four things: Business, consumption, delivery, operations. Now, we cannot operate four silos. Every enterprise is using Amazon, every enterprise has Google, every enterprise has VMWare, every enterprise has IBM. We cannot have four models. >> Dave: Right! >> So what we have done is we have created one standard consistent target operating model. We have integrated all these offerings within that so clients don't have to do it. We offer services to create extensions to it based on variations clients might have, and then operate it as a service for them, so that their path to cloud gets accelerated, and they start leveraging the power of what's good today inside the data centers, and what's available outside in public clouds, in a very secure way. So that is the business IBM is in moving forward, which we are calling it, we are transforming our offerings portfolio, we are calling it: Hybrid Cloud Services Business >> OK so you've got this hybrid operating model, IT operating model that you're envisioning, you're letting the cloud partners do what they do best, >> Mohammad: Right. >> Including your IBM cloud partners, >> Mohammad: Including our operating partners, >> And then you guys are bringing it all together in a framework, in an operating model, That actually can drive business value. >> Exactly, that's what we're doing. We are giving them ease of access from one place, choice of delivery platform, choice of delivery models from one place. Single visibility into how they're running, performing, help, and diagnostics from one place, and then, one billing and payment model, not four. So when I pay monthly bills, I pay based on usage, qualification of that usage across everybody, and then reconciling with my ERP systems, and making the payments. So the CFO has a standard way to manage payments. So that's what IBM is bringing to the table. >> How far could you take this? Could you take this into my SAS portfolio as well, Or is that sort of next step? >> What right now we are doing InfoSecure as a service and platform as a service. Our goal is in '18 and '19 to move to software as a service, because software as a service is much easier because we don't own the infrastructure or the service, we just consume it as electricity, utility. So that we discover the usage of SAS and meter it for usage against our billing model that we have to as B2B contract between a SAS provider and an enterprise and then make sure we've done the license management right. So there's companies like Flexera and others who do that For SAS management there's companies like Skyhigh Networks that recently got acquired, we're bringing those companies in to give us that component. >> But doing that level of brokering amongst the different services, while very useful, valuable, especially if you can provide greater visibility in the cost, because this becomes an increasing feature of COGs in a digital business, right? You still got to do a lot about the people stuff. A lot of folks are focused on ITIL, ITSM, automation at that level. Describe how you'll work with an IT organization and a business to evolve its underlying principals for how the operating model is going to work. >> I think that's probably a more difficult challenge than the technology itself, and if you look at our business, it was a people, it is a people business with GTS. We're more than 90,000 to 100,000 employees babysitting infrastructure for major fortune 500 corporations, and InfoSecure is more into software-defined, that means that we are moving from configuration skills to programming skills, where your programming API is in Amazon to provision infrastructure and deploy, so the skillsets have to definitely move. They have to move to infrastructure teams now have to become programming teams, which they have not been used to. They used to go to VMWare, vSphere, vCenter and configure VMs and deploy VMs. Now they have the right programs to drive and provision infrastructure, so that's one part of it. Second, the process was you do development and then your throw it over to operations, and they'll go configure and deploy production. Now, when you're programming infrastructure. Second, you're doing it in collaboration with developers, because developers are defining their own infrastructure in the cloud. So the process is different. The skills are different, and the process you are to operate in is not the same, it's different. Third, the technologies are different that you work with. So there is change at all levels and what GTS has done is we have put a massive goal in place to re-scale our workforce to take our people and re-scale them in the new process, the new technology and the new roles and that's a very big challenge I think the industry is facing: we don't have enough people who know this. A lot of these people are in Netflix, Facebook, Google, in Silicon Valley, and now, it takes time, it has happened before. The training and the transfer of knowledge, all of that is going on right now. So right now we have a crunch, And the second thing that is becoming more difficult is there's a lot of data coming out of these systems. The volume of data is unbelievable. Like if you look at Splunk and other tools and platforms, they collect a lot of log data. So all these cloud platforms spit out a lot of machine data. Humans cannot comprehend that. It's incomprehensible. So we need machine learning skills and data science skills to understand how these systems are performing. >> Peter: And tools. >> And tools. So we need the AI skills, the data science skills, in addition to the infrastructure design architecture and programming skills. So we really have a challenge on our hands as an industry to kind of effectively build the next-gen management systems. >> Right and we've got, so we've got all these clouds, the ascendancy of clouds has brought cloud creep, >> Mohammad: Right. >> All these bespoke tools along with them, all these different operating models. You're clearly solving a problem there. What's the go-to-market model with all these partners that you've mentioned? You've got cloud, you got PRAM, eventually SAS, >> Yeah, so our cloud go-to-market is three ways We see clients adopting cloud in three ways. One is digital initiatives: They want to go build new IOD apps or mobile apps and they want to put it in production that drive revenue, okay? So we are creating offerings around the DevApps model. We'll say like look, the biggest challenge that our folks have is how to put a app that you build in production. I built a new feature, how can I get it to my client as soon as possible, in a secure way, that can scale and perform, that is the biggest problem with app developers. I can develop anywhere, it's all open-source. I'm not living in, and I can spin up a VM or a container in Amazon and develop a service in two days. But to put it in production, it takes a long time. How can we make offerings that accelerate that? Through our DevApp CICD automation process I was talking about, that's our revenue play. So our go-to-market is driven by how we can generate revenue for our clients through agile offerings for DevApps, that's one go-to-market. Second go-to-market is CIOs are saying like look, I'm spending a lot of money managing my current infrasatructure and my current app portfolio, and I can take money out of the system through cost reductions, so what is my migration and modernization path for my existing portfolio? >> Well, slightly differently, I used to get I used to get my eight to nine percent that I gave back to the business every year simply by following hardware price performance. >> Mohammad: That's exactly right. >> That's not available in the same way. I have to do it through process and automation. >> All automation right? So then we have to look at everything. What part of the portfolio can move to Amazon or cannot? What other refactoring I have to do to microservices and containers to build portability to move to the cloud? So we have created a migration, a global migration practice at IBM in a factory in India and in the US where we have created offerings to work with the CIO right from planning, cost planning, portfolio planning, application design planning and design review, to lift-and-shift, to deploy in cloud and operate it. So we have a series of offerings that track the life-cycle of migration. So that's our second go-to-market path. Our third go-to-market path is: Hey, my business per units are shadow IT; they're already in the cloud, now my CEO is telling me: Hey mister CIO, you make sure they all work and they're secure, and there's no loss in data. And this infrastructure is now in cloud and on-prem. So how do I provide, manage service, to manage your infrastructure and workloads in the cloud? IBM has offerings that will directly provide you multi-cloud management as managed service. So we are taking three client journeys and we are building go-to-market offerings around those three, and we have built, we have re-designed IBM portfolio to operate on those lines. >> Do the digital initiatives, chief digital officer, obviously, target their CIO for the portfolio rationalization optimization and line of business through the shadow IT? >> Right! >> And you bring those together with a constant consistent operating model? >> Exactly, so all three journeys lead to one operating model. >> Dave: Yeah! >> But going back to what Dave said, and we have time for just a little bit more, is, is, no offense, there's no way you can do it all by yourself. >> Mohammad: You cannot. >> So what are some of the core, what are some of the most important partnerships that users need to be looking to? >> I think we have defined what's goal to us. Not always go back to, if you are clearly going to market, what is the core competency of IBM? Okay, with (mumbles) we're going to service this company for a long time, right? We made sure we are, we bring the complexity and control and we manage the complexity; that's our core business. We had mainframe business, we had software business, and a very profitable software business. So we've done all three, hardware, software, and services. As we go forward, cloud services, cloud managed services, our IBM services, is a core competency for us, which is planning, design, managed services, and services integration, to bring these tool sets together from different partners, and operationalizing it, and babysitting it and offering it as a service. So services business is our core offering. Now in the software space, which is the management software, which is service now, (mumbles) Cisco, there there is many layers to it, as I talked about the four things: consumption, operations management, business management, >> And service delivery >> And service delivery. And in service delivery we have three choices: we have VMWare, we have Microsoft and we have IBM. We have stitched it together in a federated framework. The stitching together is our core competence. Okay, Operations management. We have created a federated data lake because data will drive everything going forward. So we own the data lake as our core competency and Watson driving intelligence. But some of the monitoring tools like AppDynamics, New Relic, Splunk, that collect the data, those are our partners. We're integrating that into our Watson framework. So we're looking at core versus non-core in all four layers, and wherever there's a overlap, we're creating unique vertical go-to-market strategies. Here, for this segment, we overlap with you, we agree to compete, to your clients you can lead with that, for our clients we'll lead with ours, so we agree to disagree, but we are going to stick to the target operating model, so that our clients are successful. So there's no confusion we are creating in their minds. So its a very complex dance at this point. >> But you laid it out and it's coherent. >> Right. >> It's got to start there. >> The most important thing is we need to tell our clients what is our core, and what is the core we're going to stand behind? And that core delivers them bottom-line value to move from point A to point B and be successful in the cloud. >> Well Mohammad, I think you've defined those swim lanes, you obviously trust and you've got the trust of your partners, trust of your customers. Like you say, you agree to compete where it makes sense, and you bring core competency and value to differentiate from your competition, so, >> Right. >> Dave: Congratulations on laying that out. We really appreciate you coming on theCUBE. >> Thank you very much. Appreciate it. >> You're welcome. All right, keep it right there everybody, we'll be back with our next guest. You're watching theCUBE live from Think 2018, we'll be right back. >> Mohammad: Thank you very much. (upbeat music)

>> Announcer: Live from Las Vegas, it's theCUBE, covering AWS Reinvent 2017, presented by AWS, intel, and our ecosystem of partners. >> Welcome back everyone, live here in Las Vegas. We're at AWS Reinvent. Day one coverage of three days of theCUBE, I'm John Furrier, the host this week. >> We've got two sets, our fifth year covering Reinvent. It's been great to watch. Every year we try to get in the VC panels. We just had Jerry Chen on from Greylock. We've got two more awesome friends of theCUBE in the community here. We've got Sunil Dhaliwal who is the founder of Amplify Ventures and Nick Sturiale with Ignition Partners. Guys, great to see you. >> Great to see you, John. >> Good to see you, John. >> Boy what a lineup it's been over the past three years, four years with Amazon, just watching them tear. Now it's all steamed ahead. Microsoft is totally gearing up. You can see them playing, what they're doing, they're pedaling as fast as they can. Google Play and the (mumbles) we're gonna compete on TensorFlow and other, little goodness, a lot more to go. You got Alibaba Cloud. Intel behind us is making (mumbles) chips. Good market on paper. >> Yeah. >> But we're seeing startups kind of get bought, not for what they wanted. Didn't go public. Skyhigh from Greylock. You see Barracuda going private. A lot of money to be made. Maybe the investment thesis of 200 million dollar fundings, that's over, is it over? Get a little bit of cash and get the critical mass and... >> Well, here's a question. Do you invest in these companies thinking every one of them is going to go public? Or do you think that a good number of them are gonna get acquired? And I think the investors that have done this for a while, and Nick's done this for what, like 45 years? >> I started when I was two, so. >> I've done this like two years less than you have, so I don't pretend I'm dramatically younger. But the reality is, these companies get acquired. And pretending that you're gonna pile into a company late and expect every single thing to go public I think is kind of crazy. And the people that are getting caught in that trap, I think they're gonna be in for a rude awakening. But look, you've got a billion six outcome for Barracuda, right? >> John: That was pretty damn good. >> And you know Skyhigh number hasn't been printed, but it wasn't a small one. Like, those are good outcomes. Those are good venture returns, if you were smart about where you got in. >> So I have a slightly different perspective, which is the real issue is that so much money moved into the late stage, and these companies thought that growth would always be linear even asymptotic. And so what happens is that their growth rate slows down and the cost of growth goes up, and suddenly the company's not quite as hot as it was a year ago, and so now the options for what they do have shrunk dramatically, and so you get exits like you just mentioned. And so part of the problem is is that entrepreneurs and investors really have to have a sober view of what is a business model that's durable over time and which ones really are gonna start to leak in their later phases. >> Well it's kind of a planted question for you guys, because you're early stage in Amplify. I've been following you guys, do a great job. You guys do a range of early, end growth. >> Mostly early though. >> The days of just laying back and kicking your feet up and throwing cash at stuff is over. You actually gotta do the work. It sounds like old school VCs. Greg Sands and I talk about this all the time. You gotta go in and be venturing. You gotta actually make it work. >> And that sucks, I was just told I put my feet up, I put some money in and then I get a distribution check at the end of it. >> That's what everyone thinks you guys do. What do you guys do every day? Take us through your day. >> It looks a lot like that except... >> It's so easy to be a VC, all you do is okay, yes, no, okay that's good. >> We got a dartboard. >> All you gotta do is bet on the good ones. >> Yeah. >> That's so easy. >> So there are what, 14,000 startups in the bay area, how many of them are worthwhile you think? >> It's a lot of work. Well old school, let's go back to the old school tactics, because you're seeing a couple things going on. You guys essentially pointing it out, you gotta do the work and pick the winners. But now that the business models are changing, right? You're seeing Amazon just ignoring conventional wisdom, and they're winning. The game is changing a bit in the business model side. How are you guys looking at that as you make investments? So you got the classic venture, bet on a good team, do all that stuff. What do you guys look at now in the marketplace for fit, scale, longevity, durability? >> I mean the stuff we care about the most is are you going after a big problem? Because I think a lot of the stuff we see, even with your great teams and great technologies, but you step back and you actually think, you know, that isn't a company, that's a product, or that's not even a product, that's a feature. And I think that's the natural outgrowth of what happens when you got 14,000 startups in the bay area, is there aren't 14,000 products that are companies worth having. What you have is, probably 12,000 features, 1500 products, and then like 500 real companies. And that's probably the biggest filter that you gotta apply on the way in, and it's maybe the hardest one to solve for, which is, roll this out seven years, nine years, because that's really what you're talking about when you're talking about building a public durable company is, what does this market look like way down the road? And is that a thing that can stand alone? And that's really, I think, the difference between the companies and the investors that do really well and the ones that can kind of squeeze by, knocking out a couple interesting outcomes. >> My favorite thing is that when you say we just pick the winners, is that nobody knows who the winner is a priori. If you knew that, that market would be gone already. And most successful companies that you read about, and they talk about the (mumbles) investors that were in it early, that's all BS. It's a million good things happen along the way, serendipity, a ton of hard work on the management team and the employees. So this idea that things are preordained is just silly. And I would tell you that you look at most really successful companies today, their business model is completely different than the one that the venture person backed. >> I mean it's always the classic, because I remember when I first started an entrepreneur in the 90s, the question was what's your exit strategy? It was a legitimate question at that time, and it was kind of a peg mark, okay, when I build a growing company and have an exit. Now the exits are, as you mentioned, buyers. And that's not necessarily a bad thing. If Microsoft's in a race to fill in their white spaces, man, I would crop up and get the crops growing, right? So you can say, okay, Microsoft. So you guys gotta kind of do a little bit of homework there, do some relationship work, and you guys are close to Microsoft, so. >> Yes. >> I mean, is that kind of the new playbook? >> Yes. >> How should entrepreneurs posture to this? I mean obviously they're gonna try to build a durable venture, but they don't want to be zig-zagging too much or pivoting. >> No. >> I mean Nick made the point earlier, which I think is absolutely the one to focus on, which is when you raise a ton of capital your options start to shrink. The more money you raise at the higher and higher price, there's somebody you gotta serve who's thinking about the even bigger pot of gold at the end of the rainbow. And honestly, when we look at, I'll take one company in our portfolio for example, and I think the Splunk story is right up there with it, If you look at Datadog, Datadog's huge here at this show. There's purple shirts everywhere and a massive booth, and they've been here for five years running or four years running. That business has barely touched the last round of capital they raised, let alone the round of capital before that. The capital efficiency of that business, not only is it gonna make it a great outcome, but it's gonna give them tons of options of things that they can do. And, you know, they'll get to make every single decision they make, whether it's going to new product or whatever, position of strength. And not a lot of companies do that. >> So Splunk started in 2004. Guess how much total the company raised before it went public? >> How much? >> Forty million. Guess how much it spent up to the time it went public? >> John: How much? >> John: Twenty five. >> So it went public... >> So very capital efficient? >> John: Think about that. >> Yes, and it's worth 9 billion now. So you had several hundred millionaires created out of Splunk, and I would submit to you if Splunk was started today, the investor community would have killed it. >> John: Why? >> Because 18 Brinks trucks would have backed up and dumped a billion dollars on top of it, and buried it in too much money without allowing the company to get the time to become a fully viable system. >> Sunil: Yeah. >> So the too much cash can create toxicity for the startup? >> Money rarely makes the company. Money rarely makes the company. >> Lew Cirne was on earlier, founder of New Relic. Another capital efficient company. >> Great company. >> Went public all time high. Love that guy. He's such a strong, he wrote some code last week. He said, if you can help your partners be successful, in referring to Amazon. >> Man: Amazon. >> Then you can be a great ecosystem partner. So the question now is that's not a bad deal for a company to jump into the Cloud game and be a really good partner and build a kick-ass product. >> Yes. >> And look like a feature maybe on paper, and then sequence to an opportunity. Thoughts on that? It's certainly lucrative if you can get the flywheel going. Right? >> So you don't want to build a company whose basic thesis is helping Amazon or Azure or Google. That is a dead company. If, however, you pull revenue for one of those three in a way that's interesting to them, they will support you all day long. We have two companies in particular, Icertis and KenSci that are pulling a lot of revenue for Azure right now. And Microsoft gives them extraordinary support. >> That's the nuance right there. That's the nuance. Pulling revenue, value, creation. >> Yes. >> Well, they've created Amazon and Microsoft and Google, to a degree, as they get going. They've created a really interesting model, which is unlike your traditional ecosystem, hub-and-spoke model, where someone's gonna capture (mumbles) control of the sale, etc., etc. The smart thing that Amazon's done is they say, you use whatever you want, we're gonna bill you for the primitives until the cows come home, and as long as you're not standing in between Amazon and their primitives revenue, you're gonna do great. >> All right, final question for you guys. First of all, great conversation on the capital markets, certainly it's crazy. We always try to cover it, but here's a thought exercise. Last night we were at the analyst summit. We were talking to some analysts, and the question was, the airplane's going down, and you're in a board meeting, I gotta pick a parachute. There are only three parachutes, Amazon, Microsoft, and Google, which one do you grab? You got 10 seconds. >> To sell to or? >> No, just grab a parachute, and you hope that it opens and you live. Pick a parachute. >> Amazon, >> I'm going with Amazon. This one isn't hard. >> Microsoft and Google. The only person who's gonna grab the Microsoft parachute is the guy who's been with Microsoft for 30 years and knows they're not gonna let him down. If you're a forward-facing company you're going with Amazon, and if you're nuts, you're gonna grab Google right now. No offense to my friends at Google. >> So we're sitting here at Reinvent, so I feel like that's a trick question. (laughing) >> Well, that's good. If you're in the Microsoft ecosystem, they do take care of their own. >> They do. >> Their DNA is tuned to ISVs, they're very good at it. >> and that's their track record. Well, the one guys says, well it depends. By the time you argue with the parachute the planes (mumbles). But it does depend on your business. >> Sunil: Yes. >> Nick: Yes. >> But it is hard not to look at this show and say this is what electricity was in 1920. >> Final question, obviously Amazon is looking at all steam ahead, business models are changing, you're starting to see the top of the stack develop nicely, moving up the stacks seems to be the trend. You got this decentralized market up there. Bitcoin hit 10,000. A lot of smart alpha geeks, including some of the guys here at theCUBE team, is looking at ways to kind of leverage this decentralization trend in a way that's productive. Yet there's a lot of scams out there with these ICOs. Decentralization good or just another infrastructure dynamic? Thoughts on this whole decentralized token economics wave? Also the FCC has regulations now in it. Is it disrupting VC? Your thoughts, Nick. >> Do remember what H.L. Mencken said? "A fool and his money are soon parted." so I think anyone who sits there and says I understand completely what an ICO is and what I'm buying and doesn't view it as something that'll be a tax deduction for next year, I think is gonna be in for a bumpy ride. >> Get out your Gartner Hype Cycle. And if you don't know what it is, go look it up, and there's a spot right now of where we are in the hype cycle, and I think the movement my finger tells you where we are, but this is coming, but this comes afterwards. >> I heard this argument, the web is just for kids. No one will ever use the web. Browsers is a toy. >> A K memory is all you'll ever need. >> Yeah, but guess what, guess what, 2001 happened before we got to 2017, so let's never forget where we are at that kind of hype. >> ICOs are like subprime mortgages, and I speak Spanish and I can't even read the thing. That is what an ICO is. >> So certainly hyped up. Winter's coming, we'll see. All right, we got the VCs here, Nick and Sunil. We got Amplify and Ignition Partners here in theCUBE. More live coverage day one after this short break.