[Music] the cyber security landscape has changed dramatically over the past 24 to 36 months rapid cloud migration has created a new layer of security defense sure but that doesn't mean csos can relax in many respects it further complicates or at least changes the cso's scope of responsibilities in particular the threat surface has expanded and that creates more seams and csos have to make sure their teams pick up where the hyperscaler clouds leave off application developers have become a critical execution point for cyber assurance shift left is the kind of new buzz phrase for devs but organizations still have to shield right meaning the operational teams must continue to partner with secops to make sure infrastructure is resilient so it's no wonder that an etr's latest survey of nearly 1500 cios and it buyers that business technology executives cite security as their number one priority well ahead of other critical technology initiatives including collaboration software cloud computing and analytics rounding out the top four but budgets are under pressure and csos have to prioritize it's not like they have an open checkbook they have to contend with other key initiatives like those just mentioned to secure the funding and what about zero trust can you go out and buy zero trust or is it a framework a mindset in a series of best practices applied to create a security consciousness throughout the organization can you implement zero trust in other words if a machine or human is not explicitly allowed access then access is denied can you implement that policy without constricting organizational agility the question is what's the most practical way to apply that premise and what role does infrastructure play as the enforcer how does automation play in the equation the fact is that today's approach to cyber resilient type resilience can't be an either or it has to be an and conversation meaning you have to ensure data protection while at the same time advancing the mission of the organization with as little friction as possible and don't even talk to me about the edge that's really going to keep you up at night hello and welcome to the special cube presentation a blueprint for trusted infrastructure made possible by dell technologies in this program we explore the critical role that trusted infrastructure plays in cyber security strategies how organizations should think about the infrastructure side of the cyber security equation and how dell specifically approaches securing infrastructure for your business we'll dig into what it means to transform and evolve toward a modern security infrastructure that's both trusted and agile first up are pete gear and steve kenniston they're both senior cyber security consultants at dell technologies and they're going to talk about the company's philosophy and approach to trusted infrastructure and then we're going to speak to paris our godaddy who's a senior consultant for storage at dell technologies to understand where and how storage plays in this trusted infrastructure world and then finally rob emsley who heads product marketing for data protection and cyber security he's going to take a deeper dive with rob into data protection and explain how it has become a critical component of a comprehensive cyber security strategy okay let's get started pete gear steve kenniston welcome to the cube thanks for coming into the marlboro studios today great to be here dave thanks dave good to see you great to see you guys pete start by talking about the security landscape you heard my little rap up front what are you seeing i thought you wrapped it up really well and you touched on all the key points right technology is ubiquitous today it's everywhere it's no longer confined to a monolithic data center it lives at the edge it lives in front of us it lives in our pockets and smartphones along with that is data and as you said organizations are managing sometimes 10 to 20 times the amount of data that they were just five years ago and along with that cyber crime has become a very profitable uh enterprise in fact it's been more than 10 years since uh the nsa chief actually called cybercrime the biggest transfer of wealth in history that was 10 years ago and we've seen nothing but accelerating cybercrime and really sophistication of how those attacks are are perpetrated and so the new security landscape is really more of an evolution we're finally seeing security catch up with all of the technology adoption all the build out the work from home and work from anywhere that we've seen over the last couple of years we're finally seeing organizations and really it goes beyond the i.t directors it's a board level discussion today security's become a board level discussion so yeah i think that's true as well it's like it used to be the security was okay the sec ops team you're responsible for security now you've got the developers are involved the business lines are involved it's part of onboarding for most companies you know steve this concept of zero trust it was kind of a buzzword before the pandemic and i feel like i've often said it's now become a a mandate but it's it's it's still fuzzy to a lot of people how do you guys think about zero trust what does it mean to you how does it fit yeah i thought again i thought your opening was fantastic in this whole lead into to what is zero trust it had been a buzzword for a long time and now ever since the federal government came out with their implementation or or desire to drive zero trust a lot more people are taking a lot more seriously because i don't think they've seen the government do this but ultimately let's see ultimately it's just like you said right if you don't have trust to those particular devices applications or data you can't get at it the question is and and you phrase it perfectly can you implement that as well as allow the business to be as agile as it needs to be in order to be competitive because we're seeing with your whole notion around devops and the ability to kind of build make deploy build make deploy right they still need that functionality but it also needs to be trusted it needs to be secure and things can't get away from you yeah so it's interesting we attended every uh reinforce since 2019 and the narrative there is hey everything in this in the cloud is great you know and this narrative around oh security is a big problem is you know doesn't help the industry the fact is that the big hyperscalers they're not strapped for talent but csos are they don't have the the capabilities to really apply all these best practices they're they're playing whack-a-mole so they look to companies like yours to take their your r d and bake it into security products and solutions so what are the critical aspects of the so-called dell trusted infrastructure that we should be thinking about yeah well dell trusted infrastructure for us is a way for us to describe uh the the work that we do through design development and even delivery of our it system so dell trusted infrastructure includes our storage it includes our servers our networking our data protection our hyper-converged everything that infrastructure always has been it's just that today customers consume that infrastructure at the edge as a service in a multi-cloud environment i mean i view the cloud as really a way for organizations to become more agile and to become more flexible and also to control costs i don't think organizations move to the cloud or move to a multi-cloud environment to enhance security so i don't see cloud computing as a panacea for security i see it as another attack surface and another uh aspect in front that organizations and and security organizations and departments have to manage it's part of their infrastructure today whether it's in their data center in a cloud or at the edge i mean i think it's a huge point because a lot of people think oh the data's in the cloud i'm good it's like steve we've talked about oh why do i have to back up my data it's in the cloud well you might have to recover it someday so i don't know if you have anything to add to that or any additional thoughts on it no i mean i think i think like what pete was saying when it comes to when it comes to all these new vectors for attack surfaces you know people did choose the cloud in order to be more agile more flexible and all that did was open up to the csos who need to pay attention to now okay where can i possibly be attacked i need to be thinking about is that secure and part of the part of that is dell now also understands and thinks about as we're building solutions is it is it a trusted development life cycle so we have our own trusted development life cycle how many times in the past did you used to hear about vendors saying you got to patch your software because of this we think about what changes to our software and what implementations and what enhancements we deliver can actually cause from a security perspective and make sure we don't give up or or have security become a whole just in order to implement a feature we got to think about those things yeah and as pete alluded to our secure supply chain so all the way through knowing what you're going to get when you actually receive it is going to be secure and not be tampered with becomes vitally important and pete and i were talking earlier when you have tens of thousands of devices that need to be delivered whether it be storage or laptops or pcs or or whatever it is you want to be tr you want to know that that that those devices are can be trusted okay guys maybe pete you could talk about the how dell thinks about it's its framework and its philosophy of cyber security and then specifically what dell's advantages are relative to the competition yeah definitely dave thank you so i we've talked a lot about dell as a technology provider but one thing dell also is is a partner in this larger ecosystem we realize that security whether it's a zero trust paradigm or any other kind of security environment is an ecosystem with a lot of different vendors so we look at three areas uh one is protecting data in systems we know that it starts with and ends with data that helps organizations combat threats across their entire infrastructure and what it means is dell's embedding security features consistently across our portfolios of storage servers networking the second is enhancing cyber resiliency over the last decade a lot of the funding and spending has been in protecting or trying to prevent cyber threats not necessarily in responding to and recovering from threats right we call that resiliency organizations need to build resiliency across their organization so not only can they withstand a threat but they can respond recover and continue with their operations and the third is overcoming security complexity security is hard it's more difficult because of the the things we've talked about about distributed data distributed technology and and attack surfaces everywhere and so we're enabling organizations to scale confidently to continue their business but know that all all the i.t decisions that they're making um have these intrinsic security features and are built and delivered in a consistent security so those are kind of the three pillars maybe we could end on what you guys see as the key differentiators uh that people should know about that that dell brings to the table maybe each of you could take take a shot at that yeah i i think first of all from from a holistic portfolio perspective right the secure supply chain and the secure development life cycle permeate through everything dell does when building things so we build things with security in mind all the way from as pete mentioned from from creation to delivery we want to make sure you have that that secure device or or asset that permeates everything from servers networking storage data protection through hyper converge through everything that to me is really a key asset because that means you can you understand when you receive something it's a trusted piece of your infrastructure i think the other core component to think about and pete mentioned as dell being a partner for um making sure you can deliver these things is that even though those are that's part of our framework these pillars are our framework of how we want to deliver security it's also important to understand that we are partners and that you don't need to rip and replace but as you start to put in new components you can be you can be assured that the components that you're replacing as you're evolving as you're growing as you're moving to the cloud as you're moving to more on-prem type services or whatever that your environment is secure i think those are two key things got it okay pete bring us home yeah i think one of one of the big advantages of dell uh is our scope and our scale right we're a large technology vendor that's been around for decades and we develop and sell almost every piece of technology we also know that organizations are might make different decisions and so we have a large services organization with a lot of experienced services people that can help customers along their security journey depending on uh whatever type of infrastructure or solutions that they're looking at the other thing we do is make it very easy to consume our technology whether that's traditional on-premise in a multi-cloud environment uh or as a service and so the best of breed technology can be consumed in any variety of fashion and know that you're getting that consistent secure infrastructure that dell provides well and dell's forgot the probably top supply chain not only in the tech business but probably any business and so you can actually take take your dog food and then and allow other your champagne sorry allow other people to you know share share best practices with your with your customers all right guys thanks so much for coming thank you appreciate it okay keep it right there after this short break we'll be back to drill into the storage domain you're watching a blueprint for trusted infrastructure on the cube the leader in enterprise and emerging tech coverage be right back you

(upbeat music) >> The cybersecurity landscape has changed dramatically over the past 24 to 36 months. Rapid cloud migration has created a new layer of security defense, sure, but that doesn't mean CISOs can relax. In many respects, it further complicates, or at least changes, the CISO's scope of responsibilities. In particular, the threat surface has expanded. And that creates more seams, and CISOs have to make sure their teams pick up where the hyperscaler clouds leave off. Application developers have become a critical execution point for cyber assurance. "Shift left" is the kind of new buzz phrase for devs, but organizations still have to "shield right," meaning the operational teams must continue to partner with SecOps to make sure infrastructure is resilient. So it's no wonder that in ETR's latest survey of nearly 1500 CIOs and IT buyers, that business technology executives cite security as their number one priority, well ahead of other critical technology initiatives including collaboration software, cloud computing, and analytics rounding out the top four. But budgets are under pressure and CISOs have to prioritize. It's not like they have an open checkbook. They have to contend with other key initiatives like those just mentioned, to secure the funding. And what about zero trust? Can you go out and buy zero trust or is it a framework, a mindset in a series of best practices applied to create a security consciousness throughout the organization? Can you implement zero trust? In other words, if a machine or human is not explicitly allowed access, then access is denied. Can you implement that policy without constricting organizational agility? The question is, what's the most practical way to apply that premise? And what role does infrastructure play as the enforcer? How does automation play in the equation? The fact is, that today's approach to cyber resilience can't be an "either/or," it has to be an "and" conversation. Meaning, you have to ensure data protection while at the same time advancing the mission of the organization with as little friction as possible. And don't even talk to me about the edge. That's really going to keep you up at night. Hello and welcome to this special CUBE presentation, "A Blueprint for Trusted Infrastructure," made possible by Dell Technologies. In this program, we explore the critical role that trusted infrastructure plays in cybersecurity strategies, how organizations should think about the infrastructure side of the cybersecurity equation, and how Dell specifically approaches securing infrastructure for your business. We'll dig into what it means to transform and evolve toward a modern security infrastructure that's both trusted and agile. First up are Pete Gerr and Steve Kenniston, they're both senior cyber security consultants at Dell Technologies. And they're going to talk about the company's philosophy and approach to trusted infrastructure. And then we're going to speak to Parasar Kodati, who's a senior consultant for storage at Dell Technologies to understand where and how storage plays in this trusted infrastructure world. And then finally, Rob Emsley who heads product marketing for data protection and cyber security. We're going to going to take a deeper dive with Rob into data protection and explain how it has become a critical component of a comprehensive cyber security strategy. Okay, let's get started. Pete Gerr, Steve Kenniston, welcome to theCUBE. Thanks for coming into the Marlborough studios today. >> Great to be here, Dave. Thanks. >> Thanks, Dave. Good to see you. >> Great to see you guys. Pete, start by talking about the security landscape. You heard my little wrap up front. What are you seeing? >> I thought you wrapped it up really well. And you touched on all the key points, right? Technology is ubiquitous today. It's everywhere. It's no longer confined to a monolithic data center. It lives at the edge. It lives in front of us. It lives in our pockets and smartphones. Along with that is data. And as you said, organizations are managing sometimes 10 to 20 times the amount of data that they were just five years ago. And along with that, cyber crime has become a very profitable enterprise. In fact, it's been more than 10 years since the NSA chief actually called cyber crime the biggest transfer of wealth in history. That was 10 years ago. And we've seen nothing but accelerating cyber crime and really sophistication of how those attacks are perpetrated. And so the new security landscape is really more of an evolution. We're finally seeing security catch up with all of the technology adoption, all the build out, the work from home and work from anywhere that we've seen over the last couple of years. We're finally seeing organizations, and really it goes beyond the IT directors, it's a board level discussion today. Security's become a board level discussion. >> Yeah, I think that's true as well. It's like it used to be that security was, "Okay, the SecOps team. You're responsible for security." Now you've got, the developers are involved, the business lines are involved, it's part of onboarding for most companies. You know, Steve, this concept of zero trust. It was kind of a buzzword before the pandemic. And I feel like I've often said it's now become a mandate. But it's still fuzzy to a lot of people. How do you guys think about zero trust? What does it mean to you? How does it fit? >> Yeah. Again, I thought your opening was fantastic. And this whole lead in to, what is zero trust? It had been a buzzword for a long time. And now, ever since the federal government came out with their implementation or desire to drive zero trust, a lot more people are taking it a lot more seriously, 'cause I don't think they've seen the government do this. But ultimately, it's just like you said, right? If you don't have trust to those particular devices, applications, or data, you can't get at it. The question is, and you phrase it perfectly, can you implement that as well as allow the business to be as agile as it needs to be in order to be competitive? 'Cause we're seeing, with your whole notion around DevOps and the ability to kind of build, make, deploy, build, make, deploy, right? They still need that functionality but it also needs to be trusted. It needs to be secure and things can't get away from you. >> Yeah. So it's interesting. I've attended every Reinforce since 2019, and the narrative there is, "Hey, everything in the cloud is great. And this narrative around, 'Oh, security is a big problem.' doesn't help the industry." The fact is that the big hyperscalers, they're not strapped for talent, but CISOs are. They don't have the capabilities to really apply all these best practices. They're playing Whac-A-Mole. So they look to companies like yours, to take your R&D and bake it into security products and solutions. So what are the critical aspects of the so-called Dell Trusted Infrastructure that we should be thinking about? >> Yeah, well, Dell Trusted Infrastructure, for us, is a way for us to describe the the work that we do through design, development, and even delivery of our IT system. So Dell Trusted Infrastructure includes our storage, it includes our servers, our networking, our data protection, our hyper-converged, everything that infrastructure always has been. It's just that today customers consume that infrastructure at the edge, as a service, in a multi-cloud environment. I mean, I view the cloud as really a way for organizations to become more agile and to become more flexible, and also to control costs. I don't think organizations move to the cloud, or move to a multi-cloud environment, to enhance security. So I don't see cloud computing as a panacea for security, I see it as another attack surface. And another aspect in front that organizations and security organizations and departments have to manage. It's part of their infrastructure today, whether it's in their data center, in a cloud, or at the edge. >> I mean, I think that's a huge point. Because a lot of people think, "Oh, my data's in the cloud. I'm good." It's like Steve, we've talked about, "Oh, why do I have to back up my data? It's in the cloud?" Well, you might have to recover it someday. So I don't know if you have anything to add to that or any additional thoughts on it? >> No, I mean, I think like what Pete was saying, when it comes to all these new vectors for attack surfaces, you know, people did choose the cloud in order to be more agile, more flexible. And all that did was open up to the CISOs who need to pay attention to now, okay, "Where can I possibly be attacked? I need to be thinking about is that secure?" And part of that is Dell now also understands and thinks about, as we're building solutions, is it a trusted development life cycle? So we have our own trusted development life cycle. How many times in the past did you used to hear about vendors saying you got to patch your software because of this? We think about what changes to our software and what implementations and what enhancements we deliver can actually cause from a security perspective, and make sure we don't give up or have security become a hole just in order to implement a feature. We got to think about those things. And as Pete alluded to, our secure supply chain. So all the way through, knowing what you're going to get when you actually receive it is going to be secure and not be tampered with, becomes vitally important. And then Pete and I were talking earlier, when you have tens of thousands of devices that need to be delivered, whether it be storage or laptops or PCs, or whatever it is, you want to be know that those devices can be trusted. >> Okay, guys, maybe Pete, you could talk about how Dell thinks about its framework and its philosophy of cyber security, and then specifically what Dell's advantages are relative to the competition. >> Yeah, definitely, Dave. Thank you. So we've talked a lot about Dell as a technology provider. But one thing Dell also is is a partner in this larger ecosystem. We realize that security, whether it's a zero trust paradigm or any other kind of security environment, is an ecosystem with a lot of different vendors. So we look at three areas. One is protecting data in systems. We know that it starts with and ends with data. That helps organizations combat threats across their entire infrastructure. And what it means is Dell's embedding security features consistently across our portfolios of storage, servers, networking. The second is enhancing cyber resiliency. Over the last decade, a lot of the funding and spending has been in protecting or trying to prevent cyber threats, not necessarily in responding to and recovering from threats. We call that resiliency. Organizations need to build resiliency across their organization, so not only can they withstand a threat, but they can respond, recover, and continue with their operations. And the third is overcoming security complexity. Security is hard. It's more difficult because of the things we've talked about, about distributed data, distributed technology, and attack surfaces everywhere. And so we're enabling organizations to scale confidently, to continue their business, but know that all the IT decisions that they're making have these intrinsic security features and are built and delivered in a consistent, secure way. >> So those are kind of the three pillars. Maybe we could end on what you guys see as the key differentiators that people should know about that Dell brings to the table. Maybe each of you could take a shot at that. >> Yeah, I think, first of all, from a holistic portfolio perspective, right? The secure supply chain and the secure development life cycle permeate through everything Dell does when building things. So we build things with security in mind, all the way from, as Pete mentioned, from creation to delivery, we want to make sure you have that secure device or asset. That permeates everything from servers, networking, storage, data protection, through hyperconverged, through everything. That to me is really a key asset. Because that means you understand when you receive something it's a trusted piece of your infrastructure. I think the other core component to think about, and Pete mentioned, as Dell being a partner for making sure you can deliver these things, is that even though that's part of our framework, these pillars are our framework of how we want to deliver security, it's also important to understand that we are partners and that you don't need to rip and replace. But as you start to put in new components, you can be assured that the components that you're replacing as you're evolving, as you're growing, as you're moving to the cloud, as you're moving to more on-prem type services or whatever, that your environment is secure. I think those are two key things. >> Got it. Okay. Pete, bring us home. >> Yeah, I think one of the big advantages of Dell is our scope and our scale, right? We're a large technology vendor that's been around for decades, and we develop and sell almost every piece of technology. We also know that organizations might make different decisions. And so we have a large services organization with a lot of experienced services people that can help customers along their security journey, depending on whatever type of infrastructure or solutions that they're looking at. The other thing we do is make it very easy to consume our technology, whether that's traditional on premise, in a multi-cloud environment, or as a service. And so the best-of-breed technology can be consumed in any variety of fashion, and know that you're getting that consistent, secure infrastructure that Dell provides. >> Well, and Dell's got probably the top supply chain, not only in the tech business, but probably any business. And so you can actually take your dog food, or your champagne, sorry, (laughter) allow other people to share best practices with your customers. All right, guys, thanks so much for coming up. I appreciate it. >> Great. Thank you. >> Thanks, Dave. >> Okay, keep it right there. After this short break, we'll be back to drill into the storage domain. You're watching "A Blueprint for Trusted Infrastructure" on theCUBE, the leader in enterprise and emerging tech coverage. Be right back. (upbeat music)

>>The cube presents, Dell technologies world brought to you by Dell. >>Welcome back to Dell technologies, world 2022. We're live in Vegas. Very happy to be here. Uh, this is the cubes multi-year coverage. This is year 13 for covering either, you know, EMC world or, uh, Dell world. And now of course, Dell tech world. My name is Dave Volante and I'm here with longtime Cub alum cube guest, Steve Kenon, the storage Alchemist, who's, uh, Beckett, Dell, uh, and his data protection role. And Tony Bryson is the chief information security officer of the town of Gilbert town in Arizona. Most, most towns don't have a CISO, but Tony, we're a thrilled, you're here to tell us that story. How did you become a CISO and how does the town of Gilbert have a CISO? >>Well, thank you for having me here. Uh, believe it or not. The town of Gilbert is actually the fourth largest municipality in Arizona. We serve as 281,000 citizens. So it's a fairly large enterprise. We're a billion dollar enterprise. And it got to the point where the, uh, cybersecurity concerns were at such a point that they elected to bring in their first chief information security officer. And I managed to, uh, be the lucky gentleman that got that particular position. >>That's awesome. And there's a, is there a CIO as well? Are you guys peers? Do you, how what's the reporting structure look like? >>We have a chief technology officer. Okay. I report through his office mm-hmm <affirmative> and then he reports, uh, directly to the town executive. >>So you guys talk a lot, you I'm sure you present a lot to the, to the board or wherever the governance structure is. Yeah, >>We do. I, I do quarterly report outs to the, I report through to the town council. Uh, let them know exactly what our cyber security posture is like, the type of threats that we're facing. As a matter of fact, I have to do one when I return to, uh, Gilbert from this particular conference. So really looking forward to that one, cuz this is an interesting time to be in cyber security. >>So obviously a sea. So Steve is gonna say, cyber's the number one priority, but I would say the CTO is gonna say the, say the same thing I would say the board is gonna say the same thing. I would also say Steve, that, uh, cyber and cyber resilience is probably the number one topic here at the show. When you walk around and you see the cyber demonstrations, the security demonstrations, they're packed, it's kind of your focus. Um, it's a good call. >>Yeah. <laugh> I'm the luckiest guy in storage, right? <laugh> um, yeah, there hasn't I in the last 24 months, I don't think that there's been a, a meeting that I've been to with a customer, no matter who's in the room where, uh, cyber resiliency, cybersecurity hasn't come up. I mean, it is, it is one of the hot topics in last night. I mean, Michael was just here. Uh, Michael Dell was just here last night. He came into the showroom floor, he came back, he took a look at what we were offering for cyber capabilities and was impressed. And, and so, so that's really good. >>Yeah. So I noticed, you know, when I talked to a lot of CIOs in particular, they would tell me that the pre pandemic, their cyber resiliency was very Dr. Focused, right. They really, it really wasn't an organizational resilience. It was a, if there's an oh crap moment, they could get it back in theory. And they sort of rethought that. Do you see you that amongst your peers, Tony? >>I think so. I think that people are quickly starting to understand that you just can't focus on, in, on protecting yourself from something that you think may never happen. The reality is that you're likely to see some type of cyber event, so you better be prepared for it. And you protect yourself against that. So plan for resiliency plan with making sure that you have the right people in place that can take that challenge on, because it's not a matter of if it's a matter of when >>I would imagine. Well, Steve, you and I have talked about this, that, you know, the data protection business used to be, we used to call it backup in recovery and security, which is a whole different animal, but they're really starting to come together. It's kind of an Adjay. I, I know you've got this, uh, Maverick report that, that you want to talk about. What, what is that as a new Gartner research? I, I'm not familiar with it. >>Yeah. So it's some very interesting Gartner research and what I think, and I'd be curious to, Tony's take on, especially after that last question is, you know, a lot of people are, are spending a lot of money to keep the bad actors out. Right. And Gardner's philosophy on this whole, um, it's, it's, you're going to get hacked. So embrace the breach, that's their report. Right. So what they're suggesting is you're spending a lot of money, but, but we're witnessing a lot of attacks still coming in. Are you prepared to recover that when it happens? Right. And so their philosophy is it's time to start thinking about the recovery aspects of, you know, if, if they're gonna get through, how do you handle that? Right. >>Well, so you got announcements this week, big one of the big four, I guess, or big five cyber recovery vault. It's been, you're enhancing that you guys are talking things like, you know, air gaps and so forth. Give us the overview of the news there. >>Yeah. So there's, uh, cyber recovery vault for AWS for the cloud. There is, uh, a lot of stuff we're doing with, uh, cyber recovery vault for, uh, Aw, uh, Azure also, right along with the cyber sense technology, which is the technology that scans the data. Once it comes in from the backup to ensure that it clean and can be recovered and you can feel confident that your recoveries look good, right? So now, now you can do that OnPrem, or you can do it through a colo. You can do it with in the cloud, or you can, uh, ask Dell technologies with our apex business services to help provide cyber recovery services wherever for you at your co at yet OnPrem or for you from the cloud. So it's kind of giving the customer, allowing them to keep that freedom of choice of how they want to operate, but provide them those same recovery capabilities. >>So Tony, give us paint us a picture without giving away too much for the bad guys. How, how you approach this, maybe are you using some of these products? What's your sort of infrastructure look like? >>Yeah. Without giving away the state secrets, um, we are heavily invested in the cyber recovery vault and cyber sense. Uh, it plays heavily in our strategy. We wanna make sure we have a safe Harbor for our data. And that's something that, that the Dell power protect cyber recovery vault provides to us. Uh, we're exceptionally excited about the, the development that's going on, especially with apex. We're looking at that, and that has really captured our imagination. It could be a game changer for us as a town because we're, we're a small organization transitioning to a midsize organization and what apex provides and what the Dell cyber recovery vault provides to us. Putting those two together gives us the elasticity we need as a small organization to expand quickly and deal with our internal data concerns. >>So cyber recovery as a service is what you're interested in. Let me ask you a question. Are you interested in a managed service or are you interested in managing it yourself? >>That's a great question, personally. I would prefer that we went with managed services. I think that from a manager's perspective, you get a bigger bang for the buck going with managed services. You have people that work with that technology all the time. You don't have to ramp people up and develop that expertise in house. You also then have that peace of mind that you have more people that are doing the services and it acts as a force multiplier for you. So from a dollar and cents perspective, it's the way that you want to go. When I start talking to my internal people, of course, there's that, that sense of fear that comes with the unknown and especially outsourcing that type of critical infrastructure, the there's some concern there, but I think that with education, with exposure, to some of the things that we get from the managed service, it makes sense for everybody to go that >>Route and, and you can, I presume sort of POC it and then expand it and then get more comfortable with it and then say, okay, when it's hardened and ready now, this is the, the Def facto standard across the organization. >>I suspect we'll end up in a hybrid environment to begin with where we'll some assets on site, and then we'll have some assets in the cloud. And that's again, where apex will be that, that big linchpin for us and really make it all work. How >>Important are air gaps? >>Oh, they're incredibly, incredibly, uh, needed right now. You cannot have true data of security without having an air gap. A lot of the ransomware that we see moves laterally through your organization. So if you have, uh, all your data backed up in the same data center that your, your backups and your primary data sources are in odds are they're all gonna get owned at the same time. So having that air gap solution in there is critical to having the peace of mind that allows the CISO to sleep at night. >>I always tell my crypto and NFT readers, this doesn't apply to data centers. You gotta air back air, air gap, your crypto, you know, when you're NFT. So how do you guys Steve deal with, with air gap? Can you explain the solutions? >>So in the, in the cyber recovery vault itself, it is driven through, uh, you've got one, uh, power protect, uh, appliance on one, one side in your data center, and then wherever your, your, your vaulted area is, whether it be a colo, whether it be on pre wherever it might be. Uh, we create a connection between between the two that is one directional, right? So we send the data to that vault. We call it the vault and, you know, we replicate a copy of your backup data. Once it lives over there, we make a copy of that data. And then what we do is with the cyber sense technology that Tony was talking about, we scan that data and we validate it against, with a whole cyber sense is built on IML machine learning. We look at a couple hundred different kind of profiles that come through and compare it to the, to the day before as backup and the day before that and understand kind of what's changing. >>And is it changing the right way? Right? Like there might be some reasons it it's supposed to change that way. Right. But things that look anomalous, we send up a warning when we let the people know that, you know, whoever's monitoring, something's going on. You might want to take a look. And then based on that, if there's whatever's happening in the environment, we have the ability to then recover that data back to the, to the original system. You can use the vault as a, as a clean room area, if you want to send people to it, depending on kind of what's going on in, in, in your main data center. So there's a lot of things we do to protect that. Do >>You recommend, like changing the timing of when you take, you know, snapshots or you do the same time every day, it's gotta create different patterns or >>I'll tell you that's, that's one thing to keep the, keep the hackers on their tow, right? It it's tough to do operationally, right? Because you kind that's processes. But, but the reality is if you really are that, uh, concerned about attacks, that makes a lot of sense, >>Tony, what's the CISOs number one challenge today? >>Uh, I, it has to be resilience. It has to be making sure your organization that if or when they get hit, that you're able to pick the pieces back up and get the operation back up as quickly and efficiently as possible. Making sure that the, the mission critical data is immediately, uh, recoverable and be able to be put back into play. >>And, and what's the biggest challenge or best practice in terms of doing that? Obviously the technology, the people, the process >>Right now, I would probably say it's it's people, uh, we're going through the, the, um, a period of, of uncertainty in the marketplace when it comes to trying to find people. So it is difficult to find the right people to do certain things, which is why managed services is so important to an organization of our size and, and what we're trying to do, where we are, are incorporating such big ideas. We need those manager services because we just can't find the bodies that can do some of this work. >>You got an interesting background, you a PhD in psychology, you're an educator, you're a golf pro and you're a CISO. I I've never met anybody like you, Tony <laugh>. So, thanks for coming on, Steve, give you the last word. >>Well, I think I, I think one of the things that Tony said, and I wanted to parlay this a little bit, uh, from that Gartner report, I even talked about people is so critical when it comes to cyber resiliency and that sort of thing. And one of the things I talked about in that embraced the breach report is as you're looking to hire staff for your environment, right, you wanna, you know, a lot of people might shy away from hiring that CSO that got fired because they had a cyber event. Right, right. Oh, maybe they didn't do their job. But the reality is, is those folks, because this is very new. I mean, of course we've been talking about cyber for a couple of years, but, but getting that experience under your belt and understanding what happens in the event. I mean, there are a lot of companies that run things like cyber ranges, resiliency, ranges to put people through the paces of, Hey, this is what have happens when an event happens and are you prepared to respond? I think there's a big set of learning lessons that happens when you go through one of those events and it helps kind of educate the people about what's needed. >>It's a great point. Failure used to mean fire right in this industry. And, and today it's different. The adversary is very well armed and quite capable and motivated that learning even during, even when you fail, can be applied to succeed in the future or not fail, I guess there's no such thing as success in your business. Guys. Thanks so much for coming on the cube. Really appreciate your time. Thank you. Thanks very >>Much. >>All right. And thank you for watching the cubes coverage of Dell tech world 2022. This is Dave Valenti. We'll be back with John furrier, Lisa Martin and David Nicholson. Two days of wall to wall coverage left. Keep it with us.

from the silicon angle media office in Boston Massachusetts it's the queue now here's your host David on tape all right buddy welcome to this cute conversation my name is Dave Ville on time or the co-host of the cube and we're gonna have a conversation to really try to explore does infrastructure matter you hear a lot today I've ever since I've been in this business I've heard Oh infrastructure is dead hardware is dead but we're gonna explore that premise and with me is Randy Arsenault and Steve Kenaston they're both global market development execs at IBM guys thanks for coming in and let's riff thanks for having us Dave so here's one do I want to start with the data we were just recently at the MIT chief data officer event 10 years ago that role didn't even exist now data is everything so I want to start off with you here this bro my data is the new oil and we've said you know what data actually is more valuable than oil oil I can put in my car I can put in my house but I can't put it in both data is it doesn't follow the laws of scarcity I can use the same data multiple times and I can copy it and I can find new value I can cut cost I can raise revenue so data in some respects is more valuable what do you think right yeah I would agree and I think it's also to your point kind of a renewable resource right so so data has the ability to be reused regularly to be repurposed so I would take it even further we've been talking a lot lately about this whole concept that data is really evolving into its own tier so if you think about a traditional infrastructure model where you've got sort of compute and network and applications and workloads and on the edge you've got various consumers and producers of that data the data itself has those pieces have evolved the data has been evolving as well it's becoming more complicated it's becoming certainly larger and more voluminous it's better instrumented it carries much more metadata it's typically more proximal with code and compute so the data itself is evolving into its own tier in a sense so we we believe that we want to treat data as a tier we want to manage it to wrap the services around it that enable it to reach its maximum potential in a sense so guys let's we want to make this interactive in a way and I'd love to give you my opinions as well as links are okay with that but but so I want to make an observation Steve if you take a look at the top five companies in terms of market cap in the US of Apple Google Facebook Amazon and of course Microsoft which is now over a trillion dollars they're all data companies they've surpassed the bank's the insurance companies the the Exxon Mobil's of the world as the most valuable companies in the world what are your thoughts on that why is that I think it's interesting but I think it goes back to your original statement about data being the new oil the and unlike oil Ray's said you can you can put it in house what you can't put it in your car you also when it's burnt it's gone right but with data you you have it around you generate more of it you keep using it and the more you use it and the more value you get out of it the more value the company gets out of it and so as those the reason why they continue to grow in value is because they continue to collect data they continue to leverage that data for intelligent purposes to make user experiences better their business better to be able to go faster to be able to new new things faster it's all part of part of this growth so data is one of the superpowers the other superpower of course is machine intelligence or what everybody talks about as AI you know it used to be that processing power doubling every 18 months was what drove innovation in the industry today it's a combination of data which we have a lot of it's AI and cloud for scaling we're going to talk about cloud but I want to spend a minute talking about AI when I first came into this business AI was all the rage but we didn't have the amount of data that we had today we don't we didn't have the processing power it was too expensive to store all this data that's all changed so now we have this emerging machine intelligence layer being used for a lot of different inks but it's sort of sitting on top of all these workloads that's being injected into databases and applications it's being used to detect fraud to sell us more stuff you know in real time to save lives and I'm going to talk about that but it's one of these superpowers that really needs new hardware architectures so I want to explore machine intelligence a little bit it really is a game changers it really is and and and tying back to the first point about sort of the the evolution of data and the importance of data things like machine learning and adaptive infrastructure and cognitive infrastructure have driven to your point are a hard requirement to adapt and improve the infrastructure upon which that lives and runs and operates and moves and breathes so we always had Hardware evolution or development or improvements and networks and the basic you know components of the infrastructure being driven again by advances in material science and silicon etc well now what's happening is the growth and importance and and Dynamis city of data is far outpacing the ability of the physical sciences to keep pace right that's a reality that we live in so therefore things like you know cognitive computing machine learning AI are kind of bridging the gap almost between the limitations we're bumping up against in physical infrastructure and the immense unlocked potential of data so that intermediary is really where this phenomenon of AI and machine learning and deep learning is happening and you're also correct in pointing out that it's it's everywhere I mean it's imbuing every single workload it's transforming every industry and a fairly blistering pace IBM's been front and center around artificial intelligence in cognitive computing since the beginning we have a really interesting perspective on it and I think we bring that to a lot of the solutions that we offer as well Ginni Rometty a couple years ago actually use the term incumbent disruptors and when I think of that I think about artificial intelligence and I think about companies like the ones I mentioned before that are very valuable they have data at their core most incumbents don't they have data all over the place you know they might have a bottling plant at the core of the manufacturing plant or some human process at the core so to close that gap artificial intelligence from the incumbents the appointees they're gonna buy that from companies like IBM they're gonna you know procure Watson or other AI tools and you know or maybe you know use open-source AI tools but they're gonna then figure out how to apply those to their business to do whatever fraud detection or recommendation engines or maybe even improve security and we're going to talk about this in detail but Steve this there's got to be new infrastructure behind that we can't run these new workloads on infrastructure that was designed 30 40 years ago exactly I mean I think I am truly fascinated by with this growth of data it's now getting more exponential and why we think about why is it getting more exponential it's getting more exponential because the ease at which you can actually now take advantage of that data it's going beyond the big financial services companies the big healthcare companies right we're moving further and further and further towards the edge where people like you and I and Randi and I have talked about the maker economy right I want to be able to go in and build something on my own and then deliver it to either as a service as a person a new application or as a service to my infrastructure team to go then turn it on and make something out of that that infrastructure it's got to come down in cost but all the things that you said before performance reliability speed to get there intelligence about data movement how do we get smarter about those things all of the underlying ways we used to think about how we managed protect secure that it all has evolved and it's continuing to evolve everybody talks about the journey the journey to cloud why does that matter it's not just the cloud it's also the the componentry underneath and it's gonna go much broader much bigger much faster well and I would just add just amplify what Steve said about this whole maker movement one of the other pressures that that's putting on corporate IT is it's driving essentially driving product development and innovation out to the end to the very edge to the end user level so you have all these very smart people who are developing these amazing new services and applications and workloads when it gets to the point where they believe it can add value to the business they then hand it off to IT who is tasked with figuring out how to implement it scale it protect it secured debt cetera that's really where I believe I um plays a key role or where we can play a key role add a lot of values we understand that process of taking that from inception to scale and implementation in a secure enterprise way and I want to come back to that so we talked about data as one of the superpowers an AI and the third one is cloud so again it used to be processor speed now it's data plus AI and cloud why is cloud important because cloud enables scale there's so much innovation going on in cloud but I want to talk about you know cloud one dot o versus cloud two dot o IBM talks about you know the new era of cloud so what was cloud one dot o it was largely lift and shift it was taking a lot of crap locations and putting him in the public cloud it was a lot of tests in dev a lot of startups who said hey I don't need to you know have IT I guess like the cube we have no ID so it's great for small companies a great way to experiment and fail fast and pay for you know buy the drink that was one dot o cloud to dot all to datos is emerging is different it's hybrid it's multi cloud it's massively distributed systems distributed data on Prem in many many clouds and it's a whole new way of looking at infrastructure and systems design so as Steve as you and I have talked about it's programmable so it's the API economy very low latency we're gonna talk more about what that means but that concept of shipping code to data wherever it lives and making that cloud experience across the entire infrastructure no matter whether it's on Prem or in cloud a B or C it's a complicated problem it really is and when you think about the fact that you know the big the big challenge we started to run into when we were talking about cloud one always shadow IT right so folks really wanted to be able to move faster and they were taking data and they were actually copying it to these different locations to be able to use it for them simply and easily well once you broke that mold you started getting away from the security and the corporate furnance that was required to make sure that the business was safe right it but it but it but following the rules slowed business down so this is why they continued to do it in cloud 2.0 I like the way you position this right is the fact that I no longer want to move data around moving data it within the infrastructure is the most expensive thing to do in the data center so if I can move code to where I need to be able to work on it to get my answers to do my AI to do my intelligent learning that all of a sudden brings a lot more value and a lot more speed and speed as time as money rate if I can get it done faster I get more valuable and then just you know people often talk about moving data but you're right on you the last thing you want to do is move data in just think about how long it takes to back up the first time you ever backed up your iPhone how long it took well and that's relatively small compared to all the data in a data center there's another subtext here from a standpoint of cloud 2.0 and it involves the edge the edge is a new thing and we have a belief inside of wiki bond and the cube that we talk about all the time that a lot of the inference is going to be done at the edge what does that mean it means you're going to have factory devices autonomous vehicles a medical device equipment that's going to have intelligence in there with new types of processors and we'll talk about that but a lot of the the inference is that conclusions were made real-time and and by the way these machines will be able to talk to each other so you'll have a machine to machine communication no humans need to be involved to actually make a decision as to where should I turn or you know what should be the next move on the factory floor so again a lot of the data is gonna stay in place now what does that mean for IBM you still have an opportunity to have data hubs that collect that data analyze it maybe push it up to the cloud develop models iterate and push it back down but the edge is a fundamentally new type of approach that we've really not seen before and it brings in a whole ton of new data yeah that's a great point and it's a market phenomenon that has moved and is very rapidly moving from smartphones to the enterprise right so right so your point is well-taken if you look in the fact is we talked earlier that compute is now proximal to the data as opposed to the other way around and the emergence of things like mesh networking and you know high bandwidth local communications peer-to-peer communications it's it's not only changing the physical infrastructure model and the and the best practices around how to implement that infrastructure it's also fundamentally changing the way you buy them the way you consume them the way you charge for them so it's it's that shift is changing and having a ripple effect across our industry in every sense whether it's from the financial perspective the operational perspective the time to market perspective it's also and we talked a lot about industry transformation and disruptors that show up you know in an industry who work being the most obvious example and just got an industry from the from the bare metal and recreate it they are able to do that because they've mastered this new environment where the data is king how you exploit that data cost-effectively repeatably efficiently is what differentiates you from the pack and allows you to create a brand new business model that that didn't exist prior so that's really where every other industry is going you talking about those those those big five companies in North America that are that are the top top companies now because of data I often think about rewind you know 25 years do you think Amazon when they built Amazon really thought they were going to be in the food service business that the video surveillance business the drone business all these other book business right maybe the book business right but but their architecture had to scale and change and evolve with where that's going all around the data because then they can use these data components and all these other places to get smarter bigger and grow faster and that's that's why they're one of the top five this is a really important point especially for the young people in the audience so it used to be that if you were in an industry if you were in health care or you were in financial services or you were in manufacturing you were in that business for life every industry had its own stack the sales the marketing the R&D everything was wired to that industry and that industry domain expertise was really not portable across businesses because of data and because of digital transformations companies like Amazon can get into content they can get into music they can get it to financial services they can get into healthcare they can get into grocery it's all about that data model being portable across those industries it's a very powerful concept that you and I mean IBM owns the weather company right so I mean there's a million examples of traditional businesses that have developed ways to either enter new markets or expand their footprint in existing markets by leveraging new sources of data so you think about a retailer or a wholesale distributor they have to very accurately or as accurately as possible forecast demand for goods and make sure logistically the goods are in the right place at the right time well there are million factors that go into that there's whether there's population density there's local cultural phenomena there's all sorts of things that have to be taken into consideration previously that would be near impossible to do now you can sit down again as an individual maker I can sit down at my desk and I can craft a model that consumes data from five readily available public api's or data sets to enhance my forecast and I can then create that model execute it and give it to two of my IT guy to go scale-out okay so I want to start getting into the infrastructure conversation again remember the premise of this conversation it doesn't read for structure matter we want to we want to explore that oh I start at the high level with with with cloud multi-cloud specifically we said cloud 2.0 is about hybrid multi cloud I'm gonna make a statements of you guys chime in my my assertion is that multi cloud has largely been a symptom of multi-vendor shadow IT different developers different workloads different lines of business saying hey we want to we want to do stuff in the cloud this happened so many times in the IT business all and then I was gonna govern it how is this gonna be secure who's got access control on and on and on what about compliance what about security then they throw it over to IT and they say hey help us fix this and so itea said look we need a strategy around multi cloud it's horses for courses maybe we go for cloud a for our collaboration software cloud B for the cognitive stuff cloud C for the you know cheap and deep storage different workloads for different clouds but there's got to be a strategy around that so I think that's kind of point number one and I T is being asked to kind of clean up this stuff but the future today the clouds are loosely coupled there may be a network that connects them but there's there's not a really good way to take data or rather to take code ship it to data wherever it lives and have it be a consistent well you were talking about an enterprise data plane that's emerging and that's kind of really where the opportunity is and then you maybe move into the control plane and the management piece of it and then bring in the edge but envision this mesh of clouds if you will whether it's on pram or in the public cloud or some kind of hybrid where you can take metadata and code ship it to wherever the data is leave it there much smaller you know ship five megabytes of code to a petabyte of data as opposed to waiting three months to try to ship you know petabytes to over the network it's not going to work so that's kind of the the spectrum of multi cloud loosely coupled today going to this you know tightly coupled mesh your guys thoughts on that yeah that's that's a great point and and I would add to it or expand that even further to say that it's also driving behavioral fundamental behavioral and organizational challenges within a lot of organizations and large enterprises cloud and this multi cloud proliferation that you spoke about one of the other things that's done that we talked about but probably not enough is it's almost created this inversion situation where in the past you'd have the business saying to IT I need this I need this supply chain application I need this vendor relationship database I need this order processing system now with the emergence of this cloud and and how easy it is to consume and how cost-effective it is now you've got the IT guys and the engineers and the designers and the architects and the data scientists pushing ideas to the business hey we can expand our footprint and our reach dramatically if we do this so you've get this much more bi-directional conversation happening now which frankly a lot of traditional companies are still working their way through which is why you don't see you know 100% cloud adoption but it drives those very productive full-duplex conversations at a level that we've never seen before I mean we encounter clients every day who are having these discussions are sitting down across the table and IT is not just doesn't just have a seat at the table they are often driving the go-to-market strategy so that's a really interesting transformation that we see as well in addition to the technology so there are some amazing things happening Steve underneath the covers and the plumbing and infrastructure and look at we think infrastructure matters that's kind of why we're here we're infrastructure guys but I want to make a point so for decades this industry is marked to the cadence of Moore's law the idea that you can double processing speeds every 18 months disk drive processors disk drives you know they followed that curve you could plot it out the last ten years that started to attenuate so what happened is chip companies would start putting more cores on to the real estate well they're running out of real estate now so now what's happening is we've seen this emergence of alternative processors largely came from mobile now you have arm doing a lot of offload processing a lot of the storage processing that's getting offloaded those are ARM processors in video with GPUs powering a lot of a lot of a is yours even seeing FPGAs they're simple they're easy them to spin up Asics you know making a big comeback so you've seen these alternative processes processors powering things underneath where the x86 is and and of course they're still running applications on x86 so that's one sort of big thing big change in infrastructure to support this distributed systems the other is flash we saw flash basically take out spinning disk for all high-speed applications we're seeing the elimination of scuzzy which is a protocol that sits in between the the the disk you know and the rest of the network that's that's going away you're hearing things like nvme and rocky and PCIe basically allowing stores to directly talk to the so now a vision envision this multi-cloud system where you want to ship metadata and code anywhere these high speed capabilities interconnects low latency protocols are what sets that up so there's technology underneath this and obviously IBM is you know an inventor of a lot of this stuff that is really gonna power this next generation of workloads your comments yeah I think I think all that 100% true and I think the one component that we're fading a little bit about it even in the infrastructure is the infrastructure software right there's hardware we talked a lot talked about a lot of hardware component that are definitely evolving to get us better stronger faster more secure more reliable and that sort of thing and then there's also infrastructure software so not just the application databases or that sort of thing but but software to manage all this and I think in a hybrid multi cloud world you know you've got these multiple clauses for all practical purposes there's no way around it right marketing gets more value out of the Google analytic tools and Google's cloud and developers get more value out of using the tools in AWS they're gonna continue to use that at the end of the day I as a business though need to be able to extract the value from all of those things in order to make different business decisions to be able to move faster and surface my clients better there's hardware that's gonna help me accomplish that and then there are software things about managing that whole consetta component tree so that I can maximize the value across that entire stack and that stack is multiple clouds plus the internal clouds external clouds everything yeah so it's great point and you're seeing clear examples of companies investing in custom hardware you see you know Google has its own ship Amazon its own ship IBM's got you know power 9 on and on but none of this stuff works if you can't manage it so we talked before about programmable infrastructure we talked about the data plane and the control plane that software that's going to allow us to actually manage these multiple clouds as at least a quasi single entity you know something like a logical entity certainly within workload classes and in Nirvana across the entire you know network well and and the principal or the principle drivers of that evolution of course is containerization right so the containerization phenomenon and and you know obviously with our acquisition of red hat we're now very keenly aware and acutely plugged into the whole containerization phenomenon which is great we're you're seeing that becoming almost the I can't think of us a good metaphor but you're seeing containerization become the vernacular that's being spoken in multiple different types of reference architectures and use case environments that are vastly different in their characteristics whether they're high throughput low latency whether they're large volume whether they're edge specific whether they're more you know consolidated or hub-and-spoke models containerization is becoming the standard by which those architectures are being developed and with which they're being deployed so we think we're very well-positioned working with that emerging trend and that rapidly developing trend to instrument it in a way that makes it easier to deploy easier to instrument easier to develop so that's key and I want to sort of focus now on the relevance of IBM one side one thing that we understand because that that whole container is Asian think back to your original point Dave about moving data being very expensive and the fact that the fact that you want to move code out to the data now with containers microservices all of that stuff gets a lot easier development becomes a lot faster and you're actually pushing the speed of business faster well and the other key point is we talked about moving code you know to the data as you move the code to the data and run applications anywhere wherever the data is using containers the kubernetes etc you don't have to test it it's gonna run you know assuming you have the standard infrastructure in place to do that and the software to manage it that's huge because that means business agility it means better quality and speed alright let's talk about IBM the world is complex this stuff is not trivial the the more clouds we have the more edge we have the more data we have the more complex against IBM happens to be very good at complex three components of the innovation cocktail data AI and cloud IBM your customers have a lot of data you guys are good with data it's very strong analytics business artificial intelligence machine intelligence you've invested a lot in Watson that's a key component business and cloud you have a cloud it's not designed to compete not knock heads and the race to zero with with the cheap and deep you know storage clouds it's designed to really run workloads and applications but you've got all three ingredients as well you're going hard after the multi cloud world for you guys you've got infrastructure underneath you got hardware and software to manage that infrastructure all the modern stuff that we've talked about that's what's going to power the customers digital transformations and we'll talk about that in a moment but maybe you could expand on that in terms of IBM's relevance sure so so again using the kind of maker the maker economy metaphor bridging from that you know individual level of innovation and creativity and development to a broadly distributed you know globally available work loader or information source of some kind the process of that bridge is about scale and reach how do you scale it so that it runs effectively optimally is easily managed Hall looks and feels the same falls under the common umbrella of services and then how do you get it to as many endpoints as possible whether it's individuals or entities or agencies or whatever scale and reach iBM is all about scale and reach I mean that's kind of our stock and trade we we are able to take solutions from small kind of departmental level or kind of skunkworks level and make them large secure repeatable easily managed services and and make them as turnkey as possible our services organizations been doing it for decades exceptionally well our product portfolio supports that you talk about Watson and kind of the cognitive computing story we've been a thought leader in this space for decades I mean we didn't just arrive on the scene two years ago when machine learning and deep learning and IO ste started to become prominent and say this sounds interesting we're gonna plant our flag here we've been there we've been there for a long time so you know I kind of from an infrastructure perspective I kind of like to use the analogy that you know we are technology ethos is built on AI it's built on cognitive computing and and sort of adaptive computing every one of our portfolio products is imbued with that same capability so we use it internally we're kind of built from AI for AI so maybe that's the answer to this question of it so what do you say that somebody says well you know I want to buy you know my flash storage from pure AI one of my bi database from Oracle I want to buy my you know Intel servers from Dell you know whatever I want to I want to I want control and and and I gotta go build it myself why should I work with IBM do you do you get that a lot and how do you respond to that Steve I think I think this whole new data economy has opened up a lot of places for data to be stored anywhere I think at the end of the day it really comes down to management and one of the things that I was thinking about as you guys were we're conversing is the enterprise class or Enterprise need for things like security and protection that sort of thing that rounds out the software stack in our portfolio one of the things we can bring to the table is sure you can go by piece parts and component reform from different people that you want right and in that whole notion around fail-fast sure you can get some new things that might be a little bit faster that might be might be here first but one of the things that IBM takes a lot of pride was a lot of qual a lot of pride into is is the quality of their their delivery of both hardware and software right so so to me even though the infrastructure does matter quite a bit the question is is is how much into what degree so when you look at our core clients the global 2,000 right they want to fail fast they want to fail fast securely they want to fail fast and make sure they're protected they want to fail fast and make sure they're not accidentally giving away the keys to the kingdom at the end of the day a lot of the large vendor a lot of the large clients that we have need to be able to protect their are their IP their brain trust there but also need the flexibility to be creative and create new applications that gain new customer bases so the way I the way I look at it and when I talk to clients and when I talk to folks is is we want to give you them that while also making sure they're they're protected you know that said I would just add that that and 100% accurate depiction the data economy is really changing the way not only infrastructure is deployed and designed but the way it can be I mean it's opening up possibilities that didn't exist and there's new ones cropping up every day to your point if you want to go kind of best to breed or you want to have a solution that includes multi vendor solutions that's okay I mean the whole idea of using again for instance containerization thinking about kubernetes and docker for instance as a as a protocol standard or a platform standard across heterogeneous hardware that's fine like like we will still support that environment we believe there are significant additive advantages to to looking at IBM as a full solution or a full stack solution provider and our largest you know most mission critical application clients are doing that so we think we can tell a pretty compelling story and I would just finally add that we also often see situations where in the journey from the kind of maker to the largely deployed enterprise class workload there's a lot of pitfalls along the way and there's companies that will occasionally you know bump into one of them and come back six months later and say ok we encountered some scalability issues some security issues let's talk about how we can develop a new architecture that solves those problems without sacrificing any of our advanced capabilities all right let's talk about what this means for customers so everybody talks about digital transformation and digital business so what's the difference in a business in the digital business it's how they use data in order to leverage data to become one of those incumbent disruptors using Ginny's term you've got to have a modern infrastructure if you want to build this multi cloud you know connection point enterprise data pipeline to use your term Randy you've got to have modern infrastructure to do that that's low latency that allows me to ship data to code that allows me to run applet anywhere leave the data in place including the edge and really close that gap between those top five data you know value companies and yourselves now the other piece of that is you don't want to waste a lot of time and money managing infrastructure you've got to have intelligence infrastructure you've got to use modern infrastructure and you've got to redeploy those labor assets toward a higher value more productive for the company activities so we all know IT labor is a chop point and we spend more on IT labor managing Leung's provisioning servers tuning databases all that stuff that's gotta change in order for you to fund digital transformations so that to me is the big takeaway as to what it means for customer and we talked about that sorry what we talked about that all the time and specifically in the context of the enterprise data pipeline and within that pipeline kind of the newer generation machine learning deep learning cognitive workload phases the data scientists who are involved at various stages along the process are obviously kind of scarce resources they're very expensive so you can't afford for them to be burning cycles and managing environments you know spinning up VMs and moving data around and creating working sets and enriching metadata that they that's not the best use of their time so we've developed a portfolio of solutions specifically designed to optimize them as a resource as a very valuable resource so I would vehemently agree with your premise we talked about the rise of the infrastructure developer right so at the end of the day I'm glad you brought this topic up because it's not just customers it's personas Pete IBM talks to different personas within our client base or our prospect base about why is this infrastructure important to to them and one of the core components is skill if you have when we talk about this rise of the infrastructure developer what we mean is I need to be able to build composable intelligent programmatic infrastructure that I as IT can set up not have to worry about a lot of risk about it break have to do in a lot of troubleshooting but turn the keys over to the users now let them use the infrastructure in such a way that helps them get their job done better faster stronger but still keeps the business protected so don't make copies into production and screw stuff up there but if I want to make a copy of the data feel free go ahead and put it in a place that's safe and secure and it won't it won't get stolen and it also won't bring down the enterprise's is trying to do its business very key key components - we talked about I infused data protection and I infused storage at the end of the day it's what is an AI infused data center right it needs to be an intelligent data center and I don't have to spend a lot of time doing it the new IT person doesn't want to be troubleshooting all day long they want to be in looking at things like arm and vme what's that going to do for my business to make me more competitive that's where IT wants to be focused yeah and it's also we just to kind of again build on this this whole idea we haven't talked a lot about it but there's obviously a cost element to all this right I mean you know the enterprise's are still very cost-conscious and they're still trying to manage budgets and and they don't have an unlimited amount of capital resources so things like the ability to do fractional consumption so by you know pay paper drink right buy small bits of infrastructure and deploy them as you need and also to Steve's point and this is really Steve's kind of area of expertise and where he's a leader is kind of data efficiency you you also can't afford to have copy sprawl excessive data movement poor production schemes slow recovery times and recall times you've got a as especially as data volumes are ramping you know geometrically the efficiency piece and the cost piece is absolutely relevant and that's another one of the things that often gets lost in translation between kind of the maker level and the deployment level so I wanted to do a little thought exercise for those of you think that this is all you know bromide and des cloud 2.0 is also about we're moving from a world of cloud services to one where you have this mesh which is ubiquitous of of digital services you talked about intelligence Steve you know the intelligent data center so all these all these digital services what am I talking about AI blockchain 3d printing autonomous vehicles edge computing quantum RPA and all the other things on the Gartner hype cycle you'll be able to procure these as services they're part of this mesh so here's the thought exercise when do you think that owning and driving your own vehicle is no longer gonna be the norm right interesting thesis question like why do you ask the question well because these are some of the disruptions so the questions are designed to get you thinking about the potential disruptions you know is it possible that our children's children aren't gonna be driving their own car it's because it's a it's a cultural change when I was 16 year olds like I couldn't wait but you started to see a shifted quasi autonomous vehicles it's all sort of the rage personally I don't think they're quite ready yet but it's on the horizon okay I'll give you another one when will machines be able to make better diagnosis than doctors actually both of those are so so let's let's hit on autonomous and self-driving vehicles first I agree they're not there yet I will say that we have a pretty thriving business practice and competency around working with a das providers and and there's an interesting perception that a das autonomous driving projects are like there's okay there's ten of them around the world right maybe there's ten metal level hey das projects around the world what people often don't see is there is a gigantic ecosystem building around a das all the data sourcing all the telemetry all the hardware all the network support all the services I mean building around this is phenomenal it's growing at a had a ridiculous rate so we're very hooked into that we see tremendous growth opportunities there if I had to guess I would say within 10 to 12 years there will be functionally capable viable autonomous vehicles not everywhere but they will be you will be able as a consumer to purchase one yeah that's good okay and so that's good I agree that's a the time line is not you know within the next three to five years all right how about retail stores will well retail stores largely disappeared we're we're rainy I was just someplace the other day and I said there used to be a brick-and-mortar there and we were walking through the Cambridge Tseng Galleria and now the third floor there's no more stores right there's gonna be all offices they've shrunken down to just two floors of stores and I highly believe that it's because you know the brick you know the the retailers online are doing so well I mean think about it used to be tricky and how do you get in and and and I need the Walmart minute I go cuz I go get with Amazon and that became very difficult look at places like bombas or Casper or all the luggage plate all this little individual boutique selling online selling quickly never having to have to open up a store speed of deployment speed of product I mean it's it's it's phenomenal yeah and and frankly if if Amazon could and and they're investing billions of dollars and they're trying to solve the last mile problem if Amazon could figure out a way to deliver ninety five percent of their product catalog Prime within four to six hours brick-and-mortar stores would literally disappear within a month and I think that's a factual statement okay give me another one will banks lose control traditional banks lose control of the payment systems you can Moselle you see that banks are smart they're buying up you know fin tech companies but right these are entrenched yeah that's another one that's another one with an interesting philosophical element to it because people and some of its generational right like our parents generation would be horrified by the thought of taking a picture of a check or using blockchain or some kind of a FinTech coin or any kind of yeah exactly so Bitcoin might I do my dad ask you're not according I do I don't bit going to so we're gonna we're waiting it out though it's fine by the way I just wanted to mention that we don't hang out in the mall that's actually right across from our office I want to just add that to the previous comment so there is a philosophical piece of it they're like our generation we're fairly comfortable now because we've grown up in a sense with these technologies being adopted our children the concept of going to a bank for them will be foreign I mean it will make it all have no context for the content for the the the process of going to speak face to face to another human it just say it won't exist well will will automation whether its robotic process automation and other automation 3d printing will that begin to swing the pendulum back to onshore manufacturing maybe tariffs will help to but again the idea that machine intelligence increasingly will disrupt businesses there's no industry that's safe from disruption because of the data context that we talked about before Randy and I put together a you know IBM loves to use were big words of transformation agile and as a sales rep you're in the field and you're trying to think about okay what does that mean what does that mean for me to explain to my customer so he put together this whole thing about what his transformation mean to one of them was the taxi service right in the another one was retail so and not almost was fencers I mean you're hitting on on all the core things right but this transformation I mean it goes so deep and so wide when you think about exactly what Randy said before about uber just transforming just the taxi business retailers and taxis now and hotel chains and that's where the thing that know your customer they're getting all of that from data data that I'm putting it not that they're doing work to extract out of me that I'm putting in so that autonomous vehicle comes to pick up Steve Kenaston it knows that Steve likes iced coffee on his way to work gives me a coupon on a screen I hit the button it automatically stops at Starbucks for me and it pre-ordered it for me you're talking about that whole ecosystem wrapped around just autonomous vehicles and data now it's it's unbeliev we're not far off from the Minority Report era of like Anthem fuck advertising targeted at an individual in real time I mean that's gonna happen it's almost there now I mean you just use point you will get if I walk into Starbucks my phone says hey why don't you use some points while you're here Randy you know so so that's happening at facial recognition I mean that's all it's all coming together so and again underneath all this is infrastructure so infrastructure clearly matters if you don't have the infrastructure to power these new workloads you're drugged yeah and I would just add and I think we're all in agreement on that and and from from my perspective from an IBM perspective through my eyes I would say we're increasingly being viewed as kind of an arms dealer and that's a probably a horrible analogy but we're being used we're being viewed as a supplier to the providers of those services right so we provide the raw materials and the machinery and the tooling that enables those innovators to create those new services and do it quickly securely reliably repeatably at a at a reasonable cost right so it's it's a step back from direct engagement with consumer with with customers and clients and and architects but that's where our whole industry is going right we are increasingly more abstracted from the end consumer we're dealing with the sort of assembly we're dealing with the assemblers you know they take the pieces and assemble them and deliver the services so we're not as often doing the assembly as we are providing the raw materials guys great conversation I think we set a record tends to be like that so thank you very much for no problem yeah this is great thank you so much for watching everybody we'll see you next time you're watching the cube

>> Narrator: From Las Vegas, it's The Cube. Covering IBM Think 2018. Brought to you by IBM. >> Welcome back to IBM Think, everybody. My name's Dave Vallante, I'm here with Peter Burris. You're watching The Cube, the leader in live tech coverage. This is our day three. We're wrapping up wall to wall coverage of IBM's inaugural Think Conference. Thirty or forty thousand people, too many people to count, I've been joking all week. Sam Werner is here, he's the VP of Offering Management for Software Defined Storage, Sam, good to see you again. And Steve Kenniston is joining him otherwise known as the storage alchemist. Steven, great to see you again. >> Steven: Thanks, Dave. >> Dave: Alright, Sam. Let's get right into it. >> Sam: Alright. >> Dave: What is the state of data protection today and what's IBM's point of view? >> Sam: Well, I think anybody who's been following the conference and saw Jenny's key note, which was fantastic, I think you walked away knowing how important data is in the future, right? The way you get a competitive edge is to unlock insights from data. So if data's so important you got to be able to protect that data, but you're forced to protect all this data. It's very expensive to back up all this data. You have to do it. You got to keep it safe. How can you actually use that back-up data to, you know, perform analytics and gain some insights of that data that's sitting still behind the scenes. So that's what it's really all about. It's about making sure your data's safe, you're not going to lose it, that big big competitive advantage you have and that data, this is the year of the incumbent because the incumbent can start unlocking valuable data, so - >> Dave: So, Steve, we've talked about this many times. We've talked about the state of data protection, the challenges of sort of bolting on data protection as an afterthought. The sort of one size fits all problem, where you're either under protected or spending too much and being over protected, so have we solved that problem? You know, what is next generation data protection? What does it look like? >> [Steve} Yeah, I think that's a great Question, Dave. I think what you end up seeing a lot of... (audio cuts out) We talk at IBM about the modernize and transform, a lot. Right? And what I've started to try to do is boil it down almost at a product level. WhY - or at least an industry level - why modernize your data protection environment, right? Well if you look at a lot of the new technologies that are out there, costs have come way down, right? Performance is way up. And by performance around data protection we talk RPO's and RTO's. Management has become a lot simpler, a lot of design thinking put in the interfaces, making the Op Ec's job a lot easier around protecting information. A lot of the newer technologies are connected to the cloud, right? A lot simpler. And then you also have the ability to do what Sam just mentioned, which is unlock, now unlock that business value, right? How do I take the data that I'm protecting, and we talk a lot about data reuse and how do I use that data for multiple business purposes. And kind of unhinge the IT organization from being the people that stumble in trying to provide that data out there to the line of business but actually automate that a little bit more with some of the new solutions. So, that's what it means to me for a next generation protection environment. >> Dave: So it used to be this sort of, okay, I got an application, I got to install it on a server - we were talking about this earlier - get a database, put some middleware on - uh! Oh, yeah! I got to back it up. And then you had sort of these silos emerge. Virtualization came in, that obviously change the whole back up paradigm. Now you've got the cloud. What do you guys, what's your point of view on Cloud, everybody's going after this multi-cloud thing, protecting SAS data on prem, hybrid, off-prem, what are you guys doing there? >> Sam: So, uh, and I believe you spoke to Ed Walsh earlier this we very much believe in the multi-cloud strategy. We are very excited on Monday to go live with a Spectrum Protect Plus on IBM's cloud, so it's now available to back up workloads on IBM Cloud. And what's even more exciting about it is if you're running Spectrum Protect Plus on premises, you can actually replicate that data to the version running in the IBM cloud. So now you have the ability not only to back up your data to IBM cloud, back up your data IN IBM cloud where you're running applications there, but also be able to migrate work loads back and forth using this capability. And our plan is to continue to expand that to other clouds following our multi-cloud strategy. >> Dave: What's the plus? >> Sam: Laughs >> Dave: Why the plus? >> Kevin: That's the magic thing, they can't tell you. >> Group: (laughing) >> Dave: It's like AI, it's a black box. >> Sam: Well, I will answer that question seriously, though. IBM's been a leader in data protection for many years. We've been in the Gardeners Leaders Quadrant for 11 years straight with Spectrum Protect, and Spectrum Protect Plus is and extension of that, bringing this new modern approach to back up so it extends the value of our core capability, which you know, enterprises all over the world are using today to keep their data safe. So it's what we do so well, plus more! (laughing) >> Dave: Plus more! - [Sam] Plus more. >> Dave: So, Steve, I wonder if you could talk about the heat in the data protection space, we were at VM World last year, I mean, it was, that was all the buzz. I mean, it was probably the most trafficked booth area, you see tons of VC money that have poured in several years ago that's starting to take shape. It seems like some of these upstarts are taking share, growing, you know, a lot of money in, big valuations, um, what are your thoughts on What's that trend? What's happening there? How do you guys compete with these upstarts? >> Steve: Yeah, so I think that is another really good question. So I think even Ed talks a little bit about a third of the technology money in 2017 went to data protection, so there's a lot of money being poured in. There's a lot of interest, a lot of renewed interest in it. I think what you're seeing, because it cut - it's now from that next generation topic we just talked about, it's now evolving. And that evolution is it's not, it's no longer just about back up. It's about data reuse, data access, and the ability to extract value from that data. Now all of a sudden, if you're doing data protection right, you're backing up a hundred percent of your data. So somewhere in the repository, all my data is sitting. Now, what are the tools I can use to extract the value of that data. So there used to be a lot of different point products, and now what folks are saying is, well now, look, I'm already backing it up and putting it in this data silo, so to speak. How do I get the value out of it? And so, what we've done with Plus, and why we've kind of leap frogged ourselves here with - from going from Protect to Protect Plus, is to be able to now take that repository - what we're seeing from customers is there's a definitely a need for back up, but now we're seeing customers lead with this operational recovery. I want operational recovery and I want data access. So now, what Spectrum Protect Plus does is provides that access. We can do automation, we can provide self service, it's all rest API driven, and then what we still do is we can off load that data to Spectrum Protect, our great product, and then what ends up happening is the long term retention capabilities about corporate compliance or corporate governance, I have that, I'm protecting my business, I feel safe, but now I'm actually getting a lot more value out of that silo of data now. >> Peter: Well, one of the challenges, especially as we start moving into an AI analytics world, is that it's becoming increasingly clear that backing up the data, a hundred percent of the data, may not be capturing all of the value because we're increasingly creating new models, new relationships amongst data that aren't necessarily defined by an application. They're transient, then temporal, they're, they come up they come down, how does a protection plane handle, not only, you know, the data that's known, from sources that are known, but also identifying patterns of how data relationships are being created, staging it to the appropriate place, it seems as though this is going to become an increasingly important feature of any protection scheme? >> Steve: I think, I think a lot - you bring up a good topic here - I think a lot of the new protection solutions that are all rest API driven now have the capability to actually reach out to these other API's, and of course we have our whole Watson platform, our analytics platform that can now analyze that information, but the core part, and the reason why I think - back to your previous question about this investment in some of these newer technologies, the legacy technologies didn't have the metadata plane, for example, the catalog. Of course you had a back up catalog , but did you have an intelligent back up catalog. With the Spectrum Protect Plus catalog, we now have all of this metadata information about the data that you're backing up. Now if I create a snapshot, or reuse situation where to your point being, I want to spin something back up, that catalog keeps track of it now. We have full knowledge of what's going. You might not have chosen to again back that new snap up, but we know it's out there. Now we can understand how people are using the data, what are they using the data for, what is the longevity of how we need to keep that data? Now all of a sudden there's a lot more intelligence in the back up and again to your earlier question, I think that's why there's this renewed interest in kind of the evolution. >> Dave: Well, they say at this point you really can't do that multi-cloud without that capability. I wanted to ask you about something else, because you basically put forth this scenario or premise that it's not just about back up, it's not just about insurance, my words, there's other value that you could extract. Um, I want to bring up ransomware. Everybody talks about air gaps - David Foyer brings that up a lot and then I watch, like certain shows like, I don't know if you saw the Zero Days documentary where they said, you know, we laugh at air gaps, like, oh! Really? Yeah, we get through air gaps, no problem. You know, I'm sure they put physical humans in and they're going to infect. So, so there's - the point I'm getting to is there's other ways to protect against ransomware, and part of that is analytics around the data and all the data's - in theory anyway - in the backup store. So, what's going on with ransomware, how are you guys approaching that problem, where do analytics fit? You know, a big chewy question, but, have at it. >> Sam: Yeah, no I'm actually very glad you asked that question. We just actually released a new version of our core Spectrum Protect product and we actually introduced ransomware detection. So if you think about it, we bring in all of your data constantly, we do change block updates, so every time you change files it updates our database, and we can actually detect things that have changed in the pattern. So for example, if you're D-Dup rate starts going down, we can't D-Dup data that's encrypted. So if all of a sudden the rate of D-Duplication starts going down that would indicate the data's starting to be encrypted, and we'll actually alert the user that something's happening. Another example would be, all the sudden a significant amount of changes start happening to a data set, much higher than the normal rate of change, we will alert a user. It doesn't have to be ransomware, it could be ransomware. It could be some other kind of malicious activity, it could be an employee doing something they shouldn't be - accessing data that's not supposed to be accessed. So we'll alert the users. So this kind of intelligence, uh, you know is what we'll continue to try to build in. IBM's the leader in analytics, and we're bringing those skills and applying it to all of our different software. >> Dave: Oh, okay. You're inspecting that corpus of backup data, looking for anomalus behavior, you're say you're bringing in IBM analytics and also presumably some security capabilities from IBM, is that right? >> Sam: That's right. Absolutely. We work very closely with our security team to ensure that all the solutions we provide tie in very well with the rest of our capabilities at IBM. One other thing though, I'll mention is our cloud object storage, getting a little bit away from our backup software for a second, but object storage is used often - >> Kevin: But it's exciting! >> Sam: It is exciting! It's one of my favorite parts of the portfolio. It's a place where a lot of people are storing backup and archive data and we recently introduced worm capability, which mean Write Once Read Many. So once it's been written it can't be changed. It's usually used for compliance purposes but it's also being used as an air gap capability. If the data can't be changed, then essentially it can't be you know encrypted or attacked by ransomware. And we have certification on this as well, so we're SEC compliant, we can be used in regulated industries, so as we're able to in our data protection software off load data into a object store, which we have the capability, you can actually give it this worm protection, so that you know your backup data is always safe and can always be recovered. We can still do this live detection, and we can also ensure your backup is safe. >> Dave: That's great. I'm glad to hear that, cause I feel like in the old days, that I asked you that question about ransomware, and well, we're working on that - and two years later you've come up with a solution. What's the vibe inside of IBM in the storage group? I mean it seems like there's this renewed energy, obviously growth helps, it's like winning, you know, brings in the fans, but, what's your take Steve? And I'll close with Sam. >> Steve: I would almost want to ask you the same question. You've been interviewing a lot of the folks from the storage division that have come up here today and talked to you. I mean you must hear the enthusiasm and the excitement. Right? >> Dave: Yeah, definitely. People are pumped up. >> Steve: And I've rejoined IBM, Sam has rejoined IBM, right? And I think what we're finding inside is there used to be a lot of this, eh yeah, we'll eventually get there. In other words, it's like you said, next year, next year. Next, next quarter. Next third quarter, right? And now its, how do we get it done? People are excited, they want to, they see all the changes going on, we've done a lot to - I don't want to say sort out the portfolio, I think the portfolio's always been good - but now there's like a clean crisp clear story around the portfolio, how they fit together, why they're supposed to - and people are rallying behind that. And we're seeing customer - we're voted by IDCE, number one in the storage software business this year. I think people are really getting behind, you want to work for a winning team, and we're winning and people are getting excited about it. >> Dave: Yeah, I think there's a sense of urgency, a little startup mojo, it's back. So, love that, but Sam I'll give you the last word, before we wrap. Just on Think? Just on the Market? >> Sam: I got to tell you, Think has been crazy. It's been a lot of fun so far. I got to tell you, I have never seen so much excitement around our storage portfolio from customers. These were the easiest customer discussions I've ever had at one of these conferences, so they're really excited about what they're doing and they're excited about the direction we're moving in. So, yeah. >> Dave: Guy, awesome seeing you. Thanks for coming back on The Cube, both of you, and, uh, really a pleasure. Alright. Thank you for watching. Uh, this is a wrap from IBM Think 2018. Guys, thanks for helping us close that up. Peter, thank you for helping - >> Peter: Absolutely. >> Dave: me co-host this week. John Furie was unbelievable with the pop up cube, really phenomenal job, John and the crew. Guys, great great job. Really appreciate you guys coming in from wherever you were Puerto Rico or the Bahamas, I can't keep track of you anymore. Go to siliconangle.com, check out all the news. TheCube.net is where all these videos will be and wikibon.com for all the research, which Peter's group has been doing great work there. We're out! We'll see you next time. (lively tech music)

>> Narrator: From the SiliconANGLE Media Office in Boston Massachusetts, it's theCube. Now here's your host, Dave Vellante. >> Very often at SiliconANGLE Media, companies will come in, and they'll present to us about the new product that they're announcing, and we'll really have a deep detailed product discussion on speeds and feeds. But in this Cube conversation, I really want to talk about the API economy. My name is Dave Vellante. I'm here with my friend Steve Kenniston. Steve, great to see you again. Thanks for coming into the studio. >> Thanks for having me on theCUBE, Dave. I love it here. >> So the API economy is something that you hear all the same, and I was saying at the top, a lot of vendors will come in and say hey, we've got this big product that we're going to announce next week or next month, and we want to pick a thought leadership topic, and we want to vector our product into that and it's good. It's great to do that to try to be relevant, but what I want to talk to you about is this notion of cloud and the API economy and how it's emerged in the network today. So I want to start with a developer perspective. And if you think about the way infrastructure has traditionally been deployed and what it means for a developer, can you help us understand that old view of the world and how it worked? >> Sure thing Dave, and by the way, thanks for doing this. Having been on both sides of the table, the analyst side as well as the vendor side, you couldn't have hit the nail more on the head. Vendors like to come in and talk about product and talk to the analysts about how their product fits into what you guys are hearing in the market space, but I think what's happening more and more is this evolution of the conversation that needs to happen that sells to people who are trying to solve business problems, not solve speeds and feeds problems. As you look at the API economy and you think back to when infrastructure vendors were traditionally selling infrastructure, the conversation was always about, I wouldn't even say a dev ops style, I think that's fairly new, I think it was a test dev style. That was a developer developing some code, tossing it over the wall, and some operations people trying to install it. And the minute that happened, of course that code set didn't fulfill all the requirements that were needed by the vendor or by the business. It wasn't secure enough. It didn't have all the right capabilities to fit into the infrastructure. >> Wasn't patched, integration. >> Didn't talk to the right systems. >> The punch list of stuff that operations guys have to go through. The developers, >> They didn't know. >> Didn't know and frankly didn't care. >> Didn't care, right? Didn't understand how the database was laid out, so it talks to it in a different way. So traditionally what would happen then is the implementation guys would say, okay, let me go fix this. And they'd do some fixing of it and then try to deploy it, and it wouldn't work behaviorally the way the developer had designed it. And then there'd be this conflict. It's not working right. Well, it worked when I gave it to you. >> Yeah hey, your application doesn't work. Tell a guy, hey your code doesn't work. That's the last thing an application developer wants to hear. >> And that process, >> Well, it worked when I gave it to you like you said. >> Exactly (chuckles). >> But another point you made, it created a lot of tension. >> Lot of tension and the process in of itself became very very inefficient, which then you saw the spinning up of. >> Wait, no, now the business guy, >> Steve: Now the business. >> Says where's my app? And meanwhile you got the application development team and the deployment team sort of doing this back and forth, back and forth, back and forth, and they're trying to work together. >> But the line of business isn't getting the solution that they need to drive a competitive business. >> So time to value was impacted substantially. Actually, as you came out of the downturn, 2009, 2010, you saw shadow IT emerge. So from your perspective, what did that bring to the table in this conversation? >> I think the biggest thing shadow IT brought to the conversation is the whole notion of cloud. Cloud was, yeah it's there. We still see the number one reason why people use cloud is for data protection. I want to back it up, and they think it's cheaper. It's not tape. If you get rid of a lot of that management capability, >> Or test dev too, right? >> Or test dev. But I think test dev is even growing more and more because of this whole notion around shadow IT. It was, look, every time I toss this thing over the wall to the folks that need to implement the solution, I get a lot of pushback, and to your point, it creates a lot of this tension. I'm going to go create my own way to develop this, and I'm going to do all the development of that in the cloud. I'm not going to wait for things to be provisioned for me. I'm not going to wait for things to be tested and tell me I'm a bad developer, that sort of thing. I'm going to go develop the code that I want and say well, I'm done, it works, and then hand it off. And because it's in the cloud, hopefully the folks that need to deploy it can attach to the cloud and all of a sudden, everything works the way it's supposed to. Still misses a lot of the things that the corporation needs from a protection security standpoint, am-I-working-with-the-right-dataset standpoint, does the database look the same way it does here? Because when you develop a piece of code, you want it to run it and act against probably some components within your infrastructure. Is that happening, and there's still the big question mark. >> But the epiphany from developers as a process of that shadow IT is wow, I can essentially deploy infrastructure as code. >> Steve: Correct. >> And then when that hit, that's when you really started to hear the discussion of dev ops. The whole dev ops meme exploded. Although, I would observe, and we talked to a lot of people on the theCUBE about this, is it dev ops or is it ops dev? What does that really mean? What it means is that most organizations, at least up until recently, and I still say most organizations don't have infrastructure as a code on prem. If they want that, they got to go to one of the public cloud providers, but they're looking for that public cloud experience on prem. And so you had a lot of, sort of ops dev, ops guys sort of learning the development piece that was relevant for deployment, and the vendor community's stepping up and delivering more of an API oriented experience. >> I think a big part of that too, Dave, to what you're just saying is now all of a sudden, the ops guys were learning things that was a little outside their comfort zone and because of that, probably a lot of folks got frustrated. So the vendors, to your point, have made it a little bit easier to be able to deploy this through an API economy or through APIs. Why? Because they've started to automate a lot of the learning and the thinking because it's pretty simple. When you have infrastructure as code, there's a lot of things you can do programmatically. Now I can take that learning away and put the ops guys back in charge of ops. I don't need to go learn dev. I need to understand it so when they hand it to me, I know what I'm doing, but that whole API conversation is now moving away from education but more towards the true fulfillment and building out of these new applications that are making businesses more competitive. >> So when you think about the API economy, you know that term gets thrown around a lot, what does that mean to you? >> To me, the API economy if you look at it, think of a great use case. I would think of a use case around manufacturing. If you think of a manufacturing company or a manufacturing organization, you have your suppliers, and we all know that just-in-time manufacturing is kind of the way to do business today. You have your manufacturing on the floor, and we know that a lot of systems are doing a lot of components within the manufacturing. And these systems are getting smarter and being able to learn and tell you when things are broken and not working right, so you're actually getting realtime service to keep the floor running as fast as possible. Though all of a sudden your inventory is now moving to some sort of inventory control system and those systems are talking. The vendors who are buying that inventory to then go to sell to the public are working with APIs to be able to talk to that inventory and see what they need and when they need it. And then in turn, those vendors are selling to the consumer, and the consumer is using social media now. They're not picking up the phone and calling for customer service. They're saying, hey this sweater's really nice or hey my iPod broke or whatever. So you need, as the original manufacturer, to be able to be tapped into these channels to get that information, and it's a circle. And that circle is really all held together with code. >> Okay, so that brings me to sort of the discussion of cloud and essentially, we talked about dev ops versus ops dev before, I would posit that the organization, the application development heads, CIOs, they want that cloud-like experience, and they want it wherever their data is. They're not going to bring all their data into the cloud. Too much data, governance, compliance, security, all that stuff. So they're going to bring the cloud operating model to their data, which means they're going to bring the API economy to their data whatever that exists. It's in the cloud, on prem, at the edge, some place in between the cloud and the edge, and so I want to get your perspectives on how that's evolving in your view and where it needs to go. >> (laughs) How that's evolving? >> Yeah, I mean, where are we today in terms of being able to programmatically across my infrastructure cloud, on prem, edge, be able to control my infrastructure programmatically and get it to do what I want in the same way that I could do that in the cloud? >> I think that that's a really good question, and as I think about it, I think there are different organizations or there are different vendors who have been able to provide solutions to clients in a way such that, there are vendors who have provided solutions to clients that have done so in such a way that it's not holistic across your different infrastructure components as you and I think about infrastructure, the storage, servers, networking, et cetera. I think different vendors in different segments have done a better job. Think of Chef and Puppet. Chef and Puppet have gone a long way to the provisioning of servers and systems to be able to spin up systems that then in turn go build an operations around building an application, testing an application, passing that testing process through a series of automated tests processes, and then passing it back to development to go fix it. I don't know that you see the same level of automation that you see maybe at the server level in the storage level yet. Yet, I say yet. All of that is coming. I see more and more that when you think of technologies coming down the pipe like a copy management functionality, the ability to reuse data. Now that whole environment, it started a while ago, but you see it evolving more. The tools to then automate a lot of that process are now starting to come to fruition. They hadn't been there before, but they're starting to come. Networking, kind of the same thing. >> And that means when you say, talking about automation, you're talking about programmatically invoking policy so that the system just does what I need it to do, and I don't have to manually reconfigure. Because the big vision here is distributed cloud, but managed with a single point of control. And when you think about these work loads that are going to require this new type of infrastructure, everybody talks about AI and machine learning, deep learning, it's requiring a different type of infrastructure and different type of mindset. Microservices are a big part of that, functional programming across locations, so edge, something in between edge and cloud, call it middle tier, and the cloud tier. So you've got processing happening at the edge maybe real time, maybe aggregating data in the middle, and then sending it back up to the cloud and then doing maybe more detailed modeling. That management of that distributed infrastructure cannot take place without the API economy. Do you agree and why? And maybe help us think through how that will evolve. >> So I totally agree. I think the company or the business wants to be able to ensure, and I think you said it best. I'm not going to bring the data to you or am I going to bring the data to you? Or you're going to come to the data, right? The data has to, >> Dave: Yeah, the cloud model for the data. >> The cloud model is the data, so I need to be able to have access in all those access points. That's very important to me because each one of those access points is going to give me the access and the capability to be able to tie in, and talk to, and touch customers in a different way or consumers of the data. And the customer in this case could be, and this is where the automation piece comes in, could be the developer. So the developer now today, is the person that we're selling to. We're not selling to the traditional infrastructure people, although of course they have accountability and responsibility for making sure the infrastructure is secure, stable, they've got enough storage, they've got enough horsepower to run the business. However, the person who needs to be able to access those capabilities or the data that actually lives on the disk, the developer doesn't care anymore what disk it is. They just need access to the data. So now I want to be able to come in every morning, and I want the latest and greatest dataset available to me, so I can go build against an infrastructure that looks like reality so that I know as I'm building my new application for consumers that I'm building it as a fast as I can, as robust as I can, and as accurately as I can right away. And then, I want to distribute that, again quickly, so that as many people who need to consume that applications have the ability to do so. >> When we talk about things like, I got to ask you a sort of, when we talk about things like containers and microservices, I worry sometimes. May be easy to manage dozens of containers and even hundreds, but start managing hundreds of thousands. And same thing with microservices. Some of these microservices aren't so micro. >> They exploded (laughs). >> Yeah, they exploded, macroservices. Is there a concern about API creep where I've got sort of this API economy blossoming, but I've got all this now API complexity out there, or do you see the industry being able to manage that? Is API sort of a way to manage that? Will there be an abstraction layer there? How do you see that all evolving? Should we sorry about API creep, or should we be embracing API creep? >> No, I think the jury's still out. I think that you hear a lot of the vendors talk about, oh yeah, we have a restful API within our set, and we can kind of write to anything. Is that really true? Can it write to anything? Because the more APIs that you see, the more little tricks. We saw this when networking was going to be standardized. Are we going to standardize on an API eventually so that when you do say you write to anything, you can? Hopefully, hopefully you can. But I don't know. >> And the concern there would be just different quality and robustness, and what you get from one vendor, which might be rock solid. Another one, maybe not so much and is a weaker point in the link. All better than scripting, obviously, and a path toward automation. >> And it's not just quality. It's functionality, so you might be able to take advantage of certain things, but you can't take advantage of others. Of course that becomes strategic selling for the vendor to say, hey, here's what I can offer. But at some at point, again when you're talking to that 23 year old developer who just wants to sit down and be successful at building their application, they don't necessarily care or want to hear about that just like they don't care about what disk it's on. They need certain functions to be able to work. It's the iPhone world now. When I push a button, I want it to work. I don't have the time or the cycles to try and go fix something. >> The cloud operating model from an IT operation standpoint has been profound. One of the things we predicted at Wikibon is that over the next 10 years, actually started probably two years ago, but from two years ago to eight years on now, we predict $150 billion will come out of undifferentiated IT labor costs, provisioning, servers, and LUNs and managing all that infrastructure, which doesn't add any value to the business, disappears or gets shifted to other activities. So it gets replaced by vendor R&D in the form of product that actually is cloud-like, public cloud services, and the API economy. Shifting those resources into application development, design thinking, other value-added, >> Steve: Analytics. >> Analytics for sure. All this AI buzz, up the stack if you will, that is going to allow people to differentiate with their digital business. Everybody talks about digital business. Digital businesses are those that differentiate with data, and that's where people want to spend their money. They don't want to spend their money on, that's why everybody complains about how we spend all our money on keeping the lights on. Big part of that is infrastructure management. >> Correct. >> Final thoughts? >> You caught me off guard (laughs). >> Okay, well, I got some final thoughts. >> Steve: I'll have some. >> Let me chat a little bit and then you can chime in. I would say we're entering the next great phase of cloud. A lot of this is driven by cloud and somewhat by open source. The first, sort of kick the tires, what is this? The second phase was wow, the economy is killing me, so I'm going to shift my cap ex to op ex. Actually maybe the fourth phase. Third phase was shadow IT. I got to go fast, and I think the fourth phase was wow, businesses and CIOs realizing that we can't just let shadow IT run away, run amok. We need to embrace the cloud model and bring the cloud model to our data, and as part of that, it's the API economy that we need to embrace and foster and invest in, and shift the labor cost out of undifferentiated lifting to things that add value, and I think the API economy is that vision. It does that. >> Yeah, so I would completely agree. I haven't been in a customer call yet this year where for example, dev ops hasn't come up. And to me, that shows me that CIOs are thinking exactly what you're describing. I need to infiltrate some automation in here to get rid of the (laughs). Why were you laughing? >> I'm not laughin'. I like your shirt. >> So I haven't been in a sales meeting yet this year where we haven't had a conversation with the CIO or the executives at the table where we weren't talking about dev ops. And to me dev ops instantly rings the API economy. Why? Because it injects a level of automation that really is what the CIO or the C level is looking for. Because it does things like help take away some of that expense around the heating, cooling, whatever expense because you get to then offset into, pushing data into the cloud and leveraging the cloud in an op ex type of model more. And I think that the executives have been hearing a lot of we have a cloud strategy. And you get to the people on the development floor or in the IT shop, and they say yeah, well we can't really do a lot of that. I think the C level is starting to see a lot more if I can have the API economy help me help them solve some of their problems, we can get to a cloud model a lot faster and meet the business requirements from a secure standpoint, from a data standpoint, a compliance standpoint that we need to be able to hit, and I think that's really important. >> Developers are driving the bus. Hop on board. Steve, thanks for the chat. >> Thanks for having me. >> Appreciate your perspective. You're welcome, anytime. All right, thanks for watching, everybody. This is theCUBE conversations with Dave Vellante and Steve Kenniston. We'll see you next time.

okay we're back digging into trusted infrastructure with paris are good at he's a senior consultant for product marketing and storage at dell technologies pastor welcome to the cube good to see you great to be with you dave yeah coming from hyderabad awesome so i really appreciate you uh coming on the program let's start with talking about your point of view on what cyber security resilience means to to dell generally but storage specifically yeah so for something like storage you know we are talking about the data layer name and if you look at cyber security it's all about securing your data applications and infrastructure it has been a very mature field at the network and application layers and there are a lot of great technologies right from you know enabling zero trust uh advanced authentications uh identity management systems and so on and and in fact you know with the advent of you know the the use of artificial intelligence and machine learning really these detection tools for cyber securities have really evolved in the network and application spaces so for storage what it means is how can you bring them to the data layer right how can you bring you know the principles of zero trust to the data layer uh how can you leverage artificial intelligence and machine learning to look at you know access patterns and make intelligent decisions about maybe an indicator of a compromise and identify them ahead of time just like you know how it's happening and other of of applications and when it comes to cyber resilience it's it's basically a strategy which assumes that a threat is imminent and it's a good assumption with the severity and the frequency of the attacks that are happening and the question is how do we fortify the infrastructure in this rich infrastructure to withstand those attacks and have a plan a response plan where we can recover the data and make sure the business continuity is not affected so that's uh really cyber security and cyber resiliency at storage layer and of course there are technologies like you know network isolation um immutability and all these principles need to be applied at the storage level as well let me have a follow up on that if i may the intelligence that you talked about that ai and machine learning is that do you do you build that into the infrastructure or is that sort of a separate software module that that points at various you know infrastructure components how does that work both dave right at the data storage level we have come up with various data characteristics depending on the nature of data we developed a lot of signals to see what could be a good indicator of a compromise um and there are also additional applications like cloud iq is the best example which is like an infrastructure wide health monitoring system for dell infrastructure and now we have elevated that to include cyber security as well so these signals are being gathered at cloud iq level and other applications as well so that we can make those decisions about compromise and we can either cascade that intelligence and alert stream upstream for uh security teams um so that they can take actions in platforms like sign systems xtr systems and so on but when it comes to which layer the intelligence is it has to be at every layer where it makes sense where we have the information to make a decision and being closest to the data we have we are basically monitoring you know the various parallels data access who is accessing um are they crossing across any geo fencing is there any mass deletion that is happening or a mass encryption that is happening and we are able to uh detect uh those uh patterns and flag them as indicators of compromise and in allowing automated response manual control and so on for i.t teams yeah thank you for that explanation so at dell technologies world we were there in may it was one of the first you know live shows that that we did in the spring certainly one of the largest and i interviewed shannon champion and my huge takeaway from the storage side was the degree to which you guys uh emphasized security uh within the operating systems i mean really i mean power max more than half i think of the features were security related but also the rest of the portfolio so can you talk about the the security aspects of the dell storage portfolio specifically yeah yeah so when it comes to data security and broadly data availability right in the context of cyber resiliency um dell storage uh this you know these elements have been at the core of our um a core strength for the portfolio and a source of differentiation for the storage portfolio you know with almost decades of collective experience of building highly resilient architectures for mission critical data something like power max system which is the most secure storage platform for high-end enterprises um and now with the increased focus on cyber security we are extending those core technologies of high availability and adding modern detection systems modern data isolation techniques to offer a comprehensive solution to the customer so that they don't have to piece together multiple things to ensure data security or data resiliency but a well-designed and well-architected solution by design is uh delivered to them to ensure cyber protection at the data layer got it um you know we were talking earlier to steve kenniston and pete gear about this notion of dell trusted infrastructure how does storage fit into that as a component of that sort of overall you know theme yeah and you know and let me say this if you could adjust because a lot of people might be skeptical that i can actually have security and at the same time not constrict my organizational agility that's old you know not an or it's an and how do you actually do that if you could address both of those that would be great definitely so for dell trusted infrastructure cyber resiliency is a key component of that and just as i mentioned you know uh air gap isolation it really started with you know power protect cyber recovery you know that was the solution more than three years ago we launched and that was first in the industry which paved way to you know kind of data isolation being a core element of data management and you know for data infrastructure and since then we have implemented these technologies within different storage platforms as well so the customers have the flexibility depending on their data landscape they can approach they can do the right data isolation architecture right either natively from the storage platform or consolidate things into the backup platform and isolate from there and and the other key thing we focus in trusted infrastructure delta dell trusted infrastructure is you know the goal of simplifying security for the customers so one good example here is uh you know risk being able to respond to these cyber threats or indicators of compromise is one thing but an i.t security team may not be looking at the dashboard of the storage systems constantly right storage administration admins may be looking at it so how can we build this intelligence and provide this upstream platforms so that they have a single pane of glass to understand security landscape across applications across networks firewalls as well as storage infrastructure and and compute infrastructure so that's one of the key ways where how we are helping simplify the um kind of the ability to uh respond ability to detect and respond these threads uh in real time for security teams and you mentioned you know about zero trust and how it's a balance of you know not uh kind of restricting users or put heavy burden on you know multi-factor authentication and so on and this really starts with you know what we are doing is provide all the tools you know when it comes to advanced authentication uh supporting external identity management systems multi-factor authentication encryption all these things are intrinsically built into these platforms now the question is the customers are actually one of the key steps is to identify uh what are the most critical parts of their business or what are the applications uh that the most critical business operations depend on and similarly identify uh mission critical data where part of your response plan where it cannot be compromised where you need to have a way to recover once you do this identification then the level of security can be really determined uh by uh by the security teams by the infrastructure teams and you know another you know intelligence that gives a lot of flexibility for for even developers to do this is today we have apis um that so you can not only track these alerts at the data infrastructure level but you can use our apis to take concrete actions like blocking a certain user or increasing the level of authentication based on the threat level that has been perceived at the application layer or at the network layer so there is a lot of flexibility that is built into this by design so that depending on the criticality of the data criticality of the application number of users affected these decisions have to be made from time to time and it's as you mentioned it's it's a balance right and sometimes you know if if an organization had a recent attack you know the level of awareness is very high uh against cyber attacks so for a time you know these these settings may be a bit difficult to deal with but then it's a decision that has to be made by security teams as well got it so you're surfacing what may be hidden kpis that are being buried inside for instance the storage system through apis upstream into a dashboard so that somebody you know dig into the storage tunnel extract that data and then somehow you know populate that dashboard you're saying you're automating that that that workflow that's a great example and you may have others but is that the correct understanding absolutely and it's a two-way integration let's say a detector an attack has been detected at a completely different layer right in the application layer or at a firewall we can respond to those as well so it's a two-way integration we can cascade things up as well as uh respond to threats that have been detected elsewhere uh through the api that's great all right api for power skill is the best example for that uh excellent so thank you appreciate that give us the last word put a bow on this and and bring this segment home please absolutely so a dell uh storage portfolio um using advanced data isolation um with air gap having machine learning based algorithms to detect uh indicators of compromise and having ripple mechanisms um with granular snapshots being able to recover data and restore applications to maintain business continuity is what we deliver to customers uh and these are areas where a lot of innovation is happening a lot of product focus as well as you know if you look at the professional services all the way from engineering to professional services the way we build these systems the very we configure and architect these systems cyber security and protection is a key focus uh for all these activities and dell.com securities is where you can learn a lot about these initiatives that's great thank you you know at the recent uh reinforce uh event in in boston we heard a lot uh from aws about you know detent and response and devops and machine learning and some really cool stuff we heard a little bit about ransomware but i'm glad you brought up air gaps because we heard virtually nothing in the keynotes about air gaps that's an example of where you know this the cso has to pick up from where the cloud leaves off but as i was in front and so number one and number two we didn't hear a ton about how the cloud is making the life of the cso simpler and that's really my takeaway is is in part anyway your job and companies like dell so paris i really appreciate the insights thank you for coming on thecube thank you very much dave it's always great to be in these uh conversations all right keep it right there we'll be right back with rob emsley to talk about data protection strategies and what's in the dell portfolio you're watching the cube [Music] you

the cyber security landscape has changed dramatically over the past 24 to 36 months rapid cloud migration has created a new layer of security defense sure but that doesn't mean csos can relax in many respects it further complicates or at least changes the ciso's scope of responsibilities in particular the threat surface has expanded and that creates more seams and cisos have to make sure their teams pick up where the hyperscaler clouds leave off application developers have become a critical execution point for cyber assurance shift left is the kind of new buzz phrase for devs but organizations still have to shield right meaning the operational teams must continue to partner with secops to make sure infrastructure is resilient so it's no wonder that in etr's latest survey of nearly 1500 cios and it buyers that business technology executives cite security as their number one priority well ahead of other critical technology initiatives including collaboration software cloud computing and analytics rounding out the top four but budgets are under pressure and csos have to prioritize it's not like they have an open checkbook they have to contend with other key initiatives like those just mentioned to secure the funding and what about zero trust can you go out and buy xero trust or is it a framework a mindset in a series of best practices applied to create a security consciousness throughout the organization can you implement zero trust in other words if a machine or human is not explicitly allowed access then access is denied can you implement that policy without constricting organizational agility the question is what's the most practical way to apply that premise and what role does infrastructure play as the enforcer how does automation play in the equation the fact is that today's approach to cyber resilient type resilience can't be an either or it has to be an and conversation meaning you have to ensure data protection while at the same time advancing the mission of the organization with as little friction as possible and don't even talk to me about the edge that's really going to keep you up at night hello and welcome to the special cube presentation a blueprint for trusted infrastructure made possible by dell technologies in this program we explore the critical role that trusted infrastructure plays in cyber security strategies how organizations should think about the infrastructure side of the cyber security equation and how dell specifically approaches securing infrastructure for your business we'll dig into what it means to transform and evolve toward a modern security infrastructure that's both trusted and agile first up are pete gear and steve kenniston they're both senior cyber security consultants at dell technologies and they're going to talk about the company's philosophy and approach to trusted infrastructure and then we're going to speak to paris arcadi who's a senior consultant for storage at dell technologies to understand where and how storage plays in this trusted infrastructure world and then finally rob emsley who heads product marketing for data protection and cyber security he's going to take a deeper dive with rob into data protection and explain how it has become a critical component of a comprehensive cyber security strategy okay let's get started pete gear steve kenniston welcome to the cube thanks for coming into the marlboro studios today great to be here dave thanks dave good to see you great to see you guys pete start by talking about the security landscape you heard my little rap up front what are you seeing i thought you wrapped it up really well and you touched on all the key points right technology is ubiquitous today it's everywhere it's no longer confined to a monolithic data center it lives at the edge it lives in front of us it lives in our pockets and smartphones along with that is data and as you said organizations are managing sometimes 10 to 20 times the amount of data that they were just five years ago and along with that cyber crime has become a very profitable enterprise in fact it's been more than 10 years since uh the nsa chief actually called cyber crime the biggest transfer of wealth in history that was 10 years ago and we've seen nothing but accelerating cyber crime and really sophistication of how those attacks are perpetrated and so the new security landscape is really more of an evolution we're finally seeing security catch up with all of the technology adoption all the build out the work from home and work from anywhere that we've seen over the last couple of years we're finally seeing organizations and really it goes beyond the i t directors it's a board level discussion today security's become a board level discussion yeah i think that's true as well it's like it used to be the security was okay the secops team you're responsible for security now you've got the developers are involved the business lines are involved it's part of onboarding for most companies you know steve this concept of zero trust it was kind of a buzzword before the pandemic and i feel like i've often said it's now become a mandate but it's it's it's still fuzzy to a lot of people how do you guys think about zero trust what does it mean to you how does it fit yeah i thought again i thought your opening was fantastic in in this whole lead into to what is zero trust it had been a buzzword for a long time and now ever since the federal government came out with their implementation or or desire to drive zero trust a lot more people are taking a lot more seriously because i don't think they've seen the government do this but ultimately let's see ultimately it's just like you said right if if you don't have trust to those particular devices uh applications or data you can't get at it the question is and and you phrase it perfectly can you implement that as well as allow the business to be as agile as it needs to be in order to be competitive because we're seeing with your whole notion around devops and the ability to kind of build make deploy build make deploy right they still need that functionality but it also needs to be trusted it needs to be secure and things can't get away from you yeah so it's interesting we attended every uh reinforce since 2019 and the narrative there is hey everything in this in the cloud is great you know and this narrative around oh security is a big problem is you know doesn't help the industry the fact is that the big hyperscalers they're not strapped for talent but csos are they don't have the the capabilities to really apply all these best practices they're they're playing whack-a-mole so they look to companies like yours to take their r your r d and bake it into security products and solutions so what are the critical aspects of the so-called dell trusted infrastructure that we should be thinking about yeah well dell trusted infrastructure for us is a way for us to describe uh the the work that we do through design development and even delivery of our it system so dell trusted infrastructure includes our storage it includes our servers our networking our data protection our hyper converged everything that infrastructure always has been it's just that today customers consume that infrastructure at the edge as a service in a multi-cloud environment i mean i view the cloud as really a way for organizations to become more agile and to become more flexible and also to control costs i don't think organizations move to the cloud or move to a multi-cloud environment to enhance security so i don't see cloud computing as a panacea for security i see it as another attack surface and another uh aspect in front that organizations and and security organizations and departments have to manage it's part of their infrastructure today whether it's in their data center in a cloud or at the edge i mean i think it's a huge point because a lot of people think oh data's in the cloud i'm good it's like steve we've talked about oh why do i have to back up my data it's in the cloud well you might have to recover it someday so i don't know if you have anything to add to that or any additional thoughts on it no i mean i think i think like what pete was saying when it comes to when it comes to all these new vectors for attack surfaces you know people did choose the cloud in order to be more agile more flexible and all that did was open up to the csos who need to pay attention to now okay where can i possibly be attacked i need to be thinking about is that secure and part of the part of that is dell now also understands and thinks about as we're building solutions is it is it a trusted development life cycle so we have our own trusted development life cycle how many times in the past did you used to hear about vendors saying you got to patch your software because of this we think about what changes to our software and what implementations and what enhancements we deliver can actually cause from a security perspective and make sure we don't give up or or have security become a whole just in order to implement a feature we got to think about those things yeah and as pete alluded to our secure supply chain so all the way through knowing what you're going to get when you actually receive it is going to be secure and not be tampered with becomes vitally important and pete and i were talking earlier when you have tens of thousands of devices that need to be delivered whether it be storage or laptops or pcs or or whatever it is you want to be you want to know that that that those devices are can be trusted okay guys maybe pete you could talk about the how dell thinks about it's its framework and its philosophy of cyber security and then specifically what dell's advantages are relative to the competition yeah definitely dave thank you so we've talked a lot about dell as a technology provider but one thing dell also is is a partner in this larger ecosystem we realize that security whether it's a zero trust paradigm or any other kind of security environment is an ecosystem uh with a lot of different vendors so we look at three areas one is protecting data in systems we know that it starts with and ends with data that helps organizations combat threats across their entire infrastructure and what it means is dell's embedding security features consistently across our portfolios of storage servers networking the second is enhancing cyber resiliency over the last decade a lot of the funding and spending has been in protecting or trying to prevent cyber threats not necessarily in responding to and recovering from threats right we call that resiliency organizations need to build resiliency across their organization so not only can they withstand a threat but they can respond recover and continue with their operations and the third is overcoming security complexity security is hard it's more difficult because of the things we've talked about about distributed data distributed technology and and attack surfaces everywhere and so we're enabling organizations to scale confidently to continue their business but know that all all the i.t decisions that they're making um have these intrinsic security features and are built and delivered in a consistent security so those are kind of the three pillars maybe we could end on what you guys see as the key differentiators that people should know about that that dell brings to the table maybe each of you could take take a shot at that yeah i think first of all from from a holistic portfolio perspective right the uh secure supply chain and the secure development life cycle permeate through everything dell does when building things so we build things with security in mind all the way from as pete mentioned from from creation to delivery we want to make sure you have that that secure device or or asset that permeates everything from servers networking storage data protection through hyper converge through everything that to me is really a key asset because that means you can you understand when you receive something it's a trusted piece of your infrastructure i think the other core component to think about and pete mentioned as dell being a partner for making sure you can deliver these things is that even though those are that's part of our framework these pillars are our framework of how we want to deliver security it's also important to understand that we are partners and that you don't need to rip and replace but as you start to put in new components you can be you can be assured that the components that you're replacing as you're evolving as you're growing as you're moving to the cloud as you're moving to a more on-prem type services or whatever that your environment is secure i think those are two key things got it okay pete bring us home yeah i think one of one of the big advantages of dell is our scope and our scale right we're a large technology vendor that's been around for decades and we develop and sell almost every piece of technology we also know that organizations are might make different decisions and so we have a large services organization with a lot of experienced services people that can help customers along their security journey depending on whatever type of infrastructure or solutions that they're looking at the other thing we do is make it very easy to consume our technology whether that's traditional on-premise in a multi-cloud environment uh or as a service and so the best of breed technology can be consumed in any variety of fashion and know that you're getting that consistent secure infrastructure that dell provides well and dell's forgot the probably top supply chain not only in the tech business but probably any business and so you can actually take take your dog food and then and allow other billionaire champagne sorry allow other people to you know share share best practices with your with your customers all right guys thanks so much for coming thank you appreciate it okay keep it right there after this short break we'll be back to drill into the storage domain you're watching a blueprint for trusted infrastructure on the cube the leader in enterprise and emerging tech coverage be right back concern over cyber attacks is now the norm for organizations of all sizes the impact of these attacks can be operationally crippling expensive and have long-term ramifications organizations have accepted the reality of not if but when from boardrooms to i.t departments and are now moving to increase their cyber security preparedness they know that security transformation is foundational to digital transformation and while no one can do it alone dell technologies can help you fortify with modern security modern security is built on three pillars protect your data and systems by modernizing your security approach with intrinsic features and hardware and processes from a provider with a holistic presence across the entire it ecosystem enhance your cyber resiliency by understanding your current level of resiliency for defending your data and preparing for business continuity and availability in the face of attacks overcome security complexity by simplifying and automating your security operations to enable scale insights and extend resources through service partnerships from advanced capabilities that intelligently scale a holistic presence throughout it and decades as a leading global technology provider we'll stop at nothing to help keep you secure okay we're back digging into trusted infrastructure with paris sarcadi he's a senior consultant for product marketing and storage at dell technologies parasaur welcome to the cube good to see you great to be with you dave yeah coming from hyderabad awesome so i really appreciate you uh coming on the program let's start with talking about your point of view on what cyber security resilience means to to dell generally but storage specifically yeah so for something like storage you know we are talking about the data layer name and if you look at cyber security it's all about securing your data applications and infrastructure it has been a very mature field at the network and application layers and there are a lot of great technologies right from you know enabling zero trust advanced authentications uh identity management systems and so on and and in fact you know with the advent of you know the the use of artificial intelligence and machine learning really these detection tools for cyber securities have really evolved in the network and the application spaces so for storage what it means is how can you bring them to the data layer right how can you bring you know the principles of zero trust to the data layer uh how can you leverage artificial intelligence and machine learning to look at you know access patterns and make intelligent decisions about maybe an indicator of a compromise and identify them ahead of time just like you know how it's happening and other ways of applications and when it comes to cyber resilience it's it's basically a strategy which assumes that a threat is imminent and it's a good assumption with the severity of the frequency of the attacks that are happening and the question is how do we fortify the infrastructure in the switch infrastructure to withstand those attacks and have a plan a response plan where we can recover the data and make sure the business continuity is not affected so that's uh really cyber security and cyber resiliency and storage layer and of course there are technologies like you know network isolation immutability and all these principles need to be applied at the storage level as well let me have a follow up on that if i may the intelligence that you talked about that ai and machine learning is that do you do you build that into the infrastructure or is that sort of a separate software module that that points at various you know infrastructure components how does that work both dave right at the data storage level um we have come with various data characteristics depending on the nature of data we developed a lot of signals to see what could be a good indicator of a compromise um and there are also additional applications like cloud iq is the best example which is like an infrastructure wide health monitoring system for dell infrastructure and now we have elevated that to include cyber security as well so these signals are being gathered at cloud iq level and other applications as well so that we can make those decisions about compromise and we can either cascade that intelligence and alert stream upstream for uh security teams um so that they can take actions in platforms like sign systems xtr systems and so on but when it comes to which layer the intelligence is it has to be at every layer where it makes sense where we have the information to make a decision and being closest to the data we have we are basically monitoring you know the various parallels data access who is accessing um are they crossing across any geo fencing uh is there any mass deletion that is happening or a mass encryption that is happening and we are able to uh detect uh those uh patterns and flag them as indicators of compromise and in allowing automated response manual control and so on for it teams yeah thank you for that explanation so at dell technologies world we were there in may it was one of the first you know live shows that that we did in the spring certainly one of the largest and i interviewed shannon champion and a huge takeaway from the storage side was the degree to which you guys emphasized security uh within the operating systems i mean really i mean powermax more than half i think of the features were security related but also the rest of the portfolio so can you talk about the the security aspects of the dell storage portfolio specifically yeah yeah so when it comes to data security and broadly data availability right in the context of cyber resiliency dell storage this you know these elements have been at the core of our um a core strength for the portfolio and the source of differentiation for the storage portfolio you know with almost decades of collective experience of building highly resilient architectures for mission critical data something like power max system which is the most secure storage platform for high-end enterprises and now with the increased focus on cyber security we are extending those core technologies of high availability and adding modern detection systems modern data isolation techniques to offer a comprehensive solution to the customer so that they don't have to piece together multiple things to ensure data security or data resiliency but a well-designed and well-architected solution by design is delivered to them to ensure cyber protection at the data layer got it um you know we were talking earlier to steve kenniston and pete gear about this notion of dell trusted infrastructure how does storage fit into that as a component of that sort of overall you know theme yeah and you know and let me say this if you could adjust because a lot of people might be skeptical that i can actually have security and at the same time not constrict my organizational agility that's old you know not an ore it's an end how do you actually do that if you could address both of those that would be great definitely so for dell trusted infrastructure cyber resiliency is a key component of that and just as i mentioned you know uh air gap isolation it really started with you know power protect cyber recovery you know that was the solution more than three years ago we launched and that was first in the industry which paved way to you know kind of data isolation being a core element of data management and uh for data infrastructure and since then we have implemented these technologies within different storage platforms as well so that customers have the flexibility depending on their data landscape they can approach they can do the right data isolation architecture right either natively from the storage platform or consolidate things into the backup platform and isolate from there and and the other key thing we focus in trusted infrastructure dell infra dell trusted infrastructure is you know the goal of simplifying security for the customers so one good example here is uh you know being able to respond to these cyber threats or indicators of compromise is one thing but an i.t security team may not be looking at the dashboard of the storage systems constantly right storage administration admins may be looking at it so how can we build this intelligence and provide this upstream platforms so that they have a single pane of glass to understand security landscape across applications across networks firewalls as well as storage infrastructure and in compute infrastructure so that's one of the key ways where how we are helping simplify the um kind of the ability to uh respond ability to detect and respond these threads uh in real time for security teams and you mentioned you know about zero trust and how it's a balance of you know not uh kind of restricting users or put heavy burden on you know multi-factor authentication and so on and this really starts with you know what we're doing is provide all the tools you know when it comes to advanced authentication uh supporting external identity management systems multi-factor authentication encryption all these things are intrinsically built into these platforms now the question is the customers are actually one of the key steps is to identify uh what are the most critical parts of their business or what are the applications uh that the most critical business operations depend on and similarly identify uh mission critical data where part of your response plan where it cannot be compromised where you need to have a way to recover once you do this identification then the level of security can be really determined uh by uh by the security teams by the infrastructure teams and you know another you know intelligence that gives a lot of flexibility uh for for even developers to do this is today we have apis um that so you can not only track these alerts at the data infrastructure level but you can use our apis to take concrete actions like blocking a certain user or increasing the level of authentication based on the threat level that has been perceived at the application layer or at the network layer so there is a lot of flexibility that is built into this by design so that depending on the criticality of the data criticality of the application number of users affected these decisions have to be made from time to time and it's as you mentioned it's it's a balance right and sometimes you know if if an organization had a recent attack you know the level of awareness is very high against cyber attacks so for a time you know these these settings may be a bit difficult to deal with but then it's a decision that has to be made by security teams as well got it so you're surfacing what may be hidden kpis that are being buried inside for instance the storage system through apis upstream into a dashboard so that somebody could you know dig into the storage tunnel extract that data and then somehow you know populate that dashboard you're saying you're automating that that that workflow that's a great example and you may have others but is that the correct understanding absolutely and it's a two-way integration let's say a detector an attack has been detected at a completely different layer right in the application layer or at a firewall we can respond to those as well so it's a two-way integration we can cascade things up as well as respond to threats that have been detected elsewhere um uh through the api that's great all right hey api for power skill is the best example for that uh excellent so thank you appreciate that give us the last word put a bow on this and and bring this segment home please absolutely so a dell storage portfolio um using advanced data isolation um with air gap having machine learning based algorithms to detect uh indicators of compromise and having rigor mechanisms with granular snapshots being able to recover data and restore applications to maintain business continuity is what we deliver to customers uh and these are areas where a lot of innovation is happening a lot of product focus as well as you know if you look at the professional services all the way from engineering to professional services the way we build these systems the way we we configure and architect these systems um cyber security and protection is a key focus uh for all these activities and dell.com securities is where you can learn a lot about these initiatives that's great thank you you know at the recent uh reinforce uh event in in boston we heard a lot uh from aws about you know detent and response and devops and machine learning and some really cool stuff we heard a little bit about ransomware but i'm glad you brought up air gaps because we heard virtually nothing in the keynotes about air gaps that's an example of where you know this the cso has to pick up from where the cloud leaves off but that was in front and so number one and number two we didn't hear a ton about how the cloud is making the life of the cso simpler and that's really my takeaway is is in part anyway your job and companies like dell so paris i really appreciate the insights thank you for coming on thecube thank you very much dave it's always great to be in these uh conversations all right keep it right there we'll be right back with rob emsley to talk about data protection strategies and what's in the dell portfolio you're watching thecube data is the currency of the global economy it has value to your organization and cyber criminals in the age of ransomware attacks companies need secure and resilient it infrastructure to safeguard their data from aggressive cyber attacks [Music] as part of the dell technologies infrastructure portfolio powerstor and powermax combine storage innovation with advanced security that adheres to stringent government regulations and corporate compliance requirements security starts with multi-factor authentication enabling only authorized admins to access your system using assigned roles tamper-proof audit logs track system usage and changes so it admins can identify suspicious activity and act with snapshot policies you can quickly automate the protection and recovery process for your data powermax secure snapshots cannot be deleted by any user prior to the retention time expiration dell technologies also make sure your data at rest stays safe with power store and powermax data encryption protects your flash drive media from unauthorized access if it's removed from the data center while adhering to stringent fips 140-2 security requirements cloud iq brings together predictive analytics anomaly detection and machine learning with proactive policy-based security assessments monitoring and alerting the result intelligent insights that help you maintain the security health status of your storage environment and if a security breach does occur power protect cyber recovery isolates critical data identifies suspicious activity and accelerates data recovery using the automated data copy feature unchangeable data is duplicated in a secure digital vault then an operational air gap isolates the vault from the production and backup environments [Music] architected with security in mind dell emc power store and powermax provides storage innovation so your data is always available and always secure wherever and whenever you need it [Music] welcome back to a blueprint for trusted infrastructure we're here with rob emsley who's the director of product marketing for data protection and cyber security rob good to see a new role yeah good to be back dave good to see you yeah it's been a while since we chatted last and you know one of the changes in in my world is that i've expanded my responsibilities beyond data protection marketing to also focus on uh cyber security marketing specifically for our infrastructure solutions group so certainly that's you know something that really has driven us to you know to come and have this conversation with you today so data protection obviously has become an increasingly important component of the cyber security space i i don't think necessarily of you know traditional backup and recovery as security it's to me it's an adjacency i know some companies have said oh yeah now we're a security company they're kind of chasing the valuation for sure bubble um dell's interesting because you you have you know data protection in the form of backup and recovery and data management but you also have security you know direct security capability so you're sort of bringing those two worlds together and it sounds like your responsibility is to to connect those those dots is that right absolutely yeah i mean i think that uh the reality is is that security is a a multi-layer discipline um i think the the days of thinking that it's one uh or another um technology that you can use or process that you can use to make your organization secure uh are long gone i mean certainly um you actually correct if you think about the backup and recovery space i mean people have been doing that for years you know certainly backup and recovery is all about the recovery it's all about getting yourself back up and running when bad things happen and one of the realities unfortunately today is that one of the worst things that can happen is cyber attacks you know ransomware malware are all things that are top of mind for all organizations today and that's why you see a lot of technology and a lot of innovation going into the backup and recovery space because if you have a copy a good copy of your data then that is really the the first place you go to recover from a cyber attack and that's why it's so important the reality is is that unfortunately the cyber criminals keep on getting smarter i don't know how it happens but one of the things that is happening is that the days of them just going after your production data are no longer the only challenge that you have they go after your your backup data as well so over the last half a decade dell technologies with its backup and recovery portfolio has introduced the concept of isolated cyber recovery vaults and that is really the you know we've had many conversations about that over the years um and that's really a big tenant of what we do in the data protection portfolio so this idea of of cyber security resilience that definition is evolving what does it mean to you yeah i think the the analyst team over at gartner they wrote a very insightful paper called you will be hacked embrace the breach and the whole basis of this analysis is so much money has been spent on prevention is that what's out of balance is the amount of budget that companies have spent on cyber resilience and cyber resilience is based upon the premise that you will be hacked you have to embrace that fact and be ready and prepared to bring yourself back into business you know and that's really where cyber resiliency is very very different than cyber security and prevention you know and i think that balance of get your security disciplines well-funded get your defenses as good as you can get them but make sure that if the inevitable happens and you find yourself compromised that you have a great recovery plan and certainly a great recovery plan is really the basis of any good solid data protection backup and recovery uh philosophy so if i had to do a swot analysis we don't have to do the wot but let's focus on the s um what would you say are dell's strengths in this you know cyber security space as it relates to data protection um one is we've been doing it a long time you know we talk a lot about dell's data protection being proven and modern you know certainly the experience that we've had over literally three decades of providing enterprise scale data protection solutions to our customers has really allowed us to have a lot of insight into what works and what doesn't as i mentioned to you one of the unique differentiators of our solution is the cyber recovery vaulting solution that we introduced a little over five years ago five six years parapatek cyber recovery is something which has become a unique capability for customers to adopt uh on top of their investment in dell technologies data protection you know the the unique elements of our solution already threefold and it's we call them the three eyes it's isolation it's immutability and it's intelligence and the the isolation part is really so important because you need to reduce the attack surface of your good known copies of data you know you need to put it in a location that the bad actors can't get to it and that really is the the the the essence of a cyber recovery vault interestingly enough you're starting to see the market throw out that word um you know from many other places but really it comes down to having a real discipline that you don't allow the security of your cyber recovery vault to be compromised insofar as allowing it to be controlled from outside of the vault you know allowing it to be controlled by your backup application our cyber recovery vaulting technology is independent of the backup infrastructure it uses it but it controls its own security and that is so so important it's like having a vault that the only way to open it is from the inside you know and think about that if you think about you know volts in banks or volts in your home normally you have a keypad on the outside think of our cyber recovery vault as having its security controlled from inside of the vault so nobody can get in nothing can get in unless it's already in and if it's already in then it's trusted exactly yeah exactly yeah so isolation is the key and then you mentioned immutability is the second piece yeah so immutability is is also something which has been around for a long time people talk about uh backup immunoability or immutable backup copies so immutability is just the the the additional um technology that allows the data that's inside of the vault to be unchangeable you know but again that immutability you know your mileage varies you know when you look across the uh the different offers that are out there in the market especially in the backup industry you make a very valid point earlier that the backup vendors in the market seems to be security washing their marketing messages i mean everybody is leaning into the ever-present danger of cyber security not a bad thing but the reality is is that you have to have the technology to back it up you know quite literally yeah no pun intended and then actually pun intended now what about the intelligence piece of it uh that's that's ai ml where does that fit for sure so the intelligence piece is delivered by um a solution called cybersense and cybersense for us is what really gives you the confidence that what you have in your cyber recovery vault is a good clean copy of data so it's looking at the backup copies that get driven into the cyber vault and it's looking for anomalies so it's not looking for signatures of malware you know that's what your antivirus software does that's what your endpoint protection software does that's on the prevention side of the equation but what we're looking for is we're looking to ensure that the data that you need when all hell breaks loose is good and that when you get a request to restore and recover your business you go right let's go and do it and you don't have any concern that what you have in the vault has been compromised so cyber sense is really a unique analytic solution in the market based upon the fact that it isn't looking at cursory indicators of of um of of of malware infection or or ransomware introduction it's doing full content analytics you know looking at you know has the data um in any way changed has it suddenly become encrypted has it suddenly become different to how it was in the previous scan so that anomaly detection is very very different it's looking for um you know like different characteristics that really are an indicator that something is going on and of course if it sees it you immediately get flagged but the good news is is that you always have in the vault the previous copy of good known data which now becomes your restore point so we're talking to rob emsley about how data protection fits into what dell calls dti dell trusted infrastructure and and i want to come back rob to this notion of and not or because i think a lot of people are skeptical like how can i have great security and not introduce friction into my organization is that an automation play how does dell tackle that problem i mean i think a lot of it is across our infrastructure is is security has to be built in i mean intrinsic security within our servers within our storage devices uh within our elements of our backup infrastructure i mean security multi-factor authentication you know elements that make the overall infrastructure secure you know we have capabilities that you know allow us to identify whether or not configurations have changed you know we'll probably be talking about that a little bit more to you later in the segment but the the essence is is um security is not a bolt-on it has to be part of the overall infrastructure and that's so true um certainly in the data protection space give us the the bottom line on on how you see dell's key differentiators maybe you could talk about dell of course always talks about its portfolio but but why should customers you know lead in to dell in in this whole cyber resilience space um you know staying on the data protection space as i mentioned the the the work we've been doing um to introduce this cyber resiliency solution for data protection is in our opinion as good as it gets you know the you know you've spoken to a number of our of our best customers whether it be bob bender from founders federal or more recently at delton allergies world you spoke to tony bryson from the town of gilbert and these are customers that we've had for many years that have implemented cyber recovery vaults and at the end of the day they can now sleep at night you know that's really the the peace of mind that they have is that the insurance that a data protection from dell cyber recovery vault a parapatex cyber recovery solution gives them you know really allows them to you know just have the assurance that they don't have to pay a ransom if they have a an insider threat issue and you know all the way down to data deletion is they know that what's in the cyber recovery vault is good and ready for them to recover from great well rob congratulations on the new scope of responsibility i like how you know your organization is expanding as the threat surface is expanding as we said data protection becoming an adjacency to security not security in and of itself a key component of a comprehensive security strategy rob emsley thank you for coming back in the cube good to see you again you too dave thanks all right in a moment i'll be back to wrap up a blueprint for trusted infrastructure you're watching the cube every day it seems there's a new headline about the devastating financial impacts or trust that's lost due to ransomware or other sophisticated cyber attacks but with our help dell technologies customers are taking action by becoming more cyber resilient and deterring attacks so they can greet students daily with a smile they're ensuring that a range of essential government services remain available 24 7 to citizens wherever they're needed from swiftly dispatching public safety personnel or sending an inspector to sign off on a homeowner's dream to protecting restoring and sustaining our precious natural resources for future generations with ever-changing cyber attacks targeting organizations in every industry our cyber resiliency solutions are right on the money providing the security and controls you need we help customers protect and isolate critical data from ransomware and other cyber threats delivering the highest data integrity to keep your doors open and ensuring that hospitals and healthcare providers have access to the data they need so patients get life-saving treatment without fail if a cyber incident does occur our intelligence analytics and responsive team are in a class by themselves helping you reliably recover your data and applications so you can quickly get your organization back up and running with dell technologies behind you you can stay ahead of cybercrime safeguarding your business and your customers vital information learn more about how dell technology's cyber resiliency solutions can provide true peace of mind for you the adversary is highly capable motivated and well equipped and is not standing still your job is to partner with technology vendors and increase the cost of the bad guys getting to your data so that their roi is reduced and they go elsewhere the growing issues around cyber security will continue to drive forward thinking in cyber resilience we heard today that it is actually possible to achieve infrastructure security while at the same time minimizing friction to enable organizations to move quickly in their digital transformations a xero trust framework must include vendor r d and innovation that builds security designs it into infrastructure products and services from the start not as a bolt-on but as a fundamental ingredient of the cloud hybrid cloud private cloud to edge operational model the bottom line is if you can't trust your infrastructure your security posture is weakened remember this program is available on demand in its entirety at thecube.net and the individual interviews are also available and you can go to dell security solutions landing page for for more information go to dell.com security solutions that's dell.com security solutions this is dave vellante thecube thanks for watching a blueprint for trusted infrastructure made possible by dell we'll see you next time

[Music] okay we're back digging into trusted infrastructure with paris our godaddy he's a senior consultant for product marketing and storage at dell technologies parasite welcome to the cube good to see you great to be with you dave yeah coming from hyderabad awesome so i really appreciate you uh coming on the program let's start with talking about your point of view on what cyber security resilience means to to dell generally but storage specifically yeah so for something like storage you know we are talking about the data layer name and if you look at cyber security it's all about securing your data applications and infrastructure it has been a very mature field at the network and application layers and there are a lot of great technologies right from you know enabling zero trust uh advanced authentications uh identity management systems and so on and and in fact you know with the advent of you know the the use of artificial intelligence and machine learning really these detection tools for cyber securities have really evolved in the network and the application spaces so for storage what it means is how can you bring them to the data layer right how can you bring you know the principles of zero trust to the data layer how can you leverage artificial intelligence and machine learning to look at you know access patterns and make intelligent decisions about maybe an indicator of a compromise and identify them ahead of time just like you know how it's happening in other words of of applications and when it comes to cyber resilience it's it's basically a strategy which assumes that a threat is imminent and it's a good assumption with the severity and the frequency of the attacks that are happening and the question is how do we fortify the infrastructure in the switch infrastructure to withstand those attacks and have a plan a response plan where we can recover the data and make sure the business continuity is not affected so that's uh really cyber security and cyber resiliency and storage layer and of course there are technologies like you know um in network isolation um immutability and all these principles need to be applied at the storage level as well let me have a follow up on that if i may the intelligence that you talked about that ai and machine learning is that do you do you build that into the infrastructure or is that sort of a separate software module that that points at various you know infrastructure components how does that work both dave um right at the data storage level um we have come with various data characteristics depending on the nature of data we developed a lot of signals to see what could be a good indicator of a compromise um and there are also additional applications like cloud iq is the best example which is like an infrastructure-wide health monitoring system for dell infrastructure and now we have elevated that to include cyber security as well so these signals are being gathered at cloud iq level and other applications as well so that we can make those decisions about compromise and we can either cascade that intelligence and alert stream upstream for uh security teams um so that they can take actions in platforms like sign systems xtr systems and so on but when it comes to which layer the intelligence is it has to be at every layer where it makes sense where we have the information to make a decision and being closest to the data we have we are basically monitoring you know the various parallels data access who is accessing um are they crossing across any geo fencing is there any mass deletion that is happening or mass encryption that is happening and we are able to uh detect uh those uh patterns and flag them as indicators of compromise and in allowing automated response manual control and so on for iot teams yeah thank you for that explanation so at dell technologies world we were there in may it was one of the first you know live shows that that we did in the spring certainly one of the largest and i interviewed shannon champion and my huge takeaway from the storage side was the degree to which you guys uh emphasized security uh within the operating systems i mean really i mean powermax more than half i think of the features were security related but also the rest of the portfolio so can you talk about the the security aspects of the dell storage portfolio specifically yeah yeah so when it comes to data security and broadly data availability right in the context of cyber resiliency um dell storage uh this you know these elements have been at the core of our um a core strength for the portfolio and a source of differentiation for the storage portfolio you know with almost decades of collective experience of building highly resilient architectures for mission critical data something like power max system which is the most secure storage platform for high-end enterprises um and now with the increased focus on cyber security we are extending those core technologies of high availability and adding modern detection systems modern data isolation techniques to offer a comprehensive solution to the customer so that they don't have to piece together multiple things to ensure data security or data resiliency but a well-designed and well-architected solution by design is delivered to them to ensure cyber protection at the data layer got it um you know we were talking earlier to steve kenniston and pete gear about this notion of dell trusted infrastructure how does storage fit into that as a component of that sort of overall you know theme yeah and you know and let me say this if you could address because a lot of people might be skeptical that i can actually have security and at the same time not constrict my organizational agility that's old you know not an ore it's an end how do you actually do that if you could address both of those that would be great definitely so for dell trusted infrastructure cyber resiliency is a key component of that and just as i mentioned you know uh air gap isolation it really started with you know power protect cyber recovery you know that was the solution more than three years ago we launched and that was first in the industry which paved way to you know kind of data isolation being a core element of data management and uh for data infrastructure and since then we have implemented these technologies within different storage platforms as well so that customers have the flexibility depending on their data landscape they can approach they can do the right data isolation architecture right either natively from the storage platform or consolidate things into the backup platform and isolate from there and and the other key thing we focus in trusted infrastructure dell infra dell trusted infrastructure is you know the goal of simplifying security for the customers so one good example here is uh you know being able to respond to these cyber threats or indicators of compromise is one thing but an i.t security team may not be looking at the dashboard of the storage systems constantly right storage administration admins may be looking at it so how can we build this intelligence and provide this upstream platforms so that they have a single pane of glass to understand security landscape across applications across networks firewalls as well as storage infrastructure and and compute infrastructure so that's one of the key ways where how we are helping simplify the um kind of the ability to uh respond ability to detect and respond these threads uh in real time for security teams and you mentioned you know about zero trust and how it's a balance of you know not uh kind of restricting users or put heavy burden on you know multi-factor authentication and so on and this really starts with you know what we are doing is provide all the tools you know when it comes to advanced authentication uh supporting external identity management systems multi-factor authentication encryption all these things are intrinsically built into these platforms now the question is the customers are actually one of the key steps is to identify uh what are the most critical parts of their business or what are the applications uh that the most critical uh business operations depend on and similarly identify uh mission critical data where part of your response plan where it cannot be compromised where you need to have a way to recover once you do this identification then the level of security can be really determined uh by uh by the security teams by the infrastructure teams and you know another you know intelligence that gives a lot of flexibility uh for for even developers to do this is today we have apis um that so you can not only track these alerts at the data infrastructure level but you can use our apis to take concrete actions like blocking a certain user or increasing the level of authentication based on the threat level that has been perceived at the application layer or at the network layer so there is a lot of flexibility that is built into this by design so that depending on the criticality of the data criticality of the application number of users affected these decisions have to be made from time to time and it's as you mentioned it's it's a balance right and sometimes you know if if an organization had a recent attack you know the level of awareness is very high uh against cyber attacks so for a time you know these these settings may be a bit difficult to deal with but then it's a decision that has to be made by security teams as well got it so you're surfacing what may be hidden kpis that are buried inside for instance the storage system through apis upstream into a dashboard so that somebody could you know dig into the storage tunnel extract that data and then somehow you know populate that dashboard you're saying you're automating that that that workflow that's a great example and you may have others but is that the correct understanding absolutely and it's a two-way integration let's say a detector an attack has been detected at a completely different layer right in the application layer or at a firewall we can respond to those as well so it's a two-way integration we can cascade things up as well as uh respond to uh threats that have been detected elsewhere um through the api that's great all right api for power scale is the best example for that uh excellent so thank you appreciate that give us the last word put a bow on this and and bring this segment home please absolutely so a dell storage portfolio um using advanced data isolation with air gap having machine learning based algorithms to detect uh indicators of compromise and having rigor mechanisms with granular snapshots being able to recover data and restore applications to maintain business continuity is what we deliver to customers uh and these are areas where a lot of innovation is happening a lot of product focus as well as you know if you look at the professional services all the way from engineering to professional services the way we build these systems the way we we configure and architect these systems uh cyber security and protection uh is a key focus uh for all these activities and dell.com securities is where you can learn a lot about these initiatives that's great thank you you know at the recent uh reinforce uh event in in boston we heard a lot uh from aws about you know detent and response and devops and machine learning and some really cool stuff we heard a little bit about ransomware but i'm glad you brought up air gaps because we heard virtually nothing in the keynotes about air gaps that's an example of where you know this the cso has to pick up from where the cloud leaves off that was in front and so number one and number two we didn't hear a ton about how the cloud is making the life of the cso simpler and that's really my takeaway is is in part anyway your job and companies like dell so paris i really appreciate the insights thank you for coming on thecube thank you very much dave it's always great to be in these uh conversations all right keep it right there we'll be right back with rob emsley to talk about data protection strategies and what's in the dell portfolio you're watching the cube [Music] you

>> From theCUBE studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> Techniques to protect sensitive data have evolved over thousands of years literally. The pace of modern data protection is rapidly accelerating and presents both opportunities and threats for organizations. In particular, the amount of data stored in the cloud combined with hybrid work models, the clear and present threat of cyber crime, regulatory edicts and the ever expanding edge and associated use cases should put CXOs on notice that the time is now to rethink your data protection strategies. Hello, and welcome to this week's Wikibon theCUBE Insights powered by ETR. In this Breaking Analysis, we're going to explore the evolving world of data protection and share some information on how we see the market changing in the competitive landscape for some of the top players. Steve Kenniston AKA the Storage Alchemist shared a story with me and it was pretty clever. Way back in 4,000 BC the Sumerians invented the first system of writing. Now they used clay tokens to represent transactions at that time. Now, to prevent messing with these tokens, they sealed them in clay jars to ensure that the tokens or either data would remain secure with an accurate record, let's call it quasi immutable and lived in a clay vault. Since that time, we've seen quite an evolution in data protection. Tape, of course, was the main means of protecting data, backing data up during most of the mainframe era and that carried into client server computing, which really accentuated and underscored the issues around backup windows and challenges with RTO, Recovery Time Objective and RPO, Recovery Point Objective, and just overall recovery nightmares. Then in the 2000s data reduction made displace backup more popular and push tape into an archive last resort media data domain then EMC now Dell still sell many purpose built backup appliances as do others as a primary backup target disc base. The rise of virtualization brought more changes in backup and recovery strategies as a reduction in physical resources squeezed the one application that wasn't under utilizing compute i.e backup. And we saw the rise of Veeam, the cleverly named company that became synonymous with data protection for virtual machines. Now the cloud has created new challenges related to data sovereignty, governance latency, copy creep, expense, et cetera but more recently cyber threats have elevated data protection to become a critical adjacency to information security. Cyber resilience to specifically protect against ransomware attacks as the new trend being pushed by the vendor community as organizations are urgently looking for help with this insidious threat. Okay, so there are two major disruptors that we're going to talk about today, the cloud and cyber crime, especially around ransoming your data. Every customer is using the cloud in some way, shape or form. Around 76% are using multiple clouds that's according to a recent study by HashiCorp. We've talked extensively about skill shortages on theCUBE and data protection and security concerns are really key challenges to address given that skill shortage is a real talent gap in terms of being able to throw people at solving this problem. So what customers are doing they're either building out or they're buying, really mostly building abstraction layers to hide the underlying cloud complexity. So, what this does, the good news is it simplifies provisioning and management but it creates problems around opacity. In other words, you can't see sometimes what's going on with the data, these challenges fundamentally become data problems in our view. Things like fast, accurate, and complete backup recovery, compliance, data sovereignty, data sharing, I mentioned copy creep, cyber resiliency, privacy protections these are all challenges brought to fore by the cloud, the advantages, the pros and the cons. Now, remote workers are especially vulnerable and as clouds expand rapidly data protection technologies are struggling to keep pace. So let's talk briefly about the rapidly expanding public cloud. This chart shows worldwide revenue for the big four hyperscalers, as you can see we projected they're going to surpass $115 billion in revenue in 2021, that's up from 86 billion last year. So it's a huge market, it's growing in the 35% range. The interesting thing is last year, 80 plus billion dollars in revenue but a 100 billion dollars was spent last year by these firms in CapEx. So they're building out infrastructure for the industry. This is a gift to the balance of the industry. Now to date legacy vendors and their surrounding community have been pretty defensive around the cloud, "Oh, not everything is going to move to the cloud, it's not a zero sum game we here." And while that's all true the narrative was really kind of a defense posture and that's starting to change as large tech companies like Dell, IBM, Cisco, HPE, and others see opportunities to build on top of this infrastructure. You certainly see that with Arvind Krishna's comments at IBM, Cisco obviously leaning in from a networking and security perspective. HPE using language that is very much cloud-like with its GreenLake strategy. And of course, Dell is all over this. Let's listen to how Michael Dell is thinking about this opportunity when he was questioned on theCUBE by John Furrier about the cloud. Play the clip. >> Well, clouds are infrastructure, right? So you can have a public cloud, you can have an edge cloud, a private cloud, a Telco cloud, a hybrid cloud, multicloud, here cloud, there cloud, everywhere cloud, cloud. Yet, they'll all be there, but it's basically infrastructure. And how do you make that as easy to consume and create the flexibility that enables everything. >> Okay, so in my view, Michael nailed it, the cloud is everywhere. You have to make it easy and you have to admire the scope of his comments. We know this guy, he thinks big, right? He said enables everything. What he's basically saying is that, technology is at the point where it has the potential to touch virtually every industry, every person, every problem, everything. So let's talk about how this informs the changing world of data protection. Now, we've seen with the pandemic there's an acceleration toward digital and that has caused an escalation if you will, in the data protection mandate. So essentially what we're talking about here is the application of Michael Dell's cloud everywhere comments. You've got on-prem, private clouds, hybrid clouds, you've got public clouds across AWS, Azure, Google, Alibaba, really those big four hyperscalers. You got many clouds that are popping up all over the place, but multicloud to that HashiCorp data point, 75, 76%, and then you now see the cloud expanding out to the edge, programmable infrastructure heading out to the edge. So the opportunity here to build the data protection cloud is to have the same experiences across all these estates with automation and orchestration in that cloud, that data protection cloud if you will. So think of it as an abstraction layer that hides that underlying complexity, you log into that data protection cloud it's the same experience. So you've got backup, you've got recovery, you can handle bare-metal, you can do virtualized backups and recoveries, any cloud, any OS, out to the edge, Kubernetes and container use cases, which is an emerging data protection requirement and you've got analytics, perhaps you've got PII, Personally Identifiable Information protection in there. So the attributes of this data protection cloud, again, it abstracts the underlying cloud primitives, takes care of that. It also explodes cloud native technologies. In other words, it takes advantage of whether it's machine learning, which all the big cloud players have expertise in, new processor models things like Graviton and other services that are in the cloud natively. It doesn't just wrap it's on-prem stack in a container and shove it into the cloud, no, it actually re architects or architects around those cloud native services and it's got distributed metadata to track files and volumes and any organizational data irrespective of location. And it enables sets of services to intelligently govern in a federated governance manner while ensuring data integrity and all this is automated and orchestrated to help with the skills gap. Now, as it relates to cyber recovery, air gap solutions must be part of the portfolio, but managed outside of that data protection cloud that we just briefly described. The orchestration and the management must also be gapped if you will, otherwise, you don't have an air gap. So all of this is really a cohort to cyber security or your cybersecurity strategy and posture, but you have to be careful here because your data protection strategy could get lost in this mess. So you want to think about the data protection cloud as again, an adjacency or maybe an overlay to your cybersecurity approach, not a bolt on it's got to be fundamentally architectured from the bottom up. And yes, this is going to maybe create some overheads and some integration challenges but this is the way in which we think you should think about it. So you'll likely need a partner to do this, again, we come back to the skills gap if were seeing the rise of MSPs, managed service providers and specialist service providers, not public cloud providers, people are concerned about lock-in and that's really not their role. They're not high touch services company, probably not your technology arms dealer, excuse me, they're selling technology to these MSPs. So the MSPs, they have intimate relationships with their customers. They understand their business and specialize in architecting solutions to handle these difficult challenges. So let's take a look at some of the risk factors here and dig a little bit into the cyber threat that organizations face. This is a slide that, again, the Storage Alchemists, Steve Kenniston shared with me, it's based on a study that IBM funds with the Panama Institute, which is a firm that studies these things like cost of breaches and has for many, many, many years. The slide shows the total cost of a typical breach within each dot and on the Y-axis and the frequency in percentage terms on the horizontal axis. Now it's interesting, the top two are compromised credentials and fishing, which once again proves that bad user behavior trumps good security every time. But the point here is that the adversary's attack vectors are many and specific companies often specialize in solving these problems often with point products, which is why the slide that we showed from Optiv earlier, that messy slide looks so cluttered. So it's a huge challenge for companies, and that's why we've seen the emergence of cyber recovery solutions from virtually all the major players. Ransomware and the SolarWinds hack have made trust the number one issue for CEOs and CSOs and boards of directors, shifting CSO spending patterns are clear. Shifting largely because they're catalyzed by the work from home. But outside of the moat to endpoint security identity and access management, cloud security, the horizontal network security. So security priorities and spending are changing that's why you see the emergence of disruptors like we've covered extensively, Okta, Crowdstrike, Zscaler. And cyber resilience is top of mind and robust solutions are required and that's why companies are building cyber recovery solutions that are most often focused on the backup corpus because that's a target for the bad guys. So there is an opportunity, however to expand from just the backup corpus to all data and protect this kind of 3-2-1, or maybe it's 3-2-1-1, three copies, two backups, a backup in the cloud and one that's air gapped. So this can be extended to primary storage, copies, snaps, containers, data in motion, et cetera, to have a comprehensive data protection strategy. Customers as I said earlier, increasingly looking to manage service providers and specialists because of that skills gap and that's a big reason why automation is so important in orchestration. And automation and orchestration I'll emphasize on the air gap solutions should be separated physically and logically. All right, now let's take a look at some of the ETR data and some of the players. This is a chart that we like to show often, it's a X, Y axis, and the Y-axis is net score, which is a measure of spending momentum and the horizontal axis is market share. Now market share is an indicator of pervasiveness in the survey. It's not spending market share, it's not market share of the overall market, it's a term that ETR uses. It's essentially market share of the responses within the survey set, think of it as mind share. Okay, you've got the pure plays here on this slide in the storage category, there is no data protection or backup category so what we've done is we've isolated the pure plays or close to pure plays in backup and data protection. Notice that red line, that red line is kind of our subjective view of anything that's over that 40% line is elevated, you can see only rubric in the July survey is over that 40% line. I'll show you the ends in a moment. Smaller ends, but still rubric is the only one. Now look at Cohesity and rubric in the January, 2020. So last year pre-pandemic Cohesity and Rubrik they've come well off their peaks for net score. Look at Veeam, Veeam having studied this data for the last say 24 plus months, Veeam has been Steady Eddie. It is really always in the mid to high 30s, always shows a large shared end so it's coming up in the survey, customers are mentioning Veeam and it's got a very solid net score. It's not above that 40% line but it's hovering just below consistently, that's very impressive. Commvault has steadily been moving up. Sanjay Mirchandani has made some acquisitions, he did the Hedvig acquisition. They launched metallic that's driving cloud affinity within a Commvault large customer base so it's a good example of a legacy player, pivoting and evolving and transforming itself. Veritas continues to underperform in the ETR surveys relative to the other players. Now, for context, let's say add IBM and Dell to the chart. Now just note, this is IBM and Dell's full storage portfolio. The category in the taxonomy at ETR is all storage. Okay, this previous slide I isolated on the pure plays, but this now adds in IBM and Dell. It probably representative of where they would be, probably Dell larger on the horizontal axis than IBM, of course and you could see the spending momentum in accordingly. So you could see that in the data chart that we've inserted. So smaller ends for Rubrik and Cohesity, but still enough to pay attention, it's not like one or two when you're 20 plus, 15 plus, 25 plus you can start to pay attention to trends. Veeam again is very impressive. Its net score is solid, it's got a consistent presence in the dataset, it's clear leader here. SimpliVity is small but it's improving relative to last several surveys and we talked about Commvault. Now, I want to emphasize something that we've been hitting on for quite some time now and that's the renaissance that's coming in compute. Now we all know about Moore's law, the doubling of transistor density every two years, 18 to 24 months and that leads to a doubling of performance in that time frame. X86, that X86 curve is in the blue and if you do the math, this is expressed in trillions of operations per second. The orange line is a representative of Apple's A series culminating in the A-15 most recently, the A series is what Apple is now... It's the technology basis for what's inside, and one the new Apple laptops, which is replacing Intel. That's that orange line there we'll come back to that. So go back to the blue line for a minute. If you do the math on doubling performance every 24 months, it comes out to roughly 40% annual improvement in processing power per year. That's now moderated. So Moore's law is waning in one sense so we wrote a piece Moore's law is not dead so I'm sort of contradicting myself there, but the traditional Moore's law curve on X86 is waning. It's probably now down to around 30%, low 30s, but look at the orange line. Again, using the A series as an indicator, if you combine the CPU, the NPU, which is the neural processing unit, XPU, pick whatever PU you want, the accelerators, the DSPs, that line is growing at a 100% plus per year. It's probably more accurately around 110% a year. So there's a new industry curve occurring and it's being led by the Arm ecosystem. The other key factor there you see in a lot of use cases, a lot of consumer use cases Apple is an example but you're also seeing it in things like Tesla, Amazon with AWS Graviton, the Annapurna acquisition, building out Graviton and Nitro that's based on Arm. You can get from design to tape out in less than two years Whereas the Intel cycles we know they've been running it four to five years now, maybe Pat Gelsinger is compressing those, but Intel is behind. So, organizations that are on that orange curve are going to see faster acceleration, lower cost, lower power, et cetera. All right, so what's the tie to data protection? I'm going to leave you with this chart. Arm has introduced it's confidential compute architecture, and is ushering in a new era of security and data protection. Zero Trust is the new mandate and what Arm has done with what they call realms is create physical separation of the vulnerable components by creating essentially physical buckets to put code in and to put data in separate from the OS. Remember the OS is the most valuable entry point for hackers or one of them because it contains privileged access and it's a weak link because of things like memory leakages and vulnerabilities. And malicious code can be placed by bad guys within data in the OS and appear benign even though it's anything but. So in this architecture, all the OS does is create API calls to the realm controller. That's the only interaction. So it makes it much harder for bad actors to get access to the code and the data. And importantly, very importantly, it's an end-to-end architecture so there's protection throughout if you're pulling data from the edge and bringing it back to on-prem and the cloud you've got that end-to-end architecture and protection throughout. So the link to data protection is that backup software vendors need to be the most trusted of applications. Backup software needs to be the most trusted of applications because it's one of the most targeted areas in the cyber attack. Realms provide an end-to-end separation of data and code from the OS and is a better architectural construct to support Zero Trust and confidential computing and critical use cases like data protection/backup and other digital business apps. So our call to action is backup software vendors you can lead the charge. Arm is several years ahead at the moment, head of Intel in our view. So you got to pay attention to that, research that, we're not saying over rotate, but go investigate that. And use your relationships with Intel to accelerate its version of this architecture or ideally the industry should agree on common standards and solve this problem together. Pat Gelsinger told us in theCUBE that if it's the last thing he's going to do in his industry life he's going to solve this security problem. That's when he was at VMware. Well, Pat you're even in a better place to do it now, you don't have to solve it yourself, you can't and you know that. So while you're going about your business saving Intel, look to partner with Arm I know it sounds crazy to use these published APIs and push to collaborate on an open source architecture that addresses the cyber problem. If anyone can do it, you can. Okay, that's it for today. Remember, these episodes are all available as podcasts all you got to do is search Breaking Analysis podcast, I publish weekly on Wikibon.com and SiliconANGLE.com. Or you can reach me at dvellante on Twitter, email me at Dave.Vellante@SiliconANGLE.com. And don't forget to check out ETR.plus for all the survey and data action. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching everybody, be well and we'll see you next time. (upbeat music)

>> From theCUBE studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is braking analysis with Dave Vellante. >> Techniques to protect sensitive data have evolved over thousands of years, literally. The pace of modern data protection is rapidly accelerating and presents both opportunities and threats for organizations. In particular, the amount of data stored in the cloud combined with hybrid work models, the clear and present threat of cyber crime, regulatory edicts, and the ever expanding edge and associated use cases should put CXOs on notice that the time is now to rethink your data protection strategies. Hello, and welcome to this week's Wikibon Cube Insights powered by ETR. In this breaking analysis, we're going to explore the evolving world of data protection and share some information on how we see the market changing in the competitive landscape for some of the top players. Steve Kenniston, AKA the Storage Alchemist, shared a story with me, and it was pretty clever. Way back in 4000 BC, the Sumerians invented the first system of writing. Now, they used clay tokens to represent transactions at that time. Now, to prevent messing with these tokens, they sealed them in clay jars to ensure that the tokens, i.e the data, would remain secure with an accurate record that was, let's call it quasi, immutable, and lived in a clay vault. And since that time, we've seen quite an evolution of data protection. Tape, of course, was the main means of protecting data and backing data up during most of the mainframe era. And that carried into client server computing, which really accentuated and underscored the issues around backup windows and challenges with RTO, recovery time objective and RPO recovery point objective. And just overall recovery nightmares. Then in the 2000's data reduction made disk-based backup more popular and pushed tape into an archive last resort media. Data Domain, then EMC, now Dell still sell many purpose-built backup appliances as do others as a primary backup target disc-based. The rise of virtualization brought more changes in backup and recovery strategies, as a reduction in physical resources squeezed the one application that wasn't under utilizing compute, i.e, backup. And we saw the rise of Veem, the cleverly-named company that became synonymous with data protection for virtual machines. Now, the cloud has created new challenges related to data sovereignty, governance, latency, copy creep, expense, et cetera. But more recently, cyber threats have elevated data protection to become a critical adjacency to information security. Cyber resilience to specifically protect against attacks is the new trend being pushed by the vendor community as organizations are urgently looking for help with this insidious threat. Okay, so there are two major disruptors that we're going to talk about today, the cloud and cyber crime, especially around ransoming your data. Every customer is using the cloud in some way, shape, or form. Around 76% are using multiple clouds, that's according to a recent study by Hashi Corp. We've talked extensively about skill shortages on theCUBE, and data protection and security concerns are really key challenges to address, given that skill shortage is a real talent gap in terms of being able to throw people at solving this problem. So what customers are doing, they're either building out or they're buying really mostly building abstraction layers to hide the underlying cloud complexity. So what this does... The good news is it's simplifies provisioning and management, but it creates problems around opacity. In other words, you can't see sometimes what's going on with the data. These challenges fundamentally become data problems, in our view. Things like fast, accurate, and complete backup recovery, compliance, data sovereignty, data sharing. I mentioned copy creep, cyber resiliency, privacy protections. These are all challenges brought to fore by the cloud, the advantages, the pros, and the cons. Now, remote workers are especially vulnerable. And as clouds span rapidly, data protection technologies are struggling to keep pace. So let's talk briefly about the rapidly-expanding public cloud. This chart shows worldwide revenue for the big four hyperscalers. As you can see, we projected that they're going to surpass $115 billion in revenue in 2021. That's up from 86 billion last year. So it's a huge market, it's growing in the 35% range. The interesting thing is last year, 80-plus billion dollars in revenue, but 100 billion dollars was spent last year by these firms in cap ex. So they're building out infrastructure for the industry. This is a gift to the balance of the industry. Now to date, legacy vendors and the surrounding community have been pretty defensive around the cloud. Oh, not everything's going to move to the cloud. It's not a zero sum game we hear. And while that's all true, the narrative was really kind of a defensive posture, and that's starting to change as large tech companies like Dell, IBM, Cisco, HPE, and others see opportunities to build on top of this infrastructure. You certainly see that with Arvind Krishna comments at IBM, Cisco obviously leaning in from a networking and security perspective, HPE using language that is very much cloud-like with its GreenLake strategy. And of course, Dell is all over this. Let's listen to how Michael Dell is thinking about this opportunity when he was questioned on the queue by John Furrier about the cloud. Play the clip. So in my view, Michael nailed it. The cloud is everywhere. You have to make it easy. And you have to admire the scope of his comments. We know this guy, he thinks big. He said, "Enables everything." He's basically saying is that technology is at the point where it has the potential to touch virtually every industry, every person, every problem, everything. So let's talk about how this informs the changing world of data protection. Now, we all know, we've seen with the pandemic, there's an acceleration in toward digital, and that has caused an escalation, if you will, in the data protection mandate. So essentially what we're talking about here is the application of Michael Dell's cloud everywhere comments. You've got on-prem, private clouds, hybrid clouds. You've got public clouds across AWS, Azure, Google, Alibaba. Really those are the big four hyperscalers. You got many clouds that are popping up all their place. But multi-cloud, to that Hashi Corp data point, 75, 70 6%. And then you now see the cloud expanding out to the edge, programmable infrastructure heading out to the edge. So the opportunity here to build the data protection cloud is to have the same experiences across all these estates with automation and orchestration in that cloud, that data protection cloud, if you will. So think of it as an abstraction layer that hides that underlying complexity, you log into that data protection cloud, it's the same experience. So you've got backup, you've got recovery, you can handle bare metal. You can do virtualized backups and recoveries, any cloud, any OS, out to the edge, Kubernetes and container use cases, which is an emerging data protection requirement. And you've got analytics, perhaps you've got PII, personally identifiable information protection in there. So the attributes of this data protection cloud, again, abstracts the underlying cloud primitives, takes care of that. It also explodes cloud native technologies. In other words, it takes advantage of whether it's machine learning, which all the big cloud players have expertise in, new processor models, things like graviton, and other services that are in the cloud natively. It doesn't just wrap it's on-prem stack in a container and shove it into the cloud, no. It actually re architects or architects around those cloud native services. And it's got distributed metadata to track files and volumes and any organizational data irrespective of location. And it enables sets of services to intelligently govern in a federated governance manner while ensuring data integrity. And all this is automated and an orchestrated to help with the skills gap. Now, as it relates to cyber recovery, air-gap solutions must be part of the portfolio, but managed outside of that data protection cloud that we just briefly described. The orchestration and the management must also be gaped, if you will. Otherwise, (laughs) you don't have an air gap. So all of this is really a cohort to cyber security or your cybersecurity strategy and posture, but you have to be careful here because your data protection strategy could get lost in this mess. So you want to think about the data protection cloud as again, an adjacency or maybe an overlay to your cybersecurity approach. Not a bolt on, it's got to be fundamentally architectured from the bottom up. And yes, this is going to maybe create some overheads and some integration challenges, but this is the way in which we think you should think about it. So you'll likely need a partner to do this. Again, we come back to the skill skills gap if we're seeing the rise of MSPs, managed service providers and specialist service providers. Not public cloud providers. People are concerned about lock-in, and that's really not their role. They're not high-touch services company. Probably not your technology arms dealer, (clear throat) excuse me, they're selling technology to these MSPs. So the MSPs, they have intimate relationships with their customers. They understand their business and specialize in architecting solutions to handle these difficult challenges. So let's take a look at some of the risk factors here, dig a little bit into the cyber threat that organizations face. This is a slide that, again, the Storage Alchemists, Steve Kenniston, shared with me. It's based on a study that IBM funds with the Panmore Institute, which is a firm that studies these things like cost of breaches and has for many, many, many years. The slide shows the total cost of a typical breach within each dot and on the Y axis and the frequency in percentage terms on the horizontal axis. Now, it's interesting. The top two compromise credentials and phishing, which once again proves that bad user behavior trumps good security every time. But the point here is that the adversary's attack vectors are many. And specific companies often specialize in solving these problems often with point products, which is why the slide that we showed from Optiv earlier, that messy slide, looks so cluttered. So there's a huge challenge for companies. And that's why we've seen the emergence of cyber recovery solutions from virtually all the major players. Ransomware and the solar winds hack have made trust the number one issue for CIOs and CISOs and boards of directors. Shifting CISO spending patterns are clear. They're shifting largely because they're catalyzed by the work from home. But outside of the moat to endpoint security, identity and access management, cloud security, the horizontal network security. So security priorities and spending are changing. And that's why you see the emergence of disruptors like we've covered extensively, Okta, CrowdStrike, Zscaler. And cyber resilience is top of mind, and robust solutions are required. And that's why companies are building cyber recovery solutions that are most often focused on the backup corpus because that's a target for the bad guys. So there is an opportunity, however, to expand from just the backup corpus to all data and protect this kind of 3, 2, 1, or maybe it's 3, 2, 1, 1, three copies, two backups, a backup in the cloud and one that's air gaped. So this can be extended to primary storage, copies, snaps, containers, data in motion, et cetera, to have a comprehensive data protection strategy. And customers, as I said earlier, are increasingly looking to manage service providers and specialists because of that skills gap. And that's a big reason why automation is so important in orchestration. And automation and orchestration, I'll emphasize, on the air gap solutions should be separated physically and logically. All right, now let's take a look at some of the ETR data and some of the players. This is a chart that we like to show often. It's a X-Y axis. And the Y axis is net score, which is a measure of spending momentum. And the horizontal axis is market share. Now, market share is an indicator of pervasiveness in the survey. It's not spending market share, it's not market share of the overall market, it's a term that ETR uses. It's essentially market share of the responses within the survey set. Think of it as mind share. Okay, you've got the pure plays here on this slide, in the storage category. There is no data protection or backup category. So what we've done is we've isolated the pure plays or close to pure plays in backup and data protection. Now notice that red line, that red is kind of our subjective view of anything that's over that 40% line is elevated. And you can see only Rubrik, and the July survey is over that 40% line. I'll show you the ends in a moment. Smaller ends, but still, Rubrik is the only one. Now, look at Cohesity and Rubrik in the January 2020. So last year, pre-pandemic, Cohesity and Rubrik, they've come well off their peak for net score. Look at Veeam. Veeam, having studied this data for the last say 24 hours months, Veeam has been steady Eddy. It is really always in the mid to high 30s, always shows a large shared end, so it's coming up in the survey. Customers are mentioning Veeam. And it's got a very solid net score. It's not above that 40% line, but it's hovering just below consistently. That's very impressive. Commvault has steadily been moving up. Sanjay Mirchandani has made some acquisitions. He did the Hedvig acquisition. They launched Metallic, that's driving cloud affinity within Commvault's large customer base. So it's good example of a legacy player pivoting and evolving and transforming itself. Veritas, it continues to under perform in the ETR surveys relative to the other players. Now, for context, let's add IBM and Dell to the chart. Now just note, this is IBM and Dell's full storage portfolio. The category in the taxonomy at ETR is all storage. Just previous slide, I isolated on the pure plays. But this now adds in IBM and Dell. It probably representative of where they would be. Probably Dell larger on the horizontal axis than IBM, of course. And you could see the spending momentum accordingly. So you can see that in the data chart that we've inserted. So some smaller ends for Rubrik and Cohesity. But still enough to pay attention, it's not like one or two. When you're 20-plus, 15-plus 25-plus, you can start to pay attention to trends. Veeam, again, is very impressive. It's net score is solid, it's got a consistent presence in the dataset, it's clear leader here. SimpliVity is small, but it's improving relative to last several surveys. And we talked about Convolt. Now, I want to emphasize something that we've been hitting on for quite some time now. And that's the Renaissance that's coming in compute. Now, we all know about Moore's Law, the doubling of transistor density every two years, 18 to 24 months. And that leads to a doubling of performance in that timeframe. X86, that x86 curve is in the blue. And if you do the math, this is expressed in trillions of operations per second. The orange line is representative of Apples A series, culminating in the A15, most recently. The A series is what Apple is now... Well, it's the technology basis for what's inside M1, the new Apple laptops, which is replacing Intel. That's that that orange line there, we'll come back to that. So go back to the blue line for a minute. If you do the math on doubling performance every 24 months, it comes out to roughly 40% annual improvement in processing power per year. That's now moderated. So Moore's Law is waning in one sense, so we wrote a piece Moore's Law is not dead. So I'm sort of contradicting myself there. But the traditional Moore's Law curve on x86 is waning. It's probably now down to around 30%, low 30s. But look at the orange line. Again, using the A series as an indicator, if you combine then the CPU, the NPU, which neuro processing unit, XPU, pick whatever PU you want, the accelerators, the DSPs, that line is growing at 100% plus per year. It's probably more accurately around 110% a year. So there's a new industry curve occurring, and it's being led by the Arm ecosystem. The other key factor there, and you're seeing this in a lot of use cases, a lot of consumer use cases, Apple is an example, but you're also seeing it in things like Tesla, Amazon with AWS graviton, the Annapurna acquisition, building out graviton and nitro, that's based on Arm. You can get from design to tape out in less than two years. Whereas the Intel cycles, we know, they've been running it four to five years now. Maybe Pat Gelsinger is compressing those. But Intel is behind. So organizations that are on that orange curve are going to see faster acceleration, lower cost, lower power, et cetera. All right, so what's the tie to data protection. I'm going to leave you with this chart. Arm has introduced it's confidential, compute architecture and is ushering in a new era of security and data protection. Zero trust is the new mandate. And what Arm has it's done with what they call realms is create physical separation of the vulnerable components by creating essentially physical buckets to put code in and to put data in, separate from the OS. Remember, the OS is the most valuable entry point for hackers or one of them because it contains privileged access, and it's a weak link because of things like memory leakages and vulnerabilities. And malicious code can be placed by bad guys within data in the OS and appear benign, even though it's anything but. So in this, all the OS does is create API calls to the realm controller. That's the only interaction. So it makes it much harder for bad actors to get access to the code and the data. And importantly, very importantly, it's an end-to-end architecture. So there's protection throughout. If you're pulling data from the edge and bringing it back to the on-prem or the cloud, you've got that end to end architecture and protection throughout. So the link to data protection is that backup software vendors need to be the most trusted of applications. Backup software needs to be the most trusted of applications because it's one of the most targeted areas in a cyber attack. Realms provide an end-to-end separation of data and code from the OS and it's a better architectural construct to support zero trust and confidential computing and critical use cases like data protection/backup and other digital business apps. So our call to action is backup software vendors, you can lead the charge. Arm is several years ahead at the moment, ahead of Intel, in our view. So you've got to pay attention to that, research that. We're not saying over rotate, but go investigate that. And use your relationships with Intel to accelerate its version of this architecture. Or ideally, the industry should agree on common standards and solve this problem together. Pat Gelsinger told us in theCUBE that if it's the last thing he's going to do in his industry life, he's going to solve this security problem. That's when he was at VMware. Well, Pat, you're even in a better place to do it now. You don't have to solve it yourself, you can't, and you know that. So while you're going about your business saving Intel, look to partner with Arm. I know it sounds crazy to use these published APIs and push to collaborate on an open source architecture that addresses the cyber problem. If anyone can do it, you can. Okay, that's it for today. Remember, these episodes are all available as podcasts. All you got to do is search Braking Analysis Podcast. I publish weekly on wikibond.com and siliconangle.com. Or you can reach me @dvellante on Twitter, email me at david.vellante@siliconangle.com. And don't forget to check out etr.plus for all the survey and data action. This is Dave Vellante for theCUBE Insights, powered by ETR. Thanks for watching, everybody. Be well, and we'll see you next time. (gentle music)

>> From the SiliconANGLE media office in Boston, Massachusetts, it's theCUBE! Now, here's your host, Stu Miniman! (bubbly music) >> Hi, I'm Stu Miniman and you're watching theCUBE's Boston area studio. Happy to welcome back to the program Randy Arseneau and Steve Kenniston. Gentlemen. >> We're back! (Stu laughs) >> Absolutely. >> It sees like only minutes ago we were here. >> How can I miss you if you don't go away, oh wow. Gentlemen, thank you so much. We've been talking storage and SDI, which of course, is software defined infrastructure essentials. We're gonna dig inside and Steve, let's start with, you know, sometimes we argue over definitional things, and when you hear software defined, oh it's about software, and especially when you talk about the storage world, it's like wait, there's always been software when we talk about storage. So explain why it's a little bit different now, then what we were doing, you know, even five years ago. >> Sure thing Stu, I think one of the number one things that we run into a lot of that we hear, conversationally, it's storage and it's software. And now we're hearing a lot more about data services, right? The ability to connect data, so forget the physical storage for a second. Connect the data to the people, right? Because as we've been talking all along today, right, this evolutionary platform is being able to provide more people access to more data than they've ever had before in a very secure way, right? Such that, they can actually not only get their jobs done, get 'em done better, get 'em done stronger, get 'em done faster, without all the, as my boss likes to say bouja bouja, (laughs) dealing with having to get at that data. So, if I look at before and after, right? If I look at the before aspect that dealt with, you know, how do I get to my data, right? Or how do I get access to that data if I'm a developer of five years ago, right? It ends up being, and you can attest to this, and please do, right? A conversation between the developer and IT. And then it becomes a myriad of questions back and forth about why do you need it. What do you need it for? How much do you need? Where does it need to live? How fast does it need to be? All of the things that you can get today programmed, right? Into a programmable infrastructure, and just say click and then we provide that to you, right? So before it was all these conversations. Then I gotta buy it, then I gotta procure it, then I gotta secure it, then I gotta know how many LUNs you need, and, how fast it is, and then I gotta provision that out to you, right? And you go okay, and then you say well now you need that. And then the next conversation is well I can't get to it with this application which is on this server which is, now it's another whole, you know, before a developer can start working, it could be a month. Whereas afterwards, it should be, if you have a good programmable infrastructure, I have my application like a Chef or a Puppet or an Ansible, and I push a button and it says, okay I need this particular data set, and it needs to have this set of services. It needs to be this available, it needs to perform this fast, I need to be able to make these types of copies, click go, right? That's kinda where we're at today with what we're hoping the software can do for you. >> Yeah, I always worry, sometimes we try to oversimplify things and we miss, kinda the why, so. One of my favorite jokes we all had is, you know, there is no cloud, it's just a computer somewhere else, because, and it was like no, no, no, wait, there's still gear underneath it. But I missed the: well why does that matter? It's like, oh wait, I've got an order of magnitude more, you know, that I can access for short periods of time, and therefore I can do things that I couldn't do before. And when I think about data it's, you know, you know, big data, you know, massive data, things like no, no, no, no, no, it's not just storing bunch of bits somewhere in case I need them for a regulatory thing, because I've gotta do governance compliance, blah, blah, blah, and everything, but, it's like: Wow! You know, data is, you know, a driver for business, and therefore, you know, data services that allow me to protect and secure and access all those data, is so super important. >> Absolutely, and there's another analog I think is it's, if you think about data services, as we're talking about it right now, it's becoming more of, and the self service metaphor is a very important one I think because, to Steve's earlier point, in the old world, you know, you used to have to go through this complicated workflow and checkpoints and sign-offs and all these procedural, you know, loopholes that you'd have to jump through in order to provision something which, by the time it became available it was probably outdated, right? So, you're constantly behind, right? Now, at the pace of global business and digital business and the importance of data as a driver of global business, you just don't have that luxury anymore, you can't afford to be waiting on the availability of that piece of information so, not only does the immediacy of it improve the actual value of the data, because there's always a temporal element of value for that data, and every second you waste is potentially value that's diminished from data. So not only do we now reduce that kind of latency, we also provide much better reuse, so we talk about this idea of incremental value, right? So you can take the same data element or data construct and now instantaneously repurpose it in multiple ways to extract additional maybe unforeseen value from it, right? So we've gotten away from the concept of these kinda siloed systems that are, you know, this is my production system, this is my OLAP system, my reporting system, we now have this convergence, cross pollination of data, that flows between and among all these systems, which can now be made available via something like a data services platform or a, you know, fill in the blank as a service type platform in the self service mode, where it can be used by any number of different applications and users for any number of different purposes. >> Yeah and what I like about it, what I hear from customers, it used to be, you had to have the budget of a nation or a team of PhDs to try to figure this out. And as you say, with this cross pollination, when I get the data versus when I'm gonna need the data, yes there's the temporal piece, but sometimes it's, I might be doing it for a different purpose, or I'm not sure and things are changing all the time. So that, going back to our initial conversation, that agility and flexibility, being able to access and, you know, tie into that data, and have a range of services is so critically important. >> Well that's a good comment, right? You need to have the budget of a nation in order to do this, and then along came all the cloud providers and said: no you don't, swipe your credit card and start working, right? The tricky part for me, the consumer, of that, great, now I've got the processing power I need, but I need my data to build my particular application. I love, sorta to finish that outright. In order to build the right application, to make sure it works for what I'm gonna do because at some point, right, and I know Dave likes to talk about this a lot, I need to be able to integrate it into my existing systems, and if the performance isn't the same and that's what, I'm gonna probably run into a lot of buggy stuff over here. So I need to be careful with that. What I think is interesting is, and I love to use the analogy, think of the first bank that came up with the application where I could snap a picture of my check, right? I bet the CIO of the competitive company went to his development team the next morning after seeing that commercial and said I want one of those. Do you think, I mean, if you broke, and I don't like always like to use particular verticals, because I think this conversation extends across all applications. But do you, if you had to break down what does one banking customer cost the bank over time, right? And then you said for every day I'm late I lose five customers, and you had to go through that whole lengthy process just to get started for the development team to start working on something like that, with their data, right? I've gotta make sure that the data fits into how does a deposit work, how does it transact, how does it show, when does it show? All those stuff matter to my data, right? I need to put that underneath. But now I can do it, if I can do it programmatically, or provide the infrastructure as a service, hit a button, and I don't have to be a rocket scientist, right, I can just do it for my application, now I'm up and running. >> Well, and flipping it, and looking at it from the providers perspective. So if I'm the consumer of those data services, it's great for me. If I'm the provider of those services it's also very beneficial to me, because now, having that elasticity and that fractional consumption model where I can offer you exactly as much compute or storage or, you know, analytic horsepower you need for your particular use-case and environment for as long as you need it. That gives me a tremendous value proposition that I can then provide to you, so it's really, mutually beneficial on both the supply and demand side, if you think about it. >> Actually, so David Floyer from our team has done lots of research talking about just, real business value that can be driven back when I can like leverage that data. It's like, oh wait, now I have things like Flash that allow me, you know, very fast to make snaps, wait, I have real, this is the actual data, and then I can test on that and then how fast can I get that back into production if need be. There's a lot of things we can do now that just those enablers in the new technologies at scale. >> Well, and I also think it's pretty interesting, we talked earlier about our three patterns, right? Modernize, transform, and the next gen. If you think about the next gen, right? That's, now what I wanna do as a corporation is I wanna bring on new people and I wanna do some data analytics. That data analytics is gonna allow me to learn stuff about my business, and I'm gonna wanna start to do stuff in a new way. I'm gonna wanna start to do stuff in a new way, today. Right? I don't wanna wait and say okay now that I know what I think I wanna do is X, and wait six months for the infrastructure to be there to start programming against it. No, I wanna make real time decisions today, I wanna do real time things today. That's how that evolution starts to happen and it needs to be faster for those people. >> Yeah well one of the promises is, you know, we're at cloud computing, when I need it, it's there, I don't need to worry about what's available. Talk to me about what is scale, and you know, that speed mean to your customers? What kinda architectures do they need to go to to be able to, you know, have that kind of experience no matter where they are? >> Yeah I think you're starting to boil it down into products and while that's good, right new technologies, and new capabilities like Flash and NVME and that sorta thing, that's the raw performance, that's the engine of the car, right? But you start thinking about all the telemetry data that racers collect to then tweak the car, not just the engine, the car, the foils, and that sorta thing, in order to get the maximum amount of speed out of the car, that's really the performance stuff that we're talking about and that's all the instrumentation around the different products and that sorta thing that sit within the portfolio, that enable things like self service, it enables things like, which is speed in its own way, right? And it's data protection, and it's faster RPOs and RTOs, different types of protections sets of services. It's disaster recovery, faster replication, replication to the cloud, lower costs, right, replication into the cloud, maybe not necessarily in on the data center. All of those thins in the portfolio equal speed. Whether speed be raw performance, getting from A to B, or speed of business, which means I can be, I can be doing whatever that thing is that makes me more competitive, quicker than the other guy can do it. >> Yeah, and when you have these services which are much more encapsulated and kind of, you know, to use a very old term, kinda self documenting in a way. If you think about taking a data element or a data structure or some piece of knowledge or information that we're gonna do some kind of processing on, and you load that with as many definitional characteristics as you can, without A: slowing it down, or B: making it too expensive, then you inherently improve the value of that thing, whatever that is, right? So, you know, great, there's a million examples, the picture of the check is a good one, you know, the telemetry coming from delivery trucks, for FedEx or UPS, there's a million examples where the ability to gather data, which would be gathered anyway, and used for some other purpose, but now you layer on some of these additional service characteristics and dimensions to it, and it becomes a whole new entity that now has a whole other set of values that can be expanded upon. So it's really this multiplicative effect that we see, that allows you to take your data, which is your most valuable asset typically, and leverage it across multiple use-cases and in multiple dimensions. >> Yeah, so, Steve, when I think about data services, you know, if I think the old world was rather fixed, and the new world is, you know where are we today, and what's kinda the near future look like? Help us walk through that a little bit. >> Yeah, I think you painted it very well in the beginning, right, we always like to look out front and say this is utopia, this is where we're going. Where are people today? I think there're a lot of technologies out there that, if you're starting to modernize, and I think we're in that modernization trend right now, where a lot of the newer technologies, or even some of the older technologies that you might have installed in your environment, are building out a robust API set. Because the new stuff is all API driven, so if I'm an incumbent and I'm in a data center and I wanna maintain my hold, my footprint, I need to start working with other things. Newer versions of a lot of the incumbent technology is building in restful APIs. Now you're bringing in newer technologies, maybe a Chef or Puppet sitting on top of your infrastructure that has restful APIs. The trick for the infrastructure, for the IT team, is to slowly evolve into that infrastructure developer that we talked about. Now they're learning how to connect those two, right? And as I'm learning how to connect those two, I'm also learning about how to make that data available in other locations, or how to make those applications talk in other locations, that they'll impact my production, right? So where are we today? I think we're slowly starting to understand what these API connectivities are, and if there isn't that connectivity, I think folks are really starting to look at what do I replace that incumbent with to make sure that I'm getting that out of what I'm gonna need for the future, so, I'd say we're 20% down the road, right? But things are moving fast, I mean, as time goes forward it goes faster and faster and faster, and, you know, a year from today we might be at 50%, right? Or 60. >> Yeah, and I would just add to that that the level of integration that exists between the products in the spectrum portfolio is very foundational and very, you know, it's a very intricate structure, right? So, as we evolve products and solutions, you know, we just had an announcement this week of the new Flash platform on the hardware side, so there's, as these things become available, they start to then elevate the value and improve the capabilities of other parts of the portfolio as well. So there's this kind of platform story that you start to be able to tell, and that's really what these, this series has been about and what the follow on sessions will be about drilling into specific solutions at a lower level of detail, is how do we build, you know, the information platform of the future for our clients? >> Yeah, great. And I know there's more coming in the future, but the last thing I wanted to ask you here is we had a while that we were saying well I'm just gonna simplify everything. Public cloud is cheap and easy, you know, hyper converge is gonna boil everything down, and it's just like this one box. Well, and if you look at both of those spaces, they've evolved and now the line I've used I think if I was going to, you know, build compute in Amazon, or go buy a server from pick your favorite OEM of choice, you know, the cloud probably has more options and is more complicated to buy. You know, we'll figure out how the pricing is depending on whether you buy the three years reserved instances or anything like that. But, you know, customers, the paradox in choices is really tough for people as they do so. How do you balance that flexibility, but still try to make it easier, because you know, staffing, you know, I can't have, you know engineers dedicated to, you know, helping trying to figure this out. Oh, the next release comes out in a month, and everything I learned is already old. >> I'd appreciate your input and feedback on that, because what I'm about to say is, is I think easy is relative, right? And it's relative to the person who needs to access the systems or the data or the equipment or that sorta thing right, so, if I may, if I'm someone who's graduated from college and looking to join the IT workforce today or in the next few years, right? To me, simple means, right, a myriad of things, right? And I might've been trained on and educated on, but I'm gonna stay in that world. Why do you continually buy an iPhone? You don't switch over to Android, why? >> They're from different ecosystems, yeah exactly. >> Right, or why does someone go the other way, right? It doesn't matter, you pick one, and that's what you know, and that becomes easy for you, right? And then, as I'm learning, so lets say I pick AWS, right? As I start to continue to learn, and they come out with new things, and that's what I pay attention to, I find these new things that plug in, right? And it's only when vendors come to you and talk about not just hey I've got this new fidget spinner, (chuckles) right, or wiz bang technology, it's, it's I know how to integrate with your platforms to make your life easier. Those are the conversations that actually pick peoples head up and go, oh okay that does make my life easier, right? >> And that's exactly what I was just gonna say, we talked earlier about this whole concept of integrate and automate verus rip and replace. You know, innovate as opposed to institutionalized, so this is exactly that. This is, we as trusted advisors and integrators at a factor are able to go to our clients and say look you have typically a complex environment that has multiple different platforms and stacks that you're working with. You may be able to standardize on a common model or a common model portfolio structure for everything. Not likely though, you're probably gonna continue to have, you know, different pieces of the puzzle. We, it's our job and our sellers job and our partners job to develop an integration strategy and an automation strategy that exploits each of those that are in place to the best of their current ability, and provides a path forward, so to your point, eventually will all things live in the cloud, and will the cloud become, you know, so self aware and so sophisticated that's it's able to provision itself and manage itself and write your apps for you, perhaps. You know, probably not in our lifetimes. So, in the mean time, large organizations and small organizations still have to get from point A to point B. They have to run their business, they can't afford to spend, you know, a king's ransom on IT. But they also have to be secure and reliable and perform, etc. So, we provide a portfolio of solutions that plugs into exiting infrastructure, augments it, maybe replaces it but not necessarily, and helps our clients get between here and there and provides them the headroom to grow into the future as well. >> What's your answer to the simple and easy? >> Yeah, well, first of all right. I think, just on the definitional piece, you know, we'll all be living in the cloud when we've just redefined that means it's, it's hooked up to the internet. (Steve and Randy laughing) It means that it's cloud because everything is. And, here's the challenge of the day, no one can keep up on everything, you know, I've had the pleasure to talk to some of the smartest dang people in this industry, and, >> Thank you. (laughs) even the ones, you know, absolutely, but the people that, you know, are creating new stuff, and you know, whatever it is, they're like, I can't keep up with my own firm. >> How do you have time to learn? >> You know, it's like, they say, you know, the doctor would need, you know, every week would need a thousand hours to read up on everything in their specialty. But, it doesn't mean that we're out of jobs, actually we've got lots of new jobs because we love, we've done some events with MIT, where it's, you know, racing with machines, it's people plus machines, you know, automation does not get rid of your job, what it hopefully gets rid of is the crap you didn't wanna deal with anyway. We saw for a while, we wanted to get rid of undifferentiated heavy lifting, well, let's hope that, you know, as, if you talk to the IT people, it's like the thing that you look at every month and you're like oh God I have to do that, or can't you automate that piece of it? >> And it actually raises a really interesting point, and we haven't touched on it, I don't think, up til this point, but, this is another one of the areas where IBM is uniquely positioned in this discussion, and in this space, to bring to bare a level of sophistication and advanced artificial intelligence, cognitive capability, machine learning, we are, today, delivering the worlds most sophisticated, powerful, capable solutions in that space, and not surprisingly that technology is imbuing everything that we do. So our entire portfolio is interspersed with very sophisticated AI capabilities, analytic capabilities for self adaptation, you know, self learning, self healing. So, it gives us again a competitive advantage I think, as we take these solutions to market that they are imbued with this very sophisticated level of advanced processing. >> Yeah and, the other thing I'd say, I know Steve you brought it up in one of our discussions there, IBM has a lot of partners. I never look at IBM saying we are the only one, we are the be all and end all, we'll have everything, no. The CIs and the MSPs and the CSPs and, you know, software partners and everything like that. You mentioned competitive environment, I think the first time I heard the word cooperative, it was almost always about IBM. Because, yes, IBM probably has a product that does something along those lines, but they know they're not the only ones and they'll continue to partner to make sure that customers get the solutions they need. Alright, any final words you wanna leave on this segment, gentleman? >> I wanna thank you very much for hosting us for this event. >> Indeed. Yeah, thank you for your insight, Stu, we appreciate it, you know it's always important for us to not read our own press clippings too much, it's important to get the external viewpoint and get the outside perspective, so we appreciate your input. >> Well hey, and thank you so much for bringin', both of you, we've worked with you for many years, always appreciate your viewpoints, and look forward to continuing the conversation. Alright, thank you so much as always. Give us any feedback if you have, check out theCUBE.net for all the websites, Randy Arseneau, Steve Kenniston, I'm Stu Miniman, thanks for watching theCUBE. (bubbly music)

>> From the Silicon Angle media office, in Boston, Massachusetts, it's theCUBE. Now, here's your host, Stu Miniman. >> I'm Stu Miniman, and you're watching theCUBE's Boston area studio, where we're talking about storage, and SDI essentials. And of course, storage, and infrastructure, really are there for the data in the application. To help me dig into this, Rob Coventry, and Steve Kenniston, thank you so much, gentlemen. >> Thanks, Stu. >> Alright, so, yeah, when we talk about one of the only constant in the industry, Steve, you said in one of our other interviews, is change. The role of all of this infrastructure stuff is to run your applications, and of course the application's, you know, the really critical piece of everything we're doing, is the data. So, Rob, maybe talk to us a little bit about your viewpoint, what you're hearing from customers, help set up this conversation. >> Well, one of the biggest changes that's going on these days, is the move towards cloud. And I often kinda want to reset the definition of what we mean with, when we say cloud, 'cause it means so many different things to so many different people. To me, cloud is all about, not a place, not somewhere where you're running computing. While it may have started out that way, when Amazon launched AWS back in, what was it, '02 or '03? Or salesforce.com, and when they were running everything in the cloud. But, it's really evolved more to a style of computing, distinct and different from your traditional computing. It has certain attributes, those attributes are what distinguish cloud computing from traditional computing, more than anything. And so, basically now, storage has gotta evolve, and support that, just as like we did with virtualization. >> Yeah, absolutely. You know, when we did it, in the industry, we spent so much time arguing over definitions, and we went, "Hybrid, public, multi, composable, "composite, everything like that." Well, you know, when I talk to customers, most of them do have a cloud strategy, but, number one is, the ink's still drying on what that strategy is, and the pieces that make up that strategy are definitely changing over time, as they grow and mature. But, they absolutely know that no matter where it is, their data is one of the biggest assets that they have, outside of people, and therefore how can they leverage, how can they get more out of data? The whole wave of big data that we were well into, and the next wave of AI, is all data at the center of it. >> Yeah, I think, I like the way Rob kind of positioned this. We've, we talked about, you hear a lot of folks talk about cloud. You know, a big part of what we're trying to do is have our sellers, as well as the community, understand that cloud isn't a place, right, it's a thing. And you've kind of alluded to what I want to do, specific types of either development, or programming, or provide assets to the world, whether it'd be data, or whether it'd be things like websites, or that sort of thing. It's got to live somewhere. And where that lives is becoming more cloudy. Now, whether that place is on-prem, or it's in a cloud, or it's in a remote data center someplace, at the end of the day the functions that you want to be able to deliver on, behave in a cloud-like behavior, and I think that's becoming more the trend of what people want. And really, it's the consumption model of where it lives, and how you pay for it, is really the bigger part of how things evolve. >> Yeah, applications are changing a lot. You used to say, the era of shrink-wrapped software is mostly over now. It's, talk a lot about microservices now, and when I'm building things, you mention functions, which catch into functions, and services, and serverless. You know, a whole new area that's changing. What's needed for this world, you look at it, you've got, you know, most customers have hundreds if not thousands of applications. Most of those aren't ready for that brave new world of cloud-native. There's usually some stuff, so, maybe Rob give us a little bit on that spectrum, and where your customers... >> So, look, I think we recognize that people have the vast majority of their infrastructures running, or applications are running, on traditional infrastructure, right? And so, they've got a couple different choices. They've either got to modernize what they've got, and the modernization is, you know, it, I was sharing with Steve last week, you know, we're modernizing our house, because we built the house back in '01, it was golden oak, it was gold handles everywhere, and so now we're getting rid of all the gold, we're painting all the golden oak, and repainting the whole house, right? So, that's a modernization. It's not a complete refurbish, remodel, that's what we would refer as refactoring, right. That's a much bigger, heavy-duty thing. And so, businesses are going to have to look at those traditional applications, and decide which of them should be just simply modernized, and then adapted, or modernized to work, and orchestrated, with that bigger cloud-like environment, and which of them need to be refactored to operate with the underlying cloud infrastructure. Which, by the way, expectation is that it's completely virtualized, it's automated, it's policy-driven, it's orchestrated, it's got all those types of cloudy-like, you know, pay on demand types of characteristics, that people learned and love from AWS, and from Google, but now they're getting on-prem as well. >> Yeah, and let me poke at one thing, because you said, you know, virtualized, and I think you don't mean just a hyper-visor, but we have things like containerization, you know, bare metal's back, you know, it's so funny, what's old is new again. Remember, it was like, "Oh, we're gonna go 100% virtual," except for containers and everything else, now, so now we've got lots of flexibility into how it's deployed. And there's that modernizing the platform, and modernizing the applications, and sometimes you do one before the other, depending on how you're doing it. >> Great point. I mean, not everybody understands the distinction, right, between containers and VMs, right. But the way I look at it, containers, one of the first things that they were really trying to attack is, a more efficient way to do virtualization than what we had with VMs in the past, right? And one of the things that they learned, is if they break those applications into smaller functional microservices, then they get another benefit, and that is continuous development. That's critical to the flexibility and agility that the business needs, to be able to constantly evolve those applications. And the third factor is, what I call asynchronous scale. So, each little function can consume however much memory, storage, and compute that it needs, independent of all the other functions in there, whereas when it was operating as a monolithic application, the traditional approach, well you were kinda stuck with however much the largest footprint was required. Now, you get a lot more efficiency out of it, you get a lot more availability, and you get continuous development. That's what you get out of containerization. >> And if you bring that up even one more step now, right, and I like to use this analogy when I'm presenting to clients, and maybe this is helpful, is, if you look at our, just take two of our product. We'd take Spectrum Protect if you take Spectrum Protect Plus, right. Spectrum Protect, you know, 25 years in the industry, number two in the world, everything, right, millions of lines of code, might even be tens of millions of lines of code. Any time you have to do anything to that code, like I want it to support X, all ten million lines of code need to kinda make sure it's adaptable to that thing, and it needs to be able to lift and shift. And we were talking about agile development, which we do now, but you were also talking about the release trains, and all that stuff, right, and what ends up going in and out. Versus, look at Spectrum Protect Plus, built on an agile development, built on microservices. I want to put in a service, I can just grab that service and plug it in pretty easily. I don't have to kind of drag all that code kicking and screaming, so to speak, along with it. But, um, now I want to ask you a question, Stu. Because I tend to think the analysts, as well as kinda the thought leaders in any company that are trying to think about helping sellers sell, and that sort of thing, we're about 12 to 18 months ahead of the customer. We have to be, because we gotta kinda see what's out there. What are you hearing around this containerization, refactoring? I think we have an opinion, it'd be interesting to hear an outside view of what you think is happening. >> Sure, Steve. And in the last few years, I spent a lot of time going to the cloud shows, I go to CubeCon, going to my second year of doing serverless comps, so, look, yeah, serverless functions, as a service, we're still in the early adopter phase. Some cool startups out there, I'm excited to talk to real customers that are doing some cool things. But even I asked Andy Jassy if, you know, the CEO of AWS, he had made some comment, you know, if we had said a couple years ago, "If Amazon was built today, it would be built on AWS." And he had made this, "If Amazon was built today, "it would be built on Lambda Serverless." And I was like, come on, really? He's like, "Well, no, I mean, what I mean is, "that's the direction we're going, "but no, we're not there yet, because we can't run one "of the biggest global companies on this yet." So, look, we understand, what could be done today, and what can't, when we talk servers? Containers, containers are doing phenomenal, we're now, containers have been around over a decade, you know, Google's been talking for many years of how many billions of containers they spin up and down. But, I've talked to much smaller companies than, you know, the Googles and Yahoos of the world, that like containers, are moving in that environment. I'm not sure we've completely crossed the chasm to the majority, but most people have heard of Docker, they're starting to play with these things. You know, companies like IBM and everyone else have lots of offerings that leverage and use containers, because a lot of these things, it just gets baked in under the hood. When you talked to, you brought up virtualization, it's like, oh. It's, you know, we watched this wave from the last 15 years of virtualization, it's just for basic, we don't even think about, sure there's environments that aren't virtualized for a certain reason, if it's containers. But, you know, when you've seen Microsoft get up on stage, and talk about how they've embraced Linux. And a lot of the reason that they've embraced Linux is to do more with containers, that's there. So, containerization is going strong, but, when you're talking of the spectrum of applications, yeah, we're still early because, the long pole in the tent, at least customers like to, it's those applications. If I've been running a company for 20 years, and I have my database that keeps everything running, making a change is really hard. If I'm a brand new application, oh, I'm doing some cool, you know, no sequel, my sequel, you know, cool applications. So, it's a spectrum as we've been talking about, Steve, but, um, yeah, the progress is definitely happening faster than it ever has, but, you take those applications, there's a lot of them that I need to either start with a lift-and-shift and then talk about refactoring things, because making change in the application's tough. APIs, we haven't talked about yet, though, is a critical piece into this. As worry about, okay, we're just gonna have API sprawl just like we have with every other thing in IT. >> I definitely want to get to API, but one more, just one more piece of color. When you're at these conferences, and the users are there, listening to the folks, but one more piece of color is, do they have, applications run the business. But it has to sit on top of something, so there's the infrastructure piece. What are the questions around refactoring, and containerization, that happen around infrastructure? I'm trying to to think about how to get from A to B, what do I think about the underlying infrastructure, or is that even a conversation, because a lot of the stuff is cloud-native, right, I mean, or can be cloud-native. >> Yeah, and the nice thing about containers is, it just lives on top of Linux, so, you know, if I've got the skillset, and I understand that, it's relatively easy to move up that way. Yeah, for a lot of the developers, when they say, "The nice thing, if I do containers, if I do Kubernetes." I really don't care, the answer is yes. Am I gonna have stuff in my data center, yeah, of course. Am I gonna do stuff in the public cloud? Yes, and that's if I can have the same Linux image. We've been talking for years about, how much of the stack do I need to make sure is the same both places to make it work, because that was always the last mile of, "Okay, it's tested, my vendor said it's good, "but I get an okay, what about my application, "my configuration, and what I did?" When I use Salesforce, I don't need to worry about it. I can pull up on any device, well, the mobile is a little bit different than the browser, but for the most part, I'm anywhere in the world, or I work for any company, it's relatively the same look and feel. So, a little bit long answer on this, but when it comes to containers, what we've been trying to do, and what I found really interesting, is, the Nirvana's always been, "I don't want to worry about what's underneath the stack." And when I said, I mentioned the cool new thing, serverless-- >> The reason for that, is the business, with containers, gets that continuous development, and continuous availability, and scalability, all in that infrastructure. The infrastructure enables that, right? So, in my mind, the reason people want to do it is, they know, the speed of change in their business is never gonna get any slower. And this platform enables that speed of change. >> So, the one thing, those of us that live through the virtualization wave, virtualization, great, I don't need to worry about what server, or how many servers, or anything. Yeah, but, the storage and networking stuff, oh wait, that kind of all broke. And we spent a decade fixing that, and trust me, when containerization first went, I had, like three years ago, went into a conference, someone is like, "It's so much faster than virtualization, "it's this and this and this." And I got off, I'm like, "Hey, uh, "we've all got the wounds, and, y'know. "You know, less hair, now that we've gone through a decade "fixing all of these issues, what about this?" Docker did a great service to the industry, helped make containers available broadly, and have done a lot. I'd say networking is a little bit further along than storages, most of the the things, you know we talk serverless, it's mostly stateless today. When we talk containers, okay, where's my repository on the side, that I do things, so, state is still something we need to worry about. >> That said, you know we've made a big investment in our ability for a block storage, and by the way, all of our file storage offerings, to be able to work with both Kubernetes and OpenShift, so, those are two of the predominant, prevalent container-based systems out there. So, I think that, at least it gives that ability to attach anything that needs persistence to our storage. >> So, what I'd love to get your perspective on, because we talk about, boy these changes that are happening on the infrastructure side. For a while it used to be, okay, business needs a new application, let's go build a temple for it. So, the business people says app, and then the infrastructure comes, team's set in, okay, I've got the building specs, give me a million bucks and 18 months, and now I'll build it. Well, today, you don't have as much money, you don't have as much time, but that relationship between infrastructure and application, they've gotta be working so much closer, so, how do they, you know, when I'm building this, who is that that builds it, and how do they work even closer? >> Well, that's this, we can talk about the infrastructure developer, I guess, too. Because really, this is the role that kind of is an evolution from what maybe was in the past a storage administrator, right? It's somebody who is setting up a set of policies, and templates, and classes of storage, that abstracts the physical from the logical, so that the application developer, who is going into Kubernetes, or into OpenShifts, says, I need a class B usage for storage, that has backed-up, and maybe replicated. Or, I need a class C, that is backup, replicated, and highly available. And the storage administrator, in that case, is setting up those templates, and just simply making sure that he's monitoring all this, so that when the additional demand comes, he just plugs it in and starts to continue to add more. >> Okay, so, I've talked a lot to developers, I haven't run across an infrastructure developer, before, as a term, so, where do they come from, what's their skill-set, maybe help flesh that out a little bit for me. >> I was gonna say, I think in a number of customer presentations I've given over the course of this last year, it's come up a number of times. So, I think, and granted in a larger companies. And it typically comes across in a chart that shows, not the number of people are changing, but the skillset in the different organizations I have are changing. So, today where I spend a lot of time doing administration, five years from now I'm not gonna be doing that much administration. So, what I want are capabilities, well, first of all I need to program the infrastructure, so that it is programmatic, to either the application, connect through API so maybe I have a chef or puppet doing dev-ops, but when I make that call, as a developer in the company, to chef or puppet because I want this, to Rob's point, everything underneath that-- >> It's orchestrated underneath there. There's a set of policies that are set, that says, this is how much compute, how much network, what kind of storage you're gonna get. That's the infrastructure developer, who sent, using APIs that are in the infrastructure, and at the higher-level platforms like Kubernetes and OpenShift, that basically allow that developer that just says, "I need some of that, I need some of that." The experience is not a lot different than what they get with Amazon Web Services, or Google App Server. It's a similar kind of experience, but you can do this on premises now. >> Yeah, and, it's very similar, as you said, and it makes a lot of sense to me. Because, for sure, chef puppet, been hearing lots of people talk, that's the people, it's like, you're not configuring luns anymore, I don't need to do all the old masking, and all the configurations. The network people, it's like, no, you've got a different job, and it's shifted, that whole vision of infrastructure as code is starting to come to fruition. >> And we talk a lot, or at least I do, right around, IT, and technology, and infrastructure's made up of three things. People, process, and technology. And the people are evolving just as fast as the infrastructure needs to evolve. So, tomorrow, I want to be building a programmatic infrastructure today, so that my people can be focused on, like you said, where is the future, I don't know, but I constantly need to be thinking like the analysts think. I need to be 12 to 18 months ahead of the company, so that I can continuously evolve that infrastructure, and help them get there, but I don't disrupt the flow of the people that need access to the data, or the applications, or that sort of thing. It's gotta be constant, and that's how that skillset is changing. >> Okay, so, is that, what's that infrastructure developer's role in helping with the app modernization? How do I figure out, you know, what do I just build new, what do I move over, how do I start pulling things apart? >> Yeah, I think it definitely starts by looking at the different applications that they have, I think you made a good example where, okay so now I want to modernize as much as I can, and now I want to start drilling into by taking a break, gaining some knowledge and some insights about containerization, and APIs, and that of sort of thing, and figuring out which applications in my stack today, I can refactor, which makes sense to build out of microservices, you know, refactor into microservices and that sort of thing. Start doing that, get that done, and then start looking at, ahead of that, what's next? So, getting that infrastructure programmed and plumbed ready, so that anyone who needs to access it can, so it's more hands-off. Think of the younger generation coming into technology today, right? I want to use my iPhone, I want to do this, I want that piece of storage, I want it to be a click of a button. I, as an infrastructure developer, need to help set that up and make that happen, so that as we move forward, I'm doing other new things. Would you agree? >> Absolutely, absolutely. So, at the end of the day, those guys are basically taking advantage of those large pool of services, whether it be storage, networking, or computing, creating APIs, or leveraging APIs, in that infrastructure, and wiring it up so that the end-user developers can go and access them at will, without waiting. >> Yeah. Last thing I want to ask in this segment, is, you know, change is tough. And when I look at my application portfolio, it can be a little bit daunting, so what sort of things should they be doing, to make sure that they're ready for the modernization, the transformation, to get along that journey a little bit faster? >> Well, the first thing is, is that you've gotta have a software to find infrastructure to be able to do any of this. And basically what that software to find infrastructure has, is has a number of attributes. The first of which is, an actual separation between the physical and the software. It has policies, it has the ability to, APIs that allow you to control that, that are either through command-line interfaces or rust interfaces, such that it can be orchestrated, and then you take advantage of all those all policies, such that you can automate it, monitor it, and manage it centrally. That is the base definition of software-defined infrastructure, and we've had it with CPUs for a long time, we've had it with networking, people have been doing network separation of software and hardware, and it's really IBM that is unique in this business, that has a set of software-defining capabilities that I think is different than the rest of the marketplace. >> Yeah, I mentioned it earlier, but I think I'll close on it too, is, you know, lots of customers, gotta modernize the platform, and that really sets you up to be able to modernize the application. Alright, Rob and Steve, thanks so much for joining us, helping us walk through the data, and the applications. Alright, thank you so much, I'm Stu Miniman, and, appreciate you watching theCUBE.

>> From the SiliconANGLE media office in Boston, Massachusetts, it's theCUBE! Now here's your host, Stu Miniman! (bubbly music) >> I'm Stu Miniman and this is theCUBE's Boston area studio, we're talking about storage and SDI solutions. But before we get into STI and all the industry buzz, we're gonna talk a little bit about some of the real business drivers. And joining me for this segment, happy to welcome back, Randy Arseneau and Steve Kenniston, gentleman, great to see you. >> Thanks for bein' here Stu. >> Thanks Stu great to be here. >> Thank you! Alright, so, talkin' about transformation, customers are going through transformations, IBM's going through transformation, everything's going in some kind of journey. But, let's talk about, you know, it used to be IT sat on the side, Randy we talked about in the intro, you know, IT in the business, you know, wait, they actually need to talk, communicate, work together. What are some of the key drivers that you're hearing from customers? >> So, it's a good question, and we talked a little bit about it on the previous segment. But, I think what's really happening now is that a lot of the terms that our industry has kind of overused and commoditized, have sorta become devalued, right? So, they no longer really mean anything significant. Terms like agility and flexibility and IT business alignment and transformation, which we hear a million times everyday, they've become just kind of background noise, but the reality is, especially now, in this era where, you know, information and data and analytics are driving businesses, and they're no longer, you know, nice things to have for the super advanced very sophisticated companies, they're table stakes, I mean, they're needed to survive in today's global economy. So they've taken on a whole different meaning, so when we talk about agility, for instance, agility means something very specific in the context of IT business alignment, and our solution stacks in particular. Generally speaking, the kinda the way I like to think of it is, I, I overuse sports analogies, but I think this one's relevant. So, a good quarterback is able to read and react. So, as the defense is shifting and making pre-snap adjustments, the quarterback views the field, sees what's happening, and is able to very quickly develop or institute a new offensive game, play, to take advantage of that situation. So that whole read and react idea is something that's very important for a business, especially now. So businesses are under constant pressure, competitive pressure, market pressure, compliance pressure, to be able to exploit their own IP, and their own data, and their own information, very very quickly. So that's number one. By using things like integration and automation within their IT organization as opposed to the old, you know, kind of vertical method of doing things. IT organizations are now able to respond to those rapid course corrections much more effectively. Same thing with flexibility, so when an organization needs to be flexible, or wants to be flexible, to adapt to a very rapidly changing environment. Things like, and this is really where Steve's product line is particularly relevant, things like data reuse, right? So we've got organizations that are running their business on this data, which is their most important asset. We're helping them develop new and creative ways to repurpose that data, efficiently, quickly, cost-effectively, so they can expand the value. So any given piece of data can now have a multiplicative value compared to its original form. >> Yeah, I think it's actually pretty important. When you think about, we're out there talking about products, right? And a lot of vendors are doing this, right? Buy my products you'll get agility or you'll get flexibility or that sorta thing, or maybe even more importantly, in a lot of the enablement we use to educate people on, we'll say, you know, this product enables data reuse. Well what does that really mean, right? What does that mean for business, right? And, when you say okay well it makes the business more agile well, how do you do that? Then it encompasses a whole breadth of solution sets around making that data available for the user, things like software defined storage, things like particular technologies, that can do data reuse. So, it kinda boils itself down in the stack, but to Randy's point, it's been so commoditized, the words, that we don't really understand what they mean, and I think part of what we're trying to do is, make sure when we talk agility, flexibility, or even our three patterns that we talked about, modernize and transform. What do they mean to us? What do they mean to you, the user? What do they mean--? Because that's very important to connect those two. >> Yeah, and I love, 'cause for a while we used to say, it used to be well, you know, do I get it faster, better, or cheaper? Or maybe I can give you some combination, and there're certain customers you talk to and it's like look, if you can just go faster, faster, faster, that's what I need. But, it's not speed alone, like the differentiation for things like agility is, number one: we are all horrible at predicting. It's like, okay, I'm gonna buy this, I'm gonna use this for the next three to five years, and six months into it, I either greatly over or underestimated, or everything changed, we made an acquisition, competition came in. I need to be able to adjust to that, so that was, I love the sports analogy, we love sports analogies on theCUBE. >> Well, you know. >> So that, you know, if I planned for, you know, this was the plan of attack, and what do ya know, they traded for a player the day before or their star quarterback went down, and the backup, who I didn't train against, all of a sudden their offense is different and we get torn apart, because we didn't plan, we couldn't react to it, you run back at halftime and try to adjust, but, you know, you need to be able to change. >> And again, I think another, from my perspective, from and IT business alignment, another, another metaphor that works well, is, you know, kinda what I call the DevOps-ification of business, right? So what's happening now, and it's interesting I think, is that you're seeing some of the practices around DevOps and agile development, which by the way, IBM uses for our own products. You're seeing that push upstream to the business, so the business is actually adopting DevOps-like methodologies for prototyping, you know, testing hypothesis, they're doing interesting things that kinda grew out of that world. So if you think about, even 10 years ago, that would've been kind of unimaginable, you would always have the business applying pressure, and projecting it's requirements onto IT, now you're seeing much more of a collaborative approach to attacking the market, gaining competitive advantage, and succeeding financially. >> Yeah, and if people aren't really familiar with DevOps, the thing that, you know, I really like about it is, number one it's no longer, you know, we used to be on these release trains. Okay, everybody on board the 18 to 24 month release train, we're gonna plan, oh wait, we didn't get this feature in, it'll be in the next one, we'll do a patch in six or eight months, no, no, no. There's the term CICD, continuous, you know, integration, and continuous deployment. It's, you know, push. Often. You know, daily, if not hourly, if not more, and, it's like wait what about security, what about all these things? No, no, no. If we actually plan and have a culture that buys in and understands and communicates, and you've got proper automation. You know, it's a game changer, all of those things that you used to be like: ugh, I couldn't do it. Now it's like no, we can do it, so. >> The only thing constant in business these days is change. >> Absolutely. >> So, if you know that, and you have to be able to plan and articulate and be ready for change, how do you make sure that the underlying infrastructure is ready to kind of adapt to whatever request you may have of it, right? It's now alive, right, it's like a person, I wanna ask it a question, and I need it to help respond quickly. >> And a lot of the focus of this series, as we talked about in the intro section, is our software defined infrastructure portfolio, which in many ways is kinda the fabric upon which a lot of these things are being woven now, right? So, we talk about DevOps, we talk about this rapid cycle, and this continuous pace of change and adaptability, adaptation. We're delivering solutions to market that really accelerate and enable that, right, so, one of the things we wanna make sure we communicate, you know, both internally and externally is the connective tissue that exists between solutions, products, technology capabilities on the software defined infrastructure side, and how that affects the business, and how that allows the business to be more agile, to be more flexible, to transform the way it thinks about taking solutions to market, competing, opening up new markets, you know, seizing opportunities in the marketplace. >> Yeah, it's, if you think about when you talk about strategy, smart companies, they've got feedback loops, and strategy is something you revisit often and come back leads to, when you talk about modernizing an environment, I always used to, you poke fun at marketing, oh we're going to make you future ready! Well when can I be in the future? Well, the future will be soon, well, then when I get to there am I now out of date because the future's not now? So, what is modernize, what does that really mean, and, you know, how does that fit in? >> Yeah, and it's a great point, and I think, we look at modernization as kind of the the constant retooling, right? So, IT is constantly looking for ways to be more responsive, to be more agile, be more closely aligned than a lockstep with the business, and align business. And again, we're trying to deliver solutions to market that enable them to do that effectively, cost effectively, quickly, you know, get up to speed rapidly. There's another, so we talked a little bit in the intro section about the C-level survey, the study that was done globally by IBM, it's done every year, the 2018 one was introduced recently, or published recently. Another one of the themes that was very important is that it's this concept of innovate don't institutionalize and the idea is that old companies, slow moving companies, more traditional companies, have a tendency to solve a problem or introduce and implement a system of some sort and be wed to it, because they adapt all of the ancillary work flows and everything around it, to fit that model. Which may make sense the day that it implements and goes live, but it almost immediately becomes obsolete or gets phased out, so, you need to have the ability to integrate, automate, innovate, like constantly be changing and adapting. >> Yeah, I love that, actually, in the innovation communities they say you don't want best practices, you want next practices, because I always need to be able to look at how I can do, right, learn what works and share that information, but, you're right not, this is the way we're doing it, this is the way it must always be, so let it be written, so let it be done. You know, no, we need to move and adjust. >> And I think, if you think about these things as in, in the beginning of the year when IBM launched global refining was, when we launched kind of our educational context for our sellers in the beginning of the year, it was really three patterns, right? There was modernize and transform, next gen applications, and then application refactoring. And in the beginning when we started to talk about, which I think is where 90% of the clients fall into, it's this modernize and transform, right? Easy to say, but what does it really mean? So, if you break it down into that fact that we know what clients have today, right? We know, you know, VMware's big, KVM is big, you know, Sequel is big, Oracle is big, right? If that's foundationally who you're talking to on an everyday basis, how do you help them take that solution set, and, don't start refactoring today, right, but take them to a point where when they start to do the refactoring, they're well positioned to do that simply and easily, right? So it's a long journey, but to get there you really need to kind of free up and shake loose some of that, some of the bolts, so that it's a lot more flexible over here. >> Yeah, so, talking about things that are changing all the time, so tell me, transformation, it's not about an angle, it's, you know, it's about journeys and being ready, so, you know, help us close the loop on that. >> Yeah, so we talk a lot about that internally, and again, transformation is another one of those kinda buzzwords that we're, we're trying to sorta demystify it, because it can be applied in a million different ways, and they're all relevant and valid, right, so transformation is a very broadly applicable term. When we talk about transformation, we're specifically talking about kind of the structural transformation of the infrastructure itself, so how are we making the storage and the compute more cloud like, more flexible, more easily provisioned, more self-service. So there's kind of a foundational level piece at the infrastructure level. We talk about transformation at the workflow level, so things like DevOps, like continuous development and integration. How do we provide our clients with the material they need, the raw materials, whether it's software, technology, education, best practices, all of the above, to be able to implement these new ways of doing business? And then there's really transformation of the business itself, now, a couple of those, the first two, are kind of happening within IT, but they are being driven by the transformation that the business is undergoing, so, the business is constantly, again, if they're still around and they're prospering, they're constantly looking for new markets to reach into, looking for ways to compete more effectively, looking for ways to gain and sustain competitive advantage in this very very dynamic environment. So transformation touches all of those, they're all equally valid, from our perspective, specifically as IBM, we're trying to tackle the sorta foundational level, and then kinda, by using assets like this, you know, research that we do at the C-level, we're trying to kinda build the connective tissue between the ground level IT stuff, and how the business is changing. >> Think, think, I mean, really as importantly, right, we're trying to build the foundation such that as we're thinking about the business, think taxis transforming to I wanna be more Uber like, or think even automotive industries wanting to be more Uber like, right? I read an interesting article about, you know, auto manufacturers today are thinking about no more buying of cars, right? That's a transformation of my business, right? How do I do that? Now a lot of it is, you know, I gotta set up the infrastructure, I gotta set up, you know, people, and process to do some of this, but the infrastructure has to adapt as well, right? And we gotta cause, and that's not gonna happen tomorrow, to your point Stu, like I wanna design for tomorrow, then the next day, then the next day, then the future, when is the future, right? But I need to have an infrastructure that can evolve with me as my business evolves and I get to this goal. >> And the shifts are now happening, they're no longer kinda tectonic shifts, they're seismic, right, they're not gradual, incremental, I mean they are in some cases, but they're more often seismic changes, and that's a great example. Uber burst onto the scene and fundamentally changed the way humans transport themselves from one place to another. And there's a million examples of that right? There's been genomic research, and even in media and entertainment, there's lots of ways and lots of places in which this shift towards more seismic change in the industry, or in a particular use-case is happening everyday. >> Yeah, so I love your insight, when you talk about your partners, you know, the old days were great where you used to just say hey, you've got a problem, I've got a product that will solve what you need, transaction, box, done. Now, it's like, we've been saying, when are we gonna have that silver belt in security, it's like, never. It's like, security is, you know, it's a practice, or, you know, it's a general theme that you have to do, it's like DevOps isn't a product, it's something we need to do. I heard a great line it was like, you know, oh, this whole AI stuff, well can I have a box and a data scientist and I can solve this stuff? No, no, no, this is going to be an initiative, we're gonna go through lots of iterations, and there's lots of pieces, so. It's a different world today, how do you help people through this as to, you know, what the relationship is now? >> No, it's very interesting, and to your point, can I buy a box that does that, right? We were at Think this year, and our security team, or actually I think it was our blockchain team was up, and I'm very interested in blockchain and what is it gonna do for the community as we kinda grow and that sorta thing. And up on the, on a chart they put this slide that had a million different, I mean thousands of different partners that we partner with, and we also enable to kinda deliver stuff, and in some cases we're competitive, in some cases it solves security, in some cases it does this. Now all of a sudden, it's not one thing anymore, it's like how does it fit into our infrastructure, but, back to your point about partnerships. I think IBM is constantly looking to its partners because they have really that trusted value and trusted relationship with the client, and at the end of the day, as much as we can come in and say oh this box will solve your problem, we don't really know what their problems are, right? It's the people who have those relationships that know where they're going along that evolutionary scale, that we really need to work and tie in with closely, to make sure that the solutions that we deliver on the underlying side are meeting their needs, which then in tern meet our clients needs, I think that's where we're goin'. >> And actually the blockchain is a great example of kinda building these vibrant ecosystems, right? Which is something else that large companies like IBM sometimes struggle with kinda building these very dynamic, very vibrant ecosystems, but I think IBM's very good at it, and I think we've demonstrated that in a number of different places, blockchain being a recent example, but there are many others. And the STI portfolio is no different right, we've got strong partnerships across the board with other software providers, other go-to-market partners, you know, other content providers, there's a million different angles that we are able to, to introduce into the conversation. So we think all of those things taken together allow our sellers and our partners to bring a solution to their clients, regardless of their industry or their size or their particular use-case, that helps them optimize their performance in this new world of super agile, constantly changing, continuous transformation, and do so, we think, better than anyone else in the industry >> Constantly changing, distributed in nature, sounds just like the blockchain itself. (both laugh) Alright, Steve, Randy, thank you so much for helpin' us demystify some of these key business drivers that we're going to. Lots more we'll be covering, I'm Stu Miniman, thanks for watching theCUBE. (bubbly music)

>> Announcer: Live from Las Vegas it's theCUBE covering VM World 2017, brought to you by VMWare and its ecosystem partners. (upbeat techno music) >> Hey, welcome back to day two of VM World 2017 theCUBE's continuing coverage, I am Lisa Martin with my co-host Dave Vellante and we have a kind of a cute mafia going on here. We have Eric Herzog the CMO of IBM Storage back with us, and we also have Steve Kenniston, another CUBE alumni, Global Spectrum Software Distance Development Executive at IBM, welcome guys! >> Thank you. >> Thank you, great to be here. >> So lots of stuff going on, IBM Storage business health, first question, Steve, to you, what's going on there, tell us about that. >> Steve: What's going on in IBM Storage? >> Yes. >> All kinds of great things. I mean, first of all, I think we were walking the show floor just talking about how VMWare, VM World use to be a storage show and then it wasn't for a long time. Now you're walking around there, you see all kinds of storage. Now IBM, really stepping up its game. We've got two booths. We're talking all about not just, you know, the technologies, cognitive, IOT, that sort of thing but also where do those bits and bytes live? That's your, that's your assets. You got to store that information someplace and then you got to protect that information. We got all we're showcasing all kinds of solutions on the show floor including Versus Stack and that sort of thing where you you know make your copies of your data, store your data, reissue your data, protect your data, it's a great show. >> Lisa: Go ahead. >> Please. So I ever want to get into it, right, I mean, we've watched, this is our eighth year doing theCUBE at VM World, and doing theCUBE in general, but to see the evolution of this ecosystem in this community, you're right, it was storage world, and part of the reason was, and you know this well Eric, it was such a problem, you know. And all the APIs that VMWare released to really solve that storage problem, Flash obviously has changed the game a little bit but I want to talk about data protection if you're my backup specifically. Steve you and I have talked over the years about the ascendancy of VMWare coincided with a reduction in the physical capacity that was allocated to things like the applications like Backup. That was a real problem so the industry had their re-architect its backup and then companies like VM exploded on the scene, simplicity was a theme, and now we're seeing a sort of a similar scene change around cloud. So what's your perspective on that sort of journey in the evolution of data protection and where we are today, especially in the context of cloud? >> Yeah, I think there's been a couple, a couple big trends. I think you talked about it correctly, Dave, from the standpoint of when you think about your data protection capacity being four X at a minimum greater than your primary storage capacity, the next thing you start understanding is now with a growth in data, I need to be able to leverage and use that data. The number one thing, the number one driver to putting data in the cloud is data protection, right? And then it's now how can I reuse that data that's in the cloud and you look at things like AWS and that sort of thing the ability to spin up applications, and now what I need to do is I need to connect to with the data to be able to run those applications and if I'm going to do a test development environment if I'm going to run an analytics report or I'm going to do something, I want to connect to my data. So we have solutions that help you promote that data into the cloud, leverage that data, take advantage of that data and it it's just continually growing and continually shifting. >> So you guys are really leaning in to to VM World this year, got a big presence. What's going on there? You know, one would think, okay you know VMWare it's you know clearly grabbing a big piece of the market. You got them doing more storage. What's going on Eric, is it just, "Hey, we're a good partner." "Hey we're not going to let them you know elbow us out." "We're going to be competitive with the evil machine company." What's the dynamic in the VMWare ecosystem with you guys? >> Well I think the big thing for us is IBM has had a powerful partnership with VMWare since day one. Way back when IBM use to have an Intel Server Division everything was worked with VMWare, been a VMR partner, years and years ago on the server world as that division transferred away to Lenovo the storage division became front and center so all kinds of integration with our all Flash arrays our Versus Stack which you do jointly with Cisco and VMWare providing a conversion for structured solution, the products that Steve's team just brought out Spectrum Protect Plus installs in 30 minutes, recovers instantly off of a VM, can handle multiple VMs, can recover VMs or files, can be used to back up hundreds and thousands of virtual machines if that's what you've got in your infrastructure. So, the world has gone virtual and cloud. IBM is there with virtual and cloud. You need to move data out to IBM cloud, or exams on our azure Spectrum Protect Plus, Spectrum Scale, Spectrum Virtualize all members of our software family, and the arrays that they ship on all can transparently move data to a cloud; move it back and forth at the blink of an eye. With VMWare you need that same sort of level of integration we've had it on the array side we've now brought that out with Spectrum Protect Plus to make sure that backups are, in fact Spectrum Protect Plus is so easily, even me with my masters degree in Chinese history can back up and protect my data in a VMWare environment. So it's designed to be used by the VMWare admin or the app owner, not by the backup guy or the storage admin. Not that they won't love it too, but it's designed for the guys who don't know much about storage. >> I'll tell you Dave I saw it, I watched him get a demo and then I watched him turn around and present it, it was impressive. (laughing) >> I want to ask you a quick question. Long time partners IBM and VMWare as you as you've just said. You were an EMC guy that's where I first met you, from a marketing and a positioning perspective what have you guys done in the last year since the combination has completed to continue to differentiate the IBM VMWare strengths as now VMWare's part of Dell EMC. >> So I think the key thing is VMWare always has been the switch under the storage business. When I was at EMC, we owned 81 percent of the company and you walked into Palo Alto and Pat Gelsinger who I used to work for at EMC is now the CEO of VMWare you walk into the data center and there's IBM arrays, EMC arrays, HP arrays, Dell arrays and then app arrays. And a bunch of all small guys so the good thing is they've always been the switch under the storage industry, IBM because of it's old history and the server industry has always had tight integration with them, and we've just made sure we've done. I think they key difference we've done is it's all about the data. CEO, CIO they hate talking about storage. It's all about the data and that's what we're doing. Spectrum Protect Plus is all about keeping the data safe protected, and as Steve talked about using it in the cloud using real data sets for test and dev for dev opps, that's unique. Not everyone's doing that we're one of the few guys that do that. It's all about the data and you sell the storage as a foundation of that data. >> Well I mean IBM's always been good about not selling speeds and feeds, but selling at the boardroom level, the C level I mean you're IBM. That's your brand. Having said that, there's a lot of knife fights going on tactically in the business and you guys are knife fighters I know you both you're both startup guys, you're not afraid to get you know down and dirty. So Steve, how do you address the skepticism that somebody might have and say, "Alright, you know I hear you, this all sounds great but, you know I need simplicity." You guys you talk simplicity your Chinese History background, but I'm still skeptical. What can you tell me, proof points share with us to convince us that you really are from a from a simplicity standpoint competitive with the pack? >> I think, I think you seen a pretty big transformation over the last 18 months with what the some of the stuff that we've done with the software portfolio. So, a lot of folks can talk a good game about a software defined strategy. The fact that we put the entire Spectrum suite now under one portfolio now things are starting to really gel and come together. We done things like interesting skunkworks project with Spectrum Protect Plus and now we even had business partners in our booth who are backup architects talking about the solution who sell everybody else's solution on the floor saying, "This is, the I can't believe it, "I can't believe this is IBM. "They're putting together solutions that "are just unbelievably easy to use." They need that and I think you're exactly right, Dave. It used to be where you have a lot of technical technicians in the field and people wanted to architect things and put things together. Those days are gone, right? Now what you're finding is the younger generation coming in they're iPhone type people they want click simplicity just want to use it that sort of thing. We've started to recognize that and we've had to build that into our product. We were, we are a humbler IBM now. We are listening to our business partners. We are asking them what do we need to be doing to help you be successful in the field, not just from a product set, but also a selling you know, a selling motion. The Spectrum suite all the products under one thing now working and they're operating together, the ability to buy them more easily, the ability to leverage them use them, put it in a sandbox, test it out, not get charged for it, okay I like it, now I want to deploy it. We've really made it a lot easier to consume technology in a much easier way, right, software defined, and we're making the products easier to use. >> How've you been able to achieve that transformation is it cultural, is it somebody came down and said you thou shalt simplify and I mean you've been there a couple years now. >> Yeah so I think, I think the real thing is IBM has brought into the division a bunch of people from outside the division. So Ed Walsh our general manager who's going to be on shortly five startups. Steve, five startups. Me, seven startups. Our new VP of Offering Manager in the Solutions said not only Net Up, four startups. Our new VP of North American sales, HDS, three startups. So we've brought in a bunch of guys who A, use to work at the big competition, EMC, Net Up, Hitachi, et cetera. And we've also brought in a bunch of people who are startup guys who are used to turning on dime, it's all about ease of use, it's all about simplicity, it's all about automation. So between the infusion of this intellectual capital from a number of us who've been outside the company, particularly in the startup world, and the incredible technical depth of IBM storage teams and our test teams and all the other teams that we leverage, we've just sort of pointed them in the direction like it needs to be installed in 30 minutes. Well guess what, they knew how to do that 30 years ago. They just never did because they were, you know stuck in the IBM silo if you will, and now the big model we have at IBM is outside in, not inside out, outside in. And the engineering teams have responded to that and made things that are easy to use, incredibly automated, work with everyone's gear not just ours. There're other guys that sell storage software. But other than in the protection space all the other guys, it only works with EMC or it only works with Net Up or it only works HP. Our software works with everyone's stuff including every one of our major competitors, and we're fine with that. So that's come from this infusion and combination of the incredible technical depth and DNA of IBM with a bunch of group of people about 10 of us who've all for come from either A, from the big competitors, but also from a bunch of startups. And we've just merged that over the last two years into something that's fortunate and incredibly powerful. We are now the number one storage software company in the world, and in overall storage, both systems and software, we're number two. >> Dave: So where's that data, is that IDC data? >> Yeah, that's the IDC data. >> And what are they what are they, when they count that what are they counting? Are they sort of eliminating any hardware you know, associated with that or? >> Well no, storage systems would be external systems our all Flash arrays, our Ver, that's all the systems side. Software's purely software only, so. >> Dave: No appliances >> Yeah, yeah, yeah. >> Dave: The value of those licenses associated with that >> Well as our CFO pointed out, so if you take a look at our track record of last at the beginning of this year, we grew seven percent in Q1, one of the only storage companies to grow certainly of the majors, we grew eight percent in Q2, again one of the only storage companies to grow of the major players, and as our CFO pointed out in his call in Q2, over 40 percent of the division's revenue is storage software, not full system, just stand alone software particularly with the strength of the suite and all the things we're doing you know, to make it easy to use install in 30 minutes and have a mastery in Chinese History be able to protect his data and never lose it. And that's what we want to be able to do. >> Okay so that's a licensed model, and is it a, is it a, is it a ratable model is it a sort of a perpetual model, what is it? >> We've got both depending on the solution. We have cloud engagement models, we can consume it in the cloud. We got some guys are traditionalists, gimme an ELA, you know Enterprise License Agreement. So we, we're the pasta guys. We have the best pasta in the world. Do you want red sauce, white sauce, or pesto? Dave I said that because you're part Italian, I'm half Italian on my mother's side. >> I like Italian. >> So we have the best pasta, whatever the right sauce is for you we deliver the best pasta on the planet, in our case the best storage software on the planet. >> You heard, you heard Michael up there on stage today, "Don't worry about it." He was invoking his best Italian, I have an affinity for that. So, so Steve, this is your second stint at IBM, Ed's second stint, I'm very intrigued that Doug Balog is now moved over this is a little inside baseball here, but running sales again. >> Steve: Right. >> So that's unique, actually, to see have a guy who use to run storage, leave, go be the general manager of the Power Systems division, in OpenPOWER, then come back, to drive storage sales. So, you're seeing, it's like a little gravity action. Guys sort of coming back in, what's going on from your perspective? >> Well I I think, I think Eric said it best. We've done an outside in. We've been bringing a lot of people in and I think that the development team and I wanted to to to bounce off of what Eric had said was they always knew how to do it, it's just they they needed to see and understand the motivation behind why they wanted to do it or why they needed to do it. And now they're seeing these people come in and talk about in a very, you know caring way that this is how the world is changing, and they believe it, and they know how to do it and they're getting excited. So now there's a lot more what what people might think, "Oh I'm just going to go develop my code and go home," and whatever they're not; they're excited. They want to build new products. They want to make these things interoperate together. They're, they're passionate about hearing from the customer, they're passionate about tell me what I can do to make it better. And all of those things when one group hears something that's going on to make something better they want to do the same thing, right. So it's it's really, it's breathing good energy into the storage division, I think. >> So question for you guys on that front you talked about Eric, we don't leave it at storage anymore, right? C levels don't care about that. But you've just talked about two very strong quarters in storage revenue perspective. What's driving that what's or what's dragging that? Is it data protection? What are some of the other business level drivers that are bringing that storage sale along? >> So for us it's been a couple things. So when you look at just the pure product perspective the growth has been around our all Flash arrays. We have a broad portfolio; we have very cost effective stuff we have stuff for the mainframe we have super high performance stuff we have stuff for big data analytic workloads. So again there isn't one Flash, you know there's a couple startups that started with one Flash and that's all they had. We think it's the right Flash tool for the right job. It's all about data, applications, workloads and use case. Big data analytics is not the same as your Oracle database to do your ERP system or your logistics system if you're someone like a Walmart. You need a different type of Flash for that. We tune everything to that. So Flash has been a growth engine for us, the other's been software defined storage. The fact that we suited it up, we have the broadest software portfolio in the industry. We have Block, we have File, we have Object, we have Backup, we have Archive. We've got Management Plane. We've got that and by packaging it into a suite, I hate to say we stole it from the old Microsoft Office, but we did. And for the in-user base it's up to a 40 percent discount. I'm old enough to remember the days of the computer store I think Dave might've gone to a computer store once or twice too. And there it was: Microsoft Office at eye level for $999. Excel, Powerpoint and Word above it at $499. Which would you buy? So we've got the Spectrum suite up to a 40 percent savings, and we let the users use all of the software for free in their dev environments at no charge and it's not a timeout version, it's not a lite version, it is a full version of the software. So you get to try a full thing out for free and then at the suite level you save up to 40 percent. What's not to like? >> And I think, I just wanted to compliment that too. I think to also answer the question is one of the things we've done so we've talked about development really growing, getting excited, wanting to build things. The other thing that's also happening is that is at the field level, we've stopped talking speeds and feeds like directly, right, so it has become this, this higher level conversation and now IBMers who go and sell things like cognitive and IOT and that sort of thing, they're now wanting to bring us in, because we're not talking about the feeds and speeds and screwing up like how they like to sell. We're talking about, Jenny will come out and say data is your is your most valuable asset in your company. And we say, okay, I got to store those bits and bytes some place, right? We provide that mechanism. We provide it in a multitude of different ways. And we want to compliment what they're doing. So now when I put presentations together to help the sales field, I talk about storage in a way that is more, how does it help cognitive? How does it help IOT? How does it help test and dev? And and by the way there's a suite, it's storing it, it's using it, it's protecting it. It's all of those things and now it's complimenting their selling motion. >> Well your both of the passion and the energy coming from both of you is very palpable. So thank you for sticking around, Eric, and Steve for coming back to theCUBE and sharing all the exciting things that are going on at IBM. That energy is definitely electric. So wish you guys the best of luck in the next day or so of the show and again, thank you for spending some time with us this afternoon. >> Thanks for having us. >> Thanks for having us. >> Absolutely, and for my co-host Dave Vellante, I'm Lisa Martin, you're watching theCUBE's live continuing coverage of the Emerald 2017 day two. Stick around, we'll be right back. (techno music)