>> From the SiliconANGLE Media office in Boston, Massachusetts, it's theCUBE. Now, here's your host, Dave Vellante. >> Hello, everyone, and welcome to this week's Cube Insights, powered by ETR. Today is November 8, 2019 and I'd like to address one of the most important topics in the minds of a lot of executives. I'm talking about CEOs, CIOs, Chief Information Security Officers, Boards of Directors, governments and virtually every business around the world. And that's the topic of cyber security. The state of cyber security has changed really dramatically over the last 10 years. I mean, as a cyber security observer I've always been obsessed with Stuxnet, which the broader community discovered the same year that theCUBE started in 2010. It was that milestone that opened my eyes. Think about this. It's estimated that Stuxnet cost a million dollars to create. That's it. Compare that to an F-35 fighter jet. It costs about $85-$100 million to build one. And that's on top of many billions of dollars in R&D. So Stuxnet, I mean, it hit me like a ton of bricks. That the future of war was all about cyber, not about tanks. And the barriers to entry were very, very low. Here's my point. We've gone from an era where thwarting hacktivists was our biggest cyber challenge to one where we're now fighting nation states and highly skilled organized criminals. And of course, cyber crime and monetary theft is the number one objective behind most of these security breaches that we see in the press everyday. It's estimated that by 2021 cyber crime is going to cost society $6 trillion in theft, lost productivity, recovery costs. I mean, that's just a staggeringly large number. It's even hard to fathom. Now, the other C-change is how organizations have had to respond to the bad guys. It used to be pretty simple. I got a castle and the queen is inside. We need to protect her, so what do we do? We built a mote, put it around the perimeter. Now, think of the queen as data. Well, what's happened? The queen has cloned herself a zillion times. She's left the castle. She's gone up to the sky with the clouds. She's gone to the edge of the kingdom and beyond. She's also making visits to machines and the factories and hanging out with the commoners. She's totally exposed. Listen, by 2020, there's going to be hundreds of billions of IP addresses. These are going to be endpoints and phones, TVs, cameras, tablets, automobiles, factory machines, and all these represent opportunities for the bad guys to infiltrate. This explosion of endpoints that I'm talking about is created massive exposures, and we're seeing it manifest itself in the form of phishing, malware, and of course the weaponization of social media. You know, if you think that 2016 was nuts, wait 'til you see how the 2020 presidential election plays out. And of course, there's always the threat of ransomware. It's on everybody's minds these days. So I want to try to put some of this in context and share with you some insights that we've learned from the experts on theCUBE. And then let's drill into some of the ETR data and assess the state of security, the spending patterns. We're going to try to identify some of those companies with momentum and maybe some of those that are a little bit exposed. Let me start with the macro and the challenged faced by organization and that's complexity. Here's Robert Herjavec on theCUBE. Now, you know him from the Shark Tank, but he's also a security industry executive. Herjavec told me in 2017 at the Splunk.com Conference that he thought the industry was overly complex. Let's take a look and listen. >> I think that the industry continues to be extremely complicated. There's a lot of vendors. There's a lot of products. The average Fortune 500 company has 72 security products. There's a stat that RSA this year, that there's 1500 new security start-ups every year. Every single year. How are they going to survive? And which ones do you have to buy because they're critical and provide valuable insights? And which ones are going to be around for a year or two and you're never going to hear about again? So it's a extremely challenging complex environment. >> So it's that complexity that had led people like Pat Gelsinger to say security is a do-over, and that cyber security is broken. He told me this years ago on theCUBE. And this past VM World we talked to Pat Gelsinger and remember, VMware bought Carbon Black, which is an endpoint security specialist, for $2.1 billion. And he said that he's basically creating a cloud security division to be run by Patrick Morley, who is the Carbon Black CEO. Now, many have sort of questioned and been skeptical about VMware's entrance into the space. But here's a clip that Pat Gelsinger shared with us on theCUBE this past VM World. Let's listen and we'll come back and talk about it. >> And this move in security, I am just passionate about this, and as I've said to my team, if this is the last I do in my career is I want to change security. We just not are satisfying our customers. They shouldn't put more stuff on our platforms. >> National defense issues, huge problems. >> It's just terrible. And I said, if it kills me, right, I'm going to get this done. And they says, "It might kill you, Pat." >> So this brings forth an interesting dynamic in the industry today. Specifically, Steven Smith, the CISO of AWS, at this year's Reinforce, which is their security conference, Amazon's big cloud security conference, said that this narrative that security is broken, it's just not true, he said. It's destructive and it's counterproductive. His and AWS's perspective is that the state of cloud security is actually strong. Kind of reminded me of a heavily messaged State of the Union address by the President of the United States. At the same time, in many ways, AWS is doing security over. It's coming at it from the standpoint of a clean slate called cloud and infrastructure as a surface. Here's my take. The state of security in this union is not good. Every year we spend more, we lose more, and we feel less safe. So why does AWS, the security czar, see if differently? Well, Amazon uses this notion of a shared responsibility security model. In other words, they secure the S3 buckets, maybe the EC2 infrastructure, not maybe, the EC2 infrastructure. But it's up to the customer to make sure that she is enforcing the policies and configuring systems that adhere to the EDIX of the corporation. So I think the shared security model is a bit misunderstood by a lot of people. What do I mean by that? I think sometimes people feel like well, my data's in the cloud, and AWS has better security than I do. Here I go, I'm good. Well, AWS probably does have better security than you do. Here's the problem with that. You still have all these endpoints and databases and file servers that you're managing, and that you have to make sure comply with your security policies. Even if you're all on the cloud, ultimately, you are responsible for securing your data. Let's take a listen to Katie Jenkins, the CISO of Liberty Mutual, on this topic and we'll come back. >> Yeah, so the shared responsibility model is, I think that's an important speaking point to this whole ecosystem. At the end of the day, Liberty Mutual, our duty is to protect policyholder data. It doesn't matter if it's in the cloud, if it's in our data centers, we have that duty to protect. >> It's on you. >> All right, so there you have it from a leading security practitioner. The cloud is not a silver bullet. Bad user behavior is going to trump good security every time. So unfortunately the battle goes on. And here's where it gets tricky. Security practitioners are drowning in a sea of incidents. They have to prioritize and respond to, and as you heard Robert Herjavec say, the average large company has 75 security products installed. Now, we recently talked to another CISO, Brian Lozada, and asked him what's the number one challenge for security pros. Here's what he said. >> Lack of talent. I mean, we're starving for talent. Cyber security's the only field in the world with negative unemployment. We just don't have the actual bodies to actually fill the gaps that we have. And in that lack of talent CISOs are starving. We're looking for the right things or tools to actually patch these holes and we just don't have it. Again, we have to force the industry to patch all of those resource gaps with innovation and automation. I think CISOs really need to start asking for more automation and innovation within their programs. >> So bottom line is we can't keep throwing humans at the problem. Can't keep throwing tools at the problem. Automation is the only way in which we're going to be able to keep up. All right, so let's pivot and dig in to some of the ETR data. First, I want to share with you what ETR is saying overall, what their narrative looks like around spending. So in the overall security space, it's pretty interesting what ETR says, and it dovetails into some of the macro trends that I've just shared with you. Let's talk about CIOs and CISOs. ETR is right on when they tell me that these executives no longer have a blank check to spend on security. They realize they can't keep throwing tools and people at the problem. They don't have the bodies, and as we heard from Brian Lozada. And so what you're seeing is a slowdown in the growth, somewhat of a slowdown, in security spending. It's still a priority. But there's less redundancy. In other words, less experimentation with new vendors and less running systems in parallel with legacy products. So there's a slowdown adoption of new tools and more replacement of legacy stuff is what we're seeing. As a result, ETR has identified this bifurcation between those vendors that are very well positioned and those that are losing wallet share. Let me just mention a few that have the momentum, and we're going to dig into this data in more detail. Palo Alto Networks, CrowdStrike, Okta, which does identity management, Cisco, who's coming at the problem from its networking strength. Microsoft, which recently announced Sentinel for Azure. These are the players, and some of them that are best positioned, I'll mention some others, from the standpoint spending momentum in the ETR dataset. Now, here's a few of those that are losing momentum. Checkpoint, SonicWall, ArcSight, Dell EMC, which is RSA, is kind of mixed. We'll talk about that a little bit. IBM, Symantec, even FireEye is seeing somewhat higher citations of decreased spending in the ETR surveys and dataset. So there's a little bit of a cause for concern. Now, let's remember the methodology here. Every quarter ETR asks are you green, meaning adopting this vendor as new or spending more? Are you neutral, which is gray, are you spending the same? Or are you red, meaning that you're spending less or retiring? You subtract the red from the green and you get what's called a net score. The higher the net score, the better. So here's a chart that shows a ranking of security players and their net scores. The bars show survey data from October '18, July '19, and October '19. In here, you see strength from CrowdStrike, Okta, Twistlock, which was acquired by Palo Alto Networks. You see Elastic, Microsoft, Illumio, the core, Palo Alto Classic, Splunk looking strong, Cisco, Fortinet, Zscaler is starting to show somewhat slowing net score momentum. Look at Carbon Black. Carbon Black is showing a meaningful drop in net score. So VMware has some work to do. But generally, the companies to the left are showing spending momentum in the ETR dataset. And I'll show another view on net score in a moment. But I want to show a chart here that shows replacement spending and decreased spending citations. Notice the yellow. That's the ETR October '19 survey of spending intentions. And the bigger the yellow bar, the more negative. So Sagar, the director of research at ETR, pointed this out to me, that, look at this. There are about a dozen companies where 20%, a fifth of the customer base is decreasing spend or ripping them out heading into the year end. So you can see SonicWall, CA, ArcSight, Symantec, Carbon Black, again, a big negative jump. IBM, same thing. Dell EMC, which is RSA, slight uptick. That's a bit of a concern. So you can see this bifurcation that ETR has been talking about for awhile. Now, here's a really interesting kind of net score. What I'm showing here is the ETR data sorted by net score, again, higher is better, and shared N, which is the number of shared accounts in the survey, essentially the number of mentions in that October survey with 1,336 IT buyers responded. So how many of that 1,300 identified these companies? So essentially it's a proxy for the size of the install base. So showing up on both charts is really good. So look, CrowdStrike has a 62% net score with a 133 shared account. So a fairly sizable install base and a very high net score. Okta, similar. Palo Alto Networks and Splunk, both large, continue to show strength. They got net scores of 44% and 313 shared N. Fortinet shows up in both. Proofpoint. Look at Microsoft and Cisco. With 521 and 385 respectively on the right hand side. So big install bases with very solid net scores. Now look at the flip side. Go down to the bottom right to IBM. 132 shared accounts with a 14.4% net score. That's very low. Check Point similarly. Same with Symantec. Again, bifurcation that ETR has been citing. Really stark in this chart. All right, so I want to wrap. In some respects from a practitioner perspective, the sky erectus is falling. You got increased attack surface. You've got exploding number of IP addresses. You got data distributed all over the place, tool creep. You got sloppy user behavior, overwork security op staff, and a scarcity of skills. And oh, by the way, we're all turning into a digital business, which is all about data. So it's a very, very dangerous time for companies. And it's somewhat chaotic. Now, chaos, of course, can mean cash for cyber security companies and investors. This is still a very vibrant space. So just by the way of comparison and looking at some of the ETR data, check this out. What I'm showing is companies in two sectors, security and storage, which I've said in previous episodes of breaking analysis, storage, and especially traditional storage disk arrays are on the back burner spending wise for many, many shops. This chart shows the number of companies in the ETR dataset with a net score greater than a specific target. So look, security has seven companies with a 49% net score or higher. Storage has one. Security has 18 above 39%. Storage has five. Security has 31 companies in the ETR dataset with a net score higher than 30%. Storage only has nine. And I like to think of 30% as kind of that the point at which you want to be above that 30%. So as you can see, relatively speaking, security is an extremely vibrant space. But in many ways it is broken. Pat Gelsinger called it a do-over and is affecting a strategy to fix it. Personally, I don't think one company can solve this problem. Certainly not VMware, or even AWS, or even Microsoft. It's too complicated, it's moving too fast. It's so lucrative for the bad guys with very low barriers to entry, as I mentioned, and as the saying goes, the good guys have to win every single day. The bad guys, they only have to win once. And those are just impossible odds. So in my view, Brian Lozada, the CISO that we interviewed, nailed it. The focus really has to be on automation. You know, we can't just keep using brute force and throwing tools at the problem. Machine intelligence and analytics are definitely going to be part of the answer. But the reality is AI is still really complicated too. How do you operationalize AI? Talk to companies trying to do that. It's very, very tricky. Talk about lack of skills, that's one area that is a real challenge. So I predict the more things change the more you're going to see this industry remain a game of perpetual whack a mole. There's certainly going to be continued consolidation, and unquestionably M&A is going to be robust in this space. So I would expect to see continued storage in the trade press of breaches. And you're going to hear scare tactics by the vendor community that want to take advantage of the train wrecks. Now, I wish I had better news for practitioners. But frankly, this is great news for investors if they can follow the trends and find the right opportunities. This is Dave Vellante for Cube Insights powered by ETR. Connect with me at David.Vellante@siliconangle.com, or @dvellante on Twitter, or please comment on what you're seeing in the marketplace in my LinkedIn post. Thanks for watching. Thank you for watching this breaking analysis. We'll see you next time. (energetic music)

>> live from Boston, Massachusetts. It's the Cube covering AWS reinforce 2019. Brought to you by Amazon Web service is and its ecosystem partners. >> Okay, welcome back. It was two cubes. Live coverage in Boston, Massachusetts, for Amazon Web services reinforces A W s, his first inaugural conference around security, cloud security and all the benefits of security vendors of bringing. We're here with a man who runs the marketplace and more. Dave McCann Cube, alumni vice president of migration, marketplace and control surfaces. That's a new tail you were that you have here since the last time we talked. Lots changed. Give us the update. Welcome to the Cube. >> Great to be back, ma'am. Believe it's seven months of every event. >> Feels like this. Seven years. You know, you've got a lot new things happening. >> We do >> explain. You have new responsibility. You got the marketplace, which we talked about a great product solutions. What else do you have? >> So we've obviously been expanding our service portfolio, right? So either us is launching. New service is all the time. We have a set of service is a road in the migration of software. So I run. No, the immigration Service's team and interesting. We were sitting in Boston, and that's actually headquartered 800 yards down the road. So there's a set of surfaces around the tools to help you as a CEO. Move your applications onto the clothes. Marketplace is obviously where we want you to find short where you need to buy. And then once you get into the topic of governance, we had one product called Service Catalog and reinvent. We announced a new product. That was a preview called Control. Yesterday we went to G A full availability off control, Terror and Control term service catalog together are in the government space, but we're calling them control service is because it's around controlling the access off teams to particular resources. So that's control service. >> What people moving into the cloud and give us a sense of the the workload. I know you see everything but any patterns that you can see a >> lot of patterns and merging and migration, and they are very industry specific. But there are some common patterns, so you know we're doing migrations and frozen companies were weighed and professional service is run by. Todd Weatherby is engaged in hundreds of those migrations. But we also have no over 70 partners that we've certified of migration partners. Migration partners are doing three times as many migrations as our old professional service is. Team are doing so in collection. There's a lot going on there, one of the common patterns. First of all, everybody is moved a Web development other websites have done. They're all running on the AWS know what they're doing is they're modernizing new applications. So the building in Europe or bring enough over moving onto containers. So it was a lie that ran on a sever server on. As they move into the clothes, they're gonna reshape the throw away. Some of the court brief the court up into micro service is on. Deploy out, Let's see on E. C s, which is continuing. There's a lot of application organization, and then on the migration side, we're seeing applications clearly were migrating a lost a lot of ASAP. So the big partners like Deloitte and Accenture are doing a C P migrations, and we've done a lot of ASAP migrations. And then there are other business applications are being moved with particular software vendors. You know there's a company here in Boston called Pegasystems. They do a world leading workflow platform. We've worked with Pagan, and we have migrated loss of paga warped floors in dozens of paying customers up on the float. >> You innovated on the marketplace, which is where people buy so they can contract with software. So now you got moving to the cloud, buying on the cloud, consuming the cloud and then governing it and managing that aspect all under one cohesive unit. That's you. Is that good? >> Yeah, it's a good way to think about it. It's a san of engineering teams with Coleman purpose for the customer. So you know, one of the things we do AWS is we innovate a lot, and then we organize the engineering teams around a common customer needs. So we said, above all of the computer stories service is on. We pay attention to the application layer. We described the application, So if you think of a migration service is says, I've actually got a service called Discovery, I crawl over your servers and I find what you have way. Then what we do is we have a tool that says, Are you gonna bring and move the till. So you have to build a business case. We just bought a company in Canada called TSA Logic. They had a Super Two for building a business case that said, what would this absolutely running with either of us. >> So is the need of the business case. What's the courtney that you guys have focused on? What was that? >> So, interestingly, we run more Windows Server and the clothes when Microsoft. So you actually have to business keys here. So many windows servers are running on print. What does it look like when a run on either the U. S. And T s so logic? Really good, too. And we find our customers using it. That says, Here's your own prim Windows server configuration with an app on run the mortal What would it look like when it runs on AWS? >> But why would you just do that with a spreadsheet? What? What is the T s so logic do that you couldn't do especially >> well? First of all, you want to make a simple too Somebody has to go run a spreadsheet. They've turned it into a tool that a business years Ercan used a sales person you could use on. They've built on top of a database. So it's got a rich set of choices. You are richer than you put in. A special with a U IE is intuitive, and you're gonna learn it in 20 minutes. I'm not gonna have you made up >> this date in their best practice things like that that you can draw a library >> of what's going down, and it keeps the data store of all the ones we've done. So we're turning that into two. Were giving Old Toller solution architect. >> Well, you got a good thing going on with the marketplace. Good to see you wrapping around those needs there. I gotta ask for the marketplace. Just give us the latest stats. How many subscriptions air in the marketplace these days? What's the overall number in the marketplace? It's >> pretty exciting. Way decided just at San Francisco to announce that we now have over 1,000,000 active subscriptions in the marketplace, which is a main boggling number on its own 1,000,000 subscriptions. Ice of Scrape. Within those subscriptions, we've got over 240 foes and active accounts, you know, and the audience doors you could be an enterprise with 100 cases and in an enterprise. What we typically see is that there are seven or eight teams that are buying or using software, so we'll have seven or eight accounts that have the right to subscribe. So you could be a one team and you're in another team you're buying B I tools. You're buying security tools. So those accounts on what? We're announcing the show for the first time ever. Its security is we have over 100,000 security subscriptions. That's a while. That's a big number. Some companies only have 100 customers, and the market, please. Our customers are switched on 100,000 security. So >> many product listings is that roughly it's just security security. At 300 >> there's over 100 listings. Thing is a product with a price okay on a vendor could be Let's see Paolo off networks or crowdstrike or trains or semantic or McAfee or a brand new company like Twist located of Israel. These companies might have one offer or 20 offers, so we have over 800 offers from over 300. Vendors were having new vendors every week. >> That's the next question. How many security app developers are eyes? Do you have over 300? 300? Okay. About 100. Anyway, I heard >> this morning from Gartner that they believe that are over 1000 security vendors. So I'm only 30% done. I got a little work >> tonight. How >> do you >> govern all this stuff? I was a customer. Sort of Make sure that they're in compliance. >> Great question. Steven Smith yesterday was talking about governance once she moved things on the clothes. It's very elastic. You could be running it today, not running a tomato, running it in I d running in Sydney. So it's easy to fire up running everywhere. So how did the governance team of a company nor watch running where you know, you get into tagging, everything has to be tagged. Everything has to have a cord attached to it. And then you do want to control who gets to use what I may have bought about a cuter appliance. But I don't know that I gave you rates to use it, right, so we could have border on behalf of the company. But I need to grant you access. So we launched a couple of years ago. Service catalog is our first governance to and yesterday we went into full release over new to call the control tower. >> Right. What you announced way reinvents >> preview. And yesterday we went to Jenny. What control does is it Natural Owes me to set up a set of accounts. So if you think of it, your development team, you've got David Kay and tested and the product ain't your brand new to the company. I'm a little worried. What, you're going to get up. You >> don't want to give him the keys to the kingdom, >> so I'm actually going to grant you access to a set of resources, and then I'm gonna apply some rules, or what we call God reels is your brand. You you haven't read my manual, you're in the company. So I'm gonna put a set of God reels on you to make sure that you follow our guide length >> Just training. And so is pressing the wrong button, that kind of thing. So I gotta ask you I mean, on the buying side consumption. I heard you say in a talk upstairs on Monday. You have a buyer, buyer, lead, engineering teams and cellar Let engineering, which tells me that you got a lot of innovation going on the marketplace. So the results are obviously they mention the listings. But one of the trends that's here security conference and it was proper is ecosystems importance in monetization. So back in the old days, Channel partners were a big part of the old computer industry. You're essentially going direct with service listings, which is great. How does that help the channel? Is there sinking around channel as a buyer opportunity? How do you How does that work with the market? Is what your thinking around the relationship between the scale of a simplicity and efficiency, the marketplace with the relationships the channel partners may have with their customers? And how do you bridge that together? What's the thinking >> you've overstayed? Been around a long time? >> Uh, so you have 90 Sydney? Well, the channels have been modernizes the nineties. You think about a >> long time. It's really interesting when we conceived Market please candidly. Way didn't put the channel in marketplace, and in retrospect, that was a miss. Our customers are big customers or small customers. Trust some of the resellers. Some resellers operates surely on price. Some resellers bring a lot of knowledge, even the biggest of the global 2000 Fortune 100. They have a prepared advisor. Let's take a company record. You often got 700 security engineers that are blue chip companies in America trusts or they buy the software the adoptive recommends. So mark it, please really didn't accommodate for Let's Pick another One in Europe, it would be computer center. So in the last two years we've dedicated the data separate engineering team were actually opened up. A team in a different city on their sole customer is a reseller. And so we launch this thing called Consulting Partner Private offer. And so now you're Palo. Also, for your trained, you can authorize active or serious or s h I to be the re sailor at this corporation, and they can actually negotiate the price, which is what a role resellers do. They negotiate price in terms, so we've actually true reseller >> write software for fulfillment through the marketplace. Four partners which are now customers to you now so that they could wrap service is because that's something we talk to. People in the Channel number one conversation is we love the cloud. But how do I make money and that is Service is right. They all want to wrap Service's around, So okay, you guys are delivering this. Is that my getting that right? You guys are riding a direct link in tow marketplace for partners, and they could wrap service is around there, >> will you? Seeing two things? First of all, yes. We're lowering the resale of to sell the software for absolutely. So you re sailor, you can quote software you build rebuild for you so that I become the billing partner for a serious or a billing partner for active on active can use marketplace to fulfill clothes software for their customers. Dan Burns to see you about pretty happy. You crossed the line into a second scenario, which is condone burns attached. Service is on. Clearly, that's a use case we hear usually would we hear use cases way end up through feeling that a little, little not a use case I have enabled, but we've done >> what you're working on It. We've had what the customer. How does the reseller get into the marketplace? What kind of requirements are there. Is it? Is it different than some of your other partners, or is it sort of a similar framework? >> They have to become an approved resale or so First of all, they have to be in a peon partner. I mean, we work tightly with a p N e p M screens partners for AWS. So Josh Hoffman's team Terry Wise, his team, whole part of team screen. The reseller we would only work with resellers are screened and approved by the PM Wants the AP en approved way have no set up a dedicated program team. They work with a reseller with trained them what's involved. Ultimately, however, the relationship is between Splunk in a tree sailor, a five and a three sailor named after a tree sailor or Paulo trend or Croat straight. So it's up to the I S V to tail us that hey, computer centers my reseller. I don't control that relationship. A fulfillment agent you crow strike to save resellers, and I simply have to meet that work so that I get the end customer happy. >> So your enabler in that instance, that's really no, I'm >> really an engine, even team for everybody engineer for the Iast way, engineer for the buyer. And they have to engineer for the re. So >> you have your hands in a lot of the action because you're in the middle of all this marketplace and you must do a lot of planning. I gotta ask you the question and this comes up. That kind of put on my learning all the Amazon lingo covering reinvent for eight years and covering all the different events. So you gotta raise the bar, which is an internal. You keep innovating. Andy Jassy always sucks about removing the undifferentiated heavy lifting. So what is the undifferentiated heavy lifting that you're working toe automate for your customers? >> Great questions. Right now there's probably three. We'll see what the buyer friction is, and then we'll talk about what the sale of friction is. The buyer frustration that is, undifferentiated. Heavy lifting is the interestingly, it's the team process around choosing software. So a couple of customers were on stage yesterday right on those big institutions talked about security software. But in order for an institution to buy that software, there are five groups involved. Security director is choosing the vendor, but procurement has to be involved. Andre. No procurement. We can't be left out the bit. So yesterday we did. The integration to Cooper is a procurement system. So that friction is by subscribing marketplace tied round. Match it with appeal because the p O is what goes on the ledgers with the company. A purchase order. So that has to be a match in purchase order for the marketplace subscription. And then engineers don't Tidwell engineers to always remember you didn't tag it. Hi, this finance nowhere being spent. So we're doing work on working service catalog to do more tagging. And so the buyer wants good tagging procurement integrated. So we're working on a walk slow between marketplace service catalog for procurement. >> Tiring. So you've kind of eliminated procurement or are eliminating procurement as a potential blocker, they use another. Actually, we won't be >> apart for leading procurement. VPs want their V piece of engineering to be happy. >> This is legal. Next. Actually, Greek question. We actually tackled >> legal. First, we did something called Enterprise Code tracked and our customer advisory board Two years ago, one of our buyers, one of our customers, said we're gonna be 100 vendors to deploy it. We're not doing 100 tracks. We've only got one lawyer, You know, 6000 engineers and one lawyer. Well, lawyers, good cord is quickly. So we've created a standard contract. It take stain to persuade legal cause at risk. So we've got a whole bunch of corporations adopting enterprise contract, and we're up to over 75 companies adopting enterprise contract. But legal is apartment >> so modernizing the procurement, a key goal >> procurement, legal, security, engineering. And then the next one is I t finance. So if you think of our budgets on their course teams on AWS, everything needs to be can become visible in either of US budgets. And everything has become visible in course exporter. So we have to call the rate tags. >> I heard a stat that 6,000,000 After moving to the cloud in the next 6,000,000 3 to 5 years, security as a focus reinforces not a summit. It's branded as a W s reinforce, just like reinvents. Same kind of five year for security. What's your impression of the show so far? No, you've been highly active speaking, doing briefing started a customer's burn, the midnight oil with partners and customers What's that? What's your vibe of the show? What's your takeaway? What's the most important thing happening here? What's your what's your summary? >> So I always think you get the truth in the booth. Cut to the chase. I made a customer last night from a major media company who we all know who's in Los Angeles. His comment was weeks, either. These expectations wasn't she wanted to come because he goes to reinvent. Why am I coming to Boston in June? Because I'm gonna go to reinvent November on this. The rates of security for a major media company last night basically said, I love the love. The subject matter, right? It's so security centric. He actually ended up bringing a bunch of people from his team on, and he loves the topics in the stations. The other thing he loved was everybody. Here is insecurity, reinvent. There's lots of people from what's the functions, But everybody here is a security professional. So that was the director of security for a media company. He was at an event talking to one of the suppliers, the marketplace. I asked this president of a very well known security vendor and I said. So what's your reaction to reinforce? And he said, Frankly, when you guys told me it was coming, we didn't really want the bother. It's the end of the quarter. It's a busy time of year. It's another event, he said. I am sure glad we came on. He was standing talking to these VP of marketing, saying, We want to bring more people, make sure, So he's overjoyed. His His comment was, when I go to Rio event 50,000 people but only 5% of their own security. I can't reinforce everybody's insecurity >> in Houston in 2020. Any inside US tow? Why Houston? I have no clue what I actually think >> is really smart about the Vineyard, and this is what a customer said Last night. I met a customer from Connecticut who isn't a load to travel far. They don't get to go to reinvent in Vegas. I think what we did when we came to Boston way tapped into all the states that could drive. So there are people here who don't get to go to reinvent. I think when we go to Houston, we're going to get a whole bunch of takes its customers. Yeah, you don't get a flight to Vegas. So I think it's really good for the customer that people who don't get budget to travel >> makes sense on dry kind of a geographic beograd. The world >> if we're expanding the customers that can learn. So from an education point of view, we're just increase the audience that we're teaching. Great, >> Dave. Great to have you on. Thanks for the insights and congratulations on the new responsibility as you get more coz and around marketplace been very successful. 1,000,000 subscriptions. That's good stuff again. They were >> you reinvented and >> a couple of months, Seven days? What? We're excited. I love covering the growth of the clouds. Certainly cloud security of his own conference. Dave McCann, Vice president Marketplace Migration and Control Service is controlled cattle up. How they how you how you move contract and governed applications in the future. All gonna be happening online. Cloud Mr. Q coverage from Boston. They just reinforced. We right back with more after this short break