(upbeat music) >> Hello, everyone. Welcome to theCUBE's coverage of the "AWS Startup Showcase", season two, episode one. I'm Lisa Martin, and I'm excited to be joined by Snyk, next in this episode. Liran Tal joins me, the director of developer advocacy. Liran, welcome to the program. >> Lisa, thank you for having me. This is so cool. >> Isn't it cool? (Liran chuckles) All the things that we can do remotely. So I had the opportunity to speak with your CEO, Peter McKay, just about a month or so ago at AWS re:Invent. So much growth and momentum going on with Snyk, it's incredible. But I wanted to talk to you about specifically, let's start with your role from a developer advocate perspective, 'cause Snyk is saying modern development is changing, so traditional AppSec gatekeeping doesn't apply anymore. Talk to me about your role as a developer advocate. >> It is definitely. The landscape is changing, both developer and security, it's just not what it was before, and what we're seeing is developers need to be empowered. They need some help, just working through all of those security issues, security incidents happening, using open source, building cloud native applications. So my role is basically about making them successful, helping them any way we can. And so getting that security awareness out, or making sure people are having those best practices, making sure we understand what are the frustrations developers have, what are the things that we can help them with, to be successful day to day. And how they can be a really good part of the organization in terms of fixing security issues, not just knowing about it, but actually being proactively on it. >> And one of the things also that I was reading is, Shift Left is not a new concept. We've been talking about it for a long time. But Snyk's saying it was missing some things and proactivity is one of those things that it was missing. What else was it missing and how does Snyk help to fix that gap? >> So I think Shift Left is a good idea. In general, the idea is we want to fix security issues as soon as we can. We want to find them. Which I think that is a small nuance that what's kind of missing in the industry. And usually what we've seen with traditional security before was, 'cause notice that, the security department has like a silo that organizations once they find some findings they push it over to the development team, the R&D leader or things like that, but until it actually trickles down, it takes a lot of time. And what we needed to do is basically put those developer security tools, which is what Snyk is building, this whole security platform. Is putting that at the hands and at the scale of, and speed of modern development into developers. So, for example, instead of just finding security issues in your open source dependencies, what we actually do at Snyk is not just tell you about them, but you actually open a poll request to your source codes version and management system. And through that we are able to tell you, now you can actually merge it, you can actually review it, you can actually have it as part of your day-to-day workflows. And we're doing that through so many other ways that are really helpful and actually remediating the problem. So another example would be the IDE. So we are actually embedding an extension within your IDEs. So, once you actually type in your own codes, that is when we actually find the vulnerabilities that could exist within your own code, if that's like insecure code, and we can tell you about it as you hit Command + S and you will save the file. Which is totally different than what SaaS tools starting up application security testing was before because, when things started, you usually had SaaS tools running in the background and like CI jobs at the weekend and in deltas of code bases, because they were so slow to run, but developers really need to be at speed. They're developing really fast. They need to deploy. One development is deployed to production several times a day. So we need to really enable developers to find and fix those security issues as fast as we can. >> Yeah, that speed that you mentioned is absolutely critical to their workflow and what they're expecting. And one of the unique things about Snyk, you mentioned, the integration into how this works within development workflow with IDE, CIDC, they get environment enabling them to work at speed and not have to be security experts. I imagine are two important elements to the culture of the developer environment, right? >> Correct, yes. It says, a large part is we don't expect developers to be security experts. We want to help them, we want to, again, give them the tools, give them the knowledge. So we do it in several ways. For example, that IDE extension has a really cool thing that's like kind of unique to it that I really like, and that is, when we find, for example, you're writing code and maybe there's a batch traversal vulnerability in the function that you just wrote, what we'll actually do when we tell you about it, it will actually tell you, hey, look, these are some other commits made by other open source projects where we found the same vulnerability and those commits actually fixed it. So actually giving you example cases of what potentially good code looks like. So if you think about it, like who knows what patch reversal is, but prototype pollution like many types of vulnerabilities, but at the same time, we don't expect developers to actually know, the deep aspects of security. So they're left off with, having some findings, but not really, they want to fix them, but they don't really have the expertise to do it. So what we're doing is we're bridging that gap and we're being helpful. So I think this is what really proactive security is for developers, that says helping them remediate it. And I can give like more examples, like the security database, it's like a wonderful place where we also like provide examples and references of like, where does their vulnerability come from if there's like, what's fogging in open-source package? And we highlight that with a lot of references that provide you with things, the pull requests that fixed date, or the issue with where this was discussed. You have like an entire context of what is the... What made this vulnerability happen. So you have like a little bit more context than just specifically, emerging some stuff and updating, and there's a ton more. I'm happy to like dive more into this. >> Well, I can hear your enthusiasm for it, a developer advocate it seems like you are. But talking about the burdens of the gaps that you guys are filling it also seems like the developers and the security folks that this is also a bridge for those teams to work better together. >> Correct. I think that is not siloed anymore. I think the idea of having security champions or having threat modeling activities are really, really good, or like insightful both like developers and security, but more than just being insightful, useful practices that organizations should actually do actually bringing a discussion together to actually creating a more cohesive environment for both of those kind of like expertise, development and security to work together towards some of these aspects of like just mitigating security issues. And one of the things that actually Snyk is doing in that, in bringing their security into the developer mindset is also providing them with the ability to prioritize and understand what policies to put in place. So a lot of the times security organizations actually, the security org wants to do is put just, guardrails to make sure that developers have a good leeway to work around, but they're not like doing things that like, they definitely shouldn't do that, like prior to bringing a big risk into today organizations. And that's what I think we're doing also like great, which is the fact that we're providing the security folks to like put the policies in place and then developers who actually like, work really well within those understand how to prioritize vulnerabilities is an important part. And we kind of like quantify that, we put like an urgency score that says, hey, you should fix this vulnerability first. Why? Because it has, first of all, well, you can upgrade really quickly. It has a fix right there. Secondly, there's like an exploit in the wild. It means potentially an attacker can weaponize this vulnerability and like attack your organizations, in an automated fashion. So you definitely want to put that put like a lead on that, on that broken window, if so to say. So we ended up other kind of metrics that we can quantify and put this as like an urgency score, which we called a priority score that helps again, developers really know what to fix first, because like they could get a scan of like hundreds of vulnerabilities, but like, what do I start first with? So I find that like very useful for both the security and the developers working together. >> Right, and especially now, as we've seen such changes in the last couple of years to the threat landscape, the vulnerabilities, the security issues that are impacting every industry. The ability to empower developers to not only work at the speed with which they are accustomed and need to work, but also to be able to find those vulnerabilities faster prioritize which ones need to be fixed. I mean, I think of Log4Shell, for example, and when the challenge is going on with the supply chain, that this is really a critical capability from a developer empowerment perspective, but also from a overall business health and growth perspective. >> Definitely. I think, first of all, like if you want to step just a step back in terms of like, what has changed. Like what is the landscape? So I think we're seeing several things happening. First of all, there's this big, tremendous... I would call it a trend, but now it's like the default. Like of the growth of open source software. So first of all as developers are using more and more open source and that's like a growing trend of have like drafts of this. And it's like always increasing across, by the way, every ecosystem go, rust, .net, Java, JavaScript, whatever you're building, that's probably like on a growing trend, more open source. And that is, we will talk about it in a second what are the risks there. But that is one trend that we're saying. The other one is cloud native applications, which is also worth to like, I think dive deep into it in terms of the way that we're building applications today has completely shifted. And I think what AWS is doing in that sense is also creating a tremendous shift in the mindset of things. For example, out of the cloud infrastructure has basically democratized infrastructure. I do not need to, own my servers and own my monitoring and configure everything out. I can actually write codes that when I deploy it, when something parses this and runs this, it actually creates servers and monitoring, logging, different kinds of things for me. So it democratize the whole sense of building applications from what it was decades ago. And this whole thing is important and really, really fast. It makes things scalable. It also introduces some rates. For example, some of these configuration. So there's a lot that has been changed. And in that landscape of like what modern developer is and I think in that sense, we kind of can need a lead to a little bit more, be helpful to developers and help them like avoid all those cases. And I'm like happy to dive into like the open source and the cloud native. That was like follow-ups on this one. >> I want to get into a little bit more about your relationship with AWS. When I spoke with Peter McKay for re:Invent, he talked about the partnership being a couple of years old, but there's some kind of really interesting things that AWS is doing in terms of leveraging, Snyk. Talk to me about that. >> Indeed. So Snyky integrates with almost, I think probably a lot of services, but probably almost all of those that are unique and related to developers building on top of the AWS platform. And for example, that would be, if you actually are building your code, it connects like the source code editor. If you are pushing that code over, it integrates with code commits. As you build and CIS are running, maybe code build is something you're using that's in code pipeline. That is something that you have like native integrations. At the end of the day, like you have your container registry or Lambda. If you're using like functions as a service for your obligations, what we're doing is integrating with all of that. So at the end of the day, you really have all of that... It depends where you're integrating, but on all of those points of integration, you have like Snyk there to help you out and like make sure that if we find on any of those, any potential issues, anything from like licenses to vulnerabilities in your containers or just your code or your open source code in those, they actually find it at that point and mitigate the issue. So this kind of like if you're using Snyk, when you're a development machine, it kind of like accompanies you through this journey all over what a CIC kind of like landscape looks like as an architectural landscape for development, kind of like all the way there. And I think what you kind of might be I think more interested, I think to like put your on and an emphasis would be this recent integration with the Amazon Inspector. Which is as it's like very pivotal parts on the AWS platform to provide a lot of, integrate a lot of services and provide you with those insights on security. And I think the idea that now that is able to leverage vulnerability data from the Snyk's security intelligence database that says that's tremendous. And we can talk about that. We'd look for shell and recent issues. >> Yeah. Let's dig into that. We've have a few minutes left, but that was obviously a huge issue in November of 2021, when obviously we're in a very dynamic global situation period, but it's now not a matter of if an organization is going to be hit by vulnerabilities and security threats. It's a matter of when. Talk to me about really how impactful Snyk was in the Log4Shell vulnerability and how you help customers evade probably some serious threats, and that could have really impacted revenue growth, customer satisfaction, brand reputation. >> Definitely. The Log4Shell is, well, I mean was a vulnerability that was disclosed, but it's probably still a major part and going to be probably for the foreseeable future. An issue for organizations as they would need to deal with us. And we'll dive in a second and figure out like why, but in like a summary here, Log4Shell was the vulnerability that actually was found in Java library called Log4J. A logging library that is so popular today and used. And the thing is having the ability to react fast to those new vulnerabilities being disclosed is really a vital part of the organizations, because when it is asking factful, as we've seen Log4Shell being that is when, it determines where the security tool you're using is actually helping you, or is like just an added thing on like a checkbox to do. And that is what I think made Snyk's so unique in the sense. We have a team of those folks that are really boats, manually curating the ecosystem of CVEs and like finding by ourselves, but also there's like an entire, kind of like an intelligence platform beyond us. So we get a lot of notifications on chatter that happens. And so when someone opens an issue on an open source repository says, Hey, I found an issue here. Maybe that's an XSS or code injection or something like that. We find it really fast. And we at that point, before it goes to CVE requirement and stuff like that through like a miter and NVD, we find it really fast and can add it to the database. So this has been something that we've done with Log4Shell, where we found that as it was disclosed, not on the open source, but just on the open source system, but it was generally disclosed to everyone at that point. But not only that, because look for J as the library had several iterations of fixes they needed. So they fixed one version. Then that was the recommendation to upgrade to then that was actually found as vulnerable. So they needed to fix the another time and then another time and so on. So being able to react fast, which is, what I think helped a ton of customers and users of Snyk is that aspect. And what I really liked in the way that this has been received very well is we were very fast on creating those command line tools that allow developers to actually find cases of the Log4J library, embedded into (indistinct) but not true a package manifest. So sometimes you have those like legacy applications, deployed somewhere, probably not even legacy, just like the Log4J libraries, like bundled into a net or Java source code base. So you may not even know that you're using it in a sense. And so what we've done is we've like exposed with Snyk CLI tool and a command line argument that allows you to search for all of those cases. Like we can find them and help you, try and mitigate those issues. So that has been amazing. >> So you've talked in great length, Liran about, and detail about how Snyk is really enabling and empowering developers. One last question for you is when I spoke with Peter last month at re:Invent, he talked about the goal of reaching 28 million developers. Your passion as a director of developer advocacy is palpable. I can feel it through the screen here. Talk to me about where you guys are on that journey of reaching those 28 million developers and what personally excites you about what you're doing here. >> Oh, yeah. So many things. (laughs) Don't know where to start. We are constantly talking to developers on community days and things like that. So it's a couple of examples. We have like this dev site community, which is a growing and kicking community of developers and security people coming together and trying to work and understand, and like, just learn from each other. We have those events coming up. We actually have this, "The Big Fix". It's a big security event that we're launching on February 25th. And the idea is, want to help the ecosystem secure security obligations, open source or even if it's closed source. We like help you fix that though that yeah, it's like helping them. We've launched this Snyk ambassadors program, which is developers and security people, CSOs are even in there. And the idea is how can we help them also be helpful to the community? Because they are like known, they are passionate as we are, on application security and like helping developers code securely, build securely. So we launching all of those programs. We have like social impact related programs and the way that we like work with organizations, like maybe non-profit maybe they just need help, like getting, the security part of things kind of like figured out, students and things like that. Like, there's like a ton of those initiatives all over the boards, helping basically the world be a little bit more secure. >> Well, we could absolutely use Snyk's help in making the world more secure. Liran it's been great talking to you. Like I said, your passion for what you do and what Snyk is able to facilitate and enable is palpable. And it was a great conversation. I appreciate that. And we look forward to hearing what transpires during 2022 for Snyk so you got to come back. >> I will. Thank you. Thank you, Lisa. This has been fun. >> All right. Excellent. Liran Tal, I'm Lisa Martin. You're watching theCUBE's second season, season two of the "AWS Startup Showcase". This has been episode one. Stay tuned for more great episodes, full of fantastic content. We'll see you soon. (upbeat music)

>> Narrator: Live from Las Vegas, it's the Cube, covering VMWorld 2017. Brought to you by VMWare and its ecosystem partners. (bright music) >> Hi, I'm Stu Miniman with the Cube, here with my guest host, Justin Warren. Happy to have a returning Cube alum, but in a different role then we had. It's been a few years. Tal Klein, who is the author of The Punch Escrow. >> Au-tor, please. No, I'm just kidding. (laughing) Tal, thanks so much for joining us. It's great for you to be able to find time to hang out with the tech geeks rather than all the Hollywood people that you've been with recently. (laughing) >> You guys are more interesting. (laughing) >> Well thank you for saying that. So last time we interviewed you, you were working for a sizable tech company. You were talking about things like, you know, virtualization, everything like that. Your Twitter handle's VirtualTal. So how does a guy like that become not only an author but an author that's been optioned for a movie, which those of us that, you know, are geeks and everything are looking at, as a matter of fact, Pac Elsiger this morning said, "we are seeing science fiction become science fact." >> That's right. >> Stu: So tell us a little of the journey. >> Yeah, cool, I hope you read the book. (laughing) I don't know, the journey is really about marketing, right? Cause a lot of times when we talk about virtual, like, in fact last time I was on the Cube, we were talking about the idea that desktops could be virtual. Cause back then it was still this, you know, almost hypothetical notion, like could desktops be virtual, and so today, you know, so much of our life is virtual. So much of the things that we do are not actually direct. I was watching this great video by Apple's new augmented reality product, where you sit in the restaurant and you look at it with your iPad, and it's your plate, and you can just shift the menu items, and you see the menu items on your plate in the context of the restaurant and your seat and the person you're sitting across from. So I think the future is now. >> Yeah, it reminds of, you know, the movie Wall-E, the animated one. We're all going to be sitting in chairs with our devices or Ready Player One, you know, very popular sci-fi book that's being done by Speilberg, I believe. >> Yes, yeah, very exciting. >> Tell us a little bit about your book, you know, we talked, when I was younger and used to read a lot of sci-fi, it was like, what stuff had they done 50 years ago that now's reality, and what stuff had they predicted, like, you know, we're going to go away from currency and go digital currency, and it's like we're almost there. But we still don't have flying cars. >> Yeah, we're, I mean, the main problem with flying cars is that we need pilots. And I think actually we're very close to flying cars, cause once we have self-driving vehicles and we no longer need to worry about it being a person behind the joystick, then we're in really good shape. That's really the issue, you know, the problem with flying cars is that we are so incompetent at driving and or flying. That's not our core competency, so let's just put things that do understand how to make those things happen and eliminate us from the equation. >> Everything is a people problem. >> Yeah, so when I wrote the book, Punch Escrow, Punch Escrow, (laughing) when I wrote the book, I really thought about all the things that I read growing up in science fiction, you know, things like teleportation, things like nanotechnology, things like digital currency, you know, how do we make those, how do we present those in a viable way that doesn't seem too science fictiony. Like one of the things I really get when people read the book is it feels really near-future, even though it's set like 100 plus years in the future, all the concepts in it feel very pragmatic or within reach, you know? >> Yeah, absolutely. It's interesting, we look at, you know, what things happen in a couple of years and what things take a long time. So artificial intelligence, machine learning, it's not like these are new concepts, you know? I read a great book by, you know, it was Isaacson, The Innovators. You go back to like Aida Lovelace, and the idea of what a machine or computer would be able to do. So 100 years from now, what's real, what's not real? We still all have jobs or something? >> We have jobs but different. Remember, I don't know if you're a historian, but back in the industrial age, there was a whole bunch of people screaming doom and gloom. In fact, if we go way back to the age of the Luddites, who just hated machines of any kind. I think that in general, we don't like, you know, we're scared of change. So I do think a lot of the jobs that exist today are going to be done by machines or code. That doesn't mean the jobs are going away. It means jobs are changing. A lot of the jobs that people have today didn't exist in the industrial age. So I think that we have to accept that we are going to be pragmatic enough to accept the fact that humans will continue to evolve as the infrastructure powering our world evolves, you know? We talk about living in the age of the quantified self, right? There's a whole bunch that we don't understand how to do yet. For example, I can think of a whole industry that tethers my FitBit to my nutrition. You know, like there's so much opportunity that for us to say, oh that's going to be the end of jobs, or the end of innovation or the end of capitalism, is insane. I think this just ushers in a whole new age of opportunity. And that's me, I'm just an optimist that way, you know. >> So the Luddites did famously try to destroy the machines. But the thing is, the Luddites weren't wrong. They did lose their jobs. So what about the people whose jobs are replaced, as you say net new, there's a net new number of jobs. But specific individuals, like people who manufacture cars for example, lose their jobs because a robot can do that job safer and better and faster than a human can do it. So what do we do with those humans? Because how do we get people to have new jobs and retrain themselves? >> I address some of these notions in the book. For example, one of the weird things that we're suffering from is the lack of welders in society today, cause welding has become this weird thing that we don't think we need people for, so people don't really get trained up in it because, you know, machines do a lot of welding but there's actually specialty welding that machines can't do. So I think the people who are really good at the things that they do will continue to have careers. I think their careers will become more niche. Therefore they'll be able to create, to demand a higher wage for it because almost like a carpenter, you know, a specialist carpenter will be able to earn a much higher wage today by having fewer customers who want really custom carpentry versus things that can be carved up by a machine. So I think what we end up seeing is that it's not that those jobs go away. It's they become more specialized. People still want Rolls Royces. People still want McLarens. Those are not done by machines. Those are hand-made, you know? >> That's an interesting point, so the value of something being hand-made becomes, instead of it being a worse product, it's actually- >> Tal: That's a big concept in the book. >> Oh okay, right. >> A big concept in the book is that we place a lot of value on the uniqueness of an object. And that parlays in multiple ways. So one of the examples that I use in the book is the value of a Big Mac actually coming from McDonald's. Like, you can make a Big Mac. We know the recipe for a Big Mac. But there is a weird sort of nacent value to getting a Big Mac from McDonald's. It's something in our brain that clicks that tethers it to an originality. Diamonds, another really good example. Or you know, we know there's synthetic diamonds. We still want the ones that get mined in the cave. Why? We don't know. Right, they're just special. >> Because De Beers still has really good marketing. (laughing) >> So I think there's- >> That's interesting, so the concept of uniqueness, which again comes to scarcity and so on. As an author, someone who is no doubt, signed a lot of his book, that means that that book is unique because it's signed by the author, unlike something which is mass produced and there is hopefully thousands and thousands of copies that you sell. >> Going into this, I actually thought about that a lot. And that's why I've created like multiple editions of the book. So like the first 500 people who pre-ordered it, they get like a special edition of the book that's like stamped and all this kind of stuff. I even used different pens. (laughs) I appreciate that because I'm also a collector. I collect music, I collect books. And you know, so I see those aspects in myself. So I know what I value about them, you know? >> And the crossover between music and books is interesting. So as someone who has a musical background, I know that there's a lot of musicians who'll come out with special editions, and you know, because this is an age where we can download it. You can download the book. Do you think there is something, is there something that is intrinsic to having a physical object in a virtual world? >> I think to our generation, yes. I'm not so sure about millennials, when they grow up. But there are, for example, I'm going to see U2 next week, I'm very lucky to see that. But part of the U2 buying experience, to get access to the presale, you need to be part of their fan club. To be a part of their fan club, you need to get, you get like a whole bunch of limited edition posters, limited edition vinyl, and all this kind of stuff. So there's an experience. It's no longer just about going to see U2 at a concert. There's like the entire package of you being a special U2 fan. And they surround it with uniqueness. It's not necessarily limited, but there's an enhanced experience that can't just be, it's not just about you having a ticket to a single concert. >> Justin: Yeah, okay. >> I'm curious, the genre, if you'd call it, is hard science fiction. >> Yes. >> The challenge with that is, you know, what is an extension of what we're doing, and what is fiction? And people probably poke at that. Have you had any interesting experience, things like that? I mean, I've listened to a lot of stuff like Andy Weir, like let the community give feedback before he created the final The Martian. (laughing) But so yeah, what's it like, cause we can, the geeks can be really harsh. >> Yes, I've learned from my Reddit experience that, so what's really funny about it is the first draft of this novel was hard as nails. It was crazy. And my publisher read it, and it would have made all the hard science fiction guys super happy. My publisher read it, he was like, you've written a really great hard science fiction book, and all five people who read it are going to love it. (laughing) You know, but like, I came here with my buddy Danny. He couldn't even get through the first three pages of it. He's like, he wanted to read it. So part of working through the editorial process is saying, look, I care a lot about the science because one of my deep goals is to write a STEM-oriented book that gets people excited about technology and present the future as not a dystopian place. And so I wanted the science to be there and have a sort of gravity to the narrative. But yeah, it's tough. I worked with a physicist, a biologist, a geneticist, an anthropologist, and a lawyer. (laughs) Just to try to figure out, how do we carve out, you know, what does the future look like, what does the evolution of each individual sciences, we talked about the mosquitoes, right? You know, we're already doing a lot of crazy stuff with mosquitoes. We're modifying them so that the males mate with females that carry the Zika virus, you know, give birth to offspring that never reach maturity. I mean, this is just crazy, it's science fiction. And now that they're working on modifying female mosquitoes into vaccine carriers instead of disease carriers. I mean, this is science fiction, right? Like who believes this stuff? It's crazy. >> Christopher is amazing. >> Yeah, I've loved, there's been a bunch of movies recently that have kind of helped to educate on STEM some, you know, Martian got a lot of people excited, you know, Hidden Figures, the one that I could being my kids that are teenagers now into it and they get excited, oh, science is great. So the movie, how much will you be involved? You know, what can you share about that experience, too, so far? >> It's been, it's very surreal. That's the word is use to describe it, the honest, god's honest truth, I mean. I've been very lucky in that my representation in Hollywood is this rock-solid guy called Howie Sanders. And he's this bigger-than-life Hollywood agent guy. He's hooked me up, we've made a lot of business decisions that we're focused less on the money and more on the team, which is nice to be, like when you're in your 40s and you're more financially settled, you're not in the kind of situation where you might be in your 20s and just going to sign the first deal that people give you. So we really focused on hooking up with like the director, James Bovin is, you know, he's the guy who co-created Flight of the Concords. He did the Muppets movie, you know, Alice Through the Looking Glass. Really professional guy but also really understands the tone of the book, which is like humorous, you know, kind of sarcastic. It's not just about the technology. It's also about the characters. Same thing with the production team. The two producers, Mandeville Productions, I was just talking to Todd Lieberman, and we're talking about just what is augmented reality, like how does it look like on the screen? So I'm not- >> It's not going to look like Blade Runner is what I'm hearing. >> (laughs) I don't know. It's going to look real. I imagine, I don't know, they're going to make whatever movie they're going to make, but their perspective, one of the things we talked about is keeping the movie very grounded. Like you know, one of the big questions they ask first going into it is before we even had any sort of movie discussions is like is this more of like a Looper, Gattica, or District Nine, or is it more like The Fifth Element, you know, I mean, is it like, do you want it to be this sort of grounded movie that feels authentic and real and near future or do you want this to be like completely alien and weird and out of it. And the story is more grounded. So I think a lot, hopefully what we display on the screen will not feel that far away from reality. >> Okay, yeah. >> You do marketing in your day job. >> I do. >> I'm curious as you look at this, kind of the balance of educating, reaching a broad audience, you have passion for STEM, what's your thoughts around that? Is it, I worry there's so much general, like television or things like that, when I see the science stuff, it like makes me groan. Because you know, it's like I don't understand that. >> I am the worst, because I got a security background too, so that's the one I get scrambled on. The war, I mean, like. >> Wait, thank goodness I updated my firewall settings because I saved the world from terrorists. >> Hang on, we're breaking through the first firewall. Now we're through the second firewall. (laughing) Now we're going through the third firewall, like 15 firewalls. And let me upload the virus, like all that stuff. It's difficult for me. I think that, you know, hopefully, there's also a group in Hollywood called the Hollywood Science and Entertainment Exchange. And they're a group of scientists who work with film makers on, you know, reigning things in. And film makers don't usually take all their advice, i.e. Interstellar, (laughing) but you know, I think (laughing) in many cases there's some really good ideas that come to play into it that hopefully bring up, like I think Jarvis for example, in Iron Man or the Avengers is a really cool implementation of what the future of AI systems might be like. And I know they used the Hollywood Science Exchange to figure out how is that going to work? And I think the marketing aspect is, you know, the reason I came up with the idea for this book is because my CEO of a company I used to work for, he had this whole conversation about teleportation, like teleportation was impossible. And he's like, it's not because the science, yes, the science is a problem right now, but we'll get over it. The main issue is that nobody would ever step foot into a device that vaporizes them and then printed them out somewhere else. And I said, well that's great, cause that's a marketing problem. (laughing) >> Yeah, you're dead every time you do it. But it's the same you, I can't tell the difference. >> Well, you say you're dead, I'm saying you're just moving. (laughing) >> Artificial intelligence, you know, kind of a big gap between the hype to where we need to go. What's your thoughts on that space in general? >> I think that we have, it's a great question because I feel like that's a term that gets thrown around a lot, and I think as a result it's becoming watered down. So you've this sort of artificial intelligence that comes with like, you know, Google building an app that can beat the world's best Go player, which is a really, really difficult puzzle. The problem is, that app can do one thing, and that's play Go. You put in it a chess game, and it's like I don't know what's going on. >> It's a very specialized kind of intelligence, yeah. >> Now with Open AI, you know, they just had some pretty interesting implementations where they actually played video games with a real live competition and won. Again, you know, but without the smack talk, which really I think would add a lot. Now you got to get an AI to smack talk. So I think the problem is we haven't figured out a really good way of creating a general purpose AI. And there's a lot of parallels to the evolution of computing in general because if you look at how computers were before we had general purpose operating systems like Unix, every computer was built to do a very, very specific function, and that's kind of what AI is right now. So we're still waiting to have a sort of general purpose AI that can do a lot of specialized activities. >> Even most robots are still very single-purpose today. >> That's the fundamental problem. But you're seeing the Cambridge guys are working on sort of the bipedal robot that can do lots of things. And Siri's getting better, Cortana's getting better, Watson's getting better, but we're not there. We still need to find a really good way of integrating deep knowledge with general purpose conversational AI. Cause that's really what you need to like, Stu, what do you need? Here, let me give it to you, you know? >> Do you draw a distinction between AI that's able to simply sort of react as a fairly complex machine or something that can create new things and add something? >> That's in the book as well. So the fundamental thing that I don't think we get around even in the future is giving computers the ability to actually come up with new ideas. There's actually a career, the main job of the protagonist in the book, his job is a salter. And his job is to salt AI algorithms to introduce entropy so they can come up with new ideas. >> Okay, interesting. >> So based off the sort of chaos theory. >> Like chaos monkey, right? >> Yeah. And that's really what you're trying to do is like, okay, react to things that are happening because you can't just come up with them on their own. There's a whole, I don't want to bore you, but there's a whole bunch of stuff in the book about how that works. >> It's like hand-carving ideas that are then mass produced by machines. >> Yeah, I don't know if you guys are going to have Simon Crosby on here, he's kind of like an expert on that. He was the Dean of Kings College, which is where Turing came from. So he really knows a lot about that. He's got a lot of strong ideas about it. But I learned a lot from him in that regard. There's a lot of like, the snarky spirit of Simon Crosby lives on in my book somewhere. But he's just funny cause he's, coming from that field, he immediately sees a lot of BS right off the bat, whenever anybody's presenting. He's got like the ability to just cut through it. Because he understands what it would actually take to make that happen, you know? So I tried to preserve some of that in the book. >> That is refreshing in the tech industry. >> So Tal, I need to let you, you know, wrap this up. Give us a plug for the book, tell us, when are we going to be able to see this on the big screen? >> I don't know about the big screen, but the Punch Escrow is now available. You can get it on Amazon, Barnes and Noble, anywhere books are sold. It's been optioned by Lionsgate. The director attached to it is James Bovin, production team is Mandeville Productions. I'm very excited about it. Go check it out. It's a pretty quick read, reads like a technothriller. It's not too hard. And it's fun for the whole family. I think one of the coolest things about it is that the feedback I've been getting has been that it really is appealing to everybody. I've got mother-in-laws reading it, you know, it's pretty cool. Initially I sold it, my initial audience is like us, but it's kind of cool, like, Stu will finish the book, he'll give it to, you know, wife, daughter, anything, and they're really digging it. So it's kind of fun. >> Justin: Thanks a lot. >> Tal Klein, really appreciate you coming. Congratulations on the book, we look forward to the movie. Maybe, you know, we'll get the Cube involved down the road. (laughing) >> And we're giving away 75 copies of it here at Lakeside booth, if you guys want to come. >> Tal Klein, author of The Punch Escrow, also CMO of Lakeside, who is here in the thing. But yeah, (laughing) a lot of stuff. Justin and I will be back with more coverage here from VMWorld 2017. You're watching the Cube. (bright music)

>> Hello, my name is Daniel Wichs, I'm a senior scientist at NTT research and a professor at Northeastern University. Today I want to tell you about incompressible encodings. This is a recent work from Crypto 2020 and it's a joint work with Tal Moran. So let me start with a question. How much space would it take to store all of Wikipedia? So it turns out that you can download Wikipedia for offline use and some reasonable version of it is about 50 gigabytes in size. So as you'd expect, it's a lot of data, it's quite large. But there's another way to store Wikipedia which is just to store the link www.wikipedia.org that only takes 17 bytes. And for all intents and purposes as long as you have a connection to the internet storing this link is as good as storing the Wikipedia data. You can access a Wikipedia with this link whenever you want. And the point I want to make is that when it comes to public data like Wikipedia, even though the data is huge, it's trivial to compress it down because it is public just by storing a small link to it. And the question for this talk is, can we come up with an incompressible representation of public data like Wikipedia? In other words can we take Wikipedia and represent it in some way such that this representation requires the full 50 gigabytes of storage store, even for someone who has the link to the underlying Wikipedia data and can get the underlying data for free. So let me actually tell you what this means in more detail. So this is the notion of incompressible encodings that we'll focus on in this work. So incompressible encoding consists of an encoding algorithm and a decoding algorithm, these are public algorithms. There's no secret key. Anybody can run these algorithms. The encoding algorithm takes some data m, let's say the Wikipedia data and encodes it in some probabilistic randomized way to derive a codeword c. And the codeword c, you can think of it as just an alternate representation of the Wikipedia data. Anybody can come and decode the codeword to recover the underlying data m. And the correctness property we want here is that no matter what data you start with, if you encode the data m and then decode it, you get back the original data m. This should hold with probably one over the randomness of the encoding procedure. Now for security, we want to consider an adversary that knows the underlying data m, let's say has a link to Wikipedia and can access the Wikipedia data for free does not pay for storing it. The goal of the adversary is to compress this codeword that we created this new randomized representation of the Wikipedia data. So the adversary consists of two procedures a compression procedure and a decompression procedure. The compression procedure takes its input the codeword c and output some smaller compressed value w and the decompression procedure takes w and its goal is to recover the codeword c. And a security property says that no efficient adversary should be able to succeed in this game with better than negligible property. So there are two parameters of interest in this problem. One is the codeword size, which we'll denote by alpha, and ideally we want the codeword size alpha to be as close as possible to the original data size. In other words we don't want the encoding to add too much overhead to the data. The second parameter is the incompressibility parameter beta and that tells us how much space, how much storage and adversary needs to use in order to store the codeword. And ideally, we want this beta to be as close as possible to the codeword size alpha, which should also be as close as possible to the original data size. So I want to mention that there is a trivial construction of incompressible encodings that achieves very poor parameters. So the trivial construction is just take the data m and add some randomness, concatenate some randomness to it and store the original data m plus the concatenated randomness as the codeword. And now even an adversary that knows the underlying data m cannot compress the randomness. So the incompressibility, so we ensure that this construction is incompressible with incompressibility parameter beta that just corresponds to the size of this randomness we added. So essentially the adversary cannot compress the red part of the codeword. So this gets us a scheme where alpha the size of the codeword, is the original data size m plus the incompressible parameter beta. And it turns out that you cannot do better than this information theoretically. So this is not what we want for this we want to focus on what I will call good incompressible encodings. So here, the codeword size should be as close as possible to the data size, should be just one plus little o one of the data size. And the incompressibility should be as essential as large as the entire codeword the adversary cannot compress the codeword almost at all, the incompressible parameter beta is one minus little o one of the data size or the codeword size. And in essence, what this means is that we're somehow want to take the randomness of the encoding procedure and spread it around in some clever way throughout the codeword in such a way that's impossible for the adversary to separate out the randomness and the data, and only store the randomness and rely on the fact that it can get the data for free. We want to make sure it's impossible that adversary accesses essentially this entire code word which contains both the randomness and data and some carefully intertwined way and cannot compress it down using the fact that it knows the data parts. So this notion of incompressible encodings was defined actually in a prior work of Damgard-Ganesh and Orlandi from crypto 2019. They defined a variant of this notion, they had a different name for it. As a tool or a building block for a more complex cryptographic primitive that they called Proofs of Replicated Storage. And I'm not going to talk about what these are. But in this context of constructing these Proofs of Replicated Storage, they also constructed incompressible encodings albeit with some major caveats. So in particular, their construction relied on the random Oracle models, the heuristic construction and it was not known whether you could do this in the standard model, the encoding and decoding time of the construction was quadratic in the data size. And in particular, here we want to apply this, we want to use these types of incompressible encodings on fairly large data like Wikipedia data, 50 gigabytes in size. So quadratic runtime on such huge data is really impractical. And lastly the proof of security for their construction was flawed or someone incompleted, didn't consider general adversaries. And the slope was actually also noticed by concurrent work of Garg-Lu and Waters. And they managed to give a fixed proof for this construction but this required actually quite a lot of effort. It was a highly non-trivial and subtle proof to proof the original construction of Damgard-Ganesh and Orlandi secure. So in our work, we give a new construction of these types of incompressible encodings, our construction already achieved some form of security in the Common Reference String Model come Random String Model without the use of Random Oracles. We have a linear encoding time, linear in the data size. So we get rid of the quadratic and we have a fairly simple proof of security. In fact, I'm hoping to show you a slightly simplified form of it and the stock. We also give some lower bounds and negative results showing that our construction is optimal in some aspects and lastly we give a new application of this notion of incompressible encodings to something called big-key cryptography. And so I want to tell you about this application, hopefully it'll give you some intuition about why incompressible encodings are interesting and useful, and also some intuition about what their real goal is or what it is that they're trying to achieve. So, the application of big-key cryptography is concerned with the problem of system compromise. So, a computer system can become compromised either because the user downloads a malware or remote attacker manages to hack into it. And when this happens, the remote attacker gains control over the system and any cryptographic keys that are stored on the system can easily be exfiltrated or just downloaded out of the system by the attacker and therefore, any security that these cryptographic keys were meant to provide is going to be completely lost. And the idea of big-key cryptography is to mitigate against such attacks by making the secret keys intentionally huge on the order of many gigabytes to even terabytes. And the idea is that by having a very large secret key it would make it harder to exfiltrate such a secret key. Either because the adversary's bandwidth to the compromised system is just not large enough to exfiltrate such a large key or because it might not be cost-effective to have to download so much data of compromised system and store so much data to be able to use the key in the future, especially if the attacker wants to do this on some mass scale or because the system might have some other mechanisms let's say firewall that would detect such large amounts of leakage out of the compromised system and block it in some way. So there's been a lot of work on this idea building big-key crypto systems. So crypto systems where the secret key can be set arbitrarily huge and these crypto systems should testify two goals. So one is security, security should hold even if a large amount of data about the secret key is out, as long as it's not the entire secret key. So when you have an attacker download let's say 90% of the data of the secret key, the security of the system should be preserved. And the second property is that even though the secret key of the system can be huge, many gigabytes or terabytes, we still want the crypto system to remain efficient even though the secret is huge. And particularly this means that the crypto system can even read the entire secret key during each cryptographic operation because that would already be too inefficient. So it can only read some small number of bits of the secret key during each operation, then it performs. And so there's been a lot of work constructing these types of crypto systems but one common problem for all these works is that they require the user to waste a lot of their storage the storage on their computer in storing this huge secret key which is useless for any other purpose, other than providing security. And users might not want to do this. So that's the problem that we address here. And the new idea in our work is let's make the secret key useful instead of just having a secret key with some useless, random data that the cryptographic scheme picks, let's have a secret key that stores let's say the Wikipedia data at which a user might want to store in their system anyway or the user's movie collection or music collection et cetera and the data that the user would want to store on their system. Anyway, we want to convert it. We want to use that as the secret key. Now we think about this for a few seconds. Well, is it a good idea to use Wikipedia as a secret key? No, that sounds like a terrible idea. Wikipedia is not secret, it's public, it's online, Anyone can access it whenever they want. So it's not what we're suggesting. We're suggesting to use an incompressible encoding of Wikipedia as a secret key. Now, even though Wikipedia is public the incompressible encoding is randomized. And therefore the accuracy does not know the value of this incompressible encoding. Moreover, because it's incompressible in order for the adversary to steal, to exfiltrate the entire secret key, it would have to download a very large amount of data out of the compromised system. So there's some hope that this could provide security and we show how to build public encryption schemes and the setting that make use of a secret key which is an incompressible coding of some useful data like Wikipedia. So the secret key is an incompressible encoding of useful data and security ensures that the adversary will need to exfiltrate almost entire key to break the security of this critical system. So in the last few minutes, let me give you a very brief overview of our construction of incompressible encodings. And for this part, we're going to pretend we have something a real beautiful cryptographic object called Lossy Trapdoor Permutations. It turns out we don't quite have an object that's this beautiful and in the full construction, we relax this notion somewhat in order to be able to get our full construction. So Lossy Trapdoor Permutation is a function f we just key by some public key pk and it maps end bits to end bits. And we can sample the public key in one of two indistinguishable modes. In injective mode, this function of fPK is a permutation, and there's in fact, a trapdoor that allows us to invert it efficiently. And in the Lossy mode, if we sample the public in Lossy mode, then if we take some value, random value x and give you fpk of x, then this loses a lot of information about x. And in particular, the image size of the function is very small, much smaller than two to the n and so fpk of x does not contain all the information about x. Okay, so using this type of Lossy Trapdoor Permutation, here's the encoding of a message m using long random CRS come random string. So the encoding just consists of sampling the public key of this Lossy Trapdoor Permutation in injected mode, along with the trapdoor. And the encoding is just going to take the message m, x over it with a common reference string, come random string and invert the trapdoor permutation on this value. And then Coding will just be the public key and the inverse x. So this is something anybody can decode by just taking fpk of x, x over it with the CRS. And that will recover the original message. Now, to add the security, we're going to in the proof, we're going to switch to choosing the value x uniformly at random. So the x component of the codeword is going to be chosen uniformly random and we're going to set the CRS to be fpk of x, x over the message. And if you look at it for a second this distribution is exactly equivalent. It's just a different way of sampling the exact same distribution. And in particular, the relation between the CRS and X is preserved. Now in the second step, we're going to switch the public key to Lossy mode. And now when we do this, then the Codeword part, sorry then the CRS fpk of x, x over m only leaks some small amount of information about the random value x. In other words, even if that resists these, the CRS then the value x and the codeword has a lot of entropy. And because it has a lot of entropy it's incompressible. So what we did here is that we actually start to show that the code word and the CRS are indistinguishable from a different way of sampling them where we placed information about the message and the CRS and the codeword actually is truly random, has a lot of real entropy. And therefore even given the CRS the Codeword is incompressible that's the main idea behind the proof. I just want to make two remarks, our full constructions rely on a relaxed notion of Lossy Trapdoor Permutations which we're able to construct from either the decisional residuoisity or the learning with errors assumption. So in particular, we don't actually know how to construct trapdoor permutations from LWE from any postquantum assumption but the relaxed notion that we need for our actual construction, we can achieve from post quantum assumptions that get post quantum security. I want to mention two caveats of the construction. So one is that in order to make this work, the CRS needs to be long essentially as long as the message size. And also this construction achieves a weak form of selective security where the adversary decides to choose the message before seeing the CRS. And we show that both of these caveats are inherent. We show this by black-box separation and one can overcome them only in the random oracle model. Unless I want to just end with an interesting open question. I think one of the most interesting open questions in this area all of the constructions of incompressible encodings from our work and prior work required the use of some public key crypto assumptions some sort of trapdoor permutations or trapdoor functions. And one of the interesting open question is can you construct and incompressible encodings without relying on public key crypto, using one way functions or just the random oracle model. We conjecture this is not possible, but we don't know. So I want to end with that open questions and thank you very much for listening.

(upbeat music) >> From Sand Hill Road in the heart of Silicone Valley, it's theCube, presenting the People First Network, insights from entrepreneurs and tech leaders. >> Hello everyone, I'm John Furrier with theCube. We are here in Sand Hill Road at Mayfield office here talking about entrepreneurship, People First, this is our co-created program with Mayfield. I'm John Furrier, your host, we're with Mitchell Hashimoto, who's the co-founder and co-CEO at HashiCorp. Great to see you, good to keep alumni, you're back on theCube . Thanks for joining me today. >> Yeah, thanks so much, I was here so long ago. (John laughs) >> Like five or six years ago. >> So, we've been really psyched about the program that Mayfield's put together called People First. They're celebrating their 50th anniversary as a venture capital firm, which is historic in the sense that it's kind of still a young industry. Think about it. And love to have entrepreneurs come on because you've been very successful. We talked years ago. I think, the first year you were formed and Cloud certainly has happened. Open Source continues to pump more value. I mean, you get things out there coming out of Google, some ridiculously amazing... The goodness in Open Source is certainly driving a lot of great software development. You've been a part of that so thanks for joining us. So I got to ask you, you guys are growing right now, you're Venture backed, you got a unique culture. Explain HashiCorp, 'cause you guys have a unique business. You're in Open Source, you're in Cloud, you're a distributed workforce. Take a minute to explain what you guys are doing. >> Yeah, so we are trying to build or have been building, sort of infrastructure software of the future. We've been saying that since we were founded and what's been interesting is the future has changed quite a bit in the past six years so there's been Cloud, that was the big thing when we were founded and then containers and now schedulers and Kubernetes and things like that. And while we're doing that, we're also sort of building what I think is sort of the company of the future, which is over 90% of our workfoce is fully distributed. Basically, unless there's legal reasons not to be distributed, we are distributed and we're in multiple countries, we're in over 40 states. All of our process is built remote first so everything happens, Slack, all our meetings are Zoom. Even our all hands, we present behind a camera, and things like that so I think that's all very unique, but only for now, I think that-- >> How do you do the all hands? That's interesting. Do you have a camera to a zoom or is it a camera live streaming? How do you do the all hands? >> Yeah, so we set up sort of an AV setup in our office because we have a few of the executives in the office that often are presenting on the all hands and we set up a camera feed so that whether you actually decide to go into the office or whether you're at home, we want that experience to be authentic to both sides. We don't want a great in-room experience and then one corner camera that makes it really hard to hear and stuff like that so yeah, you have to walk up to the camera and be part of the zoom to really be part of the all hands. >> So that people feel present and connected? >> Right, exactly, and we force questions to come through Slack. There's no in-person questions. You have to ask on Slack so everyone can see them and things like that, so-- >> That's awesome. Talk about the journey as you started. You have a co-founder. You guys have an interesting relationship. How did this all get started? What was the beginning genesis of HashiCorp like and take us through some of the early days. >> Sure, so I'm very lucky, I have a co-founder who before the company, we were best friends and after the company or during the company, we're still best friends so (laughs) which it isn't always the case, but in terms of HashiCorp itself, we're super lucky 'cause we went to the University of Washington, up in Seattle, and this was in sort of the mid-2000s and this is a good time to be up there, 'cause Cloud was starting to emerge and we were sort of equidistant geographically, across the lake, if you will, to Amazon, Google, and Microsoft and so, we were getting early access to what they thought was sort of the Cloud at the time and it was rapidly changing. We were getting access to the servers, with the APIs, and all this stuff and being a university without a lot of funding, my job there was sort of to help us utilize all these resources and so in the mid 2000s, Armand and I were already realizing, we're on the same team, Armand and I were already realizing that this is not a solved problem by any means, I mean this is a new problem and that eventually, years later, became the genesis-- >> and what was that problem that you saw immediately? >> It was sort of like multi-Cloud, resource management, deployment, security, it's funny 'cause it's... Over 10 years later and it's... It is the problem that Enterprise are hitting right now. >> Think about the early days of Amazon. I still have these memory flashbacks of EC2, long URLs, it's like, okay, now how to I redirect my web servers to this, like, so it was easy to stand up on EC2 instance, put a little S3 to it, then it's like, okay now what? >> Yeah, we're at the-- >> Little red scale, I put this in there, what's kind of there. So again, a little early, kind of build your own kind of a junkyard. You build a car out of some spare parts. But then it had to mature really fast. >> Yeah, we're are the Day Zero state then and now we're firmly in like Day Two. >> And so what was the next step. Can you peg the journey for us, because obviously, they grew up really fast and then they really kind of hit a tipping point around 2010, 11, 12, 13, and kind of grew like a weed >> Yup, yeah, so around that time frame you just painted to 2012 is when Enterprise was sort of adopting it. And I think a lot of that was single Cloud focus. There was very much like, this is our first Cloud so we're going to land purely on Amazon or something and focus on that and we're at the point now, about six years later, 2018, where the maturity around operating the Cloud is sort of well understood and companies are now starting to sort of use what's best for the job and also realized that there's multiple Clouds and we're keeping our private data centers and also, there's new things coming on the scene above Cloud sort of higher level, like Kubernetes, and how we're going to manage all this and so, we like to describe it as sort of the mindset is like the Cloud operating model. It's like you can't operate your resources in the Cloud the same way you do on Prim and people are starting to get that. That's like automation, very people-focused workflows, things like that, and companies are getting that and so now the challenge is these heterogeneous environments. >> So, the top conversation in our office and everyone loves when I bring this up, I want to get your definition and opinion, >> Okay. >> Is Kubernetes. >> Sure. >> Kubernetes, just, a lot of people love it. I've been having Kubernetes dreams these days 'cause there's so much Kubernetes conversation. (Mitchell laughs) you got Kubernetes, you got the notion of Service Mesh is right around the corner, StateFul applications with net problems really hard to work on. Stateless has been around for awhile. What's the importance of Kubernetes? What's the impact, in your opinion, expert opinion, why is Kubernetes important and what's the impact of Kubernetes? >> Yeah, I think the more abstract answer is the scheduler idea and Kubernetes are built on that and really, it's the idea of like, let's move away from looking at the individual machine and let's start moving higher level to just assuming resources are there. It's sort of like when you write, the transition of when you were writing software from having to know how much memory you had to just, let's just assume it's infinite and put whatever in there and it's someone else's problem and we're sort of moving into that data center, it's like, let's just assume we always have compute and storage and network and let's just deploy and what freedom does that give you and I think that's really what Schedulers give you and also, when you sort of take away huge operability challenges of placing the application and giving that to a computer to put in the right spot, you can now deploy so many more applications because-- >> so you're freed up? >> You're freed up in a lot of ways. It introduces a lot of new challenges, but that's a good problem. You want new challenges, you want to solve the old ones. >> What are some of the new challenges that you see emerging that kind of keep the evolution going? >> I think Service Mesh is a great example we could jump into, which is that the challenge of, we like to describe Service Mesh as three fundamental problems, which is discoverability, configurability, and secure connectivity. If you have two services, that is not a problem because you could hard-code the IPs, you could hard-code the configuration, and you could just hard-code TLS certificates, make it work. When you have thousands of services that are coming and going and people are trying new services all the time, that has to all be automated so the idea of Service Mesh is automating that and making it invisible, automatic, free, and that's new, that's a new problem. >> And that's a huge concept. This is a scalable, scale out, huge concept, and super important. >> Yes, yeah. >> This changes the game at many levels. What would you see that changing? What would some of the, for folks who are just now understanding, what does it change downstream or down the road for enterprises and for businesses? >> I think the biggest change is a mind shift change from sort of perimeter or host-based security to identity and service-based security. So, traditional sort of networking and security is very IP Space focused, it's like does this rack talk to this rack or no and things like that. And that has to all go away because that's restricting the placement, that's not allowing apps to go anywhere. We have to move towards this service can or can't talk to this service, don't care where it is or anything and sort of move from a perimeter to just the perimeter being the app itself so we have to sort of firewall and protect right at the app layer and that's hard to transition, that's tooling change, that's education change, that's team change. >> I want to ask you, I could talk about this forever, Cloud Automation is, I think, one of the most important things. That's only going to make AI more powerful and the data behind it, and as new data emerges, but I got to ask you about some of the new blood coming into the market place because traditionally, if you think about Service Mesh, oh it's a software problem, we'll just solve the software, but you actually got to have networking shops, you got to have to have a computer science or computer engineering. A new skill sets developing really fast in this new, I don't want to, maybe call it under the hood, I don't know what to call it, but maybe, it's an engineering mindset, where people, there's a huge demand for skills in automating. It's not your classic application developers, there's great role for that and there's tons of apps being built, but, I'm talking about a new kind of operator. >> Yes. >> What's your take on this new skill, this new opportunity for people to learn and develop a career? >> Yeah, I think the real way to look at it, I like to look at it, is sort of the difference between creating, sort of doing something once and creating a process to do something. And there's sort of two different tasks, righ. It's like when you get promoted for the first time from you know, to manager. It's like the big challenge is learning how to teach others process and enforcing consistent process, versus actually, you know, doing it yourself. And I think that's the difference between someone who is used to the slinging, let's go back to like the server automation, someone who's used to just manually clicking or slinging bass scripts to do one off task, you could be a wizard at that, but then, try to do that repeatably, safely, 9000 times out of 9000 times and now, that's a resiliency challenge. That's sort of understanding failure modes. It's very different and I think that's the biggest skill set to adopt is, I always sort of push anybody in their job to just what, how do you not do your job? Like, how do you move on to the next problem? >> How do you eliminate your job? >> Yeah, basically/ >> That's almost, like the way I think about it. >> Yeah, what's the process. Is it possible right now? And if it's not possible, what's sort of blocking it? >> So I want to ask you a question and I love this one, going to move on just from the business side in a second, but I want to get your thoughts because I've been having conversations lately with Cloud folks and engineers and developers around two words, replicating and reproducing. >> Okay. >> They're kind of two different concepts. Reproducing is doing the same thing over again. Make that spaghetti sauce, do it again, but did I write it down? Is there a recipe? Or I could just hand you the recipe and say, you make it yourself or automating it. So I think, replicating, I'll say has scale, reproducing requires the same components. Do you see dev ops evolving to a point where, do it once and it's replicated? Or is there some reproduction involved, reproducing things? Where is that, where do you see the tech happening? >> I think inevitably, you're sort of doing both, but my sort of dream world, where I think it'll be still, but I think it's sooner than we expect, but I think sort of like 10 years from now is a safe, sort of stage, it's sort of like every, it doesn't matter if you're Fortune 500 or a new company, sort of the way it infrastructure server management goes is you just start with one server. I like to call it the stem cell server. You just start with one server, you say what you want and just let it go and it's going to either replicate or reproduce, it's either creating something new or it's like creating more copies of itself, but it'll turn into any sort of scale face, book level scale that you would want in theory and I think that, that's sort of my long, you know, fence post, guiding fence post, that I always think about the problem. >> Talk about the culture of your company, you guys have a new CEO, you have a partner you've been best friends with so-- >> I don't think he's that new? >> Yes he is. (both laugh) Okay, he's been around for awhile? >> Couple years, yeah. >> Couple years, so you've had a co-founder dynamic. Did you guys look at each other and say hey, we got to bring a CEO in . Some people like to have one of the founders be the CEO. Talk about that dynamic 'cause that's a struggle for a lot of entrepreneurs to have the self awareness and or the need to do that. >> Yeah so Armand and I made the decision to look for a CEO, if possible, I think three and a half or four years ago, it took us almost two years to find Dave and our motivation is really, it's a few things, one was something our investors told us, which is, long term, you want to do for the company you want to give the company the biggest value you can and like, what do you bring to the company? For us, as founders, our skill set was product vision, engineering, sort of industry strategy, things like that and it wasn't the executive management, financing, building various teams like sales marketing, building out the corporate structure, that wasn't us and so we looked at it and thought, we could learn it, probably, but we would make mistakes and it would be hard, it's just not our passion, it's not what we want to do, or we could try to find someone who aligns with our culture and gets our vision, gets open source, things like that, bring them in and sort of scale to a way where we're giving our startup the best chance it has, which means we give it the value we do, which is engineering and product vision and the new person coming in gives it that sort of corporate maturity and that's exactly what Dave did. >> That's awesome and it's always hard to do that because you got to have real maturity to make that happen so congratulations. >> Thanks, yeah. >> You know, a lot of us have that problem. (chuckles) and then one of my startups like, I need a new CEO, the venture guys were pushing it on you, but it's a challenge, you know, you got to think about, you know... That we didn't have a business model back then, but it's different stories, but that's always a tough one. Now let's talk about the culture around where you started from and where you are now because a lot of the stories around entrepreneurship is team, culture, and how you're going to set up your future of work, which you guys have a good structure. Iterating and figuring out where the tail wind is. Are you at the spot where you thought you'd be at a few years ago when we first met? How has it evolved, where there a little bit of zigs and zags you had to make. What was that like and share some of the journey color commentary with us. >> Sure, I mean, as a company sizes, we're nowhere near where I thought we'd be. I think Armand and I came into it expecting failure most likely and so anything beyond that was just surprise. So that's great. I think the place we are where we thought we'd be is sort of the company culture and stuff and that's something we've been very fiercely protective of and we define our culture sort of as we published them, we call the principal of HashiCorp, which sort of revolve around kindness, honesty, humility, things like that, so it's who would we want to work with and let's put words to it because we don't want to be this nebulous thing and so we've held to that really strongly. We're over 300 people now and every... Something Armand says, which I totally agree with, is I come into work, come into work, I go to my remote office, but I come into work and I'm excited to work with everyone at HashiCorp, which is, in past jobs we've had, we'd come into work and we're excited to work with like two out of 10 people, you know, and that's not a good ratio to have and I think that's what I'm most proud of from the culture side, that the ways we've done that is like we have the principles. We also have something called The Tal, which has been incredibly successful for us, both internally and externally, which is how we view product development and design and that helps sort of align the type of engineer who could get behind our vision and put some words to our vision so it's not again nebulous, whatever the founders think. >> So they have expectations of what's going to be like? >> Mhmm. >> From a coding standpoint, contribution? >> Yeah, from how do you, I like to describe it as how do you build product and how do you... How do you handle people? We have the two sides totally published and we're pretty explicit about it. >> That's awesome. Talk about the role of open source and lots of changing and you're seeing a lot of things like the Linux Foundation, CNCF, massively commercialized, there's tons of money coming in there, but Linux Foundation has done a good job of keeping that pretty pure. Success in entrepreneurship and open source go hand in hand now, it's almost... It's really the perfect storm for creators. >> Yeah. >> But, there's a playbook, there's a way that's changed. Share your vision of how you think open source is today and where it needs to maintain and what could be changed for the better? >> Yeah, I think, so open source today is pretty much a default, expected, accepted, sort of a pattern, which is really nice. It gives you community so you could, you know, Groundswell, anyone could adopt your software, without having to go through a sales person or something like that, which is really important, anyone can contribute and make their mark on the software. It's a great way to sort of get careers started. I think it brings a level of transparency to software that is, you know, you could hide behind closed source. It's like we like to tell our customers, it's like if you don't believe us, not only try it, but go look at how it works. We're telling you the truth. And I think that's really important. I think there's still a lot of challenges around how do companies sort of build successful businesses around it? I think we're doing alright and things like that, but there's still low number of data points. >> Always the challenge is, from looking at your reaction on this, is that as companies get involved, the classic reaction was, oh we got the big companies now in this open source project, it's going to be land grabbed, they're going to put their fingers in there, need better governance. >> Yup. >> Things fracture. Where ideally, it's an upstream project, where everyone contributes for the better good and then people pull it downstream. I mean, that's the basic ethos of open source. That's the main, that's the playbook that we want and that's what you believe, that's the ideal scenario? >> I think that yeah, I think shared ownership is really important, but I also think that sort of unified vision is equally important. So, that's a healthy tension to me, which is that you have a huge community that wants to pull the project in different directions and I think if you don't, if you have a governance that's totally fair, what ends up happening, in my opinion, is you end up getting camels instead of horses, right, like you'd start pulling in all these different directions. You sort of need a slightly unfair governance model so there is somebody that says, this is the direction we're going. And that person needs to be someone that's trusted by the community. >> And Linux was very successful with that too, I mean, you know. >> Right, and I think Linux is an example of a project that like reaches a point where that's, the vision is obvious and clear and it reaches a point where, you know, Linux could step down for a bit and take a break and it still runs fine, but it's a-- >> in the early days, you need a benevolent dictator to say, look, we got to do this. >> Yeah, right, Linux is a 25, 30 year old project versus, you know, some of these CNCF projects are two or three years old and I think that's where you absolutely need strong leadership versus-- >> But we'll see. We'll look at the contribution. We look at that, we obviously follow that pretty heavily and learn to appreciate the Kubernetes commentaries. We think that's super important too. Obviously containers, it's pretty much voted, it's open now so. >> Yes, yeah, yeah. >> (laughs) We know that. Okay, so I got to ask you the final question. As an entrepreneur, access to capital is super important. How did you guys go about it? How did you raise money? How should people raise money today? I'll say your an entrepreneur in the ecosystem, you're out in the front lines building a company. >> Mhmm. >> How did you guys access the capital? How should people figure this out? >> Yeah, I mean you just, you got to tell people why, you know it's a marketing problem, in away, but you got to tell people why what you're working on matters because it's so obvious to you as the founder, that's easy, it's about how do you articulate that and tell people how and why it's important and not just to you, but to the market and how it's going to help people and we did that and I think our biggest challenge was we had to do that across six or seven products, which is, we had a lot of pressure to like, why don't you just do one thing, but it was because for us, what was important was not just what the product did, but the greater vision behind why are we doing six things. And we just, you'd say that and you'd find people who believe it and they help you. >> And as you guys, a great example of you're on a big wave with Cloud and Open Source. How should entrepreneurs and what do you guys do to do this, maybe it's more of advice or anecdotal observation, as you have the dynamics with investors, advisors, service providers, how do you get the most out of them and how do you manage that board dynamic, because when you have an emerging market, there's a danger of saying, we got to lock in a business model. >> Yeah. >> So in Open Source, I'll see a little bit more freedom there 'cause you're open source, but that's always a danger and it's that much more you got to balance that, okay, we got to move the needle, but let's not overdrive too hard. How should entrepreneurs handle the... Taking advantage of their investors and board and how should they manage them or work with them? >> Yeah, I think on one side you need sort of, it's like multiple pillars and on one pillar you need a strong vision, so you need, what won't you sacrifice on, sort of? What's the fence post in the distance and maybe the journey there is slightly different, but you know where you're sort of heading towards so that always grounds you. I think the second thing is sort of a level of pragmatism, like you need to have that vision, but you need to meet your customers where they are and so, you need to figure out what you need to give them today, but still head towards that vision. And when you have those two things, you have a board that is on board with both of those things, you have founders that are dedicated, and you have employees, as well, and everything sort of moves in the right direction. >> But you got to lay that out. >> You have to be pretty explicit about it, yeah. >> Alright, well, congratulations on all your success and looking forward to following up and seeing how you guys are doing. Thanks for coming in and sharing your thoughts today. Appreciate it. >> Thank you. I'm John Furrier here at Mayfield for the 50th anniversary, part of our People First network coverage. I'm John Furrier, thanks for watching. (upbeat music)

(fun, relaxing music) >> Announcer: Live from the Javits Center, in New York City, it's The Cube. Covering Inforum 2017. Brought to you by Infor. >> Welcome back to The Cube's coverage of Inforum 2017, I'm your host Rebecca Knight, along with my co-host, Dave Vellante. We're joined by Stephan Scholl, he is the president of Infor. Thanks so much for joining us. >> My pleasure. >> For returning to The Cube My pleasure, yeah, three years in a row, I think, or four now, yeah. >> Indeed. >> Well, we skipped a year in-between. >> That's right! Three years. Anyway, it's good to be here. >> This has been a hugely successful conference. We're hearing so much about the growth and momentum of Infor. Can you unpack this a little bit for our viewers? >> Yeah, I mean... People always forget, we only started this aggressive Cloud journey literally three years ago. When we announced at Inforum in New Orleans that we were pivoting the company to Infor industry-based CloudSuites, everybody looked at us and said, "Well, that's an interesting pivot." "Why are you doing that?" Well, as I said yesterday, we really saw a market dynamic that you see retail just getting crushed by what Amazon was doing, and it was obvious, today, but then it wasn't so obvious, but that was going to happen everywhere, and so we really got aggressive on believing we could put together a very different approach to tackling enterprise software. Everybody is so fatigued from buying from our competitors traditional, perpetual software, and then you end up modifying the hell out of it, and then you end up spending a gazillion dollars, and it takes forever, and then if it does work, you're stuck on old technology already, and you never get to the next round of evolution. So we said why don't we build CloudSuites, take the last model industry functionality that we have, put it in a Cloud, make it easy for our customers to implement it, and then we'll run it for them. And then, by the way, when the newest innovation comes up, we'll upgrade them automatically. That's what Cloud's about. So, that's where we saw that transformation happening. So in three years, we went from two percent, as I said, to 55 plus percent of our revenue. And, by the way, we're not a small company. Nobody at our size and scale has ever done that in enterprise software. So what an accomplishment. >> So a lot of large companies, some that you used to work for, are really slow. And, you know what, lot of times that's okay, 'cause IT tends to be really slow, as you move to the Cloud, and move to the situation where, "Okay, guys, new release coming!" What are your customers saying about that, how are you managing that sort of pace of change, that flywheel of Amazon, and you're now innovating on and pushing to your climate? >> Well, they're excited. And, I'll tell you, I remember standing up in Frankfurt, Germany, 18 months ago for a keynote, and said the Cloud is coming, I almost got kicked out of Germany. (laughing) They said it's not going to happen in Germany, "No, we're an engineering pedigree," "We're going to be on premise." >> "You don't understand the German market!" >> "You don't understand our marketplace!" And, we're really close friends with Andy Jassy at AWS, the CEO. The AWS guys are unbelievable, and innovative, and we said, "You know, you guys got to build" "your next data center in Frankfurt." So they put hundreds of millions of dollars investment in, built a data center. What's the fastest growing data center in Europe, right now, for them? Frankfurt! The German market, for us, our pipeline is tenfold increase from what it was a year ago. So, it's working in Germany, and it's happening on a global basis, we have, I think yesterday 75 customers from Saudi, from Dubai, from all the Middle East. Cloud is a great equalizer. And don't underestimate... I'll take luck to our advantage anytime. The luck part is, there's fatigue out there, they're exhausted, they've spent so much money over the last 20, 30 years, and never reached the promise of what they were sold then, and so now, with all the digital disruption, I think of the business competitive challenges that they have to deal with. I mean, I don't care, you could be in Wichita, Kansas building up an e-commerce website, and compete with a company in Saudi tomorrow. The barest entry in manufacturing, retail, look at government agencies, we're doing nine-figure transformations in the Cloud with public sector agencies. Again, two years ago, they would've said never going to happen. >> Rebecca: Yet the government does spend that kind of... >> Mike Rogers, the CIO, was saying to us, "Look at all the technical debt" "that we've accumulated over the years," "and it just keeps getting worse and worse and worse." "If we don't bite the bullet and move now," "it's just going to take that much longer." >> That's right. And they're leap-frogging. I mean, I'm so excited, government agencies! I mean, there's even some edicts in some places where Cloud-only. I mean, this whole Gold Coast opportunity, 40 plus different applications in Australia, all going into the Cloud to handle all the complexities they have around the commonwealth games that they're trying to deal with. I mean, just huge transformations on a global basis. >> At this conference, we're hearing about so many different companies, and, as you said, government agencies, municipalalities, transforming their business models, transforming their approaches. What are some of your favorite transformation stories? >> My favorite one that we're doing is Travis Perkins. John Carter, I think you guys maybe even interviewed him last year when he was here. CEO. Old, staid distribution business, and taking a whole new fresh approach. Undoing 40 to 50 different applications, taking his entire business, putting it online. He deals with contracts... So, they're the Home Depot of the UK market, and right now, if you drive up into that car port and you want to order something, it's manual! Sticky notes, phones, dumb terminals, I need five windows, I need five roofs, I need five pieces of wood. Everything is just a scurry. He wants to put it on, when you drive up next year, you're on an iPad, what would you like? Oh, by the way, you want to make a custom order on that window frame? You want to make green, yellow, red, you want to order different tiles of roof styling? Custom orders is the future! You, as a contractor, walking into that organization, want to make a custom order. That, today, is very complicated for a company like that to handle. So, the future is about undoing all that, embracing the custom order process, giving you a really unique, touchless buying process, where it's all on an iPad, it's all automated. You know what? Telling you here's your five new windows, here's a new frame want on it, and, by the way, you're going to get it in five days, and three hours, and 21 minutes. Deliver it to your door. And, by the way, these guys are huge. They're one of the biggest distribution companies in all of the United Kingdom, and so that's one of my favorite stories. >> Can we go over some of the metrics that you've been sharing. I know it's somewhat repetitive, but I'd like to get it on-record. There's 55%, 84, 88, over 1100, 3x, 60%, maybe start with the 60%. I think it's bookings grown, right? >> That's right, yeah. License sales growth last year alone. And, you know what, I looked at... You know, I see it, Paul always keeps me honest, but I think I can say it anyways, which is, I looked at everybody else. You look at the... I don't want you to mention any competitors' names, but you look at the top five competitors that we have, we grew faster than they did last year on sales of CloudSuite. >> Dave: Okay, so that's 60% bookings growth on Cloud. >> Correct. That's right. Yeah, I mean, when you think of our competitors, I saw 40s, I saw some 30s, I saw maybe 52 at the next one down. So, people don't think of us that way, so we were, at the enterprise scale, the fastest-growing Cloud company in the world. >> Okay, and then, 3x, that's 3x the number of customers who bought multiple products, is that correct? >> Correct. That's exactly right. So think about that transformation. They used to buy from us one product, feature-function rich, great, but now they're buying five products, eight products from us. So 3x increase, year over year, already happening. >> Okay, and then there was 1100 plus, is Go-Lives. >> People always ask us, "You're selling stuff." "Are they using it, is it working?" So you got to follow up with delivery, so we're spending a ton of money on certification, training, and ablement, look at the SI community, look at the... Deloitte, Accenture, Capgemini, and Grand Thornton. Four of the major SIs in the world, that weren't here last year, are all here this year. Platinum sponsors. So, delivery on Go Lives, the SI community is embracing us, helping us, I mean, I can't do hundred million dollar transformations on my own with these customers. I need Accenture, I need Deloitte. Look at Koch! Koch's going to be a massive transformation for financials, human-capital management, and so I've got Accenture and Deloitte helping us, taking a hundred plus billion dollar company on those two systems. >> And then 84, 88, is number of... >> Live customers, I'm sorry, total customers that we have in the Cloud. >> Cloud customers, okay, not total customers. >> No, no, we have 90 thousand plus customers, and then 84, 85 hundred of them are Cloud-based customers. >> You got a ways to go, then, to convert some of those customers. >> Well, that's our opportunity, that's exactly right. >> And then 55% of revenue came from the Cloud, obviously driven by the Cloud bookings growth. >> That's right. Exactly. So, I mean, just the acceleration, I mean, as I said, when we started this thing in New Orleans, two or three percent. Now, tipping point, revenue, I mean, it's one thing to sell software, but to actually turn it into revenue? Nobody at an enterprise scale has done 2% to 55% at our size. Lots of companies in the hundred million dollar range, small companies, you know, if we were a stand-alone Cloud company, we'd be one of the largest Cloud companies in the world. >> So the narrative from Oracle, I wonder if you can comment on this, is that the core of enterprise apps has not moved to the Cloud, and we, Oracle, are the guys to move it there, 'cause we are the only ones with that end-to-end Cloud on prem to Cloud strategy. And most companies can't put core apps, enterprise apps in the Cloud, especially on Amazon. So, what do you say to that? >> Well, it's 'cause they don't have the applications to do that. Oracle doesn't have the application horsepower. They don't have industry-based application suites. If you think of what fusion is, it's a mishmash of all the applications that they bought. There's no industry capability. >> Dave: It's horizontal, is what you're saying. >> It's horizontal. Oracle is fighting a battle against Amazon, they declared war against AWS. I'm glad they're doing that, go ahead! I mean, I don't know how you're going to do that, but they want to fight the infrastructure game. For us, infrastructure is commoditized. We're fighting the business applications layer game, and so, when you look at SAP or Oracle or anybody else, they have never done what we've done in our heritage, which is take key critical mission functionality for aerospace and defense, or automotive, we have the last mile functionality. I mean, I have companies like Ferrari, on of the most complicated companies, we've talked about those guys for years, no modifications! BAE, over in the UK, building the F-35 fighter jets and the Typhoon war planes. It doesn't get any more complicated than building an F-35 fighter jet. No modifications in their software, that they have with us. You can only build Cloud-based solutions if you don't modify the software. Oracle doesn't have that. Never had it. They're not a manufacturing pedigreed organization. SAP's probably more analogous to that, but even for SAP, they only have one complete big product sect covering retail, distribution, finance, it's the same piece of software they send to a bank, that they send to a retailer, that they send to a manufacturer. We don't do that. That's been our core forever. >> So your dogma is no custom mods, because you're basically saying you can't succeed in the Cloud with custom mods. >> Yeah. I mean, we have an extensive ability platform to do some neat things if you need to do that, but generally speaking, otherwise it's just lipstick on the pig if you're running modified applications. That's called hosting, and that's what these guys are largely doing. >> You know, a lot of people count hosting as Cloud. >> That's the game they're playing, right? >> They throw everything in the Cloud kitchen sink. >> That's right. >> Okay. >> And as we've talked with you before, we've spent billions... We all are R&D's at the application layer. We do some work in the integration layer, and so on, but most of our money is spent in the last mile, which, Oracle and SAP, they're all focused on HANA and infrastructure, and system speed, and performance, and all the stuff that we view as absolutely being commoditized. >> But that's really attractive to the SIs, the fact that they don't go that last mile, so why is it that the SIs are suddenly sort of coming to Infor? >> Well, you know what, because they finally see there is a lot of revenue still on the line in terms of change management, business-process re-engineering. You take a company like Travis Perkins, change their entire model of doing business. There isn't just modification revenue, or integration revenue, there is huge dollars to be had on change management, taking the company to CEO John Carter by the hand, and saying, "Here's how you're going to transform" "your entire business process." That more than makes up in many cases high-value dollars than focused on changing a widget from green to yellow. >> And it's right in the wheelhouse of these big consultancies. >> And they're making good money on digital transformation, so what are the digital use cases? Look at Accenture, they're did a great job. I think 20 plus percent of their business now is all coming from digital. That didn't exist three, four years ago. >> Well, you have a lot of historical experience from your Oracle days of working with those large SIs, they were critical, but they were doing different type of work then, and is it your premise that a lot of that's going away and that's shifting toward. >> The voice of the customer is everything, and it may take time, you can snow a customer once, which we've already done in this industry of software. We told them buy generic-based software, Oracle or SAP, modify it with an SI, take five years, implement it for a hundred million dollars, get stuck on this platform, and if you're lucky, maybe upgrade in ten years. Whoever does that today, as a playbook, as a customer, and if an SI can sell that, I'm not buying that. You think any customers I know today are buying that vision? I don't think so. >> Dave: Right there with the outsourcing business. >> Another thing that's come out of this conference is attention to the Brooklyn Nets deal. Can you talk a little big about it, it's very cool. >> I love those guys. >> Dave: We're from Boston, we love the Brooklyn Nets, too. >> Rebecca: They can play us anytime. Every day. >> Dave: For those draft picks. >> Bread on those guys. You know what it is. And Shaun, the GM, the energy... I use that a lot with my own guys. Brooklyn grit. And they're willing to look and upturn every aspect of the game to be more competitive. And so, we're in there with our technology, looking at every facet, what are they eating? What's the EQ stuff? Emotional occlusion. How's that team collaboration coming together? And then mapping it to... They have the best 3-D cameras on the court, so put positioning, and how are they aligning to each other? Who's doing the front guard in terms of holding the next person back so they can have enough room to do a three-point shot. Where should the three-point shot come from? So, taking all the EQ stuff, the IQ stuff, the performance, the teamwork, putting it all into a recipe for success. These guys are, I'm going to predict it here, these guys are going to rock it next couple years as a team. >> But it's not just what goes on in the court, too, it's also about fan engagement, too. >> All that. Well, fair enough, I get all excited about just making them a much better team, but the whole fan experience, walking into a place knowing that if I get up now, the washroom line isn't 15 miles long, and at the cash line for a beer isn't going to take me 20 minutes, that I'm on my app, you actually have all the information and sensors in place to know that, hey, right now's a great time, aisle number four, queue number three, is a one-minute wait for a beer, go. Or have runners, everything's on your phone, they don't do enough service. So there's a huge revenue opportunity along with it, from a business point of view, but I would also say is a customer service element. How many times have we sat in a game and go, "I'm not getting up there." (laughing) Unless you're sitting in the VIP area, well, there's revenue to be had all over the place. >> Yeah, they're missing out on our beer money, yeah. >> It's ways for a stadium services, which are essentially a liquor distribution system. >> Exactly right. But to do that, you got to connect point of sales systems, you got to connect a lot of components, centers in the bathroom, I mean you got to do a lot of work, so we're going to create the fan experience of the future with them. And preferences, the fact that they that when you walk in past the door with your app and if you have Brooklyn Nets app, that we know who your favorite player is, and you get a little text that says, Hey, you know what, 10% discount on the next shirt from your favorite player. Things like that. Making a personal connection with you about what you like is going to change the game. And that's happening everywhere. In retail... Everybody wants to have a one-to-one relationship. You want to order your Nike shoes online with a green lace and a red lace on the right, Nike allows you to do that. You want to order a shirt that they'll make for you with the different emblems on it and different technology to it, those are things they're doing, too. So, a very one-to-one relationship. >> Well, it's data, it's more than data, it's insights, and you guys are, everybody's a data company, but you're really becoming a data and insight-oriented company. Did you kind of stumble into that, or is this part of the grand plan six years ago, or, how'd you get here? >> Listen, this whole... I mean, to do Cloud-based solutions by industry is not just to solve for applications going from infrastructure on-premise to off-premise. What does it allow you to do? Well, if you're in AWS, I can run ten thousand core products... I can run a report in ten minutes with AWS that would take you a week, around sales information, customer information. Look at all the Netflix content. You log in on Netflix, "Suggestions for You". It's actually pretty accurate, isn't it? >> Scarily accurate, sometimes, yes. >> It's pretty smart what goes into the algorithm that looks at your past. Unfortunately, I log into my kid's section, and it has my name on it and I get all these wonderful recommendations for kids. But that's the kind of stuff that we're talking about. Customers need that. It's about real-time, it's not looking backwards anymore, it's about real-time decisioning, and analytics, and artificial intelligence, AI is the future, for sure. >> So more, more on the future, this is really fun, listening to you talk, because you are the president, and you have a great view of what's going on. What will we be talking about next year, at this time. Well, it won't be quite this time, it will be September, but what do you think? >> I think what you're going to see is massive global organizations up on stage, like the ones I mentioned, Travis Perkins, a Safeway, a Gold Coast, a Hertz. Hertz is under attack as a company. The entry point into the rental car business was very very hard. Who's going to go buy 800 thousand cars and get in the rental business, open ten thousand centers? You don't need to do that anymore today! >> Dave: Software! >> It's called software, the application business, so their business model is under attack. We're feverishly working with their CEO and their executive team and their board on redefining the future of Hertz. So, you're going to see here, next year, the conversation with a company like Hertz rebounding and growing and being successful, and... The best defense is a good offense, so they're on the offensive! They're going to use their size, their scale. You look at the retailers, I mean, I love the TAL story, and they may make one out of every six shirts. Amazon puts the same shirt online that they sell for $39.99, TAL's trying to sell for $89.99. They're saying enough of that. They built these beautiful analyzers, sensors, where you walk into this little room, and they do a sensor of a hundred different parts of your body, So they're going to get the perfect shirt for you. So, it's an experience center. So you walk into this little center, name's escaping me now, but they're going to take all the measurements, like a professional Italian tailor would do, you walk in, it's all automatic, you come out of there, they know all the components of your body, which is a good thing and a bad thing, sometimes, right, (laughing) they'll know it all, and then you go to this beautiful rack and you're going to pick what color do you want. Do you want a different color? So everything is moving to custom, and you'll pay more for that. Wouldn't you pay for a customized shirt that fits your body perfectly, rather than an off-the-rack kind of shirt at $89.99? That's how you compete with the generic-based e-commerce plays that are out there. That use case of TAL is going to happen in every facet. DSW, the DSW ones, these experience centers, the shoeless aisles, that whole experience. You walking in as... The most loyal women shoppers are DSW with their applications, right. >> Rebecca: (laughs) Yes, yes. >> And how many times have you tried a shoe on that doesn't fit properly, or it's not the one you want, or they don't have your size, or you want to make some configurations to it. You got one, too! >> Ashley came by and gave me this, 'cause I love DSW. >> I mean, they're what, one of the biggest shoe companies in the world not standing still, and Ashley is transforming, they went live on financials in like 90 days in the Cloud? Which for them, that kind of innovation happening that fast is unbelievable. So next year, the whole customer experience side is going to be revolutionary for these kinds of exciting organizations. So, rather than cowering from this digital transformation, they're embracing it. We're going to be the engine of digital transformation for them. I get so excited to have major corporations completely disrupting themselves to change their market for themselves moving forward. >> What is the Koch investment meant to you guys, can you talk about that a little bit? I mean, obviously, we hear two billion dollars, and blah, blah, blah, but can you go a little deeper for us? >> I mean, forget all the money stuff, for a minute, just the fact that we're part of a company that is, went from 40 million when Charles Koch started, taking over from his family, and went to 100 plus billion. Think about that innovation. Think about the horsepower, the culture, the aggressiveness, the tenacity, the will to win. We already had that. To combine that with their sheer size and scale is something that is exciting for me, one. Two is they view technology as the next big chapter for them. I mean, again, not resting on your laurels, I'm already 100 billion, they want to grow to 150, 200 billion, and they see technology as the root to getting there. Automating their plants, connecting all their components of their employees, gain the right employees to the right place, so workforce management, all the HR stuff that we're doing on transformation, the financials, getting a global consolidated view across 100 billion dollar business on our systems. That's transformation! That's big, big business for us, and what a great reference to have! A guy like Steve Fellmeier up yesterday, he'll be up here next year talking about how he's using us to transform their business. There's not many 100 billion dollar companies around, right, so what a great reference point for us to have them as a customer, and as a proved point of success. >> Well, we'll look forward to that in September, and seeing you back here next year, too. >> Look forward to it. >> Stephan, thanks so much for joining us. >> Thanks, appreciate it, thank you. >> I'm Rebecca Knight for Dave Vellante, that is it for us and The Cube at Inforum 2017. See you next time.