(light music) (airy white noise rumbling) >> Hey everyone, welcome back to Las Vegas. It's theCUBE. We're here, day four of our coverage of AWS re:Invent 22. There's been about, we've heard, north of 55,000 folks here in person. We're seeing only a fraction of that but it's packed in the expo center. We're at the Venetian Expo, Lisa Martin, Dave Vellante. Dave, we've had such great conversations as we always do on theCUBE. With the AWS ecosystem, we're going to be talking with another partner on that ecosystem and what they're doing to innovate together next. >> Well, we know security is the number one topic on IT practitioners, mine, CIOs, CISOs. We also know that they don't have the bench strength, that's why they look to manage service providers, manage service security providers. It's a growing topic, we've talked about it. We talked about it at re:Inforce earlier this year. I think it was July, actually, and August, believe it or not, not everybody was at the Cape. It was pretty well attended conference and that's their security focus conference, exclusive on security. But there's a lot of security here too. >> Lot of security, we're going to be talking about that next. We have two guests from Capgemini joining us. Mike Wasielewski, the head of cloud security, and NextGen secure architectures, welcome Mike. Anne Saunders also joins us, the Director of Cybersecurity Technology Partnerships at Capgemini, welcome Anne. >> Thank you. >> Dave: Hey guys. >> So, day four of the show, how you feeling? >> Anne: Pretty good. >> Mike: It's a long show. >> It is a long, and it's still jamming in here. Normally on the last day, it dwindles down. Not here. >> No, the foot traffic around the booth and around the totality of this expo floor has been amazing, I think. >> It really has. Anne, I want to start with you. Capgemini making some moves in the waves in the cloud and cloud security spaces. Talk to us about what Cap's got going on there. >> Well, we actually have a variety of things going on. Very much partner driven. The SOC Essentials offering that Mike's going to talk about shortly is the kind of the starter offer where we're going to build from and build out from. SOC Essentials is definitely critical for establishing that foundation. A lot of good stuff coming along with partners. Since I manage the partners, I'm kind of keen on who we get involved with and how we work with them to build out value and focus on our overall cloud security strategy. Mike, you want to talk about SOC Essentials? >> Yeah, well, no, I mean, I think at Capgemini, we really say cybersecurity is part of our DNA and so as we look at what we do in the cloud, you'll find that security has always been an underpinning to a lot of what we deliver, whether it's on the DevSecOps services, migration services, stuff like that. But what we're really trying to do is be intentional about how we approach the security piece of the cloud in different ways, right? Traditional infrastructure, you mentioned the totality of security vendors here and at re:Inforce. We're really seeing that you have to approach it differently. So we're bringing together the right partners. We're using what's part of our DNA to really be able to drive the next generation of security inside those clouds for our clients and customers. So as Anne was talking about, we have a new service called the Capgemini Cloud SOC Essentials, and we've really brought our partners to bear, in this case Trend Micro, really bringing a lot of their intelligence and building off of what they do so that we can help customers. Services can be pretty expensive, right, when you go for the high end, or if you have to try to run one yourself, there's a lot of time, I think you mentioned earlier, right, the people's benches. It's really hard to have a really good cybersecurity people in those smaller businesses. So what we're trying to do is we're really trying to help companies, whether you're the really big buyers of the world or some of the smaller ones, right? We want to be able to give you the visibility and ability to deliver to your customers securely. So that's how we're approaching security now and we're cloud SOC Essentials, the new thing that we're announcing while we were here is really driving out of. >> When I came out of re:Invent, when you do these events, you get this Kool-Aid injection and after a while you're like hm, what did I learn? And one of the things that struck me in talking to people is you've got the shared responsibility model that the cloud has sort of created and I know there's complexities across cloud but let's just keep it at cloud generically for a moment. And then you've got the CISO, the AppDev, AppSecDev group is being asked to do a lot. They're kind of being dragged into security that's really not their wheelhouse and then you've got audit which is like the last line of defense. And so one of the things that struck me at re:Inforce is like, okay, Amazon, great job for their portion of the shared responsibility model but I didn't hear a lot in terms of making the CISO's life easier and I'm guessing that's where you guys come in. I wonder if you could talk about that trend, that conceptual layers that I just laid out and where you guys fit. >> Mike: Sure, so I think first and foremost, I always go back to a quote from, I think it's attributed to Peter Drucker, whether that's right or wrong, who knows? But culture eats strategy for breakfast, right? And I think what we've seen in our conversations with whether you're talking to the CISO, the application team, the AppDev team, wherever throughout the organization, we really see that culture is what's going to drive success or failure of security in the org, and so what we do is we really do bring that totality of perspective. We're not just cloud, not just security, not just AppDev. We can really bring across the totality of the Capgemini estate. So that when we go, and you're right, a CISO says, I'm having a hard time getting the app people to deliver what I need. If you just come from a security perspective, you're right, that's what's going to happen. So what we try to do is so, we've got a great DevSecOps service, for example in the cloud where we do that. We bring all the perspectives together, how do we align KPIs? That's a big problem, I think, for what you're seeing, making CISO's lives easier, is about making sure that the app team KPIs are aligned with the CISO's but also the CISO's KPIs are aligned with the app teams. And by doing that, we have had really great success in a number of organizations by giving them the tools then and the people on our side to be able to make those alignments at the business level, to drive the right business outcome, to drive the right security outcome, the right application outcome. That's where I think we've really come to play. >> Absolutely, and I will say from a partnering perspective, what's key in supporting that strategy is we will learn from our partners, we lean on our partners to understand what the trends they're seeing and where they're having an impact with regards to supporting the CISO and supporting the overall security strategy within a company. I mean, they're on the cutting edge. We do a lot to track their technology roadmaps. We do a lot to track how they build their buyer personas and what issues they're dealing with and what issues they're prepared to deal with regards to where they're investing and who's investing in them. A lot of strategy around which partner to bring in and support, how we're going to address the challenges, the CISO and the IT teams are having to kind of support that overall. Security is a part of everything, DNA kind of strategy. >> Yeah, do you have a favorite example, Anne, of a partner that came in with Capgemini, helped a customer really be able to do what Capgemini is doing and that is, have cybersecurity be actually part of their DNA when there's so many challenges, the skills gap. Any favorite example that really you think articulates how you're able to enable organizations to achieve just that? >> Anne: Well, actually the SOC Essentials offering that we're rolling out is a prime example of that. I mean, we work very, very closely with Trend on all fronts with regards to developing it. It's one of those completely collaborative from day one to going to the customer and that it's almost that seamless connectivity and just partnering at such a strategic level is a great example of how it's done right, and when it's done right, how successful it can be. >> Dave: Why Trend Micro? Because I mean, I'm sure you've seen, I think that's Optiv, has the eye test with all the tools and you talk to CISOs, they're like really trying to consolidate those tools. So I presume there's a portfolio play there, but tell us, tell the audience a little bit more about why Trend Micro and I mean your branding with them, why those guys? >> Well, it goes towards the technology, of course, and all the development they've done and their position within AWS and how they address assuring security for our clients who are moving onto and running their estates on AWS. There's such a long heritage with regards to their technology platform and what they've developed, that deep experience, that kind of the strength of the technology because of the longevity they've had and where they sit within their domain. I try to call partners out by their domain and their area of expertise is part of the reason, I mean. >> Yeah, I think another big part of it is Gartner is expecting, I think they published this out in the next three years, we expect to see another consolidation both inside of the enterprises as well as, I look back a couple years, when Palo Alto went on a very nice spending spree, right? And put together a lot of really great companies that built their Prisma platform. So what I think one of the reasons we picked Trend in this particular case is as we look forward for our customers and our clients, not just having point solutions, right? This isn't just about endpoint protection, this isn't just about security posture management. This is really who can take the totality of the customer's problems and deliver on the right outcomes from a single platform, and so when we look at companies like Trend, like Palo, some of the bigger partners for us, that's where we try to focus. They're definitely best in breed and we bring those to our customers too for certain things. But as we look to the future, I think really finding those partners that are going to be able to solve a swath of problems at the right price point for their customers, that is where I think we see the industry moving. >> Dave: And maybe be around as an independent company. Was that a factor as well? I mean, you see Thoma Bravo buying up all his hiring companies and right, so, and maybe they're trying to create something that could be competitive, but you're saying Trend Micros there, so. >> Well I think as Anne mentioned, the 30 year heritage, I think, of Trend Micro really driving this and I've done work with them in various past things. There's also a big part of just the people you like, the people that are good to work with, that are really trying to be customer obsessed, going back right, at an AWS event, the ones that get the cloud tend to be able to follow those Amazon LPs as well, right, just kind of naturally, and so I think when you look at the Trend Micros of the world, that's where that kind of cloud native piece comes out and I like working with that. >> In this environment, the macro environment, lets talk a bit, earning season, it's really mixed. I mean you're seeing some really good earnings, some mixed earnings, some good earnings with cautious guidance. So nobody really (indistinct), and it was for a period time there was a thinking that security was non-discretionary and it's clearly non-discretionary, but the CISO, she or he, doesn't have unlimited budgets, right? So what are you seeing in terms of how are customers dealing with this challenging macro environment? Is it through tools consolidation? Is that a play that's going on? What are you seeing in the customer base? >> Anne: I see ways, and we're working through this right now where we're actually weaving cybersecurity in at the very beginning of how we're designing offers across our entire offer portfolio, not just the cybersecurity business. So taking that approach in the long run will help contain costs and our hope, and we're already seeing it, is it's actually helping change the perception that security's that cost center and that final obstacle you have to get over and it's going to throw your margins off and all that sort of stuff. >> Dave: I like that, its at least is like a security cover charge. You're not getting in unless we do the security thing. >> Exactly, a security cover charge, that's what you should call it. >> Yeah. >> Like it. >> Another piece though, you mentioned earlier about making CISO's life easier, right? And I think, as Anne did a really absolutely true about building it in, not to the security stack but application developers, they want visibility they want observability, they want to do it right. They want CI/CD pipeline that can give them confidence in their security. So should the CISO have a budget issue, right? And they can't necessarily afford, but the application team as they're looking at what products they want to purchase, can I get a SaaS or a DaaS, right? The static or dynamic application security testing in my product up front and if the app team buys into that methodology, the CISO convinces them, yes, this is important. Now I've got two budgets to pull from, and in the end I end up with a cheaper, a lower cost of a service. So I think that's another way that we see with like DevSecOps and a few other services, that building in on day one that you mentioned. >> Lisa: Yeah. >> Getting both teams involved. >> Dave: That's interesting, Mike, because that's the alignment that you were talking about earlier in the KPIs and you're not a tech vendor saying, buy my product, you guys have deep consultancy backgrounds. >> Anne: And the customer appreciates that. >> Yeah. >> Anne: They see us as looking out for their best interest when we're trying to support them and help them and bringing it to the table at the very beginning as something that is there and we're conscientious of, just helps them in the long run and I think, they're seeing that, they appreciate that. >> Dave: Yeah, you can bring best practice around measurements, alignment, business process, stuff like that. Maybe even some industry expertise which you're not typically going to get from a product company. >> Well, one thing you just mentioned that I love talking about with Capgemini is the industry expertise, right? So when you look at systems integrators, there are a lot of really, really good ones. To say otherwise would be foolish. But Capgemini with our acquisition of Altran, a couple years ago, I think think it was, right? How many other GSIs or SIs are actually building silicon for IoT chips? So IoT's huge right now, the intelligent industry moving forward is going to drive a lot of those business outcomes that people are looking for. Who else can say we've built an autonomous vehicle, Capgemini can. Who can say that we've built the IoT devices from the ground up? We know not just how to integrate them into AWS, into the IoT services in the cloud, but to build and have that secure development for the firmware and all and that's where I think our customers really look to us as being those industry experts and being able to bring that totality of our business to bear for what they need to do to achieve their objectives to deliver to their customer. >> Dave: That's interesting. I mean, using silicon as a differentiator to drive a lot of business outcomes and security. >> Mike: Absolutely. >> I mean you see what Amazon's doing in silicon, Look at Apple. Look at what Tesla's doing with silicon. >> Dave: That's where you're seeing a lot of people start focusing 'cause not everybody can do it. >> Yeah. >> It's hard. >> Right. >> It's hard. >> And you'll see some interesting announcements from us and some interesting information and trends that we'll be driving because of where we're placed and what we have going around security and intelligent industry overall. We have a lot of investment going on there right now and again, from the partner perspective, it's an ecosystem of key partners that collectively work together to kind of create a seamless security posture for an intelligent industry initiative with these companies that we're working with. >> So last question, probably toughest question, and that's to give us a 30 second like elevator pitch or a billboard and I'm going to ask you, Anne, specifically about the SOC Essentials program powered by Trend Micro. Why should organizations look to that? >> Organizations should move to it or work with us on it because we have the expertise, we have the width and breadth to help them fill the gaps, be those eyes, be that team, the police behind it all, so to speak, and be the team behind them to make sure we're giving them the right information they need to actually act effectively on maintaining their security posture. >> Nice and then last question for you, Mike is that billboard, why should organizations in any industry work with Capgemini to help become an intelligent industrial player. >> Mike: Sure, so if you look at our board up top, right, we've got our tagline that says, "get the future you want." And that's what you're going to get with Capgemini. It's not just about selling a service, it's not just about what partners' right in reselling. We don't want that to be why you come to us. You, as a company have a vision and we will help you achieve that vision in a way that nobody else can because of our depth, because of the breadth that we have that's very hard to replicate. >> Awesome guys, that was great answers. Mike, Anne, thank you for spending some time with Dave and me on the program today talking about what's new with Capgemini. We'll be following this space. >> All right, thank you very much. >> For our guests and for Dave Vellante, I'm Lisa Martin, you're watching theCUBE, the leader in live enterprise and emerging tech coverage. (gentle light music)

(upbeat music) (air whooshing) >> Good afternoon, cloud nerds, and welcome back to beautiful Las Vegas, Nevada. We are at AWS re:invent day four. Afternoon of day four here on theCUBE. I'm Savannah Peterson, joined by my fabulous cohost, Paul Gillin. Paul, you look sharp today. How you doing? >> Oh, you're just as fabulous, Savannah. You always look sharp. >> I appreciate that. They pay you enough to keep me buttered up over here at- (Paul laughing) It's wonderful. >> You're holding up well. >> Yeah, thank you. I am excited about our next conversation. Two fabulous gentlemen. Please welcome Sam and Monty, welcome to the show. >> Thank you. >> And it was great. Of the PR 2%, the most interesting man alive. (Paul and Savannah laughing) >> In person. Yeah, yeah. >> In the flesh. Our favorite guests so far. So how's the show been for you guys? >> Sam: It's been phenomenal. >> Just spending a lot of time with customers and partners and AWS. It's been great. It's been great. >> It is great. It's really about the community. It feels good to be back. >> Monty: Eating good food, getting my steps in above goals. >> I feel like the balance is good. We walk enough of these convention centers that you can enjoy the libations and the delicious food that's in Las Vegas and still not go home feeling like a cow. It is awesome. It's a win-win. >> To Sam's point though, meeting with customers, meeting with other technology providers that we may be able to partner with. And most importantly, in my role especially, meeting with all of our AWS key stakeholders in the partnership. So yeah, it's been great. >> Everyone's here. It's just different having a conversation in person. Even like us right now. So just in case folks aren't familiar, tell me about Talend. >> Yeah. Well, Talend is a data integration company. We've been around for a while. We have tons of different ways to get data from point A to point B, lots of different sources, lots of different connectors, and it's all about creating accessibility to that data. And then on top of that, we also have a number of solutions around governance, data health, data quality, data observability, which I think is really taking off. And so that's kind of how we're changing the business here. >> Casual change, data and governance. I don't know if anyone's talking about that at all on the snow floor. >> Been on big topic here. We've had a lot of conversations with the customers about that. >> So governance, what new dynamics has the cloud introduced into data governance? >> Well, I think historically, customers have been able to have their data on-prem. They put it into things like data lakes. And now having the flexibility to be able to bring that data to the clouds, it opens up a lot of doors, but it also opens up a lot of risks. So if you think about the chief data officer role, where you have, okay, I want to be able to bring my data to the users. I want to be able to do that at scale, operationally. But at the same time you have a tension then between the governance and the rules that really restrict the way that you can do that. Very strong tension between those two things. >> It really is a delicate balance. And especially as people are trying to accelerate and streamline their cloud projects, a lot to consider. How do you all help them do that? Monty, let's go to you. >> Yeah, we keep saying data, data, what is it really? It's ones and zeros. In this day and age, everything we see, we touch, we do, we either use data, or we create data, and then that... >> Savannah: We are data quite literally. >> We literally are data. And so then what you end up with is all these disparate data silos and different applications with different data, and how do you bring all that together? And that's where customers really struggle. And what we do is we bring it all together, and we make it actionable for the customer. We make it very simple for them to take the data, use it for the outcomes that they're looking for in their business initiatives. >> Expand on that. What do you mean make it actionable? Do you tag it? Do you organize it in some way? What's different about your approach? >> I mean, it's a really flexible platform. And I think we're part of a broader ecosystem. Even internally, we are a data driven company. Coming into the company in April, I was able to come in and get this realtime view of like, "Hey, here's where our teams are." And it's all in front of me in a Tableau dashboard that's populated from Talend integration, bringing data out of our different systems, different systems like Workday where we're giving offers out to people. And so everything from managing headcount to where our AWS spend is, all of that stuff. >> Now, we've heard a lot of talk about data and in fact the keynote yesterday that was focused mainly on data and getting data out of silos. How do you play with AWS in that role? Because AWS has other data integration partners. >> Sam: For sure. >> What's different about your relationship? Yeah. >> Go ahead. >> Yeah, we've had a strong relationship with AWS for many years now. We've got more than 80 connectors into the different AWS services. So we're not new to the AWS game. We align with the sales teams, we align with the partner teams, and then of course, we align with all the different business units and verticals so that we can enact that co-sell motion together with AWS. >> Sam: Yeah. And I think from our product standpoint, again, just being a hyper flexible platform, being able to put, again, any different type of source of data, to any type of different destination, so things like Redshift, being able to bring data into those cloud data warehouses is really how we do that. And then I think we have between bringing data from A to B, we're also able to do that along a number of different dimensions. Whether that's just like, "Hey, we just need to do this once a day to batch, all the way down to event driven things, streaming and the like. >> That customization must be really valuable for your customers as well. So one of the big themes of the show has been cost reduction. Obviously with the economic times as we're potentially dipping our toes into as well, is just in general, always wanting to increase margins. How do you help customers cut cost? >> Well, it's cost cutting, but it's also speed to market. The faster you can get a product to market, the faster you can help your customers. Let's say healthcare life sciences, pharmaceutical companies, patient outcomes. >> Great and timely example there. >> Patient outcomes, how do they get drugs to market quicker? Well, AstraZeneca leveraged our platform along with AWS. And they even said >> Cool. >> for every dollar that they spend on data initiatives, they get $40 back. That's a billion dollars >> Wow. >> savings by getting a drug to market one month faster. >> Everybody wins. >> How do you accelerate that process? >> Well, by giving them the right data, taking all the massive data that I mentioned, siloed in everywhere, and making it so that the data scientists can take all of this data and make use of it, makes sense of it, and move their drug production along much quicker. >> Yeah. And I think there's other things too like being very flexible in the way that it's deployed. Again, I think like you have this historical story of like, it takes forever for data to get updated, to get put together. >> Savannah: I need it now. And in context. >> And I think where we're coming from is almost more of a developer focus where your jobs are able to be deployed in any way you want. If you want to containerize those, you want to scale them, you need to schedule them that way. We plug into a lot of different ecosystems. I think that's a differentiation as well. >> I want to hang out on this one just for a second 'cause it's such a great customer success story and so powerful. I mean, in VC land, if you can take a dollar and make two, they'll give you a 10x valuation, 40. That is so compelling. I mean, do you think other customers could expect that kind of savings? A billion dollars is nothing to laugh at especially when we're talking about developing a vaccine. Yeah, go for it, Sam. >> It really depends on the use case. I think what we're trying to do is being able to say, "Hey, it's not just about cost cutting, but it's about tailoring the offerings." We have other customers like major fast food vendors. They have mobile apps and when you pull up that mobile app and you're going to do a delivery, they want to be able to have a customized offering. And it's not like mass market, 20% off. It's like, they want to have a very tailored offer to that customer or to that person that's pulling open that app. And so we're able to help them architect and bring that data together so that it's immediately available and reliable to be able to give those promotions. >> We had ARP on the show yesterday. We're talking about 50 million subscribers and how they customize each one of their experiences. We all want it to be about us. We don't want that generic at... Yeah, go for it, Paul. >> Oh, okay. >> Yeah. >> Well, I don't want to break break the rhythm here, but one area where you have differentiated, about two years ago you introduced something called the trust score. >> Sam: Yeah. >> Can you explain what that is and how that has resonated with your customers? >> Yeah, let's talk about this. >> Yeah, the thing about the trust score is, how many times have you gotten a set of data? And you look at it and you say, "Where did you get this data? Something doesn't look right here." And with the trust score, what we're able to do is quantify and value the different attributes of the data. Whether it's how much this is being used. We can profile the data, and we have a trust score that runs over time where you can actually then look at each of these data sets. You can look at aggregates of data sets to then say... If you're the data engineer, you can say, "Oh my, something has gone wrong with this particular dataset." Go in, quickly pull up the data. You can see if some third party integration has polluted your data source. I mean, this happens all the time. And I think if you sort of compare this to the engineering world, you're always looking to solve those problems sooner, earlier in the chain. You don't want your consumer calling you saying, "Hey, I've got a problem with the data, or I've got a problem- >> You don't want them to know there was ever a problem in theory. >> Yeah, the trust score helps those data engineers and those people that are taking care of the data address those problems sooner. >> How much data does somebody need to be able to get to the point where they can have a trust score? If you know what I'm trying to say. How do we train that? >> I mean, it can be all the way from just like a single data source that's getting updated, all the way to very large complex ones. That's where we've introduced this hierarchy of data sets. So it's not just like, "Hey, you've got a billion data sources here and here are the trust scores." But it's like, you can actually architect this to say like, "Okay, well, I have these data sets that belong to finance." And then finance will actually get, "Here's the trust score for these data sets that they rely on." >> What causes datasets to become untrustworthy? >> Yeah. Yeah. I mean, it happens all the time. >> A of different things, right? >> In my history, in the different companies that I've been at, on the product side, we have seen different integrations that maybe somebody changes something. In upstream, some of those integrations can actually be quite brittle. And as a consumer of that data, it's not necessarily your fault, but that data ends up getting put into your production database. All of a sudden your data engineering team is spending two days unwinding those transactions, fixing the data that's in there. And all the while, that bad data that's in your production system, is causing a problem for somebody that is ultimately relying on that. >> Is that usually a governance problem? >> I think governance is probably a separate set of constraints. This is sort of the tension between wanting to get all of the data available to your consumers versus wanting to have the quality around it as well. >> It's tough balance. And I think that it's really interesting. Everybody wants great data, and you could be making decisions that affect people's wellness, quite frankly. >> For sure. >> Very dramatically if you're ill-informed. So that's very exciting. >> To your point, we are all data. So if the data is bad, we're not going to get the outcomes that we want ultimately, >> I know. We certainly want the best outcomes for ourselves. >> We track that data health for its entire life cycle throughout the process. >> That's cool. And that probably increases your confidence in the trust score as well 'cause you're looking at so much data all the time. You got a smart thing going on over here. I like it. I like it a lot. >> We believe in it and so does AWS because they are a strong partner of ours, and so do customers. I think we mentioned we've had some phenomenal customer conversations along with- >> What a success story and case study. I want to dust your shoulders off right now if I wasn't tethered in. That's super impressive. So what's next for you all? >> Yeah, so I think we're going to continue down this path of data health and data governance. Again, I kind of talked about the... you're talking about data health being this differentiator on top of just moving the data around and being really good at that. I think you're also going to have different things around country level or state level governance, literal laws that you need to comply with. And so like- >> Savannah: CCPA- >> I mean, a long list- >> Oodles. Yeah. Yeah, yeah, yeah. >> I think we're going to be doing some interesting things there. We are continuing to proliferate the sources of data that we connect to. We're always looking for the latest and greatest things to put the data into. I think you're going to see some interesting things come out of that too. >> And we continue to grow our relationship with AWS, our already strong relationship. So you can procure Talend products to the AWS marketplace. We just announced Redshift serverless support for Talend. >> All their age. >> Which sounds amazing, but because we've been doing this for so long with AWS, dirty little secret, that was easy for us to do because we're already doing all this stuff. So we made the announcement and everyone was like, "Congratulations." Like, "Thanks." >> Look at you all. Full of the humble brags. I love it. >> Talend has gone through some twists and turns over the last couple of years. Company went private, was purchased by Thoma Bravo about a year and a half ago. At that time, your CEO said that it was a chance to really refocus the company on some core strategic initiatives and move forward. Both of you joined obviously after that happened. But what did you see about sort of the new Talend that attracted you, made you want to come over here? >> For sure. Yeah. I think, when I got a chance to talk to the board and talk to Chris, our chair, we talked about there being the growth thesis behind it. So I think Thoma been a great partner to Talend. I think we're able to do some things internally that would be I think, fairly challenging for companies that are in the public markets right now. I think especially, just a lot of pressure on different prices and the cost capital and all of that. >> Right now. >> That was a really casual way of stating that. But yeah, just a little pressure. >> Little bit of pressure. And who knows? Who knows how long that's going to last, right? But I think we've got a great board in place. They've been very strong strategic partner for us talking about all the different ways that we can grow. I think it's been a good partner for us- >> One of the strengths of Thoma's strategy is synergy between the companies they've acquired. >> Oh, for sure. >> They've acquired about 40 software companies. Are you seeing synergy? You talk to those other companies a lot? >> Yeah, so I have an operating partner. I talk with him on a weekly, sometimes daily basis. If we have questions or like, "Hey, what are you seeing in this space?" We can get plugged in to advisors very quickly. I think it's been a very helpful thing where... otherwise, you're relying on your personal network or things like that. >> This is why Monty was saying it was easy for you guys to go serverless. >> And we keep talking about trust, but in this case, Thoma Bravo really trusts our senior leadership team to make the right decisions that Sam and I are here making as we move forward. It's a great relationship. >> Sam: A good team. >> It sounds like it. All the love. I can feel the love even from you guys talking about it, it's genuine. You're not just getting paid to show this. That's fantastic. >> Are we getting paid for this or... >> Yeah. (Savannah giggling) (Paul laughing) I mean, some folks in the audience are probably going to want your autograph after this, although you get that a lot- >> Pictures are available after- >> Yeah, selfies are 10 bucks. That's how I get my boos budget. So last question for you. We have a challenge here on the theCUBE re:invent. We're looking for your 32nd hot take. Think of it as your thought leadership sizzle reel. Biggest takeaway, key themes from the show or looking forward into 2023? Sam, you're ready to rock, go. >> Yeah, totally. >> I think you're going to continue to hear the tension between being able to bring the data to the masses versus the simplicity and being able to do that in a way that is compliant with all the different laws, and then clean data. It's like a lot of different challenges that arise when you do this at scale. And so I think if you look at the things that AWS is announcing, I think you look at any sort of vendor in the data space are announcing, you see them sort of coming around to that set of ideas. Gives me a lot of confidence in the direction that we're going that we're doing the right stuff and we're meeting customers and prospects and partners, and everybody is like... We kind of get into this conversation and I'll say, "Yeah, that's it. We want to get involved in that." >> You can really feel the momentum. Yeah, it's true. It's great. What about you, Monty? >> I mean, I don't need 30 seconds. I mentioned it. >> Great. >> Between Talend and AWS, we're aligned from the sales teams to the product teams, the partner teams and the alliances. We're just moving forward and growing this relationship. >> I love it. That was perfect. And on that note, Sam, Monty, thank you so much for joining us. >> Yeah, thanks for having us. >> I'm sure your careers are going to continue to be rad at Talend and I can't wait to continue the conversation. >> Sam: Yeah, it's a great team. >> Yeah, clearly. I mean, look at you two. If you're any representation of the culture over there, they're doing something great. (Monty laughing) I thank all of you for tuning in to our nearly... Well, shoot. I think now over 100 interviews at AWS Reinvent in Sin City. We are hanging out here. Paul and I've got a couple more for you. So we hope to see you tuning in with Paul Gillin. I'm Savannah Peterson. You're watching theCUBE, the leader in high tech coverage. (upbeat music)

(upbeat electronic music) >> As we've previously reported on theCUBE, Alation was an early pioneer in the data, data governance, and data management space, which is now rapidly evolving with the help of AI and machine learning, and to what's often referred to as data intelligence. Many companies, you know, they didn't make it through the last era of data. They failed to find the right product market fit or scale beyond their close circle of friends, or some ran out of money or got acquired. Alation is a company who did make it through, and has continued to attract investor support, even in a difficult market where tech IPOs have virtually dried up. Back with me on theCUBE is Satyen Sangani, who's the CEO and co-founder of Alation. Satyen, good to see you again. Thanks for coming on. >> Great to see you, Dave. It's always nice to be on theCUBE. >> Hey, so remind our audience why you started Alation 10 years ago, you and your co-founders, and what you're all about today. >> Alation's vision is to empower a curious and rational world, which sounds like a really, I think, presumptuous thing to say. But I think it's something that we really need, right? If you think about how people make decisions, often it's still with bias or ideology, and we think a lot of that happens because people are intimidated by data, or often don't know how to use it, or don't know how to think scientifically. And we, at the core, started Alation because we wanted to demystify data for people. We wanted to help people find the data they needed and allow them to use it and to understand it better. And all of those core consumption values around information were what led us to start the company, because we felt like the world of data could be a little easier to use and manage. >> Your founding premise was correct. I mean, just getting the technology to work was so hard, and as you well know, it takes seven to 10 years to actually start a company and get traction, let alone hit escape velocity. So as I said in the open, you continue to attract new investors. What's the funding news? Please share with us. >> So we're announcing that we raised 123 million from a cohort of investors led by Thoma Bravo, Sanabil Investments, and Costanoa. Databricks Ventures is a participant in that round, along with many of our other existing investors, which would also include Salesforce amongst others. And so, super excited to get the round done in this interesting market. We were able to do that because of the business performance, and it was an up round, and all of that's great and gives our employees and our customers the fuel they need to get the product that they want. >> So why the E Round? Explain that. >> So, we've been accelerating growth over the last five quarters since our Series D. We've basically increased our growth rate to almost double since the time we raised our last round. And from our perspective, the data intelligence market, which is the market that we think we have the opportunity to continue to be the leading platform in, is growing super fast. And when faced with the decision of decelerating growth in the face of what might be, what could be a challenging macroeconomic environment, and accelerating when we're seeing customers increase the size of their commitments, more new customers sign on than ever, our growth rates increasing. We and the board basically chose to take the latter approach and we sort of said, "Look, this is amazing time in this category. This is an amazing time in this company. It's time to invest and it's time to be aggressive when a lot of other folks are fearful, and a lot of other folks aren't seeing the traction that we're seeing in our business. >> Why do you think you're seeing that traction? I mean, we always talk about digital transformation, which was a buzzword before the pandemic, but now it's become a mandate. Is that why? Is it just more data related? Explain that if you could. >> I think there's this potentially, you know, somewhat confusing thing about data. There's a, maybe it's a dirty secret of data, which is there's the sense that if you have a lot of data, and you're using data really well, and you're producing a ton of data, that you might be good at managing it. And the reality of it is that as you have more people using data and as you produce more data, it just becomes more and more confusing because more and more people are trying to access the same information to answer different questions, and more workloads are produced, and more applications are produced. And so the idea of getting more data actually means that it's really hard to manage and it becomes harder to manage at scale. And so, what we're seeing is that with the advent of platforms like AWS, like Snowflake, like Databricks, and certainly with all of the different on-premise applications that are getting born every single day, we're just seeing that data is becoming really much more confusing, but being able to navigate it is so much more important because it's the lifeblood for any business to build differentiation and satisfy their customers. >> Yeah, so last time we talked, we talked about the volume and velocity bromide from the last decade, but we talked about value and how hard it is to get value. So that's really the issue is the need and desire for more organizations to get more value out of that data is actually a stronger tailwind than the headwinds that you're seeing in the macroeconomic environment. >> Right. Because I think in good times you need data in order to be able to capitalize off all the opportunities that you've got, but in bad times you've got to make hard choices. And when you need to make hard choices, how do you do that? Well, you've got to figure out what the right decisions are, and the best way to do that is to have a lot of data and a lot of people who understand that data to be able to capitalize on it and make better insights and better decisions. And so, you don't see that just, by the way, theoretically. In the last quarter, we've seen three companies that have had cost reductions and force reductions where they are increasing at the same time their investment with Alation. And it's because they need the insight in order to be able to navigate these challenging times. >> Well, congratulations on the up round. That's awesome. I got to ask you, what was it like doing a raise in this environment? I mean, sellers are in control in the public markets. Late stage SaaS companies, that had to be challenging. How did you go about this? What were the investor conversations like? >> It certainly was a challenging fundraise. And I would say even though our business is doing way better and we were able to attract evaluation that would put us in the top quartile of public companies were we trading as a public company, which we aspire to do at some point, it was challenging because there was a whole slew of investors who were basically sitting on their hands. I had one investor conversation where an investor said to me, "Look, we think you're a great business, but we have companies that are able to give us 2.5 liquidation preference, and that gives us 70%, 75% of our return day one. So we're just going to go do those companies that may have been previously overvalued, but are willing to give us these terms because they want to keep their face valuation." Other investors said, "Look, we'd really rather that you ran a lower growth plan but with a potentially lower burn plan. But we think the upside is really something that you can capitalize on." From our perspective, we were pretty clear about the plan that we wanted to run and didn't want to necessarily totally accommodate to the fashion of the current market. We've always run a historically efficient business. The company has not burned as much as many of the data peers that we've seen to grow to get to our scale, but our general view was, look, we've got a really clear plan. The board, and the company, and the management team know exactly what we'd like to do. We've got customers that know exactly what they want from us, so we really just have to go execute. And the luck is that we found investors who were willing to do that. Many investors, and we picked one in Thoma Bravo that we felt could be the best partner for the coming phase of the company. >> So I love that because you see the opportunity, you've had a very efficient business. You're punching above your weight in terms of your use of capital. So you don't want to veer off. You know your business better than anybody. You don't want to veer off that plan. The board's very supportive. I could see you, you hear it all the time, we're going to dial down the growth, dial up the EBIT, and that's what markets want today. So congratulations on sticking to your beliefs and your vision. How do you plan to use the funds? >> We are planning to invest in sales and marketing globally. So we've expanded in Asia-Pacific over the most recent year, and also in (indistinct) and we plan to continue to do that. We're going to continue to expand in public sector with fed. And so, you would see us basically just increase our presence globally in all of the markets that you might expect. In particular, you're going to see us lean in heavily to many of the partners Databricks invested alongside this particular round. But you would have seen previously that Snowflake was a fabulous, and has been a fabulous partner of ours, and we are going to continue to invest alongside these leading data platforms. What you would also expect to see from us, though, is a lot of investment in R&D. This is a really nascent category. It's a really, really hard space. People would call it a crowded market because there are a lot of players. I think from our perspective, our aspirations to be the leading data intelligence platform, platform being a really key word there because it's not like we can do it all ourselves. We have a lot of different use cases in data intelligence, things like data quality and data observability, things like data privacy and data access control. And we have some really great partners that we walk alongside in order to make the end customer successful. I think a lot of folks in this market think, "Oh, we can just be master of all. Sort of jack of all trades, master of none." That is not our strategy. Our strategy is to really focus on getting all our customers super successful, really focused on engagement and adoption, because the really hard thing with these platforms is to get people to use them, and that is not a problem Alation has had historically. >> You know, it's really interesting, Satyen, you talk about, I mean, Thoma Bravo, obviously, very savvy investors, deep pockets, they've been making some moves. Certainly we've seen that in cyber security and data. So you got some quasi patient capital there. But the interesting thing to me is that the previous Snowflake investment last year and now Databricks, a lot of people think of them as sort of battling it out, but my view is it's not a zero sum game, meaning, yes, there's overlap, but they're filling a lot of gaps in the marketplace, and I think there's room, there's so much opportunity, and there's such a large tam, that partnering with both is a really, really smart idea. I'll give you the last word. Going forward, what can we expect from Elation? >> Well, I think that's absolutely true, and I think that the biggest boogeyman with all of this is that people don't use data. And so, our ability to partner together is really just a function of making customers successful and continuing to do that. And if we can do that, all companies will grow. We ended up ultimately partnering with Databricks and deepening our partnership, really, 'cause we had one already, primarily because of the fact that we have over a hundred customers that are jointly using the products today. And so, it certainly made sense for us to continue to make that experience better 'cause customers are demanding it. From my perspective, we just have this massive opportunity. We have the ability and the insight to run a really efficient, very, very high growth business at scale. And we have this tremendous ability to get so many more companies and people to use data much more efficiently and much better. Which broadly is, I think, a way in which we can impact the world in a really positive way. And so that's a once in a lifetime opportunity for me and for the team. And we're just going to get after it. >> Well, it's been fun watching Alation over the years. I remember mid last decade talking about this thing called data lakes and how they became data swamps, and you were helping clean that up. And now, the next 10 years, and data's not going to be like the last, you know, simplifying things and and really democratizing data is the big theme. Satyen, thanks for making time to come back on theCUBE, and congratulations on the raise. >> Thank you, Dave. It's always great to see you. >> And thank you for watching this conversation with the CEO in theCUBE, your leader in enterprise and emerging tech coverage. (gentle electronic music)

(upbeat music) >> Good morning, everyone. Welcome back to "theCUBE." Lisa Martin here with John Furrier. This is day three of our wall-to-wall coverage of VMware Explore. John and I are pleased to welcome back one of our alumni, Muddu Sudhakar, the CEO of AISERA. Welcome to the program, Muddu. It's great to meet you. >> Thank you, Lisa. Thanks for having me. Thank you, John. >> Great to see you again. You're like an industry analyst coming on "theCUBE". You should be like a guest analyst, breaking down. I know you got your own company to run, and by the way, the recent funding you had, congratulations. >> Thank you. >> In a market that's not getting a lot of funding. You get an up around. Congratulations on that. >> Thank you. >> Business is good? >> Very good, thank you. Look, Goldman Sachs Investing, along with Zoom and Thoma Bravo, it was great for us. >> Great stuff. Well, I'm glad we could get you in. This day three, Lisa and I and Dave Vellante and Dave Nicholson have all been talking to everyone for two days here at VMware Explore, formerly VMworld, our 12th year covering their annual conference, as you know, and we've been telling the executives, but day three is more of, we're going to mix it up. We're going to bring people in and get their opinions about Supercloud, does VMware go post-Broadcom? Obviously, that's going to happen. Looks like nothing's going to stop that from happening. What's next? What's the impact? Who wins? Who loses? VMware certainly not acting like they're going to get gutted. They're all full throttle ahead. They're laying down some announcements, vSphere 8, you got vSAN 8, they got cloud-native, they're talking multi-cloud. VMware's not looking like they're flinching. What's going on, in your view, outside of the bubble that we're here in San Francisco, out in the real world, in the trenches. What are people talking about? What do you see? >> Lot to unpack. (all laugh) >> Start at wherever you want. >> Yes. You know, I was a VMware alumni too. >> Yes >> You sold the company to VMware. You know the inside. Okay, So then, even then- >> I worked with Paul and Pat and Raghu. It's great to be back at VMware now. I think there's a lot going on in VMware. VMware is here to stay. The brand will stay. The VMware customers will stay for years to come. I think Broadcom and VMware, I think it's a great industry consolidation, the way in which I see it. And it is going to help all the customers too, right? Broadcom, having such a large foot play into both CA, the software business, the hardware business. I think what will happen is that Broadcom will try to create a hybrid cloud of their own with VMware. So there'll be a fourth player in the cloud industry. And then back to John, your Supercloud. The Supercloud by definition, there'll be private clouds, public clouds, hybrid clouds. I think Broadcom with VMware will help your vision of the Supercloud and what your customers are asking. >> Yeah, one of the things I want to get your thoughts on, Lisa and I were talking yesterday with the executives, AJ Patel in particular, he's a middleware guy. >> Right. >> So what he did was Oracle. He did a lot of the fusion stuff at Oracle. He now runs Modern Apps. And you came in at the time, I think, when they were just getting that app vision going, and Paul Moritz actually had it early with his 2010 vision, but too early on the app side. But that ended up happening too. So the question is, is Broadcom going to be this middleware layer, and treat the cloud like hardware. And then, apps or apps. Companies are apps. In a digital transformation, technology is the company. >> Right >> So the company is the app. >> That's right, >> Is an application. So apps and hardware, middle, a middleware model emerging. Do you think they're going for that? Or am I just making this up in my head? >> No, I think to me, I see Broadcom as much more, they're like a peer company at the high level. So they're funded by- >> Like a private equity company. >> Private equity company. >> You mean from a dollar standpoint. >> From a dollar standpoint. So Broadcom is going to fund companies. They're going to buy companies. They bought CA, they bought all the other assets. So Broadcom will have always hardware. The middle level could be VMware, but they also have CA, right? They have a bunch of apps here. So I see the Broadcom is also using VMware to run applications. So the consolidation will be they'll create a Supercloud using VMware. They're going to own their own apps. I don't think Broadcom's story is stopped. Its journey to come. They're going to buy more acquisitions, more apps companies. I won't be surprised, in the future, they buy Zendesk. I won't be surprised, in the future, they buy other apps companies, SaaS companies and cloud enterprise companies. Right? So that's where the P is coming. So the broad conversion is, I need a base middleware, like you're saying. There's no other middleware on top of hardware better than VMware. >> So do you think that they'll keep the stuff that's coming out of the other? 'Cause we've been speculating on "theCUBE" this week. They have the core business, but there's all this stuff that's kind of coming out of the oven that's not EBITDA-oriented yet. Do you think they keep that or they let it go? >> I think that's a great question to hang their CEO of Broadcom. But to me, I think, knowing them, they're going to keep, and if you look at Symantec, they kept parts of Symantec, this whole parts of it. So I think all options are on the table for them, right? They'll do whatever it is. But I think it has to be the ones that high growth companies they may give it. It all goes back to is it a profitability to it or not? But his vision is very good. I want to own the middleware, right? He will own the middleware using VMware to your vision, create a Supercloud and own the apps. So I think you'll see Broadcom is the fourth vendor in the cloud race. You have Microsoft, AWS, Google, and Broadcom is actually going to compete with this four. >> So you think there'll be a hyper scale? They'll be in the top three or four. >> There'll be top four. >> Okay. >> Along with Oracle. So now, we are talking about the five vendors will be Amazon, Azure, Google, Oracle, and Broadcom. >> We had Amazon guy on, Steve Jones. I should have asked him that question. I just don't see that happening yet. They have to have the full hardware side. How do you see that coming in? 'Cause Amazon's innovating at the atom level and they're working on stuff that's physical, transit, physics stuff, like down to the root level. >> I think Broadcom figure, look, they own the chips out right, at the end of the day. They also have a lot of chips such to supply to both mobile and this. So if there's anybody who can figure out the hardware, it will be Broadcom. That is their core of area. They didn't have the core in the software and the middleware. VMware is going to give them the OS, the Kubernetes, the VMs. Once you have that layer, I think you can innovate both up and below, right? So I think, John, I think Broadcom VMware will be a force to reckon with and I think these guys are going to get into healthcare space though. So if you see the way they battle, you and me are talking Lisa, like Microsoft bought new ones, Oracle bought Cerner. So they all paid 30 billion each. So the next battle ground will be, they'll start in the healthcare industry. Somebody's going to go look at the healthcare apps like Epic, right? They're going to look at how we can do the hospitals. They're going to look at hospital healthcare professionals. That area will be disrupted a lot in the same. >> What other industries do you think, besides healthcare, are ripe for disruption with Broadcom VMware? >> I think endpoint management, like remember VMware bought AirWatch when I was there back then, right? That whole area is called digital experience management. So that endpoint mainly will be disrupted. So Broadcom with VMware will go again into endpoint. I'm talking endpoint could be the servers, desktops, VMware Max, right? Virtual Desktop VDI. So that whole management of mobile devices to desktop, that whole industry will be disrupted. A lot of players are there trying to do more consulting services. I think VMware is a great assets and tools. If I'm Broadcom, my chip sets are going into the endpoint. So that area will be disrupted a lot with Broadcom in VMware. >> Yeah, one of the things that VMware, people have been talking about, is that the CA acquisition that Broadcom did was the playbooks public. Everyone saw what they did. They killed sales and market and they killed all the execs, metaphorically speaking. They fired them. VMware's got a different vibe here. I'm feeling like it could go one way or the other. I think they should keep them, personally. But you don't know. If they're a PE company, they EBIDA driven, maybe it's just simply numbers. >> Right. >> If that's the case, then I'm worried. But VMware's got pride, they got mojo, and they've got expertise in software. Maybe a little bit different circumstance? What's take on this? Or do you think it's going to be black and white to the numbers? >> I think, knowing Hank's playbook, if he knows what he's going to do, right? His playbook will be consistent with Symantec. >> You think he already knows what he wants to do? >> I think so. I think at that level, both with Simulink and Broadcom, they already know the playbook. At this stage the games, people already know their game. It's like a chess move. They already know. They'll look at VMware and see which assets to keep, which one not to keep, which organization, but I think Hank is a master at this one. To me, I'm personally excited with the VMware Broadcom combination. It's a great thing for the industry. It's great for VMware and VMware customers and partners. >> Well, John, you and Dave had a chance to sit down with Raghu. What were some of the things that he unpacked about the Broadcom acquisition? >> He was on talking points. He was on message. He was saying the things that any CEO was going to make a lot of cash on this deal. And he's proud. I think it wasn't about the money for him. I sensed that he's certainly going to make a lot of cash on this deal as an executive, but he's a long time VMware employee and a well loved and revered person. He's done a lot of great work, technically set the agenda. So I think their mindset is we're going to just continue to do an amazing job as VMware as we are and then let Broadcom, let the chips fall where they may, and hopefully, if they do a good job, maybe they'll either refactor some of their base plans or they laid it all out in the field, so to speak. So that's my vibe. Now specifically, he made some comments, like, "Yeah, we're really proud." And he staying technical. He's still like, "This is really happening." So I think he's going to, essentially, to the very end, be like, "Cross cloud and hybrid cloud. This is our third generation." So there he's hanging onto the VMware third act that they're saying, and he hopes that it comes home. And I think he's going to just deal with it. He didn't seem flustered and he didn't seem overly confident. >> Okay. >> I guess that's my opinion. What do you think? >> Personally worked with Raghu, worked for Raghu, so I think of him as the greatest CEO for VMware ever could have, right? It's a journey. It was Paul Maritz, then Pat Gelsinger, now Raghu. I think he's in the right place, right time to lead VMware, and Raghu's doing a fantastic job. And personally, getting these two companies married, I think Raghu did the right partnership with Broadcom. >> Well, I think if this event's any indication if they're just sitting back and waiting, they're not, and this event was well done, it was pulled off. The branding's amazing. I thought they did a good job with the name change. And then in light of all the Broadcom issues, the execution was great. It was not a bad show here. It was a good show. It wasn't terrible at all. People were excited. I think the ecosystem also felt that Broadcom, like an electronic shock to the system, like something's going to happen. Let's wait and see. I'm going to go to the event to see if it's going to be around and kind of getting a feel first party, in person, what's happening. Again, remember VMware didn't have an event since 2019. This is a community that thrives on physical, face to face camaraderie, community. And so, I think the show was a success. And I think that's a result of Raghu and his team. >> Because we have a booth there for AISERA, my company, we have a booth. We are offering coffee and donuts. You guys should come by and tell people. You'll get a free coffee and a donut, but it's one of the best shows I've seen. Well, I think people after pandemic are back, people are interacting. We have 500 people in one day at our booth. So for a startup company like us, getting that much crowd is unheard of. So it's great. We're very excited. >> The vibe from the partner community, I had a chance to talk with a lot of partners, AWS, NetApp, Rackspace, really seems like the partnerships side of VMware is very, very strong and the partners are excited about what's next for VMware. Did you have a chance to talk with any of the partners? >> Actually, look. I'm actually meeting with Karen. So Karen Egan is my contact at VMware too, and Sumit, (indistinct) a bunch of the customer success organization. We talk to people in their digital experience management team. We are very excited to be partner with both VMware's customer, partner, and all experts, right? I'll need the VMware ecosystem for my company to thrive. So for us, VMware customers are my customers and leveraging VMware APIs into VMware, that's that's important for us. >> Lisa, that's a great question because that brings us to the question of, okay, clearly this show also proves to us from our conversations and exploring the floor, the wave is coming. This next cloud wave is here. We're calling it Supercloud, whatever you want to call it, it's coming and it's real, and people know it. And also the lines of sight into economics around where people can fit in this next level ecosystem is becoming clear. So I think people kind of know what's the right side of the street to be on in this next shift. So that's coming. That's independent of Broadcom. So the floor represents to me the excitement for not only the VMware workload powering software, with or without Broadcom, but the next wave. So the question is if Broadcom goes down their path and Hank does what he does, who wins and who loses on where things flow? Because this energy is going to flow somewhere. Is it going to flow to AWS? Is it going to flow to Microsoft? Is it going to flow to HPE with Green Lake getting some great traction? NetApp's doing great. We just heard from them. So the partners aren't hurting. It's only going to get better. re:Invent's right around the corner. That's a packed house. Their ecosystem's growing like a weed. Who wins? 'Cause the customers at VMware are enterprise customers. They're used to being serviced. They have sales reps from Microsoft, they got sales reps from Hewlett Packard Enterprise, real senior enterprise stakeholders there. So someone's going to end up filling in as VMware settles into their broad composition. Who wins and who loses, in your mind? >> A Very good question. So my thing is, I think it's... Well, I put Microsoft and Amazon the winners. In that way, actually mean Microsoft will win because in a true Supercloud, your vision, back to hybrid cloud on-prem and public cloud, VMware disruption with Broadcom, as if there's any bridge in the market, Microsoft will take advantage of it. Azure, right? Amazon VMware is there. Then, you have Google and VMware. So I think Azure will probably try to take advantage of this, but very next will be Amazon, right away there. That leaves you with Google Cloud, right? Google Cloud is the one. So they're the people that are able to figure out what to do in this equation. And then, obviously, the other one is Oracle. Oracle has no hearts in this game. So to me, the people who are going to probably lose impact model will be Oracle if the Broadcom and VMware will happen. So it's Azure, Amazon winning the race, probably Google is right behind them. Oracle will be distinct. Other side is Dell. Actually, Dell has no game in this. Our Broadcom and VMware, Dell should be the one. >> Dell might have a little secret sauce on the table with Michael Dell. >> That's true. >> If he convert his shares, he might be the largest shareholder at Broadcom. >> That's true. >> He could end up owning all the back. >> So he may be the winner all the time. (all laugh) >> Don't count him out. Well, this is a good question. I want to just double click on this. So you get customer dynamic. Where do they go? You get the community, which is a big force multiplier in this world, and if you had to bet on community between Microsoft and Amazon Web Services, Amazon trumps Microsoft on force multiplier community. Ecosystem, AWS beats Microsoft on that one. So it's interesting because it's now multiple dimensions we're talking about here. It's customers. That's the top order, right? The customers. But also, you got community, the people who put on sessions, the people in the community that are the influencers that are leading the trends, and developers are very trending, relative to what kind of code they use, what's their environments? So the developers is changing that landscape and, ultimately, the ecosystem of partners, right? 'Cause there's a lot more overlap between AWS and VMware's ecosystem than there is between Microsoft and that. And HPE is just starting an ecosystem. So it's going to be very interesting. >> It is. It is. I think Broadcom and VMware cannot be any best time for the industry, right? As you said. HP is coming in. Oracle is coming in. And to your point, VMware and AWS are another best partners. Now, this going to create any gap for Microsoft to enter for Azure? I think that's where the market is saying that it's going to open up a hybrid cloud player for Microsoft to enter what is to be a tight relationship with VMware and Amazon. Right? So people will rethink through their apps. And more importantly, the end point to me. See, the key is, like you talk about with Supercloud, nobody's talking about Supercloud for the endpoint. >> You mean Edge or security? >> Not an Edge endpoint. Endpoint could be your devices, laptop, desktop. >> Or a building or a light bulb or whatever. >> Desktop or VDI desktop services servers, right? So we call it endpoint cloud. There's no endpoint Supercloud. John, that's an area that you should double click on. Super cloud for the servers is different from Supercloud for endpoint. >> Well, SuperCloud.World is the URL out there. If you're interested in Supercloud, we are adding tracks to that body of work. So we had our event on August 9th. It was virtual event, where Dave and I are going to add a data track, we're going to add a security track, and we should add, maybe, an endpoint workspace, work. >> That's a VMware brand, Workspace and Horizon. So that whole workspace endpoint for Supercloud is going to happen. >> Yes. >> Right. That kind of deviates from- >> Do you like Supercloud? Are you bullish on Supercloud? >> I'm very bullish on Supercloud because I, myself, is running on-prem in VPCs, public clouds, private clouds. Supercloud kind of composites it so app should be designed. 'Cause I don't want to design an app for one cloud. It's not going to work. So it's like how Java came and I can run it on any platform. The ideas you build it on Supercloud, run it, whatever you want. Right? >> That's exactly it. So what would you want to see in Supercloud as it evolves? And we were part of this open conversation. This is our point for today. We're going to have a great panel come up later today. We're going to have the influencers come on to debate what Supercloud should or shouldn't be. If you want to add to the contribution, we'll add this into the work, what should what's needed in Supercloud? What's table stakes. >> I think we need a Java compiler that will happen for Supercloud. I build it once, execute in any place I want, right? Using the Terraform, HashiCorp (indistinct) So what I don't want is keep building this thing for every cloud. I want to abstract that out. The whole idea of Supercloud is how Java gave me the abstraction for hardware 20 years back or 30 years back, we need the same abstraction for the cloud today. Otherwise, I'm customizing for VM Cloud, I'm customizing for AWS, Azure, Google Cloud. We, as an application vendor, it's too hard to keep doing it. I have now thousand tuners. I don't need thousand DevOps people. I need maybe 10 DevOps people. So there's a clear abstraction complexity that industry should develop, and your concept Supercloud with everybody thinking that, and it has to start from the grassroots with ecosystem. >> What do you think about the participants in this abstraction layer? Because someone said on "theCUBE" here this week, the people in the abstraction layer shouldn't be participants in the below or above the abstraction. >> I think it should be everybody, right? It's all inclusive. You need the apps guys to come in. You need the OS players to come in. You need the cloud vendors to come in, infrastructure. So you need everybody. >> Okay, let's just say that you were the spokesperson for the Supercloud organization, Supercloud.World. How would you sell AWS on why it's important for them? >> It's because they can build it and sell it in AWS and multiple AWS Gov Cloud, AWS On-prem, VPCs. It's even important for them, their expansion, their market time upfront. If I'm (indistinct), if I'm built on Supercloud, I can increase my time share. Otherwise I'm bringing only to public cloud. >> Okay, so I'll say, I'm Amazon and we have a concept called "One Way Doors." We don't want to go through a one way door. Is Supercloud a one way door for them? What's in it for them? Do they make more? Does it help their ecosystem? And the same question from Microsoft Azure and Google cloud. >> They're make more money. They're making their apps run in multiple places. It's a natural expansion. You are solving your customer problems for Amazon and DGC, right? My job is give people choices. I give choice to Lisa. Lisa can run it on public cloud. John, you can run it on VPC, AWS. >> So you're saying, so you think customers are asking for this right now? >> Everybody's asking. >> But don't really know how to say it? >> Customers are asking. Partners are asking. All of us are asking. >> Okay, what's the ask? >> Ask is give me a one place to build applications and run it anywhere without adding the complexity. >> Okay. Done. That's Supercloud. It'll ship tomorrow. (Lisa laughs) Well done. (John laughs) All right, well done. Final question for you. Lisa and I have been talking with folks here. What advice would you give the folks that are in here? 'Cause we have a lot of activity, people with marketing their solutions and products. They're trying to put a voice out there around thought leadership and trying to figure out what side of the street they should be on relative to the next 10 years as they're here at VMware Explore, as the next gen cloud comes around. What's the right narrative? What's the right positioning for companies to be on right now to be the most relevant and in the flow? >> I don't know about 10 years, but right now we are in difficult economic times, right? Markets are down. Inflation is up. So I think the fastest cost, people should focus on cost. How can it take cost? Automation is the key, right? Whether you use AI or automation , like you and me talking, John, last week, right? That's important. Every CEO I talk to is focused on cost. How do I cut my cost? How can I do with fewer resources? How can I do with fewer people, right? So the new budget right now is cut your budget in half. So every company, every exec should think about how can you be a good citizen? How can I get growth and scale? How can I do more with less? And that should be the next 12 months. >> That was a lot of the theme of conversations that I had with the VMware ecosystem, doing more with less. So that's definitely on everyone's minds. >> Right, and that's what my company is fully focused on. AISERA is all about AI automation. How can we solve your thing? We want to be solving customer problem. We are like your automation engine for your enterprise, right? We are a platform of platform. That's why I like the Supercloud. I can run AISERA as a platform on top of Supercloud. >> Excellent. >> Wow! If only we had more time! I know that you guys could really dig into Supercloud and take it even further. So you have to come back, Muddu. >> I will. >> He always wants to come back. >> I will be back. >> He's on the team. He's has contributed to the open source effort of Supercloud. Thank you. >> Yes. >> All right, thank you so much for joining John and me and kind of breaking down your vision on VMware Broadcom and the future. Next step, we've got to get some customers on here. I really want to understand what the customer experience is going to be like, but we'll have to another segment on that one. >> We will do that. Thank you, Lisa, for having me. >> My pleasure. >> John. >> Thank you very much. Thank you. >> For our guest and John Furrier, I'm Lisa Martin. You're watching "theCUBE" live on day three of our coverage of VMware Explore. We'll be back after a short break. (upbeat corporate music)

(upbeat music) >> Welcome back everyone to Supercloud22, I'm John Furrier, host of theCUBE here in Palo Alto. For this next ecosystem's segment we have Muddu Sudhakar, who is the co-founder and CEO of Aisera, a friend of theCUBE, Cube alumni, serial entrepreneur, multiple exits, been on multiple times with great commentary. Muddu, thank you for coming on, and supporting our- >> Also thank you for having me, John. >> Yeah, thank you. Great handshake there, I love to do it. One, I wanted you here because, two reasons, one is, congratulations on your new funding. >> Thank you. >> For $90 million, Series D funding. >> Series D funding. >> So, huge validation in this market. >> It is. >> You have been experienced software so, it's a real testament to your team. But also, you're kind of in the Supercloud vortex. This new wave that Supercloud is part of is, I call it the pretext to what's coming with multi-clouds. It is the next level. >> I see. >> Structural change and we have been reporting on it, Dave and I, and we are being challenged. So, we decided to open it up. >> Very good, I would love it. >> And have a conversation rather than waiting eight months to prove that we are right. Which, we are right, but that is a long story. >> You're always right. (both laughs) >> What do you think of Supercloud, that's going on? What is the big trend? Because its public cloud is great, so there is no conflict there. >> Right. >> It's got great business, it's integrated, IaaS, to SaaS, PaaS, all in the beginning, or the middle. All that is called good. Now you have on-premise high rate cloud. >> Right. >> Edge is right around the corner. Exploding in new capabilities. So, complexity is still here. >> That's right, I think, you nailed it. We talk about hybrid cloud, and multi cloud. Supercloud is kind of elevates the message even better. Because you still have to leave for some of our clouds, public clouds. There will be some of our clouds, still running on the Edge. That's where, the Edge cloud comes in. Some will still be on-prem. So, the Supercloud as a concept is beyond hybrid and multi cloud. To me, I will run some of our cloud on Amazon. Some could be on Aisera, some could be running only on Edge, right? >> Mm hm >> And we still have, what we call remote executors. Some leaders of service now. You have, what we call the mid-server, is what I think it was called. Where you put in a small code and run it. >> Yeah. >> So, I think all those things will be running on-prem environment and VMware cloud, et cetera. >> And if you look back at, I think it has been five years now, maybe four or five years since Andy Jassy at reInvent announced Outposts. Think that was the moment in time that Dave and I took this pause back and said "Okay, that's Amazon." who listens to their customers. Acknowledging Hybrid. >> Right. >> Then we saw the rise of Snowflakes, the Databricks, specialty clouds. You start to see people who are building on top of AWS. But at MongoDB, it is a database, now they are a full blown, large scale data platform. These companies took advantage of the public cloud to build, as Jerry Chen calls it, "Castles in the cloud." >> Right. >> That seems to be happening in all areas. What do you think about that? >> Right, so what is driving the cloud? To me, we talk about machine learning in AI, right? Versus clouded options. We used to call it lift and shift. The outposts and lift and shift. Initially this was to get the data into the cloud. I think if you see, the vendor that I like the most, is, I'm not picking any favorite but, Microsoft Azure, they're thinking like your Supercloud, right? Amazon is other things, but Azure is a lot more because they run on-prem. They are also on Azure CloudFront, Amazon CloudFront. So I think, Azure and Amazon are doing a lot more in the area of Supercloud. What is really helping is the machine learning environment, needs Superclouds. Because I will be running some on the Edge, some compute, some will be running on the public cloud, some could be running on my data center. So, I think the Supercloud is really suited for AI and automation really well. >> Yeah, it is a good point about Microsoft, too. And I think Microsoft's existing install base saved Azure. >> Okay. >> They brought Office 365, Sequel Server, cause their customers weren't leaving Microsoft. They had the productivity thing nailed down as well as the ability to catch up >> That's right. >> To AWS. So, natural extension to on-premise with Microsoft. >> I think... >> Tell us- >> Your Supercloud is what Microsoft did. Right? Azure. If you think of, like, they had an Office 365, their SharePoint, their Dynamics, taking all of those properties, running on the Azure. And still giving the migration path into a data center. Is Supercloud. So, the early days Supercloud came from Azure. >> Well, that's a good point, we will certainly debate that. I will also say that Snowflake built on AWS. >> That's right. >> Okay, and became a super powerhouse with the data business. As did Databricks. >> That's right. >> Then went to Azure >> That's right. >> So, you're seeing kind of the Playbook. >> Right. >> Go fast on Cloud Native, the native cloud. Get that fly wheel going, then get going, somewhere else. >> It is, and to that point I think you and me are talking, right? If you are to start at one cloud and go to another cloud, the amount of work as a vendor for us to use for implement. Today, like we use all three clouds, including the Gov Cloud. It's a lot of work. So, what will happen, the next toolkit we use? Even services like Elastic. People will not, the word commoditize, is not the word, but people will create an abstraction layer, even for S3. >> Explain that, explain that in detail. So, elastic? What do you mean by that? >> Yeah, so what that means is today, Elasticsearch, if you do an Elasticsearch on Amazon, if I go to Azure, I don't want enter another Elasticsearch layer. Ideally I want us to write an abstracted search layer. So, that when I move my services into a different cloud I don't want to re-compute and re-calculate everything. That's a lot of work. Particularly once you have a production customer, if I were to shift the workloads, even to the point of infrastructure, take S3, if I read infrastructure to S3 and tomorrow I go to Azure. Azure will have its own objects store. I don't want to re-validate that. So what will happen is digital component, Kubernetes is already there, we want storage, we want network layer, we want VPM services, elastic as well as all fundamental stuff, including MongoDB, should be abstracted to run. On the Superclouds. >> Okay, well that is a little bit of a unicorn fantasy. But let's break that down. >> Sure. >> Do you think that's possible? >> It is. Because I think, if I am on MongoDB, I should be able to give a horizontal layer to MongoDB that is optimized for all three of them. I don't want MongoDB. >> First of all, everyone will buy that. >> Sure. >> I'm skeptical that that's possible. Given where we are at right now. So, you're saying that a vendor will provide an abstraction layer. >> No, I'm saying that either MongoDB, itself will do it, or a third party layer will come as a service which will abstract all this layer so that we will write to an AP layer. >> So what do you guys doing? How do you handle multiple clouds? You guys are taking that burden on, because it makes sense, you should build the abstraction layer. Not rely on a third party vendor right? >> We are doing it because there is no third party available offer it. But if you offer a third party tomorrow, I will use that as a Supercloud service. >> If they're 100% reliable? >> That's right. That's exactly it. >> They have to do the work. >> They have to do the work because if today I am doing it because no one else is offering it- >> Okay so what people might not know is that you are an angel investor as well as an entrepreneur been very successful, so you're rich, you have a lot of money. If I were a startup and I said, Muddu, I want to build this abstraction layer. What would be funding advice that you would give me as an entrepreneur? As a company to do that? >> I would do it like an Apigee that Google acquired, you should create an Apigee-like layer, for infrastructure upfront services, I think that is a very good option. >> And you think that is viable? >> It is very much viable. >> Would that be part of Supercloud architecture, in your opinion? >> It is. Right? And that will abstract all the clouds to some level. Like it is like Kubernetes abstract, so that if I am running on Kubernetes I can transfer to any cloud. >> Yeah >> But that should go from computer into other infrastructures. >> It's seems to me, Muddu, and I want to get your thoughts about this whole Supercloud defacto standard opportunity. It feels like we are waiting for a moment where there is some sort of defacto unification, whether it is in the distraction layer, or a standards body. There is no W3C here going on. I mean, W3C was for web consortium, for world wide web. The Supercloud seems to be having the same impact the web had. Transformative, disruptive, re-factoring business operations. Is there a standardized body or an opportunity for a defacto? Like Kubernetes was a great example of a unification around something for orchestration. Is there a better version in the Supercloud model where we need a standard? >> Yes and no. The reason is because by the time you come to standard, take time to look what happened. First, we started with VMs, then became Docker and Containers then we came to Kubernetes. So it goes through a journey. I think the next few years will be stood on SuperCloud let's make customers happy, let's make enough services going, and then the standards will come. Standards will be almost 2-3 years later. So I don't think standards should happen right now. Right now, all we need is, we need enough start ups to create the super layer abstraction, with the goal in mind of AI automation. The reason, AI is because AI needs to be able to run that. Automated because running a work flow is, I can either run a workflow in the cloud services, I can run it on on-prem, I can run it on database, so you have two good applications, take AI and automation with Supercloud and make enough enough noise on that make enough applications, then the standards will come. >> On this project we have been with SuperCloud these past day we have heard a lot of people talking. The themes that developers are okay, they are doing great. Open source is booming. >> Yes >> Cloud Native's got major traction. Developers are going fast and they love it, shifting left, all these great things. They're putting a lot of data, DevOps and the security teams, they're the ones who are leveling up. We are hearing a lot of conversations around how they can be faster. What is your view on this as relative to that Supercloud nirvana getting there? How are DevOps and security teams leveling up to devs? >> A couple of things. I think that in the world of DevSecOps and security ops. The reason security is important, right? Given what is going on, but you don't need to do security the manual way. I think that whole new operation that you and me talked about, AI ops should happen. Where the AI ops is for service operation, for performance, for incident or for security. Nobody thinks of AI security. So, the DevOps people should think more world of AI ops, so that I can predict, prevent things before they happen. Then the security will be much better. So AI ops with Supercloud will probably be that nirvana. But that is what should happen. >> In the AI side of things, what you guys are doing, what are you learning, on scale, relative to data? Is there, you said machine learning needs data, it needs scale operation. What's your view on the automation piece of all this? >> I think to me, the data is the single, underrated, unsung kind of hero in the whole machine learning. Everyone talks about AI and machine learning algorithms. Algorithms are as important, but even more important is data. Lack of data I can't do algorithms. So my advice to customers is don't lose your data. That is why I see, Frank, my old boss, setting everything up into the data cloud, in Snowflake. Data is so important, store the data, analyze the data. Data is the new AI. You and me talk so many times- >> Yeah >> It's underrated, people are not anticipating how important it is. But the data is coming from logs, events, whether there is knowledge documents, any data in any form. I think keep the data, analyze the data, data patterns, and then things like SuperCloud can really take advantage of that. >> So, in the Supercloud equation one of the things that has come up is that the native clouds do great. Their IaaS to SaaS is interactions that solve a lot of problems. There is integration that is good. >> Right. >> Now when you go off cloud, you get regions, get latency issues- >> Right >> You have more complexity. So what's the trade off in the Supercloud journey, if you had to guess? And just thinking out loud here, what would be some of the architectural trade offs of how you do it, what's the sequence? What's the order of operations to get Superclouding going? >> Yeah, very good questions here. I think once you start going from the public cloud, the clouds there scale to lets say, even a regional data center onto an Edge, latency will kick in. The lack of computer function will kick in. So there I think everything should become asynchronous, right? You will run the application in a limited environment. You should anticipate for small memories, small compute, long latencies, but still following should happen. So some operations should become the old-school following, like, it's like the email. I send an email, it's an asynchronous thing, I made a sponsor, I think most of message passing should go back to the old-school architectures They should become asynchronous where thing can rely. I think, as long as algorithms can take that into Edge, I think that Superclouds can really bridge between the public cloud to the edge. >> Muddu, thanks for coming, we really appreciate your insights here. You've always been a great friend, great commentator. If you weren't the CEO and a famous angel investor, we would certainly love to have you as a theCUBE analyst, here on theCUBE. >> I am always available for you. (John laughs) >> When you retire, you can come back. Final point, we've got time left. We'll give you a chance to talk about the company. I'm really intrigued by the success of your ninety million dollar financing realm because we are in a climate where people aren't getting those kinds of investments. It's usually down-rounds. >> Okay >> 409 adjustments, people are struggling. You got an up-round and you got a big number. Why the success? What is going on with the company? Why are you guys getting such great validation? Goldman Sachs, Thoma Bravo, Zoom, these are big names, these are the next gen winners. >> It is. >> Why are they picking you? Why are they investing in you? >> I think it is not one thing, it is many things. First all, I think it is a four-year journey for us where we are right now. So, the company started late 2017. It is getting the right customers, partners, employees, team members. So it is a lot hard work went in. So a lot of thanks to the Aisera community for where we are. Why customers and where we are? Look, fundamentally there is a problem to solve. Like, what Aisera is trying to solve is can we automate customer service? Whether internal employees, external customer support. Do it for IT, HR, sales, marketing, all the way to ops. Like you talk about DevSecOps, I don't want thousands of tune ups for ops. If I can make that job better, >> Yeah >> I want to, any job I want to automate. I call it, elevate the human, right? >> Yeah. >> And that's the reason- >> 'Cause you're saying people have to learn specialty tools, and there are consequences to that. >> Right, and to me, people should focus on more important tasks and use AI as a tool to automate those things right? It's like thinking of offering Apple City as Alexa as a service, that is how we are trying to offer customer service, like, right? And if it can do that consistently, and reduce costs, cost is a big reason why customers like us a lot, we have eliminated the cost in this down economy, I will amplify our message even more, right? I am going to take a bite out of their expense. Whether it is tool expense, it's on resources. Second, is user productivity And finally, experience. People want experience. >> Final question, folks out there, first of all, what do you think about Supercloud? And if someone asks you what is this Supercloud thing? How would you answer? >> Supercloud, is, to me, beyond multi cloud and hybrid cloud. It is to bridge applications that are build in Supercloud can run on all clouds seamlessly. You don't need to compile them, re-clear them. Supercloud is one place to build, develop, and deploy. >> Great, Muddu. Thank you for coming on. Supercloud22 here breaking it down with the ecosystem commentary, we have a lot of people coming to the small group of experts in our network, bringing you in open conversation around the future of cloud computing and applications globally. And again, it is all about the next generation cloud. This is theCUBE, thanks for watching. (upbeat music)

(upbeat music) >> Okay, welcome back everyone. CUBE's coverage here in Boston, Massachusetts, AWS re:inforce 22, security conference. It's AWS' big security conference. Of course, theCUBE's here, all the reinvent, reese, remars, reinforced. We cover 'em all now and the summits. I'm John Furrier, my host Dave Vellante. We have IDC weighing in here with their analysts. We've got some great guests here, Jay Bretzmann research VP at IDC and Philip Bues research manager for Cloud security. Gentlemen, thanks for coming on. >> Thank you. >> Appreciate it. Great to be here. >> Appreciate coming. >> Got a full circle, right? (all laughing) Security's more interesting than storage, isn't it? (all laughing) >> Dave and Jay worked together. This is a great segment. I'm psyched that you guys are here. We had Crawford and Matt Eastwood on at HPE Discover a while back and really the data you guys are getting and the insights are fantastic. So congratulations to IDC. You guys doing great work. We appreciate your time. I want to get your reaction to the event and the keynotes. AWS has got some posture and they're very aggressive on some tones. Some things that we didn't hear. What's your reaction to the keynote? Share your assessment. >> So, you know, I manage two different research services at IDC right now. They are both Cloud security and identity and digital security, right? And what was really interesting is the intersection between the two this morning, because every one of those speakers that came on had something to say about identity or least privileged access, or enable MFA, or make sure that you control who gets access to what and deny explicitly. And it's always been a challenge a little bit in the identity world because a lot of people don't use MFA. And in RSA, that was another big theme at the RSA conference, MFA everywhere. Why don't they use it? Because it introduces friction and all of a sudden people can't get their jobs done. And the whole point of a network is letting people on to get that data they want to get to. So that was kind of interesting, but as we have in the industry, this shared responsibility model for Cloud computing, we've got shared responsibility for between Philip and I. (Philip laughing) I have done in the past more security of the Cloud and Philip is more security in the Cloud. >> So yeah. >> And now with Cloud operation Super Cloud, as we call it, you have on premises, private Cloud coming back, or hasn't really gone anywhere, all that on premises, Cloud operations, public Cloud, and now edge exploding with new requirements. It's really an ops challenge right now. Not so much dev. So the sec and op side is hot right now. >> Yeah, well, we've made this move from monolithic to microservices based applications. And so during the keynote this morning, the announcement around the GuardDuty Malware Protection component, and that being built into the pricing of current GuardDuty, I thought was really key. And there was also a lot of talk about partnering in security certifications, which is also so very important. So we're seeing this move towards filling in that talent gap, which I think we're all aware of in the security industry. >> So Jake, square the circle for me. So Kirk Coofell talked about Amazon AWS identity, where does AWS leave off, and companies like Okta or Ping identity or Cybertruck pickup, how are they working together? Does it just create more confusion and more tools for customers? We know the overused word of seamless. >> Yeah, yeah. >> It's never seamless, so how should we think about that? >> So, identity has been around for 35 years or something like that. Started with the mainframes and all that. And if you understand the history of it, you make more sense to the current market. You have to know where people came from and the baggage they're carrying, 'cause they're still carrying a lot of that baggage. Now, when it comes to the Cloud Service providers, they're more an accommodation from the identity standpoint. Let's make it easy inside of AWS to let you single sign on to anything in the Cloud that they have, right? Let's also introduce an additional MFA capability to keep people safer whenever we can and provide people with tools, to get into those applications somewhat easily, while leveraging identities that may live somewhere else. So there's a whole lot of the world that is still active, directory-centric, right? There's another portion of companies that were born in the Cloud that were able to jump on things like Okta and some of the other providers of these universal identities in the Cloud. So, like I said, if you understand where people came from in the beginning, you start to say, "Yeah, this makes sense." >> It's interesting you talk about mainframe. I always think about Rack F, you know. And I say, "Okay, who did what, when, where?" And you hear about a lot of those themes. So what's the best practice for MFA, that's non-SMS-based? Is it you got to wear something around your neck, is it to have sort of a third party authenticator? What are people doing that you guys would recommend? >> Yeah, one quick comment about adoption of MFA. If you ask different suppliers, what percent of your base that does SSO also does MFA, one of the biggest suppliers out there, Microsoft will tell you it's under 25%. That's pretty shocking. All the messaging that's come out about it. So another big player in the market was called Duo, Cisco bought them. >> Yep. >> And because they provide networks, a lot of people buy their MFA. They have probably the most prevalent type of MFA, it's called Push. And Push can be a red X and a green check mark to your phone, it can be a QR code, somewhere, it can be an email push as well. So that is the next easiest thing to adopt after SMS. And as you know, SMS has been denigrated by NIST and others saying, it's susceptible to man and middle attacks. It's built on a telephony protocol called SS7. Predates anything, there's no certification either side. The other real dynamic and identity is the whole adoption of PKI infrastructure. As you know, certificates are used for all kinds of things, network sessions, data encryption, well, identity increasingly. And a lot of the consumers and especially the work from anywhere, people these days have access through smart devices. And what you can do there, is you can have an agent on that smart device, generate your private key and then push out a public key and so the private key never leaves your device. That's one of the most secure ways to- >> So if our SIM card gets hacked, you're not going to be as vulnerable? >> Yeah, well, the SIM card is another challenge associated with the older ways, but yeah. >> So what do you guys think about the open source connection and they mentioned it up top. Don't bolt on security, implying shift left, which is embedding it in like sneak companies, like sneak do that. Very container oriented, a lot of Kubernetes kind of Cloud native services. So I want to get your reaction to that. And then also this reasoning angle they brought up. Kind of a higher level AI reasoning decisions. So open source, and this notion of AI reasoning. or AI reason. >> And you see more open source discussion happening, so you have your building maintaining and vetting of the upstream open source code, which is critical. And so I think AWS talking about that today, they're certainly hitting on a nerve, as you know, open source continues to proliferate. Around the automated reasoning, I think that makes sense. You want to provide guide rails and you want to provide roadmaps and you want to have sort of that guidance as to, okay, what's a correlation analysis of different tools and products? And so I think that's going to go over really well, yeah. >> One of the other key points about open source is, everybody's in a multi-cloud world, right? >> Yeah. >> And so they're worried about vendor lock in. They want an open source code base, so that they don't experience that. >> Yeah, and they can move the code around, and make sure it works well on each system. Dave and I were just talking about some of the dynamics around data control planes. So they mentioned encrypt everything which is great and I message by the way, I love that one. But oh, and he mentioned data at rest. I'm like, "What about data in flight? "Didn't hear that one." So one of the things we're seeing with SuperCloud, and now multi-cloud kind of as destinations of that, is that in digital transformation, customers are leaning into owning their data flows. >> Yeah. >> Independent of say the control plane aspects of what could come in. This is huge implications for security, where sharing data is huge, even Schmidt on stage said, we have billions and billions of things happening that we see things that no one else sees. So that implies, they're sharing- >> Quad trillion. >> Trillion, 15 zeros. (Jay laughs) >> 15 zeros. >> So that implies they're sharing that or using that pushing that into something. So sharing is huge with cyber security. So that implies open data, data flows. How do you guys see this evolving? I know it's kind of emerging, but it's becoming a nuanced point, that's critical to the architecture. >> Well, yeah, I think another way to look at that is the sharing of intelligence and some of the recent directives, from the executive branch, making it easier for private companies to share data and intelligence, which I think strengthens the cyber community overall. >> Depending upon the supplier, it's either an aggregate level of intelligence that has been anonymized or it's specific intelligence for your environment that everybody's got a threat feed, maybe two or three, right? (John laughs) But back to the encryption point, I mean, I was working for an encryption startup for a little while after I left IBM, and the thing is that people are scared of it. They're scared of key management and rotation. And so when you provide- >> Because they might lose the key. >> Exactly. >> Yeah. >> It's like shooting yourself in the foot, right? So that's when you have things like, KMS services from Amazon and stuff that really help out a lot. And help people understand, okay, I'm not alone in this. >> Yeah, crypto owners- >> They call that hybrid, the hybrid key, they don't know how they call the data, they call it the hybrid. What was that? >> Key management service? >> The hybrid- >> Oh, hybrid HSM, correct? >> Yeah, what is that? What is that? I didn't get that. I didn't understand what he meant by the hybrid post quantum key agreement. >> Hybrid post quantum key exchange. >> AWS never made a product name that didn't have four words in it. (John laughs) >> But he did reference the new NIST algos. And I think I inferred that they were quantum proof or they claim to be, and AWS was testing those. >> Correct, yeah. >> So that was kind of interesting, but I want to come back to identity for a second. So, this idea of bringing traditional IAM and Privileged Access Management together, is that a pipe dream, is that something that is actually going to happen? What's the timeframe, what's your take on that? >> So, there are aspects of privilege in every sort of identity. Back when it was only the back office that used computers for calculations, right? Then you were able to control how many people had access. There were two types of users, admins and users. These days, everybody has some aspect of- >> It's a real spectrum, really. >> Yeah. >> Granular. >> You got the C-suite, the finance people, the DevOps people, even partners and whatever. They all need some sort of privileged access, and the term you hear so much is least-privileged access, right? Shut it down, control it. So, in some of my research, I've been saying that vendors who are in the PAM space, Privilege Access Management space, will probably be growing their suites, playing a bigger role, building out a stack, because they have the expertise and the perspective that says, "We should control this better." How do we do that, right? And we've been seeing that recently. >> Is that a combination of old kind of antiquated systems meets for proprietary hyper scale, or kind of like build your own? 'Cause I mean, Amazon, these guys, Facebook, they all build their own stuff. >> Yes, they do. >> Then enterprises buy services from general purpose identity management systems. >> So as we were talking about knowing the past and whatever, Privileged Access Management used to be about compliance reporting. Just making sure that I knew who accessed what? And could prove it, so I didn't fail at all. >> It wasn't a critical infrastructure item. >> No, and now these days, what it's transitioning into, is much more risk management, okay. I know what our risk is, I'm ahead of it. And the other thing in the PAM space, was really session monitor. Everybody wanted to watch every keystroke, every screen's scrape, all that kind of stuff. A lot of the new Privileged Access Management, doesn't really require that. It's a nice to have feature. You kind of need it on the list, but is anybody really going to implement it? That's the question, right. And then if you do all that session monitoring, does anybody ever go back and look at it? There's only so many hours in the day. >> How about passwordless access? (Jay laughs) I've heard people talk about that. I mean, that's as a user, I can't wait but- >> Well, it's somewhere we want to all go. We all want identity security to just disappear and be recognized when we log in. So the thing with passwordless is, there's always a password somewhere. And it's usually part of a registration action. I'm going to register my device with a username password, and then beyond that I can use my biometrics, right? I want to register my device and get a private key, that I can put in my enclave, and I'll use that in the future. Maybe it's got to touch ID, maybe it doesn't, right? So even though there's been a lot of progress made, it's not quote, unquote, truly passwordless. There's a group, industry standards group called Fido. Which is Fast Identity Online. And what they realized was, these whole registration passwords, that's really a single point of failure. 'Cause if I can't recover my device, I'm in trouble. So they just did new extension to sort of what they were doing, which provides you with much more of like an iCloud vault that you can register that device in and other devices associated with that same identity. >> Get you to it if you have to. >> Exactly. >> I'm all over the place here, but I want to ask about ransomware. It may not be your wheelhouse. But back in the day, Jay, remember you used to cover tape. All the backup guys now are talking about ransomware. AWS mentioned it today and they showed a bunch of best practices and things you can do. Air gaps wasn't one of them. I was really surprised 'cause that's all every anybody ever talks about is air gaps and a lot of times that air gap could be a guess to the Cloud, I guess, I'm not sure. What are you guys seeing on ransomware apps? >> We've done a lot of great research around ransomware as a service and ransomware, and we just had some data come out recently, that I think in terms of spending and spend, and as a result of the Ukraine-Russia war, that ransomware assessments rate number one. And so it's something that we encourage, when we talk to vendors and in our services, in our publications that we write about taking advantage of those free strategic ransomware assessments, vulnerability assessments, as well and then security and training ranked very highly as well. So, we want to make sure that all of these areas are being funded well to try and stay ahead of the curve. >> Yeah, I was surprised to not see air gaps on the list, that's all everybody talks about. >> Well, the old model for air gaping in the land days, the novel days, you took your tapes home and put them in the sock drawer. (all laughing) >> Well, it's a form of air gap. (all laughing) >> Security and no one's going to go there and clean out. >> And then the internet came around and ruined it. >> Guys, final question we want to ask you, guys, we kind of zoom out, great commentary by the way. Appreciate it. We've seen this in many markets, a collection of tools emerge and then there's its tool sprawl. So cyber we're seeing the trend now where mon goes up on stage of all the ecosystems, probably other vendors doing the same thing where they're organizing a platform on top of AWS to be this super platform, for super Cloud capability by building a more platform thing. So we're saying there's a platform war going on, 'cause customers don't want the complexity. I got a tool but it's actually making it more complex if I buy the other tool. So the tool sprawl becomes a problem. How do you guys see this? Do you guys see this platform emerging? I mean tools won't go away, but they have to be easier. >> Yeah, we do see a consolidation of functionality and services. And we've been seeing that, I think through a 2020 Cloud security survey that we released that was definitely a trend. And that certainly happened for many companies over the last six to 24 months, I would say. And then platformization absolutely is something we talk and write about all the time so... >> Couple of years ago, I called the Amazon tool set an erector set because it really required assembly. And you see the emphasis on training here too, right? You definitely need to go to AWS University to be competent. >> It wasn't Lego blocks yet. >> No. >> It was erector set. >> Yeah. >> Very good distinction. >> Loose. >> And you lose a few. (chuckles) >> But still too many tools, right? You see, we need more consolidation. It's getting interesting because a lot of these companies have runway and you look at sale point at stock prices held up 'cause of the Thoma Bravo acquisition, but all the rest of the cyber stocks have been crushed especially the high flyers, like a Sentinel-1 one or a CrowdStrike, but just still M and A opportunity. >> So platform wars. Okay, final thoughts. What do you, think is happening next? What's your outlook for the next year or so? >> So, in the identity space, I'll talk about, Philip can cover Cloud for us. It really is more consolidation and more adoption of things that are beyond simple SSO. It was, just getting on the systems and now we really need to control what you're able to get to and who you are. And do it as transparently as we possibly can, because otherwise, people are going to lose productivity. They're not going to be able to get to what they want. And that's what causes the C-suite to say, "Wait a minute," DevOps, they want to update the product every day. Make it better. Can they do that or did security get in the way? People, every once in a while call security, the Department of No, right? >> They ditch it on stage. They want to be the Department of Yes. >> Exactly. >> Yeah. >> And the department that creates additional value. If you look at what's going on with B2C or CIAM, consumer oriented identity, that is all about opening up new direct channels and treating people like their old friends, not like you don't know them, you have to challenge them. >> We always say, you want to be in the boat together, it sinks or not. >> Yeah. Exactly. >> Philip I'm glad- >> Okay, what's your take? What's your outlook for the year? >> Yeah, I think, something that we've been seeing as consolidation and integration, and so companies looking at from built time to run time, investing in shift left infrastructure is code. And then also in the runtime detection, makes perfect sense to have both the agent and agent lists so that you're covering any of the gaps that might exist. >> Awesome, Jay Phillip, thanks for coming on "theCUBE" with IDC and sharing your- >> Oh, our pleasure- >> Perspective, commentary and insights and outlook. Appreciate it. >> You bet. >> Thank you. >> Okay, we've got the great direction here from IDC analyst here on the queue. I'm John Furrier, Dave Vellante. Be back more after this short break. (bright upbeat music)

>> From theCUBE Studios in Palo Alto and Boston bringing you data driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> After a two year hiatus, AWS re:Inforce is back on as an in-person event in Boston next week. Like the All-Star break in baseball, re:Inforce gives us an opportunity to evaluate the cyber security market overall, the state of cloud security and cross cloud security and more specifically what AWS is up to in the sector. Welcome to this week's Wikibon cube insights powered by ETR. In this Breaking Analysis we'll share our view of what's changed since our last cyber update in May. We'll look at the macro environment, how it's impacting cyber security plays in the market, what the ETR data tells us and what to expect at next week's AWS re:Inforce. We start this week with a checkpoint from Breaking Analysis contributor and stock trader Chip Simonton. We asked for his assessment of the market generally in cyber stocks specifically. So we'll summarize right here. We've kind of moved on from a narrative of the sky is falling to one where the glass is half empty you know, and before today's big selloff it was looking more and more like glass half full. The SNAP miss has dragged down many of the big names that comprise the major indices. You know, earning season as always brings heightened interest and this time we're seeing many cross currents. It starts as usual with the banks and the money centers. With the exception of JP Morgan the numbers were pretty good according to Simonton. Investment banks were not so great with Morgan and Goldman missing estimates but in general, pretty positive outlooks. But the market also shrugged off IBM's growth. And of course, social media because of SNAP is getting hammered today. The question is no longer recession or not but rather how deep the recession will be. And today's PMI data was the weakest since the start of the pandemic. Bond yields continue to weaken and there's a growing consensus that Fed tightening may be over after September as commodity prices weaken. Now gas prices of course are still high but they've come down. Tesla, Nokia and AT&T all indicated that supply issues were getting better which is also going to help with inflation. So it's no shock that the NASDAQ has done pretty well as beaten down as tech stocks started to look oversold you know, despite today's sell off. But AT&T and Verizon, they blamed their misses in part on people not paying their bills on time. SNAP's huge miss even after guiding lower and then refusing to offer future guidance took that stock down nearly 40% today and other social media stocks are off on sympathy. Meta and Google were off, you know, over 7% at midday. I think at one point hit 14% down and Google, Meta and Twitter have all said they're freezing new hires. So we're starting to see according to Simonton for the first time in a long time, the lower income, younger generation really feeling the pinch of inflation. Along of course with struggling families that have to choose food and shelter over discretionary spend. Now back to the NASDAQ for a moment. As we've been reporting back in mid-June and NASDAQ was off nearly 33% year to date and has since rallied. It's now down about 25% year to date as of midday today. But as I say, it had been, you know much deeper back in early June. But it's broken that downward trend that we talked about where the highs are actually lower and the lows are lower. That's started to change for now anyway. We'll see if it holds. But chip stocks, software stocks, and of course the cyber names have broken those down trends and have been trading above their 50 day moving averages for the first time in around four months. And again, according to Simonton, we'll see if that holds. If it does, that's a positive sign. Now remember on June 24th, we recorded a Breaking Analysis and talked about Qualcomm trading at a 12 X multiple with an implied 15% growth rate. On that day the stock was 124 and it surpassed 155 earlier this month. That was a really good call by Simonton. So looking at some of the cyber players here SailPoint is of course the anomaly with the Thoma Bravo 7 billion acquisition of the company holding that stock up. But the Bug ETF of basket of cyber stocks has definitely improved. When we last reported on cyber in May, CrowdStrike was off 23% year to date. It's now off 4%. Palo Alto has held steadily. Okta is still underperforming its peers as it works through the fallout from the breach and the ingestion of its Auth0 acquisition. Meanwhile, Zscaler and SentinelOne, those high flyers are still well off year to date, with Ping Identity and CyberArk not getting hit as hard as their valuations hadn't run up as much. But virtually all these tech stocks generally in cyber issues specifically, they've been breaking their down trend. So it will now come down to earnings guidance in the coming months. But the SNAP reaction is quite stunning. I mean, the environment is slowing, we know that. Ad spending gets cut in that type of market, we know that too. So it shouldn't be a huge surprise to anyone but as Chip Simonton says, this shows that sellers are still in control here. So it's going to take a little while to work through that despite the positive signs that we're seeing. Okay. We also turned to our friend Eric Bradley from ETR who follows these markets quite closely. He frequently interviews CISOs on his program, on his round tables. So we asked to get his take and here's what ETR is saying. Again, as we've reported while CIOs and IT buyers have tempered spending expectations since December and early January when they called for an 8% plus spending growth, they're still expecting a six to seven percent uptick in spend this year. So that's pretty good. Security remains the number one priority and also is the highest ranked sector in the ETR data set when you measure in terms of pervasiveness in the study. Within security endpoint detection and extended detection and response along with identity and privileged account management are the sub-sectors with the most spending velocity. And when you exclude Microsoft which is just dominant across the board in so many sectors, CrowdStrike has taken over the number one spot in terms of spending momentum in ETR surveys with CyberArk and Tanium showing very strong as well. Okta has seen a big dropoff in net score from 54% last survey to 45% in July as customers maybe put a pause on new Okta adoptions. That clearly shows in the survey. We'll talk about that in a moment. Look Okta still elevated in terms of spending momentum, but it doesn't have the dominant leadership position it once held in spend velocity. Year on year, according to ETR, Tenable and Elastic are seeing the biggest jumps in spending momentum, with SailPoint, Tanium, Veronis, CrowdStrike and Zscaler seeing the biggest jump in new adoptions since the last survey. Now on the downside, SonicWall, Symantec, Trellic which is McAfee, Barracuda and TrendMicro are seeing the highest percentage of defections and replacements. Let's take a deeper look at what the ETR data tells us about the cybersecurity space. This is a popular view that we like to share with net score or spending momentum on the Y axis and overlap or pervasiveness in the data on the X axis. It's a measure of presence in the data set we used to call it market share. With the data, the dot positions, you see that little inserted table, that's how the dots are plotted. And it's important to note that this data is filtered for firms with at least 100 Ns in the survey. That's why some of the other ones that we mentioned might have dropped off. The red dotted line at 40% that indicates highly elevated spending momentum and there are several firms above that mark including of course, Microsoft, which is literally off the charts in both dimensions in the upper right. It's quite incredible actually. But for the rest of the pack, CrowdStrike has now taken back its number one net score position in the ETR survey. And CyberArk and Okta and Zscaler, CloudFlare and Auth0 now Okta through the acquisition, are all above the 40% mark. You can stare at the data at your leisure but I'll just point out, make three quick points. First Palo Alto continues to impress and as steady as she goes. Two, it's a very crowded market still and it's complicated space. And three there's lots of spending in different pockets. This market has too many tools and will continue to consolidate. Now I'd like to drill into a couple of firms net scores and pick out some of the pure plays that are leading the way. This series of charts shows the net score or spending velocity or granularity for Okta, CrowdStrike, Zscaler and CyberArk. Four of the top pure plays in the ETR survey that also have over a hundred responses. Now the colors represent the following. Bright red is defections. We're leaving the platform. The pink is we're spending less, meaning we're spending 6% or worse. The gray is flat spend plus or minus 5%. The forest green is spending more, i.e, 6% or more and the lime green is we're adding the platform new. That red dotted line at the 40% net score mark is the same elevated level that we like to talk about. All four are above that target. Now that blue line you see there is net score. The yellow line is pervasiveness in the data. The data shown in each bar goes back 10 surveys all the way back to January 2020. First I want to call out that all four again are seeing down trends in spending momentum with the whole market. That's that blue line. They're seeing that this quarter, again, the market is off overall. Everybody is kind of seeing that down trend for the most part. Very few exceptions. Okta is being hurt by fewer new additions which is why we highlighted in red, that red dotted area, that square that we put there in the upper right of that Okta bar. That lime green, new ads are off as well. And the gray for Okta, flat spending is noticeably up. So it feels like people are pausing a bit and taking a breather for Okta. And as we said earlier, perhaps with the breach earlier this year and the ingestion of Auth0 acquisition the company is seeing some friction in its business. Now, having said that, you can see Okta's yellow line or presence in the data set, continues to grow. So it's a good proxy from market presence. So Okta remains a leader in identity. So again, I'll let you stare at the data if you want at your leisure, but despite some concerns on declining momentum, notice this very little red at these companies when it comes to the ETR survey data. Now one more data slide which brings us to our four star cyber firms. We started a tradition a few years ago where we sorted the ETR data by net score. That's the left hand side of this graphic. And we sorted by shared end or presence in the data set. That's the right hand side. And again, we filtered by companies with at least 100 N and oh, by the way we've excluded Microsoft just to level the playing field. The red dotted line signifies the top 10. If a company cracks the top 10 in both spending momentum and presence, we give them four stars. So Palo Alto, CrowdStrike, Okta, Fortinet and Zscaler all made the cut this time. Now, as we pointed out in May if you combined Auth0 with Okta, they jumped to the number two on the right hand chart in terms of presence. And they would lead the pure plays there although it would bring down Okta's net score somewhat, as you can see, Auth0's net score is lower than Okta's. So when you combine them it would drag that down a little bit but it would give them bigger presence in the data set. Now, the other point we'll make is that Proofpoint and Splunk both dropped off the four star list this time as they both saw marked declines in net score or spending velocity. They both got four stars last quarter. Okay. We're going to close on what to expect at re:Inforce this coming week. Re:Inforce, if you don't know, is AWS's security event. They first held it in Boston back in 2019. It's dedicated to cloud security. The past two years has been virtual and they announced that reinvent that it would take place in Houston in June, which everybody said, that's crazy. Who wants to go to Houston in June and turns out nobody did so they postponed the event, thankfully. And so now they're back in Boston, starting on Monday. Not that it's going to be much cooler in Boston. Anyway, Steven Schmidt had been the face of AWS security at all these previous events as the Chief Information Security Officer. Now he's dropped the I from his title and is now the Chief Security Officer at Amazon. So he went with Jesse to the mothership. Presumably he dropped the I because he deals with physical security now too, like at the warehouses. Not that he didn't have to worry about physical security at the AWS data centers. I don't know. Anyway, he and CJ Moses who is now the new CISO at AWS will be keynoting along with some others including MongoDB's Chief Information Security Officer. So that should be interesting. Now, if you've been following AWS you'll know they like to break things down into, you know, a couple of security categories. Identity, detection and response, data protection slash privacy slash GRC which is governance, risk and compliance, and we would expect a lot more talk this year on container security. So you're going to hear also product updates and they like to talk about how they're adding value to services and try to help, they try to help customers understand how to apply services. Things like GuardDuty, which is their threat detection that has machine learning in it. They'll talk about Security Hub, which centralizes views and alerts and automates security checks. They have a service called Detective which does root cause analysis, and they have tools to mitigate denial of service attacks. And they'll talk about security in Nitro which isolates a lot of the hardware resources. This whole idea of, you know, confidential computing which is, you know, AWS will point out it's kind of become a buzzword. They take it really seriously. I think others do as well, like Arm. We've talked about that on previous Breaking Analysis. And again, you're going to hear something on container security because it's the hottest thing going right now and because AWS really still serves developers and really that's what they're trying to do. They're trying to enable developers to design security in but you're also going to hear a lot of best practice advice from AWS i.e, they'll share the AWS dogfooding playbooks with you for their own security practices. AWS like all good security practitioners, understand that the keys to a successful security strategy and implementation don't start with the technology, rather they're about the methods and practices that you apply to solve security threats and a top to bottom cultural approach to security awareness, designing security into systems, that's really where the developers come in, and training for continuous improvements. So you're going to get heavy doses of really strong best practices and guidance and you know, some good preaching. You're also going to hear and see a lot of partners. They'll be very visible at re:Inforce. AWS is all about ecosystem enablement and AWS is going to host close to a hundred security partners at the event. This is key because AWS doesn't do it all. Interestingly, they don't even show up in the ETR security taxonomy, right? They just sort of imply that it's built in there even though they have a lot of security tooling. So they have to apply the shared responsibility model not only with customers but partners as well. They need an ecosystem to fill gaps and provide deeper problem solving with more mature and deeper security tooling. And you're going to hear a lot of positivity around how great cloud security is and how it can be done well. But the truth is this stuff is still incredibly complicated and challenging for CISOs and practitioners who are understaffed when it comes to top talent. Now, finally, theCUBE will be at re:Inforce in force. John Furry and I will be hosting two days of broadcast so please do stop by if you're in Boston and say hello. We'll have a little chat, we'll share some data and we'll share our overall impressions of the event, the market, what we're seeing, what we're learning, what we're worried about in this dynamic space. Okay. That's it for today. Thanks for watching. Thanks to Alex Myerson, who is on production and manages the podcast. Kristin Martin and Cheryl Knight, they helped get the word out on social and in our newsletters and Rob Hoff is our Editor in Chief over at siliconangle.com. You did some great editing. Thank you all. Remember all these episodes they're available, this podcast. Wherever you listen, all you do is search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com. You can get in touch with me by emailing avid.vellante@siliconangle.com or DM me @dvellante, or comment on my LinkedIn post and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching and we'll see you in Boston next week if you're there or next time on Breaking Analysis (soft music)

>> From theCUBE Studios in Palo Alto in Boston, bringing you data driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> Cybersecurity stocks have been sending mixed signals as of late, mostly negative like much of tech, but some such as Palo Alto Networks, despite a tough go of it recently have held up better than most tech names. Others like CrowdStrike, had been out performing Broader Tech in March, but then flipped in May. Okta's performance was pretty much tracking along with CrowdStrike for most of the past several months, a little bit below, but then the Okta hack changed the trajectory of that name. Zscaler has crossed the critical billion dollar ARR revenue milestone, and now sees a path to five billion dollars in revenue, but the company stock fell sharply after its last earnings report and has been on a down trend since last November. Meanwhile, CyberArk's recent beat and raise, was encouraging and the stock acted well after its last report. Security remains the number one initiative priority amongst IT organizations and the spending momentum for many high flying cyber names remain strong. So what gives in cyber security? Hello, and welcome to this week's Wikibon CUBE insights powered by ETR. In this breaking analysis, we focus on security and will update you on the latest data from ETR to try to make sense out of the market and read into what this all means in both the near and long term, for some of our favorite names in cyber. First, the news. There's always something happening in security news cycles. The big recent news is new President Rodrigo Chavez declared a national emergency in Costa Rica due to the preponderance of Russian cyber attacks on the country's critical infrastructure. Such measures are normally reserved for natural disasters like earthquakes, but this move speaks to the nature of today's cyber threats. Of no surprise is modern superpower warfare even for a depleted power like Russia almost certainly involves cyber warfare as we continue to see in Ukraine. Privately held Arctic Wolf Networks hired Dustin Williams as its new CFO. Williams has taken three companies to IPO, including Nutanix in 2016, a very successful IPO for that company. Whether AWN chooses to pull the trigger this year or will wait until markets are less choppy or obviously remains to be seen. But it's a pretty clear sign the company is headed to IPO at some point. Now, big point of discussion this week at Red Hat Summit in Boston and the prior week at Dell technologies world was security. In the case of Red Hat, securing the digital supply chain was the main theme. And from Dell building, many security features into its storage arrays and cyber resilience services into its as a service offering called Apex. And we're seeing a trend where buyers want to reduce the number of bespoke tools they use if they, in fact can. Here's IDC's Jim Mercer, sharing data from a recent survey they conducted on the topic. Play the clip. >> Interestingly, we did a survey, I think around last August or something. And one of the questions was around where do you want your security, right? Where do you want to get your DevSecOps security from? Do you want to get it from individual vendors, right? Or do you want to get it from like your platforms that you're using and deploying changes in Kubernetes? >> Great question. What did they say? >> The majority of them, they're hoping they can get it built into the platform. That's really what they want-- >> Now, whether that's actually achievable is debatable because you have so much innovation and investment going on from the likes of startups and for instance, lace work or sneak and security companies that you see even trying to build platforms, you've got CrowdStrike, Okta, Zscaler and many others, trying to build security platforms and put it all under their umbrella. Now the last point will hit here is there was a lot of buzz in the news about Okta. The reaction to what was a relatively benign hack was pretty severe and probably overblown, but Okta's stock is paying the price of what is generally considered a blown communications plan versus a technical failure. Remember, identity is not an easy thing to rip and replace and Okta remains a best-of-breed player and leader in the space. So we're going to look at some ETR data later in this segment to try and make sense of the recent action in the market and certain names. Speaking of which let's take a look at how some of the names in cybersecurity have fared relative to some of the indices and relative indicators that we like to look at. Here's a Google finance comparison for a number of stocks and names in the bottom there you can see we plot the hack ETF which tracks security stocks. This is a year to date view. And so we don't show it here but the tech heavy NASDAQ is off around 26% year to date whereas the cyber ETF that we're showing is down 18%, okay. So cyber holding up a little bit better than broader tech as we've reported earlier, was actually much better and still seems to be a gap there, but the data are mixed. You can see Okta is way off relative to its peers. That's a combination of the breach that we talked about but also the run up in the stock since COVID. CrowdStrike was actually faring better but broke this month, we'll see how it's upcoming earnings announcements are received when it announces on June 2nd after the close. Palo Alto in the light blue has done better than most and until recently was holding up quite well. And of course, Sailpoint is another identity specialist, it is kind of off the charts here because it's going private with the acquisition by Thoma Bravo at nearly seven billion dollars. So you see some mixed signals in cyber these past several months and weeks. And so we're trying to understand what that all means. So let's take a look at the survey data and see how spending momentum is holding up. As we've reported IT spending forecast, at the macro level, they've come off their 8% highs from the end of the year, the ETRS December survey, but robust tech spending is still there. It's expected at nearly seven percent and this is amongst 1200 ETR respondents. Here's a picture from the ETR survey of the cybersecurity landscape. That y-axis that's net score or a measure of spending momentum and that horizontal access is overlap. We used to talk about it as a market share which is a measure of pervasiveness in the data set. That dotted red line at 40% indicates an elevated spending momentum level on the vertical axis and we filter the names and limited to only those with a hundred or more responses in the ETR survey. Then the pictures still pretty crowded as you can see. You got lots of companies above the red dotted line, including Microsoft which is up into the right, they're so far off the chart, it's just amazing. But also Palo Alto and Okta, Auth0, which of course is now owned by Okta, Zscaler, CyberArk is making moves. Sailpoint and Cloudflare, they're all above that magic 40% line. Now, you look at Cisco, it shows a very large presence in the horizontal axis in the data set. And it's got pretty respectable momentum and you see Splunk doing okay, no before and tenable just below that 40% line and a lot of names in the very respectable 20% zone. And we've included some legacy names just for context that fall below the zero percent line with a negative net score. And that means a larger proportion, that negative net score means a larger proportion of their customers in the survey are spending less than those that are spending more. Now, typically for these legacy names you're going to have a huge proportion of customers who have flat spending that kind of fat middle and that's why they sort of don't have that highly elevated score, but they're still viable as they get the recurring revenue each year. But the bottom line is that spending remains robust for some of the top names that we've talked about earlier despite their rocky stock performance. Now, let's filter this data a bit more to make it a little bit easier to read. So to do that, we take out Microsoft because they're just so dominant and we cherry pick some names to make the data more consumable and scannable. The other data point we've added is Okta's net score breakdown, the multicolored rows there, that row in the bottom right. Net score, it measures the percent of customers that are adding the platform new, that's the lime green, at 18% for Okta. The forest green is at 42%. That's the percent of customers in the survey that are spending six percent or more. The gray is flat spending. That's 32% for Okta, this past survey. The pink is customers that are spending less, that's three percent. They're spending six percent or worse in the survey, so only three percent for Okta. And the bright red at three percent is decommissioning the platform. You subtract the reds from the greens and you get a net score, well, into the 50s for Okta and you can see. We highlight Okta here because it's a name that we've been following for quite some time and customers have given us really solid feedback on the technology and up until the hack, they're affinity to Okta, but that seems to be continuing. We'll talk more about that. This recent breach to Okta has caused us to take a closer look. And you may recall, we reported with our ETR colleague, Eric Bradley. The breach was announced right in the middle of ETR collecting data in the last survey. And while we did see a noticeable downtick right after the announcement, the exposure of the hack and Okta's net score just after the breach was disclosed, you can see the combination of Okta and Auth0 remains very strong. I asked Eric Bradley this morning what he thought about Okta, and he pointed out that you can't evaluate this company on its price to earnings ratio. But it's forward sales multiple is now below 7X. And while attractive, these high flyers at some point, Eric says, they got to start making a profit. So you going to hold that thought, we'll come back to that. Now, another cut of the ETR data to look at our four star security names here. A while back we developed a methodology to try and cut through the noise of the crowded security sector using the ETR data to evaluate two key metrics; net score and shared N. Net score again is, spending momentum, the latter is an indicator of presence in the data set which is a proxy for market presence. Okay, we assigned those companies that cracked the top 10 in both net score and shared N, we give them four stars, okay, if they make the top 10. This chart here shows the April survey data for those companies with an N that's greater than, equal to a hundred responses. So again, we're filtering on those with a hundred or more responses. The table on the left that you see there, that's sorted by net score, okay. So we're sorting by spending momentum. And then the one on the right is sorted by shared N, so their presence in the data set. Seven companies hit the top 10 for both categories; Palo Alto Network, Splunk, CrowdStrike Okta, Proofpoint, Fortinet and Zscaler. Now, remember, take a look, Okta excludes Auth0, in this little methodology that we came up with. Auth0 didn't make the cuts but it hits the top 10 for net score. So if you add in Auth0's 112 N there that you see on the right. You add that into Okta, we put Okta in the number two spot in the survey on the right most table with the shared N of 354. Only Cisco has a higher presence in the data set. And you can see Cisco in the left lands just below that red dotted line. That's the top 10 in security. So if we were to combine Okta and Auth0 as one, Cisco would make the cut and earn four stars. Now, some other notables are CyberArk, which is just below the red line on the right most chart with an impressive 177 shared N. Again, if you combine Auth0 and Okta, CyberArk makes the four star grade because it's in the top 10 for net score on the left. And Sailpoint is another notable with a net score above 50% and it's got a shared N of 122, which is respectable. So despite the market's choppy waters, we're seeing some positive signs in the survey data for some of the more prominent names that we've been following for the last couple of years. So what does this mean for the markets going forward? As always, when we see these confusing signs we like to reach out to the network and one of the sharpest traders out there is Chip Simonton. We've quoted him before and we like to share some of his insights. And so we're going to highlight some of that here. So technically, almost every good tech stock is oversold. And as such, he suggested we might see a bounce here. We certainly are seeing that on this Friday, the 13th. But the right call tactically has been to sell into the rally these past several months, so we'll see what happens on Monday. The key issue with the name like Okta and some other momentum names like CrowdStrike and Zscaler is that when money comes back into tech, it's likely going to go to the FAANG stocks, the Facebook, Apple, Amazon, Netflix, Google, and of course, you put Microsoft in there as well. And we'll see about Amazon, by the way, it's kind of out of favor right now, as everyone's focused on the retail side of the business meanwhile it's cloud business is booming and that's where all the profit is. We think that should be the real focus for Amazon. But the point is, for these momentum names in cybersecurity that don't make money, they face real headwinds, as growth is slowing overall and interest rates rise, that makes the net present value of these investments much less attractive. We've talked about that before. But longer term, we agree with Chip Simonton that these are excellent companies and they will weather the storm and we think they're going to lead their respective markets. And in cyber, we would expect continued M&A activity, which could act as a booster shot in the arms of these names. Now in 2019, we saw the ETR data, it pointed to CrowdStrike, Zscaler, Okta and others in the security space. Some of those names that really looked to us like they were moving forward and the pandemic just created a surge in these names and admittedly they got out over their skis. But the data suggests that these leading companies have continued momentum and the potential for stay in power. Unlike the SolarWinds hack, it seems at this point anyway that Okta will recover in the market. For the reasons that we cited, investors, they might stay away for some time but longer term, there's a shift in CSO security strategies that appear to be permanent. They're really valuing cloud-based modern platforms, these platforms will likely continue to gain share and carry their momentum forward. Okay, that's it for now, thanks to Stephanie Chan, who helps with the background research and with social, Kristen Martin and Cheryl Knight help get the word out and do some great work as well. Alex Morrison is on production and handles all of our podcast. Alex, thank you. And Rob Hof is our Editor in Chief at SiliconANGLE. Remember, all these episodes, they're available as podcast, you can pop in the headphones and listen, just search "Breaking Analysis Podcast." I publish each week on wikibon.com and SiliconANGLE.com. Don't forget to check out etr.ai, best in the business for real customer data. It's an awesome platform. You can reach me at dave.vellante@siliconangle.com or @dvellante. You can comment on our LinkedIn posts. This is Dave Vellante for the CUBEinsights powered by ETR. Thanks for watching. And we'll see you next time. (bright upbeat music)

>> From The Cube Studios in Palo Alto in Boston, bringing you data-driven insights from The Cube in ETR. This is "Breaking Analysis" with Dave Vellante >> The pandemic not only accelerated the shift to digital but it also highlighted a rush of cyber criminal sophistication, collaboration, and chaotic responses by virtually every major company in the planet. The SolarWinds hack exposed supply chain weaknesses and so-called island hopping techniques that are exceedingly difficult to detect. Moreover, the will and aggressiveness of well-organized cybercriminals has elevated to the point where incident responses are now met with counter attacks, designed to both punish and extract money from victims via ransomware and other criminal activities. The only upshot is the cybersecurity market remains one of the most enduring and attractive investment sectors for those that can figure out where the market is headed and which firms are best positioned to capitalize. Hello, everyone. And welcome to this week's Wikibon Cube Insights powered by ETR. In this "Breaking Analysis" we'll provide our quarterly update of the security industry, and share new survey data from ETR and the Cube community that will help you navigate through the maze of corporate cyber warfare. We'll also share our thoughts on the game of 3D chess that Okta CEO, Todd McKinnon, is playing against the market. Now, we all know this market is complicated, fragmented and fast moving. And this next chart says it all. It's an interactive graphic from Optiv, a Denver, Colorado-based SI that's focused on cybersecurity. They've done some really excellent research and put together this awesome taxonomy, and it mapped vendor names therein. And this helps users navigate the complex security landscape. And there are over a dozen major sectors, high-level sectors within the security taxonomy and nearly 60 subsectors. From monitoring, vulnerability assessment, identity, asset management, firewalls, automation, cloud, data center, sim, threat detection and intelligent endpoint network, and so on and so on and so on. But this is a terrific resource, and going to help you understand where players fit and help you connect the dots in the space. Now let's talk about what's going on in the market. The dynamics in this crazy mess of a landscape are really confusing sometimes. Now, since the beginning of cyber time, we've talked about the increasing sophistication of the adversary, and the back and forth escalation between good and evil. And unfortunately, this trend is unlikely to stop. Here's some data from Carbon Black's annual modern bank heist report. This is the fourth, and of course now, VMware's brand, highlights the Carbon Black study since the acquisition, and to catalyze the creation of VMware's cloud security division. Destructive malware attacks, according to the recent study are up 118% from last year. Now, one major takeaway from the report is that hackers aren't just conducting wire fraud, they are. 57% of the banks surveyed, saw an increase in wire fraud, but the cybercriminals are also targeting non-public information such as future trading strategies. This allows the bad guys to front-run large block trades and profit. It's become a very lucrative practice. Now the prevalence of so-called island hopping is up 38% from already elevated levels. This is where a virus enters a company supply chain via a partner, and then often connects with other stealthy malware downstream. These techniques are more common where the malware will actually self-form with other infected parts of the supply chain and create actions with different signatures, designed to identify and exfiltrate valuable information. It's a really complex problem. Of major concern is that 63% of banking respondents in the study reported that responses to incidents were then met with retaliation designed to intimidate, or initiate ransomware tax to extract a final pound of flesh from the victim. Notably, the study found that 75% of CISOs reported to the CIO, which many feel is not the right regime. The study called for a rethinking of the right cyber regime where the CISO has increased responsibility and a direct reporting line to the CEO, or perhaps the COO, with greater exposure to boards of directors. So, many thanks to VMware and Tom Kellerman specifically for sharing this information with us this past week. Great work by your team. Now, some of the themes that we've been talking about for several quarters are shown in the lower half of the chart. Cloud, of course is the big driver thanks to work-from-home and to the pandemic. And the interesting corollary of course, is we see a rapid rethinking of end point and identity access management, and the concept of zero trust. In a recent ESG survey, two thirds of respondents said that their use of cloud computing necessitated a change in how they approach identity access management. Now, as shown in the chart from Optiv, the market remains highly fragmented, and M&A is of course, way up. Now, based on our research, it looks like transaction volume has increased more than 40% just in the last five months. So let's dig into the M&A, the merger and acquisition trends for just a moment. We took a five-month snapshot and we were able to count about 80 deals that were completed in that timeframe. Those transactions represented more than $20 billion in value. Some of the larger ones are highlighted here. The biggest of course, being the Thoma Bravo, taking Proofpoint private for a $12 plus billion price tag. The stock went from the low 130s and is trading in the low 170s based on the $176 per share offer. So there's your arbitrage, folks. Go for it. Perhaps the more interesting acquisition was Auth0 by Optiv for 6.5 billion, which we're going to talk about more in a moment. There was more private equity action we saw as Insight bought Armis, an IOT security play, and Cisco shelled out $730 million for IMImobile, which is more of an adjacency to cyber, but it's going to go under Cisco security and applications business run by Jeetu Patel. But these are just the tip of the iceberg. Some of the themes that we see connecting the dots of these acquisitions are first, SIs like Accenture, Atos and Wipro are making moves in cyber to go local. They're buying SecOps expertise, as I say, locally in places like France, Germany, Netherlands, Canada, and Australia, that last mile, that belly to belly intimate service. Israeli-based startups chocked up five acquired companies in the space over the last five months. Also financial services firms are getting into the act with Goldman and MasterCard making moves to own its own part of the stack themselves to combat things like fraud and identity theft. And then finally, numerous moves to expand markets. Okta with Auth0, CrowdStrike buying a log management company, Palo Alto, picking up dev ops expertise, Rapid7 shoring up it's Coobernetti's chops, Tenable expanding beyond Insights and going after identity, interesting. Fortinet filling gaps in a multi-cloud offering. SailPoint extending to governance risk and compliance, GRC. Zscaler picked up an Israeli firm to fill gaps in access control. And then VMware buying Mesh7 to secure modern app development and distribution service. So tons and tons of activity here. Okay, so let's look at some of the ETR data to put the cyber market in context. ETR uses the concept of market share, it's one of the key metrics which is a measure of pervasiveness in the dataset. So for each sector, it calculates the number of respondents for that sector divided by the total to get a sense for how prominent the sector is within the CIO and IT buyer communities. Okay, this chart shows the full ETR sector taxonomy with security highlighted across three survey periods; April last year, January this year, and April this year. Now you wouldn't expect big moves in market share over time. So it's relatively stable by sector, but the big takeaway comes from observing which sectors are most prominent. So you see that red line, that dotted line imposed at the 60% level? You can see there are only six sectors above that line and cyber security is one of them. Okay, so we know that security is important in a large market. But this puts it in the context of the other sectors. However, we know from previous breaking analysis episodes that despite the importance of cyber, and the urgency catalyzed by the pandemic, budgets unfortunately are not unlimited, and spending is bounded. It's not an open checkbook for CSOs as shown in this chart. This is a two-dimensional graphic showing market share in the horizontal axis, or pervasiveness in net score in the vertical axis. Net score is ETR's measurement of spending velocity. And we've superimposed a red line at 40% because anything over 40%, we consider extremely elevated. We've filtered and limited the number of sectors to simplify the graphic. And you can see, in the sectors that we've highlighted, only the big four are above that 40% line; AI, containers, RPA, and cloud. They exceed that sort of 40% magic waterline. Information security, you can see that as highlighted and it's respectable, but it competes for budget with other important sectors. So this is of course creates challenges for organization, because not only are they strapped for talent as we've reported, they like everyone else in IT face ongoing budget pressures. Research firm, Cybersecurity Ventures estimates that in 2021, $6 trillion worldwide will be lost on cyber crime. Conversely, research firm, Cannolis peg security spending somewhere around $60 billion annually. IDC has at higher, around $100 billion. So either way, we're talking about spending between 1 to 1.6% annually of how much the bad guys are taking out. That's peanuts really when you consider the consequences. So let's double-click into the cyber landscape a bit and further look at some of the companies. Here's that same X/Y graphic with the companies ETR captures from respondents in the cybersecurity sector. That's what's shown on the chart here. Now, the usefulness of the red lines is 20% on the horizontal indicates the largest presence in the survey, and the magic 40% line that we talked about earlier shows those firms with the most elevated momentum. Only Microsoft and Palo Alto exceed both high watermarks. Of course, Splunk and Cisco are prominent horizontally. And there are numerous companies to the left of the 20% line and many above that 40% high watermark on the vertical axis. Now in the bottom left quadrant, that includes many of the legacy names that have been around for a long time. And there are dozens of companies that show spending momentum on their platforms, i.e above single digits. So that picture is like the first one we showed you, very, very crowded space. But so let's filter it a bit and only include companies in the ETR survey that had at least 100 responses. So an N of 100 or greater. So it was a little easier to read but still it's kind of crowded when you think about it. Okay, so same graphic, and we've superimposed the data that determined the plot position over in the bottom right there. So there's net score and shared in, including only companies with more than 100 N. So what does this data tell us about the market? Well, Microsoft is dominant as always, it seems in all dimensions but let's focus on that red line for a moment. Some of the names that we've highlighted over the past two years show very well here. First, I want to talk about Palo Alto Networks. Pre-COVID as you might recall, we highlighted the valuation divergence between Palo Alto and Fortinet. And we said Fortinet was executing better on its cloud strategy, and Palo Alto was at the time struggling with the transition especially with its go-to-market and its Salesforce compensation, and really refreshing its portfolio. But we told you that we were bullish on Palo Alto Networks at the time because of its track record, and the fact that CIOs consistently told us that they saw Palo Alto as a thought leader in the space that they wanted to work with. They said that Palo Alto was the gold standard, the best, especially larger company CISOs. So that gave us confidence that Palo Alto, a very well-run company was going to get its act together and perform better. And Palo Alto has just done just that. As we expected, they've done very well and rapidly moving customers to the next generation of platforms. And we're very impressed by the company's execution. And the stock has generally reflected that. Now, some other names that hit our radar in the ETR data a couple of years ago, continue to perform well. CrowdStrike, Zscaler, SailPoint, and CloudFlare. Now, CloudFlare just reported and beat earnings but was off, the stock fell on headwinds for tech overall, the big rotation. But the company is doing very well and they're growing rapidly and they have momentum as you can see from the ETR data. Now, we put that double star around Proofpoint to highlight that it was worthy of fetching $12.5 billion from private equity firm. So nice exit there, supporting the continued consolidation trend that we've predicted in cybersecurity. Now let's turn our attention to Okta and Auth0. This is where it gets interesting, and is a clever play for Okta we think, and we want to drill into it a bit. Okta is acquiring Auth0 for big money. Why? Well, we think Todd McKinnon, Okta CEO, wants to run the table on identity and then continue to expand as TAM has to do that, to justify his lofty valuation. So Okta's ascendancy around identity and single sign-on is notable. The fragmented pictures that we've shown you, they scream out for simplification and trust, and that's what Okta brings. But it competes with some major players, most notably Microsoft with active directory. So look, of course, Microsoft is going to dominate in its massive customer base, but the rest of the market, that's like (indistinct) wide open. And we think McKinnon saw the opportunity to go dominate that sector. Now Okta comes at this from an enterprise perspective bringing top-down trust to the equation, and throwing a big blanket over all the discreet SaaS platforms and unifying employee access. Okta's timing was perfect. It was founded in 2009, just as the massive SaaSifiation trend was happening around CRM and HR, and service management and cloud, et cetera. But the one thing that Okta didn't have that Auth0 does is serious developer chops. While Okta was crushing it with its enterprise sales strategy, Auth0 was laser-focused on developers and building a bottoms up approach to identity. By acquiring Auth0, Okta can dominate both sides of the barbell and then capture the fat middle. So yes, it's a pricey acquisition, but in our view, it's a great move by McKinnon. Now, I don't know McKinnon personally, but last week I spoke to Arun Shrestha, who's the CEO of security specialist, BeyondID, they're a platinum services partner of Okta. And they're a zero trust expert. He worked for Okta for a number of years and shared with me a bit about McKinnon's style, and think big approach. Arun said something that caught my attention. He said, firewalls used to be the perimeter, now people are. And while that's self-serving to Okta and probably BeyondID, it's true. People, apps and data are the new perimeter, and they're not in one location. And that's the point. Now, unfortunately, I had lined up an interview with Diya Jolly, who was the chief product officer at Okta and a Cube alum for this past week, knowing that we were running this segment in this episode but she unfortunately fell ill the day of our interview and had to cancel. But I want to follow up with her, and understand how she's thinking about connecting the dots with Auth0 with devs and enterprises and really test our thesis there. This is a really interesting chess match that's going on. Let's look a little deeper into that identity space. This chart here shows some of the major identity players. It has some of the leaders in the identity market, and is a breakdown at ETR's net score. Now net score comprises five elements. The lime green is, we're adding the platform new. The forest green is we're spending 6% or more relative to last year. The gray is flat send plus or minus flat spend, plus or minus 5%. The pinkish is spending less. And the bright red is we're exiting the platform, retiring. Now you subtract the red from the green, and that gets you the result for net score which you can see super-imposed on the right hand chart at the bottom, that first column there. The far column is shared in which informs and indicates the number of responses and is a proxy for presence in the market. Oh, look at the top two players in terms of spending momentum. Now SailPoint is right there, but Auth0 combined with Okta's distribution channel will extend Okta's lead significantly in our view. And then there's Microsoft. Now just a caveat, this includes all of Microsoft's security offerings, not just identity, but it's there for context. And CyberArk as well includes this acquisition of adaptive, but also other parts of CyberArk's portfolio. So you can see some of the other names that are there, many of which you'll find in the Gartner magic quadrant for identity. And as we said, we really like this move by Okta. It combines positive market forces with lead offerings from very well-run companies that have winning DNA and passionate people. Now, to further emphasize what's happening here, take a look at this. This chart shows ETR data for Okta within SailPoint and CyberArk accounts. Out of the 230 CyberArk and SailPoint customers in the dataset, there are 81 Okta accounts. That's a 35% overlap. And the good news for Okta is that within that base of SailPoint and CyberArk accounts, Okta is shown by the net score line, that green line has a very elevated spending in momentum. And the kicker is, if you read the fine print in the right hand column, ETR correctly points out that while SailPoint and CyberArk have long been partners with Okta, at the recent Octane21 event, Okta's big customer event, The company announced that it was expanding into privileged access management, PAM, and identity governance. Hello, and welcome to co-opetition in the 2020s. Now, our current thinking is that this bodes very well for Okta and CyberArk and SailPoint. Well, they're going to have to make some counter moves to fend off the onslaught that is coming. Now, let's wrap up with what has become a tradition in our quarterly security updates. Looking at those two dimensions of net score and market share, we're going to see which companies crack the top 10 for both measures within the ETR dataset. We do this every quarter. So here in the left, we have the top 20, sorted by net score spending momentum and on the right, we sort by shared N. So it's again, top 20, which informs, shared N informs the market share metric or presence in the dataset. That red horizontal lines, those two lines on each separate the top 10 from the remaining 10 within those top 20. And our method, what we do is we assign four stars to those companies that crack the top 10 for both metrics. So again, you see Microsoft, Palo Alto Networks, Okta, CrowdStrike, and Fortinet. Fortinet by the way, didn't make it last quarter. They've kind of been in and out and on the bubble, but company is very strong, and doing quite well. Only the other four did last quarter. They were the same for last quarter. And we give two stars to those companies that make it in both categories within the top 20 but didn't make the top 10. So Cisco, Splunk, which has been steadily decelerating from a spending momentum standpoint, and Zscaler, which is just on the cusp. We really like Zscaler and the company has great momentum, but that's the methodology. That is what it is. Now you can see, we kept Carbon Black on the right most chart, it's like kind of cut off, it's number 21. Only because they're just outside looking in on net score. You see them there, they're just below on net score, number 11. And VMware's presence in the market we think, that Carbon Black is right really worth paying attention to. Okay, so we're going to close with some summary and final thoughts. Last quarter, we did a deeper dive on the SolarWinds hack, and we think the ramifications are significant. It has set the stage for a new era of escalation and adversary sophistication. Now, major change we see is a heightened awareness that when you find intruders, you'd better think very carefully about your next moves. When someone breaks into your house, if the dog barks, or if you come down with a baseball bat or other weapon, you might think the intruder is going to flee. But if the criminal badly wants what you have in your house and it's valuable enough, you might find yourself in a bloody knife fight or worse. Well, what's happening is intruders come to your company via island hopping or insider subterfuge or whatever method. And they'll live off the land stealthily using your own tools against you so that you can't find them so easily. So instead of injecting new tools in that send off an alert, they just use what you already have there. That's what's called living off the land. They'll steal sensitive data, for example, positive COVID test results when that was really, really sensitive, obviously still is, or other medical data. And when you retaliate, they will double-extort you. They'll encrypt your data and hold it for ransom, and at the same time threaten to release the sensitive information, crushing your brand in the process. So your response must be as stealthy as their intrusion, as you marshal your resources and devise an attack plan. And you face serious headwinds. Not only is this a complicated situation, there's your ongoing and acute talent shortage that you tell us about all the time. Many companies are mired in technical debt, that's an additional challenge. And then you've got to balance the running of the business while actually effecting a digital transformation. That's very, very difficult, and it's risky because the more digital you become, the more exposed you are. So this idea of zero trust, people used to call it a buzzword, it's now a mandate along with automation. Because you just can't throw labor at the problem. This is all good news for investors as cyber remains a market that's ripe for valuation increases and M&A activity, especially if you know where to look. Hopefully we've helped you squint through the maze a little bit. Okay, that's it for now. Thanks to the community for your comments and insights. Remember I publish each week on wikibon.com and siliconangle.com. These episodes, they're all available as podcasts. All you got to do is search breaking analysis podcasts, put in the headphones, listen when you're in your car, or out for your walk or run, and you can always connect on Twitter @DVellante, or email me at david.vellante@siliconangle.com. I appreciate the comments on LinkedIn and in Clubhouse, please follow me, so you're notified when we start a room and riff on these topics and others. And don't forget to check out etr.plus for all the survey data. This is Dave Vellante for The Cube Insights powered by ETR. Be well, and we'll see you next time. (light instrumental music)

>>Fly from San Francisco. It's the cube covering RSA conference, 2020 San Francisco brought to you by Silicon angle media >>and welcome back. You're ready Jeffrey here with the cube. We are a day four here at the RSA conference in Moscone Thursday. We've been going all day Monday, Tuesday, Wednesday, Thursday. It's a huge conference over 40,000 people, you know, kind of the first big us conference after the mobile world Congress thing with a coronavirus. So we were all kind of curious to see how it would work out. There was some companies that pulled out but you know Rohit and the team stayed the course, they got the support they needed from the city and it's turned out to be quite a show. So I'm sure there's a lot of people all over the industry kind of watching this as an indicator of how do you execute a conference and these kinds of crazy times. So we're excited for our next guest. He's Andy Smith, the senior vice president of marketing for Centrify. >>Andy, great to see you. Good to be here, Jeff. Doing great. So you said you've been coming to this show for a while, you're a seasoned veteran of the industry. First off kind of general impressions of this show versus versus other kinds of RSAs you've been doing in the past. It's super interesting to watch. It ebbs and flows of the security industry, right? I mean I've been 15 years over the past 25 I've been at this show and you've seen it be big and then shrink down, you know, to one hall and then the two halls again. I mean what's interesting the last couple of years is it's, it's big again, like security is hot. We know budgets are going up, a breach, cultures out there. And so, you know, the IC, the RSA show is a reflection of what's happening with the industry when you look at the size and number of attendees. >>Right. The other kind of theme this year was the human centric, uh, boat. And we had row head guy on just a little bit earlier in his keynote. I thought it was really interesting. It was not about security per se. It was not about threats and detection. It was really about stories and narratives and peoples and kind of taking that back as an industry. I wonder, you know, kinda your impression as this kind of human centric theme as we're surrounded by tech tech and more tech. It is, if you think about human centric, it's a, it's a big piece of your, your security strategy, right? I mean, uh, what, there was just this morning, uh, one of the sharks got fished, right? Lost $400,000. One of the, yeah. And so, uh, you know, educating people about looking out for fishing attacks, right? Uh, uh, looking at insiders who are one of our biggest threats and you know, they're, they're a huge piece of this is not technology at all. >>Right? I thought Wendy's keynote was great too from Cisco. Talking about everything we do on computers is about clicking. And yet we tell people, you know, click the download the patch, but don't click on anything else. And really, you know, kind of taken an approach that people need to be part of the solution. They're not these horrible people that keep clicking on the wrong things, but you really need to integrate them into your strategy. Yeah, absolutely. I mean, it's about educating your workforce. It's about educating consumers, right? Whether you're talking B to C security or whether you're talking to me to be that human element and educating to be diligent right to you, you got to know a little bit about how to look for something that might be suspicious and know what is, what you should be clicking on, what you shouldn't. There's, there's not a lot of technology that can solve that for you. >>It's getting out and, and, and making sure people are educated. And unfortunately, the bad guys have been working hard on their grammar and, uh, and doing all the AI on the background. So, you know, it's not, a lot of things today are not easily identifiable like they used to. They've gotten, that's no longer really kind of a baseline, a hope not to click that thing. They've gotten way better. Right? So rather than these attacks that are spray and pray, they're going after, you know, just going after anybody. They can, they're targeted now. Right? So spear fishing, right. And uh, and so specific individuals. And that's why one of the things that, that is a little bit coming up at this show and something that we talk about is identity centric security. So that you've got a tie, that kind of human element to your security. >>You know, there's network centric, but getting identity centric and tying that human element to your security aspect, making sure the security, the identity technologies and the security technologies are working together. That is brings that human element into your own security strategy. And when you, when you talk about identity, how should people be thinking about identity? Because clearly we see the kind of the rise in multi-factor now, right? We have to do, we have to go to the, our phones all the time with the code. Now we're hearing people, you know, can spoof identity, they can Smoove faces. I guess identity is not a face, but you know, some of these indicators of identity. So when you help people think about identity, what are some of the factors they should think about? What are the things they don't but they should be thinking about? Yeah, yeah. >>I mean some of the things that we talked a lot about is multifactor authentication. So although yes, right, real sophisticated people can have ways of getting around that, but most attackers and hackers are lazy, right? They're going to go for somebody who's got no multi-factor in place, like even doing the basics is way better than doing nothing. I mean, the statistics bear out that you do a little something right? And then you can always step it up and get more sophisticated where you've got tokens that you have to put your finger on, right? And you know, you can get smart cards and all those kinds of things. You can get much more sophisticated, but multi-factor in general works. I mean, you're just going to take it a far bit above. But what's interesting about identity, because we always think of humans, right? But when we talk identity, where this market is going is identity is machines. >>You have to give a machine an identity, you have to give a service account, an identity, you have to give a microservice identity. And these more and more, this is just completely automated world. This isn't humans logging into things anymore. This is microservices talking to each other. Each of those needs an identity needs an authorization cause they have accounts that can be hacked also. Right? So the you need protect those just as much as needed to protect those human accounts. It's funny cause we, we cover a lot of RPA shows, right? And the whole talk of, of of people that do RPA, right, is that they're, they're, they treat them as people, right? They treat them as kind of like your little assistance, your own little bot to do little tasks that you assigned them to do. So treating them with kind of an identity protocol. >>Then that gives all the authorizations and you kind of leverage all that back end is the way to integrate them into the workforce. Absolutely. It's all about access controls, authentication, authorization. Those are the controls that have been there forever. You're supplying these two new types of identities and you know, the, we're in the privileged access management space, so it used to always be a windows admin or a Unix Linux admin logging into a physical box, right? And so it was about protecting those accounts. But more and more it's about giving a machine and identity and a microservice and identity and how are those things talking to each other? We're protecting, that's all completely automated with dev ops. You think about if I have a, as I moved to the cloud, I want to be able to scale out dynamically, right? Uh, horizontally, vertically. So all of a sudden new servers, virtual servers or containers just popping up automatically. >>You have to be able to control the access to all those automatically, dynamically on the spot, and then they shrink back down. You need to get rid of all that, right? So the automation that's come into our space, although the same, I'm still trying to do authentication, authorization, same type of privilege access controls we've been doing for 30 years, but how they're applied in this new world is much different right now. What about then you layer you layer on top of that zero trust, so I definitely want to identify, but I have zero trust and I'm presuming at some point in time you might end up either being a bad guy or some bad guy's going to come in via your credential. How does the zero trust piece fit on top of the identity kind of management? It's really why we're talking about identity centric security now is because you can't, you, you have to assume somebody on your network. >>You can't trust all those perimeter controls that are there. The reality is they're going to get in and so that identity centric security starts at that access layer and not not trusting just because you got onto the network that, Oh, sure, here you go. You can, you can do whatever you want. That's where zero trust comes in. I don't, every time I want to get access to a piece of data or a system, et cetera, I need to do that F indication that authorization apply, that multi-factor. Those are all identity centric controls that result in this, this journey towards the zero trust world. It's, it's funny, uh, I've sat down with Mike and Caesar, uh, for scout and you know, he talks about when they do the little sniff on all the little devices that are plugged into the networks and it's usually multiples back of what people think are on the network, especially remote location. >>People are plugging stuff in. But then too, you know, like you said in the machine, identify, you know, what should a logic cam do and how should it act. And as soon as it starts acting and asking for things in accounts payable, maybe that's not necessarily what a lot to take camera wants do or should be doing. Yeah. Yeah. And so first there's like knowing what that device is giving you an identity so he know what it is, know what it should be doing. It has a role, it has specific access and authorization rights that are granted to it. So the logic camera, if I know what that camera is, you have an identity. I know what it's supposed to be doing. I should be able to restrict the access it has to just what it needs to do. Right. Rather than it's got root account to do whatever or some God account to create, you know, like those are the kinds of controls we have in place. >>And it's just logical identity management controls that have been there forever. But you're a, once you can identify those devices connected, you can, you can give them those, you know, limited. There's talk about least privilege, right? That's again, a 30 year old control, but giving at least privilege on just what it should do and nothing more. And do you see in the future just more and more kind of multifactor, uh, validation points that we'll have to get added to the, to the process as we move from single factor to factor, however many factors is going to take? For sure. Yeah. I mean, so the multi-factor, cause there's one thing are you authenticate yourself at the front door, right? So that's what most authentication is, but there's this concept of continuous authentication. You're the trust in that, uh, that initial authentication degrades as your session goes on. >>Right? So the longer I've had a session open, you know, is that still that same person or that same service that is clicking away at the keyboard there? There's cool stuff, wrong continuous authentication where there they can tell it's still the same person based on the cadence. They click on the keyboard, other biometric methods, the swiping I do on my phone and stuff like that. So there's ways to have continuous concepts now called continuous authentication. Right? And so I absolutely see that those behavior based, uh, types of, uh, of authentication. You're going out through a user's entire session. So I want to shift gears a little bit. One of the things that amazes me about this show, and I don't know when it was small, but it's been big ever since I've been coming. It's right, there's so many vendors here, there's so many companies in this and there's so many kinds of stories that a lot of really enthusiastic people work in booths that are screaming at you to come over and tell you all the great things they do. >>From a marketing point of view, you're, you're the SVP marketing. How do you, you know, kind of package your messaging, how do you kind of break through the clutter? What advice do you give to, to buyers, um, to help them kind of navigate what is a, a very large, loud and complex system? Yeah, it's a, it's a complex battle, right? So you have to be able to, because there are so many different technologies here, uh, in, in the security arena, uh, we're all fighting for the same share of wallet in a sense. Right? And so first you have to identify yourself with something people recognize a market that people recognize like identity, privilege, access management, endpoint security, you know, et cetera. But then you have to differentiate yourself within that market, right? So you've got to add something to the market space I'm in to that gives a little twist. >>So for us, it's identity centric, privilege access management and that, you know, we suppose that against Balt centric or you know, something else that we've tried to put the other bets. So you try to, in your message, you got to categorize what's the space I'm in and how do I differentiate? And in something as short and brand-able as possible. And then you got to have this kind of ongoing solutions, partnership relationship with, with your clients, right? Because this is not something you're going to be switching things out that frequently and, and, and, and the landscape and the threats evolve and change so rapidly. I think we've had a number of people come on to publish this report or that report, his report, he's come out every six months and there's actually the online version so he can keep up with what happened today or what happens tomorrow. >>So not an easy, uh, not an easy kind of marketing challenge to stay relevant, stay connected and state stay really in people's mind. Well, and you know, there's, there's awareness aspects to it and it is really just what really helps is you just create as many happy customers as you can. Right? I mean, you're amazed at the how connected this industry actually is. I mean, the attendees that are coming to this conference, they know each other. They've been coming here from here. It's just like we have. Right, right. And a word of mouth between people who have used your technology, they share that with something else. I mean the security industry as big as it is, it's, it's super interconnected. One person goes from one company to the other and so tons of business just comes from word of mouth, referral, etc. So the happier you can keep your customers, the more uh, you know, mind share. >>You can get up there. Okay. Last question before I let you go. We just like to say we just had row hit on one of the topics was they just got bought by a symphony. I think it's symphony, a private equity firm. Um, we met the other night at a, at a cocktail party put on by Tom Thoma Bravo and you were at Centrify before they came in. And after, you know, I think some people are kind of confused, you know, what is private equity, how does it impact the company? So wonder if you can kind of share, you know, how that transition has come along and you know, kind of give us an update on what's going on at Centrify and where you guys are going next. Yeah, so we were acquired about a year and a half ago now, uh, by private equity and you know, they basically, they take later stage companies and uh, help them get, uh, profitable, uh, they increased value and then they look for going, taking that company IPO or selling it off, et cetera. >>Right? But it's really about looking for opportunities, uh, in existing market with larger companies, the venture capitalists will go after smaller, much larger risks. These are bigger dollar amounts, right? Larger companies. But then they, they look about how to optimize. They're very sophisticated on how to run a B to B business. Tama Bravo happens to have a huge investment in security and it comes like eight or 10 companies there the other night. Yeah. So they, they realize that this is a hot space right now. So they've, if they can take a company and create value that they realize that there's more stuff popping up. There's probably money being invested in. And one of the things that, but not all private equities created equal. Yes, they are about all about kind of optimizing, increasing value. But what we really found with Tom or Bravo is they're interested in investing in that company, looking at other folds and acquisitions, et cetera. >>And that's a part of a strategy for me as a, as a manager and an I'm part of the executive team. When you're backed, they don't have the money to go after acquisitions. Uh, like that they, you know, they make these smaller investments. We're talking about Bravo actually does have the capital to look at other things that can be immediately accretive and add to your value. And that's a, a real part of our strategy now that didn't exist before we were owned by PE. I think they spun out a whole nother, another company out of what your technology say. Correct. Exactly. So one of the unique things about our particular acquisition is Centrify was both a privileged access management. And a identity as a service. And I Daz a company and they looked at what we were doing and they said, geez, you're really selling to two different markets and it's two different sales cycles and two different business models. >>We could actually create more value if we split these up and each of you focused on your individual markets. And so that there's a, there's an MQ and a market segment and a wave for IDASS and there's an MQ and a wave, you know, et cetera for Pam. But there's not anything that does both. And that's what Centrify was. So they actually, we, we completely divested of our IDASS capabilities spun off in an entirely separate company called adaptive. And so over the last year, that's was a lot of the work that was going on. It was, was splitting this company, uh, uh, into two. But it really provided us a much more focused to go after the market that we were going after. Well, they wouldn't come in if they didn't see some opportunity to, uh, to pull some more value out that wasn't really being unlocked. Absolutely. Right. Andy, we'll thank for taking a few minutes and uh, and great to catch up and best you for the rest of the show. Awesome. Thanks a lot, Jay. He's Andy. I'm Jeff. You're watching the cube where? At the RSA show in San Francisco. Thanks for watching. We'll see you next time.

>>From Miami beach, Florida. It's the cube covering a Cronus global cyber summit 2019. Brought to you by Acronis. >>So Ron, welcome back to the keeps coverage of kronas cyber global cyber summit 2019. I'm John furrier here in Miami beach. Our next guest is Pat Hurley, vice president, general manager of the Americas in sales and customer relationships. Get Debbie Juan. Hey, thanks for having me. Welcome to Miami beach. Lovely place to have an event. So I hear ya. You got a lot of competition going on between the U S America's in the AMIA teens and it's very competitive group. >> The European team is very confident. I think we'll show them tomorrow what we're made of. We've been recruited very hard for some players that are Latin American. I think we'll show them a finger too. You've got a big soccer story there. We do. Yeah. We've, uh, we've got a few sports partnerships that we have across the globe. Uh, some of the first partnerships we had were actually within formula one. >>And we really try to correlate the story of the importance of, uh, data protection and cyber protection in the sporting industry because a lot of people don't think about the amount of data that's actually being generated in the space. A formula one car generates between, you know, two and three terabyte through three gigabytes of data on every lap, tons of telemetry devices that are kicked, collecting information from the car, from the road service, from the, the general environment. They're taking that data and then sending it back to the headquarter, analyzing it and making very small improvements to the car to make sure that they can qualify faster, run a faster lap, make the right type of angle into a turn, uh, which can really differentiate them from being, you know, first, second, third, 10th in a qualifying session. On the soccer side. We do have some partnerships with uh, arsenal, Manchester city, inter Milan, and we just signed a partnership as well with Liverpool. >>So we are very popping in that space here in the U S we have some other sports that we're big fans of. I'm personally a big Boston red Sox fan, being a Boston native and we do have a sports partnership with the red Sox, which has been an unbelievable partnership with them. And learning more about the use cases that they solve and using our technology has been really cool. >> You know, Patty, you bring up the sports thing and we were kidding before we on camera around the trading, you know how people do sports deals and they trade, you know, merchandise for consumer benefit or customer benefits. But really what is happening is sports teams encapsulate really the digital transformation in a nutshell because most sports franchises are, have been traditionally behind. But now with the consumerization of it and digital can go back to 2007 since the mobile phone. >>Really, I mean it's iPhone. Yeah. Since that time, sports and capsulates every aspect of it, consumer business fan experience. And it really has every, every, almost every element of what we see now as a global IOT problem opportunity. So it really encapsulates the use case of an integrated and and needed solution. Oh yeah, absolutely. I mean, if you think about the amount of data that's, that's out there today and the fast way that it's growing, you know, the explosion of, uh, of data in the, in the world today, sports have different unique challenges. So obviously they have large fan bases that need to be able to access the data and understand what's going on with their favorite sports teams. Um, for us it's really, you know, these technology partnerships that we have with these guys, it runs through all these different areas of, you know, in many cases we didn't really understand that they were using it for. >>So, you know, the red Sox for example, they've got Fenway park and iconic stadium, you know, the Mecca of baseball. If you haven't been there yet, I suggest all your viewers that they go and check it out, give me a call, we'll try and get you set up there. But, um, you know, the, the, the experience that the fans have there is all around their data experienced there. Right? And it's not just baseball games. It could be hockey games that Fenway park, it could be a concert that they're having. A phone buys a lot of different events. These stadiums are open year round and the ability to move, share access, protect the data in that stadium is really important to how they're functioning as an organization. We talked to their I-Team quite regularly about how they're using our solutions. They're talking about uh, different aspects of artificial intelligence, different ways they can use our products and machine learning. >>Obviously with the new solutions that we have in the market today around cybersecurity or helping them to address other challenges that they face. Um, as an organization, these are realtime challenges in their physical locations, national security issues, terrorist attacks could happen. There are venues, there are public gathering places too. Absolutely. We announced our partnership with them back in may and I was shocked to hear them on the main stage announcing that they had this great partnership with the Kronos was talking about their unique cyber security needs. They started talking about drone technology and I'm thinking, all right, a drone flies in the stadium. Maybe at breaks and it falls on a player and we're paying $20 million for one of these pitchers to be out there on the Hill or an interest, a fan or maybe they're collecting some video data to then share it out. >>And that's red Sox IP. No, they're talking about cybersecurity threats in the sense that a drone, a remotely controlled device could come in and lightened incendiary device in the, in the stadium and that to them as a real security server. And that's frontline for the it guys. That's what keeps them up at night. Yeah. And that's really an attack take time. Oh yeah, absolutely. What are the use cases that are coming out of some of your customers, cause you guys have a unique integrated solution with a platform as an end to end component too. You have a holistic view on data, which is interesting and unique. People are kind of figuring this out, but you guys are ahead of the game. What are some of the use cases that you've seen in the field with customers that highlight the benefits of taking a holistic view of the data? >>Yeah, absolutely. So we look at it as kind of backups dead, right? We have, we've combined the old world of backup and disaster recovery with the new world of cybersecurity and we combine that to a term we're calling cyber protection because it really requires an end to end solution and a lot of different things need to be working properly to prevent these attacks from happening. Uh, you need to be very proactive in how you're going about that. We address it with what we call 'em, the Kronos cyber platform. And what this is, is a unique, multi-tiered multi-tenant offering that's designed specifically for service providers. We have just under 6,000 servers, providers actively selling our cyber protection solutions today and they use this for are for a multiple different aspects. And usually the beachhead has something like backup. Every company needs backup. It's more of a commodity type solutions, a lot of different players in the game out there, but they take it a step further, use that same backup technology to then do disaster recovery. >>They can do files, they can share, they can do monitoring. We have notary solutions based on blockchain technologies. Now, this whole suite of cybersecurity solutions, all of this is with a single pane of glass, one platform that of a service provider can go in and work with their customers and make sure that their data is protected, make sure that their physical machines are virtual machines, they're PCs, their Macs are all protected, that data's protected, it's secure, but it's also accessible, which is an important part of you can take your data wrapping a nice bow buried a hundred feet underground, but then you can't use it, right? So you want to be able to make sure that you can actually, uh, leverage the technology there. Um, we've seen explosive growth, especially in, in my market. I think the numbers are pretty crazy. It's something like 90% of the market today in the U S has served in some capacity by a service provider. >>And this could be a small to medium size business that's served by local service fire to those really big guys that are out there. Let's on with how large your target audience, you mentioned search probably multiple times when you're out selling your target persona, your target audience, and you're trying to reach into, so we touch, everybody know, you equate it to kind of what we do with the red Sox, right? You walk into that city and the 38,000 people that, well, some of those people are just, you know, regular Joe's, right? They, they go to work every day. They have a computer at home, they have a mobile device. They probably have multiple mobile devices. We protect that for them. We call them a consumer. Slash. Prosumers. We work at a lot of very large retail organizations. If you walk into some of those shops today, you'll be able to see our software on a shelf there. >>You work with one of those tech squads where they're starting to attach services to it and you get more of a complete offering there. We then scale up a little bit further to some OEM providers. You work with companies like Honeywell and Emerson that are manufacturing devices that embed our software on there. They white label it and deliver it out. These are connected devices. You think about the, you know the, the explosion of IOT devices in the market today. We're protecting that stuff as well. We work with very large enterprises, so some of the, the major players that you see in the manufacturing space are standing up standardizing on Acronis process control process automation vendors are using our Chronis and we can deliver the solution because of the way it's so flexible in a very consumable way for them. Those enterprises can actually act as a service provider for their employees so we can actually take our technology, deploy the layer in their infrastructure where they have complete control. >>They might not want to be in an Uber cloud, they might not want to work with Chrome OS data center. They want to have and hold that data. They want to make sure it's on site. We enable that type of functionality and then the fastest growing area for us is what I hit on earlier within the service provider community. We're recruiting hundreds of service providers every quarter. We've got some great partners here. Give you an example of a service provider. You mentioned the red size, I'm assuming is that a vendor that might be working within that organization, but still it sounds like that's a supplier to the red Sox. How, how broad is that definition? It gives us many points. Yeah, it's a really good point. So we work with hosting providers. Look, can be regional hosting providers to multinational hosting providers. Some of the very big names that you've, you're probably familiar with. >>We work with, uh, we work with, uh, telco providers who work with ISV providers or sorry, ISP providers, um, kind of regional telco providers that provide a myriad of different services all the way down to your kind of local mom and pop type service providers where you've got a small business, maybe they've got 30 to 50 employees, they're servicing probably 200 to 300 customers and they want to provide a very secure, safe, easy to use complete solution to their customers. Uh, those could be focused on certain verticals so they could be focused on healthcare, financial services, construction, et cetera. Um, we have some that are very niche within like dental services or chiropractice offices, small regional doctor's offices. Uh, and the, the beauty of that, and I was getting the partners earlier, is we have partnerships with companies like ConnectWise where those are tools that service providers are using on a very daily basis. >>So essentially the platform gives you that range and that's the typical typical platform. So you have that broad horizontally scalable capability and the domain expertise either be what solution from you guys or can ISV or someone within your ecosystem is that they get that. Right? Absolutely. And that's what really differentiates us is our ability to integrate into that plat, into our platform, into their platform and make those connections. So you don't need to learn 12, 14, 15 different technologies. You've got a small suite of offerings in a single pane of glass, very easy to use, very intuitive. Um, the integrations that we have with these partners like ConnectWise, like Ingram micro, really differentiate us because what they do is they provide open API capabilities. They provide software development kits where these partners can go ahead and build it the way they want to sell it. >>You know, it's interesting when the cloud came out and as on premise has changed to a much more agile dev ops kind of mindset that forced it to think like a service provider. I think like an operating system, it's an operating environment basically. So that service provides an interesting angle and I want to get your thoughts on this because I think this is where you guys have such a unique opportunity to just integrate solution because you could get into anything and you got ISV to back that up. So I guess the question I would have is for that enterprise that's out there that's looking to refactor and replatform their entire operation, or it could be a large enterprise, it has a huge IOT opportunity or challenge or a service provider is looking at having a solution. What's the pitch that you would give me if I'm the one of those customers? >>Say, Hey Pat, what's the pitch? So you need a, you need a trusted provider that's been in the business for a number of years that understands the data protection and security markets that Kronos has that brand. We've been doing this for about 16 years. We were founded in Singapore, we're headquartered out of Switzerland and we've got a lot of really smart guys in the back room. Was building good technologies that our partners were able to use. Um, we look at it a lot of different ways. I mentioned our go to market across a lot of different verticals and a lot of different um, kind of routes for those. The way we deliver our solution. It provides the flexibility for an enterprise to a classic reseller to um, you know, a VAR or a service, right? It's delivering services. It can be delivered to those guys how they want to consume it. >>So as an example, we may work with a smaller service provider that doesn't have any colo capabilities. We provide data centers so they could have a very quick turnkey solution, allows them to get up and running with their business, selling backup within minutes to their customers. We can also work with very large enterprises where we can deliver the complete platform to them and then they have complete control over it. We sprinkle in some professional services to make sure that we're giving them the support that they need and then they're running the service for themselves. What we've really seen in terms of a trend is that a lot of these VARs, we have about 4,500 of them in North America and they're starting to look at their businesses differently. Say, I gotta adapt or die here. I gotta figure out what my next business model is. >>How am I going to be the next one that's in the news flash that says, Hey, they've been acquired, or Hey Thoma Bravo made a big investment in me. Right? They need to convert to this services business or Kronos enables that transformation to happen. I mean, I can see you guys really making money for channel partners because they want solutions. They want to touch the customer, they want to maybe add something they could bring into it or have high service gross profits around services. Absolutely. So, yeah, our solution is unique in the sense that allows partners to sell multiple offerings to, you're getting an additional layer of stickiness providing multiple solutions to a customer. You're using the same technology, so your it team is very familiar with what they're using on a daily basis. Um, you're reducing the amount of churn for your customers because you're selling so much additional there that they're really stuck with you. >>That's a good thing. Uh, and beyond that, your increasing ARPU, average revenue per user is a key metric that all of our partners are looking at. And these guys are owner operators, right? They're business owners. They're looking at the bottom line. I mean, it's interesting the operating leverage around the consistent platform just lowers, it gives them software economic model. They can get more profit over time as they make that investment look at at the end of the day, channel partners care about a couple things, money, profit and customer happiness. Absolutely. And it helps to have them want to have a lot of one offs and a lot of, you know, training, you know, anything complicated, anything confusing, anything that requires a lot of resources, they're not going to like a, it's also great to have events like this where you're able to, to press the flesh with these guys and, and being face to face and understand their real world challenges that they're dealing with on a daily basis. >>How has the sport's a solution set that you've been involved in? How has that changed the culture of Acronis? Is that, has that, has that changed as, you know, sports is fun. People love sports, they have real problems. It's a really great use case as well. How's that change the culture? It's been amazing. I, so one from a branding perspective, we are a lot more recognized, right? Um, the most important thing about these partnerships for us is that they're actually using the technology. So, you know, we've got the red Sox here with us today. We've got arsenal represented, we've got Williams, we've got Roush racing, we've got a NASCAR car back here. Um, they use our technology on a daily basis and for each one of them we solve different types of use cases. Whether it's sending them large amount of video data from an essence studio over to Fenway park, or if it's a scout out in the field that needs to send information back and their laptop crashes, how do they recover? >>A lot of these different use cases, you can call them right back to a small business owner. You don't have to be a multibillion dollar sports organization with the same challenge. Well, I'm smiling because we've been called the ESPN of tech to they bring our set. We do let the game day thing. We certainly could love to come join you in all these marquee events that you have. We'd love to have it. Yeah, so if you follow us on social, we're out there and that, that's a big part of it. You mentioned one of ours looking for what our partners looking for. They want a personal relationship too. A lot of that goes away with technology nowadays and being able to really generate that type of a, of a personal relationship. These partnerships enable that to happen and they're very anything, I don't know anything about cars. >>We started partnering with formula one. All of a sudden I know everything about 41 I go to these races. I tell everybody I don't know anything about cars and I ended up being the, the subject matter export for him over over the weekend. So we'd love to have you guys join us. We'd love all of our partners. They get more engaged in the sports aspect of it because for us, it really is something that, um, again, they're using us in real life scenarios. We're not paying to put a sticker on a car that's going 300 miles. It's not traveling as a real partnership. Exactly. Pat, congratulations on your success and good luck on people owning away the numbers. Congratulations. Thank you very much. Just the cube coverage here at the Chronis global cyber summit 2019 I'm John furry. More coverage after this short break.