>> theCUBE's live coverage is made possible by funding from Dell Technologies: "Creating technologies that drive human progress." >> Good late afternoon from Barcelona, Spain at the Theater of Barcelona. It's Lisa Martin and Dave Nicholson of "theCUBE" covering MWC23. This is our third day of continuous wall-to-wall coverage on theCUBE. And you know we're going to be here tomorrow as well. We've been having some amazing conversations about the ecosystem. And we're going to continue those conversations next. Honore Labourdette is here, the VP global partner, Ecosystem Success Team, Telco Media and Entertainment at Red Hat. And Tony Jeffries joins us as well, a Senior Director of Product Management, Telecom Systems Business at Dell. Welcome to the theCUBE. >> Thank you. >> Thank you. >> Great to have both of you here. So we're going to be talking about the evolution of the telecom stack. We've been talking a lot about disaggregation the last couple of days. Honore, starting with you, talk about the evolution of the telecom stock. You were saying before we went live this is your 15th at least MWC. So you've seen a lot of evolution, but what are some of the things you're seeing right now? >> Well, I think the interesting thing about disaggregation, which is a key topic, right? 'Cause it's so relative to 5G and the 5G core and the benefits and the features of 5G core around disaggregation. But one thing we have to remember, when you disaggregate, you separate things. You have to bring those things back together again in a different way. And that's predominantly what we're doing in our partnership with Dell, is we're bringing those disaggregated components back together in a cohesive way that takes advantage of the new technology, at the same time taking out the complexity and making it easier for our Telco customers to deploy and to scale and to get much more, accelerate the time to revenue. So the trend now is, what we're seeing is two things I would say. One is how do we solve for the complexity with the disaggregation? And how do we leverage the ecosystem as a partner in order to help solve for some of those challenges? >> Tony, jump on in, talk about what you guys announced last week, Dell and Red Hat, and how it's addressing the complexities that Honore was saying, "Hey, they're there." >> Yeah. You know, our customers, our operators are saying, "Hey, I want disaggregation." "I want competition in the market." But at the same time who's going to support all this disaggregation, right? And so at the end of the day, there's going to be an operator that's going to have to figure this out. They're going to have an SLA that they're going to have to meet. And so they're going to want to go with a best-in-class partner with Red Hat and Dell, in terms of our infrastructure and their software together as one combined engineered system. And that's what we call a Dell Telecom infrastructure block for Red Hat. And so at the end of the day, things may go wrong, and if they do, who are they going to call for that support? And that's also really a key element of an engineered system, is this experience that they get both with Red Hat and with Dell together supporting the customer as one. Which is really important to solve this disaggregated problem that can arise from a disaggregated open network situation, yeah. >> So what is the market, the go to market motion look like? People have loyalties in the IT space to technologies that they've embraced and been successful with for years and years. So you have folks in the marketplace who are diehard, you know, dyed red, Red Hat folks. Is it primarily a pull from them? How does that work? How do you approach that to your, what are your end user joint customers? What does that look like from your perspective? >> Sure, well, interestingly enough both Red Hat and Dell have been in the marketplace for a very long time, right? So we do have the brand with those Telco customers for these solutions. What we're seeing with this solution is, it's an emerging market. It's an emerging market for a new technology. So there's an opportunity for both Red Hat and Dell together to leverage our brands with those customers with no friction in the marketplace as we go to market together. So our field sales teams will be motivated to, you know, take advantage of the solution for their customers, as will the Dell team. And I'll let Tony speak to the Dell, go to market. >> Yeah. You know, so we really co-sell together, right? We're the key partners. Dell will end up fulfilling that order, right? We send these engineered systems through our factories and we send that out either directly to a customer or to a OTEL lab, like an intermediate lab where we can further refine and customize that offer for that particular customer. And so we got a lot of options there, but we're essentially co-selling. And Dell is fulfilling that from an infrastructure perspective, putting Red Hat software on top and the licensing for that support. So it's a really good mix. >> And I think, if I may, one of the key differentiators is the actual capabilities that we're bringing together inside of this pre-integrated solution. So it includes the Red Hat OpenShift which is the container software, but we also add our advanced cluster management as well as our Ansible automation. And then Dell adds their orchestration capability along with the features and functionalities of the platform. And we put that together and we offer capability, remote automation orchestration and management capabilities that again reduces the operating expense, reduces the complexity, allows for easy scale. So it's, you know, certainly it's all about the partnership but it's also the capabilities of the combined technology. >> I was just going to ask about some of the numbers, and you mentioned some of them. Reduction of TCO I imagine is also a big capability that this solution enables besides reducing OpEx. Talk about the TCO reduction. 'Cause I know there's some numbers there that Dell and Red Hat have already delivered to the market. >> Yeah. You know, so these infrastructure blocks are designed specifically for Core, or for RAN, or for the Edge. We're starting out initially in the Core, but we've done some market research with a company called ACG. And ACG has looked at day zero, day one and day two TCO, FTE hours saved. And we're looking at over 40 to 50% TCO savings over you know, five year period, which is quite significant in terms of cost savings at a TCO level. But also we have a lot of numbers around power consumption and savings around power consumption. But also just that experience for our operator that says, hey, I'm going to go to one company to get the best in class from Red Hat and Dell together. That saves a lot of time in procurement and that entire ordering process as well. So you get a lot of savings that aren't exactly seen in the FTE hours around TCO, but just in that overall experience by talking to one company to get the best of both from both Red Hat and Dell together. >> I think the comic book character Charlie Brown once said, "The most discouraging thing in the world is having a lot of potential." (laughing) >> Right. >> And so when we talk about disaggregating and then reaggregating or reintegrating, that means choice. >> Tony: Yeah. >> How does an operator approach making that choice? Because, yeah, it sounds great. We have this integration lab and you have all these choices. Well, how do I decide, how does a person decide? This is a question for Honore from a Red Hat perspective, what's the secret sauce that you believe differentiates the Red Hat-infused stack versus some other assemblage of gear? >> Well, there's a couple of key characteristics, and the one that I think is most prevalent is that we're open, right? So "open" is in Red Hat's DNA because we're an open source technology company, and with that open source technology and that open platform, our customers can now add workloads. They have options to choose the workloads that they want to run on that open source platform. As they choose those workloads, they can be confident that those workloads have been certified and validated on our platform because we have a very robust ecosystem of ISVs that have already completed that process with open source, with Red Hat OpenShift. So then we take the Red Hat OpenShift and we put it on the Dell platform, which is market leader platform, right? Combine those two things, the customers can be confident that they can put those workloads on the combined platform that we're offering and that those workloads would run. So again, it goes back to making it simpler, making it easy to procure, easy to run workloads, easy to deploy, easy to operate. And all of that of course equates to saving time always equates to saving money. >> Yeah. Absolutely. >> Oh, I thought you wanted to continue. >> No, I think Honore sort of, she nailed it. You know, Red Hat is so dominant in 5G, and what they're doing in the market, especially in the Core and where we're going into the RAN, you know, next steps are to validate those workloads, those workload vendors on top of a stack. And the Red Hat leader in the Core is key, right? It's instant credibility in the core market. And so that's one of the reasons why we, Dell, want to partner with with Red Hat for the core market and beyond. We're going to be looking at not only Core but moving into RAN very soon. But then we do, we take that validated workload on top of that to optimize that workload and then be able to instantiate that in the core and the RAN. It's just a really streamlined, good experience for our operators. At the end of the day, we want happy customers in between our mutual customer base. And that's what you get whenever you do that combined stack together. >> Were operators, any operators, and you don't have to mention them by name, involved in the evolution of the infra blocks? I'm just curious how involved they were in helping to co-develop this. I imagine they were to some degree. >> Yeah, I could take that one. So, in doing so, yeah, we can't be myopic and just assume that we nailed it the first time, right? So yeah, we do work with partners all the way up and down the stack. A lot of our engineering work with Red Hat also brings in customer experience that is key to ensure that you're building and designing the right architecture for the Core. I would like to use the names, I don't know if I should, but a lot of those names are big names that are leaders in our industry. But yeah, their footprints, their fingerprints are all over those design best practices, those architectural designs that we build together. And then we further that by doing those validated workloads on top of that. So just to really prove the point that it's optimized for the Core, RAN, Edge kind of workload. >> And it's a huge added value for Red Hat to have a partner like Dell who can take all of those components, take the workload, take the Red Hat software, put it on the platform, and deliver that out to the customers. That's really, you know, a key part of the partnership and the value of the partnership because nobody really does that better than Dell. That center of excellence around delivery and support. >> Can you share any feedback from any of those nameless operators in terms of... I'm even kind of wondering what the catalyst was for the infra block. Was it operators saying, "Ah, we have these challenges here"? Was it the evolution of the Telco stack and Dell said, "We can come in with Red Hat and solve this problem"? And what's been some of their feedback? >> Yeah, it really comes down to what Honore said about, okay, you know, when we are looking at day zero, which is primarily your design, how much time savings can we do by creating that stack for them, right? We have industry experts designing that Core stack that's optimized for different levels of spectrum. When we do that we save a lot of time in terms of FTE hours for our architects, our operators, and then it goes into day one, right? Which is the deployment aspect for saving tons of hours for our operators by being able to deploy this. Speed to market is key. That ultimately ends up in, you know, faster time to revenue for our customers, right? So it's, when they see that we've already done the pre-work that they don't have to, that's what really resonates for them in terms of that, yeah. >> Honore, Lisa and I happen to be veterans of the Cloud native space, and what we heard from a lot of the folks in that ecosystem is that there is a massive hunger for developers to be able to deploy and manage and orchestrate environments that consist of Cloud native application infrastructure, microservices. >> Right. >> What we've heard here is that 5G equals Cloud native application stacks. Is that a fair assessment of the environment? And what are you seeing from a supply and demand for that kind of labor perspective? Is there still a hunger for those folks who develop in that space? >> Well, there is, because the very nature of an open source, Kubernetes-based container platform, which is what OpenShift is, the very nature of it is to open up that code so that developers can have access to the code to develop the workloads to the platform, right? And so, again, the combination of bringing together the Dell infrastructure with the Red Hat software, it doesn't change anything. The developer, the development community still has access to that same container platform to develop to, you know, Cloud native types of application. And you know, OpenShift is Red Hat's hybrid Cloud platform. So it runs on-prem, it runs in the public Cloud, it runs at the edge, it runs at the far edge. So any of the development community that's trying to develop Cloud native applications can develop it on this platform as they would if they were developing on an OpenShift platform in the public Cloud. >> So in "The Graduate", the advice to the graduate was, "Plastics." Plastics. As someone who has more children than I can remember, I forget how many kids I have. >> Four. >> That's right, I have four. That's right. (laughing) Three in college and grad school already at this point. Cloud native, I don't know. Kubernetes definitely a field that's going to, it's got some legs? >> Yes. >> Okay. So I can get 'em off my payroll quickly. >> Honore: Yes, yes. (laughing) >> Okay, good to know. Good to know. Any thoughts on that open Cloud native world? >> You know, there's so many changes that's going to happen in Kubernetes and services that you got to be able to update quickly. CICD, obviously the topic is huge. How quickly can we keep these systems up to date with new releases, changes? That's a great thing about an engineered system is that we do provide that lifecycle management for three to five years through this engagement with our customers. So we're constantly keeping them up with the latest and the greatest. >> David: Well do those customers have that expertise in-house, though? Do they have that now? Or is this a seismic cultural shift in those environments? >> Well, you know, they do have a lot of that experience, but it takes a lot of that time, and we're taking that off of their plate and putting that within us on our system, within our engineered system, and doing that automatically for them. And so they don't have to check in and try to understand what the release certification matrix is. Every quarter we're providing that to them. We're communicating out to the operator, telling them what's coming up latest and greatest, not only in terms of the software but the hardware and how to optimize it all together. That's the beauty of these systems. These are five year relationships with our operators that we're providing that lifecycle management end to end, for years to come. >> Lisa: So last question. You talked about joint GTM availability. When can operators get their hands on this? >> Yes. Yes. It's currently slated for early September release. >> Lisa: Awesome. So sometime this year? >> Yes. >> Well guys, thank you so much for talking with us today about Dell, Red Hat, what you're doing to really help evolve the telecom stack. We appreciate it. Next time come back with a customer, we can dig into it. That'd be fun. >> We sure will, absolutely. That may happen today actually, a little bit later. Not to let the cat out the bag, but good news. >> All right, well, geez, you're going to want to stick around. Thank you so much for your time. For our guests and for Dave Nicholson. This is Lisa Martin of theCUBE at MWC23 from Barcelona, Spain. We'll be back after a short break. (calm music)

(upbeat music) >> Hello, this is Dave Valente with theCUBE, and one of the most gratifying aspects of my role as a host of "theCUBE TV" is I get to cover a wide range of topics. And quite often, we're able to bring to our program a level of expertise that allows us to more deeply explore and unpack some of the topics that we cover throughout the year. And one of our favorite topics, of course, is data. Now, in 2021, after being in isolation for the better part of two years, a group of industry analysts met up at AWS re:Invent and started a collaboration to look at the trends in data and predict what some likely outcomes will be for the coming year. And it resulted in a very popular session that we had last year focused on the future of data management. And I'm very excited and pleased to tell you that the 2023 edition of that predictions episode is back, and with me are five outstanding market analyst, Sanjeev Mohan of SanjMo, Tony Baer of dbInsight, Carl Olofson from IDC, Dave Menninger from Ventana Research, and Doug Henschen, VP and Principal Analyst at Constellation Research. Now, what is it that we're calling you, guys? A data pack like the rat pack? No, no, no, no, that's not it. It's the data crowd, the data crowd, and the crowd includes some of the best minds in the data analyst community. They'll discuss how data management is evolving and what listeners should prepare for in 2023. Guys, welcome back. Great to see you. >> Good to be here. >> Thank you. >> Thanks, Dave. (Tony and Dave faintly speaks) >> All right, before we get into 2023 predictions, we thought it'd be good to do a look back at how we did in 2022 and give a transparent assessment of those predictions. So, let's get right into it. We're going to bring these up here, the predictions from 2022, they're color-coded red, yellow, and green to signify the degree of accuracy. And I'm pleased to report there's no red. Well, maybe some of you will want to debate that grading system. But as always, we want to be open, so you can decide for yourselves. So, we're going to ask each analyst to review their 2022 prediction and explain their rating and what evidence they have that led them to their conclusion. So, Sanjeev, please kick it off. Your prediction was data governance becomes key. I know that's going to knock you guys over, but elaborate, because you had more detail when you double click on that. >> Yeah, absolutely. Thank you so much, Dave, for having us on the show today. And we self-graded ourselves. I could have very easily made my prediction from last year green, but I mentioned why I left it as yellow. I totally fully believe that data governance was in a renaissance in 2022. And why do I say that? You have to look no further than AWS launching its own data catalog called DataZone. Before that, mid-year, we saw Unity Catalog from Databricks went GA. So, overall, I saw there was tremendous movement. When you see these big players launching a new data catalog, you know that they want to be in this space. And this space is highly critical to everything that I feel we will talk about in today's call. Also, if you look at established players, I spoke at Collibra's conference, data.world, work closely with Alation, Informatica, a bunch of other companies, they all added tremendous new capabilities. So, it did become key. The reason I left it as yellow is because I had made a prediction that Collibra would go IPO, and it did not. And I don't think anyone is going IPO right now. The market is really, really down, the funding in VC IPO market. But other than that, data governance had a banner year in 2022. >> Yeah. Well, thank you for that. And of course, you saw data clean rooms being announced at AWS re:Invent, so more evidence. And I like how the fact that you included in your predictions some things that were binary, so you dinged yourself there. So, good job. Okay, Tony Baer, you're up next. Data mesh hits reality check. As you see here, you've given yourself a bright green thumbs up. (Tony laughing) Okay. Let's hear why you feel that was the case. What do you mean by reality check? >> Okay. Thanks, Dave, for having us back again. This is something I just wrote and just tried to get away from, and this just a topic just won't go away. I did speak with a number of folks, early adopters and non-adopters during the year. And I did find that basically that it pretty much validated what I was expecting, which was that there was a lot more, this has now become a front burner issue. And if I had any doubt in my mind, the evidence I would point to is what was originally intended to be a throwaway post on LinkedIn, which I just quickly scribbled down the night before leaving for re:Invent. I was packing at the time, and for some reason, I was doing Google search on data mesh. And I happened to have tripped across this ridiculous article, I will not say where, because it doesn't deserve any publicity, about the eight (Dave laughing) best data mesh software companies of 2022. (Tony laughing) One of my predictions was that you'd see data mesh washing. And I just quickly just hopped on that maybe three sentences and wrote it at about a couple minutes saying this is hogwash, essentially. (laughs) And that just reun... And then, I left for re:Invent. And the next night, when I got into my Vegas hotel room, I clicked on my computer. I saw a 15,000 hits on that post, which was the most hits of any single post I put all year. And the responses were wildly pro and con. So, it pretty much validates my expectation in that data mesh really did hit a lot more scrutiny over this past year. >> Yeah, thank you for that. I remember that article. I remember rolling my eyes when I saw it, and then I recently, (Tony laughing) I talked to Walmart and they actually invoked Martin Fowler and they said that they're working through their data mesh. So, it takes a really lot of thought, and it really, as we've talked about, is really as much an organizational construct. You're not buying data mesh >> Bingo. >> to your point. Okay. Thank you, Tony. Carl Olofson, here we go. You've graded yourself a yellow in the prediction of graph databases. Take off. Please elaborate. >> Yeah, sure. So, I realized in looking at the prediction that it seemed to imply that graph databases could be a major factor in the data world in 2022, which obviously didn't become the case. It was an error on my part in that I should have said it in the right context. It's really a three to five-year time period that graph databases will really become significant, because they still need accepted methodologies that can be applied in a business context as well as proper tools in order for people to be able to use them seriously. But I stand by the idea that it is taking off, because for one thing, Neo4j, which is the leading independent graph database provider, had a very good year. And also, we're seeing interesting developments in terms of things like AWS with Neptune and with Oracle providing graph support in Oracle database this past year. Those things are, as I said, growing gradually. There are other companies like TigerGraph and so forth, that deserve watching as well. But as far as becoming mainstream, it's going to be a few years before we get all the elements together to make that happen. Like any new technology, you have to create an environment in which ordinary people without a whole ton of technical training can actually apply the technology to solve business problems. >> Yeah, thank you for that. These specialized databases, graph databases, time series databases, you see them embedded into mainstream data platforms, but there's a place for these specialized databases, I would suspect we're going to see new types of databases emerge with all this cloud sprawl that we have and maybe to the edge. >> Well, part of it is that it's not as specialized as you might think it. You can apply graphs to great many workloads and use cases. It's just that people have yet to fully explore and discover what those are. >> Yeah. >> And so, it's going to be a process. (laughs) >> All right, Dave Menninger, streaming data permeates the landscape. You gave yourself a yellow. Why? >> Well, I couldn't think of a appropriate combination of yellow and green. Maybe I should have used chartreuse, (Dave laughing) but I was probably a little hard on myself making it yellow. This is another type of specialized data processing like Carl was talking about graph databases is a stream processing, and nearly every data platform offers streaming capabilities now. Often, it's based on Kafka. If you look at Confluent, their revenues have grown at more than 50%, continue to grow at more than 50% a year. They're expected to do more than half a billion dollars in revenue this year. But the thing that hasn't happened yet, and to be honest, they didn't necessarily expect it to happen in one year, is that streaming hasn't become the default way in which we deal with data. It's still a sidecar to data at rest. And I do expect that we'll continue to see streaming become more and more mainstream. I do expect perhaps in the five-year timeframe that we will first deal with data as streaming and then at rest, but the worlds are starting to merge. And we even see some vendors bringing products to market, such as K2View, Hazelcast, and RisingWave Labs. So, in addition to all those core data platform vendors adding these capabilities, there are new vendors approaching this market as well. >> I like the tough grading system, and it's not trivial. And when you talk to practitioners doing this stuff, there's still some complications in the data pipeline. And so, but I think, you're right, it probably was a yellow plus. Doug Henschen, data lakehouses will emerge as dominant. When you talk to people about lakehouses, practitioners, they all use that term. They certainly use the term data lake, but now, they're using lakehouse more and more. What's your thoughts on here? Why the green? What's your evidence there? >> Well, I think, I was accurate. I spoke about it specifically as something that vendors would be pursuing. And we saw yet more lakehouse advocacy in 2022. Google introduced its BigLake service alongside BigQuery. Salesforce introduced Genie, which is really a lakehouse architecture. And it was a safe prediction to say vendors are going to be pursuing this in that AWS, Cloudera, Databricks, Microsoft, Oracle, SAP, Salesforce now, IBM, all advocate this idea of a single platform for all of your data. Now, the trend was also supported in 2023, in that we saw a big embrace of Apache Iceberg in 2022. That's a structured table format. It's used with these lakehouse platforms. It's open, so it ensures portability and it also ensures performance. And that's a structured table that helps with the warehouse side performance. But among those announcements, Snowflake, Google, Cloud Era, SAP, Salesforce, IBM, all embraced Iceberg. But keep in mind, again, I'm talking about this as something that vendors are pursuing as their approach. So, they're advocating end users. It's very cutting edge. I'd say the top, leading edge, 5% of of companies have really embraced the lakehouse. I think, we're now seeing the fast followers, the next 20 to 25% of firms embracing this idea and embracing a lakehouse architecture. I recall Christian Kleinerman at the big Snowflake event last summer, making the announcement about Iceberg, and he asked for a show of hands for any of you in the audience at the keynote, have you heard of Iceberg? And just a smattering of hands went up. So, the vendors are ahead of the curve. They're pushing this trend, and we're now seeing a little bit more mainstream uptake. >> Good. Doug, I was there. It was you, me, and I think, two other hands were up. That was just humorous. (Doug laughing) All right, well, so I liked the fact that we had some yellow and some green. When you think about these things, there's the prediction itself. Did it come true or not? There are the sub predictions that you guys make, and of course, the degree of difficulty. So, thank you for that open assessment. All right, let's get into the 2023 predictions. Let's bring up the predictions. Sanjeev, you're going first. You've got a prediction around unified metadata. What's the prediction, please? >> So, my prediction is that metadata space is currently a mess. It needs to get unified. There are too many use cases of metadata, which are being addressed by disparate systems. For example, data quality has become really big in the last couple of years, data observability, the whole catalog space is actually, people don't like to use the word data catalog anymore, because data catalog sounds like it's a catalog, a museum, if you may, of metadata that you go and admire. So, what I'm saying is that in 2023, we will see that metadata will become the driving force behind things like data ops, things like orchestration of tasks using metadata, not rules. Not saying that if this fails, then do this, if this succeeds, go do that. But it's like getting to the metadata level, and then making a decision as to what to orchestrate, what to automate, how to do data quality check, data observability. So, this space is starting to gel, and I see there'll be more maturation in the metadata space. Even security privacy, some of these topics, which are handled separately. And I'm just talking about data security and data privacy. I'm not talking about infrastructure security. These also need to merge into a unified metadata management piece with some knowledge graph, semantic layer on top, so you can do analytics on it. So, it's no longer something that sits on the side, it's limited in its scope. It is actually the very engine, the very glue that is going to connect data producers and consumers. >> Great. Thank you for that. Doug. Doug Henschen, any thoughts on what Sanjeev just said? Do you agree? Do you disagree? >> Well, I agree with many aspects of what he says. I think, there's a huge opportunity for consolidation and streamlining of these as aspects of governance. Last year, Sanjeev, you said something like, we'll see more people using catalogs than BI. And I have to disagree. I don't think this is a category that's headed for mainstream adoption. It's a behind the scenes activity for the wonky few, or better yet, companies want machine learning and automation to take care of these messy details. We've seen these waves of management technologies, some of the latest data observability, customer data platform, but they failed to sweep away all the earlier investments in data quality and master data management. So, yes, I hope the latest tech offers, glimmers that there's going to be a better, cleaner way of addressing these things. But to my mind, the business leaders, including the CIO, only want to spend as much time and effort and money and resources on these sorts of things to avoid getting breached, ending up in headlines, getting fired or going to jail. So, vendors bring on the ML and AI smarts and the automation of these sorts of activities. >> So, if I may say something, the reason why we have this dichotomy between data catalog and the BI vendors is because data catalogs are very soon, not going to be standalone products, in my opinion. They're going to get embedded. So, when you use a BI tool, you'll actually use the catalog to find out what is it that you want to do, whether you are looking for data or you're looking for an existing dashboard. So, the catalog becomes embedded into the BI tool. >> Hey, Dave Menninger, sometimes you have some data in your back pocket. Do you have any stats (chuckles) on this topic? >> No, I'm glad you asked, because I'm going to... Now, data catalogs are something that's interesting. Sanjeev made a statement that data catalogs are falling out of favor. I don't care what you call them. They're valuable to organizations. Our research shows that organizations that have adequate data catalog technologies are three times more likely to express satisfaction with their analytics for just the reasons that Sanjeev was talking about. You can find what you want, you know you're getting the right information, you know whether or not it's trusted. So, those are good things. So, we expect to see the capabilities, whether it's embedded or separate. We expect to see those capabilities continue to permeate the market. >> And a lot of those catalogs are driven now by machine learning and things. So, they're learning from those patterns of usage by people when people use the data. (airy laughs) >> All right. Okay. Thank you, guys. All right. Let's move on to the next one. Tony Bear, let's bring up the predictions. You got something in here about the modern data stack. We need to rethink it. Is the modern data stack getting long at the tooth? Is it not so modern anymore? >> I think, in a way, it's got almost too modern. It's gotten too, I don't know if it's being long in the tooth, but it is getting long. The modern data stack, it's traditionally been defined as basically you have the data platform, which would be the operational database and the data warehouse. And in between, you have all the tools that are necessary to essentially get that data from the operational realm or the streaming realm for that matter into basically the data warehouse, or as we might be seeing more and more, the data lakehouse. And I think, what's important here is that, or I think, we have seen a lot of progress, and this would be in the cloud, is with the SaaS services. And especially you see that in the modern data stack, which is like all these players, not just the MongoDBs or the Oracles or the Amazons have their database platforms. You see they have the Informatica's, and all the other players there in Fivetrans have their own SaaS services. And within those SaaS services, you get a certain degree of simplicity, which is it takes all the housekeeping off the shoulders of the customers. That's a good thing. The problem is that what we're getting to unfortunately is what I would call lots of islands of simplicity, which means that it leads it (Dave laughing) to the customer to have to integrate or put all that stuff together. It's a complex tool chain. And so, what we really need to think about here, we have too many pieces. And going back to the discussion of catalogs, it's like we have so many catalogs out there, which one do we use? 'Cause chances are of most organizations do not rely on a single catalog at this point. What I'm calling on all the data providers or all the SaaS service providers, is to literally get it together and essentially make this modern data stack less of a stack, make it more of a blending of an end-to-end solution. And that can come in a number of different ways. Part of it is that we're data platform providers have been adding services that are adjacent. And there's some very good examples of this. We've seen progress over the past year or so. For instance, MongoDB integrating search. It's a very common, I guess, sort of tool that basically, that the applications that are developed on MongoDB use, so MongoDB then built it into the database rather than requiring an extra elastic search or open search stack. Amazon just... AWS just did the zero-ETL, which is a first step towards simplifying the process from going from Aurora to Redshift. You've seen same thing with Google, BigQuery integrating basically streaming pipelines. And you're seeing also a lot of movement in database machine learning. So, there's some good moves in this direction. I expect to see more than this year. Part of it's from basically the SaaS platform is adding some functionality. But I also see more importantly, because you're never going to get... This is like asking your data team and your developers, herding cats to standardizing the same tool. In most organizations, that is not going to happen. So, take a look at the most popular combinations of tools and start to come up with some pre-built integrations and pre-built orchestrations, and offer some promotional pricing, maybe not quite two for, but in other words, get two products for the price of two services or for the price of one and a half. I see a lot of potential for this. And it's to me, if the class was to simplify things, this is the next logical step and I expect to see more of this here. >> Yeah, and you see in Oracle, MySQL heat wave, yet another example of eliminating that ETL. Carl Olofson, today, if you think about the data stack and the application stack, they're largely separate. Do you have any thoughts on how that's going to play out? Does that play into this prediction? What do you think? >> Well, I think, that the... I really like Tony's phrase, islands of simplification. It really says (Tony chuckles) what's going on here, which is that all these different vendors you ask about, about how these stacks work. All these different vendors have their own stack vision. And you can... One application group is going to use one, and another application group is going to use another. And some people will say, let's go to, like you go to a Informatica conference and they say, we should be the center of your universe, but you can't connect everything in your universe to Informatica, so you need to use other things. So, the challenge is how do we make those things work together? As Tony has said, and I totally agree, we're never going to get to the point where people standardize on one organizing system. So, the alternative is to have metadata that can be shared amongst those systems and protocols that allow those systems to coordinate their operations. This is standard stuff. It's not easy. But the motive for the vendors is that they can become more active critical players in the enterprise. And of course, the motive for the customer is that things will run better and more completely. So, I've been looking at this in terms of two kinds of metadata. One is the meaning metadata, which says what data can be put together. The other is the operational metadata, which says basically where did it come from? Who created it? What's its current state? What's the security level? Et cetera, et cetera, et cetera. The good news is the operational stuff can actually be done automatically, whereas the meaning stuff requires some human intervention. And as we've already heard from, was it Doug, I think, people are disinclined to put a lot of definition into meaning metadata. So, that may be the harder one, but coordination is key. This problem has been with us forever, but with the addition of new data sources, with streaming data with data in different formats, the whole thing has, it's been like what a customer of mine used to say, "I understand your product can make my system run faster, but right now I just feel I'm putting my problems on roller skates. (chuckles) I don't need that to accelerate what's already not working." >> Excellent. Okay, Carl, let's stay with you. I remember in the early days of the big data movement, Hadoop movement, NoSQL was the big thing. And I remember Amr Awadallah said to us in theCUBE that SQL is the killer app for big data. So, your prediction here, if we bring that up is SQL is back. Please elaborate. >> Yeah. So, of course, some people would say, well, it never left. Actually, that's probably closer to true, but in the perception of the marketplace, there's been all this noise about alternative ways of storing, retrieving data, whether it's in key value stores or document databases and so forth. We're getting a lot of messaging that for a while had persuaded people that, oh, we're not going to do analytics in SQL anymore. We're going to use Spark for everything, except that only a handful of people know how to use Spark. Oh, well, that's a problem. Well, how about, and for ordinary conventional business analytics, Spark is like an over-engineered solution to the problem. SQL works just great. What's happened in the past couple years, and what's going to continue to happen is that SQL is insinuating itself into everything we're seeing. We're seeing all the major data lake providers offering SQL support, whether it's Databricks or... And of course, Snowflake is loving this, because that is what they do, and their success is certainly points to the success of SQL, even MongoDB. And we were all, I think, at the MongoDB conference where on one day, we hear SQL is dead. They're not teaching SQL in schools anymore, and this kind of thing. And then, a couple days later at the same conference, they announced we're adding a new analytic capability-based on SQL. But didn't you just say SQL is dead? So, the reality is that SQL is better understood than most other methods of certainly of retrieving and finding data in a data collection, no matter whether it happens to be relational or non-relational. And even in systems that are very non-relational, such as graph and document databases, their query languages are being built or extended to resemble SQL, because SQL is something people understand. >> Now, you remember when we were in high school and you had had to take the... Your debating in the class and you were forced to take one side and defend it. So, I was was at a Vertica conference one time up on stage with Curt Monash, and I had to take the NoSQL, the world is changing paradigm shift. And so just to be controversial, I said to him, Curt Monash, I said, who really needs acid compliance anyway? Tony Baer. And so, (chuckles) of course, his head exploded, but what are your thoughts (guests laughing) on all this? >> Well, my first thought is congratulations, Dave, for surviving being up on stage with Curt Monash. >> Amen. (group laughing) >> I definitely would concur with Carl. We actually are definitely seeing a SQL renaissance and if there's any proof of the pudding here, I see lakehouse is being icing on the cake. As Doug had predicted last year, now, (clears throat) for the record, I think, Doug was about a year ahead of time in his predictions that this year is really the year that I see (clears throat) the lakehouse ecosystems really firming up. You saw the first shots last year. But anyway, on this, data lakes will not go away. I've actually, I'm on the home stretch of doing a market, a landscape on the lakehouse. And lakehouse will not replace data lakes in terms of that. There is the need for those, data scientists who do know Python, who knows Spark, to go in there and basically do their thing without all the restrictions or the constraints of a pre-built, pre-designed table structure. I get that. Same thing for developing models. But on the other hand, there is huge need. Basically, (clears throat) maybe MongoDB was saying that we're not teaching SQL anymore. Well, maybe we have an oversupply of SQL developers. Well, I'm being facetious there, but there is a huge skills based in SQL. Analytics have been built on SQL. They came with lakehouse and why this really helps to fuel a SQL revival is that the core need in the data lake, what brought on the lakehouse was not so much SQL, it was a need for acid. And what was the best way to do it? It was through a relational table structure. So, the whole idea of acid in the lakehouse was not to turn it into a transaction database, but to make the data trusted, secure, and more granularly governed, where you could govern down to column and row level, which you really could not do in a data lake or a file system. So, while lakehouse can be queried in a manner, you can go in there with Python or whatever, it's built on a relational table structure. And so, for that end, for those types of data lakes, it becomes the end state. You cannot bypass that table structure as I learned the hard way during my research. So, the bottom line I'd say here is that lakehouse is proof that we're starting to see the revenge of the SQL nerds. (Dave chuckles) >> Excellent. Okay, let's bring up back up the predictions. Dave Menninger, this one's really thought-provoking and interesting. We're hearing things like data as code, new data applications, machines actually generating plans with no human involvement. And your prediction is the definition of data is expanding. What do you mean by that? >> So, I think, for too long, we've thought about data as the, I would say facts that we collect the readings off of devices and things like that, but data on its own is really insufficient. Organizations need to manipulate that data and examine derivatives of the data to really understand what's happening in their organization, why has it happened, and to project what might happen in the future. And my comment is that these data derivatives need to be supported and managed just like the data needs to be managed. We can't treat this as entirely separate. Think about all the governance discussions we've had. Think about the metadata discussions we've had. If you separate these things, now you've got more moving parts. We're talking about simplicity and simplifying the stack. So, if these things are treated separately, it creates much more complexity. I also think it creates a little bit of a myopic view on the part of the IT organizations that are acquiring these technologies. They need to think more broadly. So, for instance, metrics. Metric stores are becoming much more common part of the tooling that's part of a data platform. Similarly, feature stores are gaining traction. So, those are designed to promote the reuse and consistency across the AI and ML initiatives. The elements that are used in developing an AI or ML model. And let me go back to metrics and just clarify what I mean by that. So, any type of formula involving the data points. I'm distinguishing metrics from features that are used in AI and ML models. And the data platforms themselves are increasingly managing the models as an element of data. So, just like figuring out how to calculate a metric. Well, if you're going to have the features associated with an AI and ML model, you probably need to be managing the model that's associated with those features. The other element where I see expansion is around external data. Organizations for decades have been focused on the data that they generate within their own organization. We see more and more of these platforms acquiring and publishing data to external third-party sources, whether they're within some sort of a partner ecosystem or whether it's a commercial distribution of that information. And our research shows that when organizations use external data, they derive even more benefits from the various analyses that they're conducting. And the last great frontier in my opinion on this expanding world of data is the world of driver-based planning. Very few of the major data platform providers provide these capabilities today. These are the types of things you would do in a spreadsheet. And we all know the issues associated with spreadsheets. They're hard to govern, they're error-prone. And so, if we can take that type of analysis, collecting the occupancy of a rental property, the projected rise in rental rates, the fluctuations perhaps in occupancy, the interest rates associated with financing that property, we can project forward. And that's a very common thing to do. What the income might look like from that property income, the expenses, we can plan and purchase things appropriately. So, I think, we need this broader purview and I'm beginning to see some of those things happen. And the evidence today I would say, is more focused around the metric stores and the feature stores starting to see vendors offer those capabilities. And we're starting to see the ML ops elements of managing the AI and ML models find their way closer to the data platforms as well. >> Very interesting. When I hear metrics, I think of KPIs, I think of data apps, orchestrate people and places and things to optimize around a set of KPIs. It sounds like a metadata challenge more... Somebody once predicted they'll have more metadata than data. Carl, what are your thoughts on this prediction? >> Yeah, I think that what Dave is describing as data derivatives is in a way, another word for what I was calling operational metadata, which not about the data itself, but how it's used, where it came from, what the rules are governing it, and that kind of thing. If you have a rich enough set of those things, then not only can you do a model of how well your vacation property rental may do in terms of income, but also how well your application that's measuring that is doing for you. In other words, how many times have I used it, how much data have I used and what is the relationship between the data that I've used and the benefits that I've derived from using it? Well, we don't have ways of doing that. What's interesting to me is that folks in the content world are way ahead of us here, because they have always tracked their content using these kinds of attributes. Where did it come from? When was it created, when was it modified? Who modified it? And so on and so forth. We need to do more of that with the structure data that we have, so that we can track what it's used. And also, it tells us how well we're doing with it. Is it really benefiting us? Are we being efficient? Are there improvements in processes that we need to consider? Because maybe data gets created and then it isn't used or it gets used, but it gets altered in some way that actually misleads people. (laughs) So, we need the mechanisms to be able to do that. So, I would say that that's... And I'd say that it's true that we need that stuff. I think, that starting to expand is probably the right way to put it. It's going to be expanding for some time. I think, we're still a distance from having all that stuff really working together. >> Maybe we should say it's gestating. (Dave and Carl laughing) >> Sorry, if I may- >> Sanjeev, yeah, I was going to say this... Sanjeev, please comment. This sounds to me like it supports Zhamak Dehghani's principles, but please. >> Absolutely. So, whether we call it data mesh or not, I'm not getting into that conversation, (Dave chuckles) but data (audio breaking) (Tony laughing) everything that I'm hearing what Dave is saying, Carl, this is the year when data products will start to take off. I'm not saying they'll become mainstream. They may take a couple of years to become so, but this is data products, all this thing about vacation rentals and how is it doing, that data is coming from different sources. I'm packaging it into our data product. And to Carl's point, there's a whole operational metadata associated with it. The idea is for organizations to see things like developer productivity, how many releases am I doing of this? What data products are most popular? I'm actually in right now in the process of formulating this concept that just like we had data catalogs, we are very soon going to be requiring data products catalog. So, I can discover these data products. I'm not just creating data products left, right, and center. I need to know, do they already exist? What is the usage? If no one is using a data product, maybe I want to retire and save cost. But this is a data product. Now, there's a associated thing that is also getting debated quite a bit called data contracts. And a data contract to me is literally just formalization of all these aspects of a product. How do you use it? What is the SLA on it, what is the quality that I am prescribing? So, data product, in my opinion, shifts the conversation to the consumers or to the business people. Up to this point when, Dave, you're talking about data and all of data discovery curation is a very data producer-centric. So, I think, we'll see a shift more into the consumer space. >> Yeah. Dave, can I just jump in there just very quickly there, which is that what Sanjeev has been saying there, this is really central to what Zhamak has been talking about. It's basically about making, one, data products are about the lifecycle management of data. Metadata is just elemental to that. And essentially, one of the things that she calls for is making data products discoverable. That's exactly what Sanjeev was talking about. >> By the way, did everyone just no notice how Sanjeev just snuck in another prediction there? So, we've got- >> Yeah. (group laughing) >> But you- >> Can we also say that he snuck in, I think, the term that we'll remember today, which is metadata museums. >> Yeah, but- >> Yeah. >> And also comment to, Tony, to your last year's prediction, you're really talking about it's not something that you're going to buy from a vendor. >> No. >> It's very specific >> Mm-hmm. >> to an organization, their own data product. So, touche on that one. Okay, last prediction. Let's bring them up. Doug Henschen, BI analytics is headed to embedding. What does that mean? >> Well, we all know that conventional BI dashboarding reporting is really commoditized from a vendor perspective. It never enjoyed truly mainstream adoption. Always that 25% of employees are really using these things. I'm seeing rising interest in embedding concise analytics at the point of decision or better still, using analytics as triggers for automation and workflows, and not even necessitating human interaction with visualizations, for example, if we have confidence in the analytics. So, leading companies are pushing for next generation applications, part of this low-code, no-code movement we've seen. And they want to build that decision support right into the app. So, the analytic is right there. Leading enterprise apps vendors, Salesforce, SAP, Microsoft, Oracle, they're all building smart apps with the analytics predictions, even recommendations built into these applications. And I think, the progressive BI analytics vendors are supporting this idea of driving insight to action, not necessarily necessitating humans interacting with it if there's confidence. So, we want prediction, we want embedding, we want automation. This low-code, no-code development movement is very important to bringing the analytics to where people are doing their work. We got to move beyond the, what I call swivel chair integration, between where people do their work and going off to separate reports and dashboards, and having to interpret and analyze before you can go back and do take action. >> And Dave Menninger, today, if you want, analytics or you want to absorb what's happening in the business, you typically got to go ask an expert, and then wait. So, what are your thoughts on Doug's prediction? >> I'm in total agreement with Doug. I'm going to say that collectively... So, how did we get here? I'm going to say collectively as an industry, we made a mistake. We made BI and analytics separate from the operational systems. Now, okay, it wasn't really a mistake. We were limited by the technology available at the time. Decades ago, we had to separate these two systems, so that the analytics didn't impact the operations. You don't want the operations preventing you from being able to do a transaction. But we've gone beyond that now. We can bring these two systems and worlds together and organizations recognize that need to change. As Doug said, the majority of the workforce and the majority of organizations doesn't have access to analytics. That's wrong. (chuckles) We've got to change that. And one of the ways that's going to change is with embedded analytics. 2/3 of organizations recognize that embedded analytics are important and it even ranks higher in importance than AI and ML in those organizations. So, it's interesting. This is a really important topic to the organizations that are consuming these technologies. The good news is it works. Organizations that have embraced embedded analytics are more comfortable with self-service than those that have not, as opposed to turning somebody loose, in the wild with the data. They're given a guided path to the data. And the research shows that 65% of organizations that have adopted embedded analytics are comfortable with self-service compared with just 40% of organizations that are turning people loose in an ad hoc way with the data. So, totally behind Doug's predictions. >> Can I just break in with something here, a comment on what Dave said about what Doug said, which (laughs) is that I totally agree with what you said about embedded analytics. And at IDC, we made a prediction in our future intelligence, future of intelligence service three years ago that this was going to happen. And the thing that we're waiting for is for developers to build... You have to write the applications to work that way. It just doesn't happen automagically. Developers have to write applications that reference analytic data and apply it while they're running. And that could involve simple things like complex queries against the live data, which is through something that I've been calling analytic transaction processing. Or it could be through something more sophisticated that involves AI operations as Doug has been suggesting, where the result is enacted pretty much automatically unless the scores are too low and you need to have a human being look at it. So, I think that that is definitely something we've been watching for. I'm not sure how soon it will come, because it seems to take a long time for people to change their thinking. But I think, as Dave was saying, once they do and they apply these principles in their application development, the rewards are great. >> Yeah, this is very much, I would say, very consistent with what we were talking about, I was talking about before, about basically rethinking the modern data stack and going into more of an end-to-end solution solution. I think, that what we're talking about clearly here is operational analytics. There'll still be a need for your data scientists to go offline just in their data lakes to do all that very exploratory and that deep modeling. But clearly, it just makes sense to bring operational analytics into where people work into their workspace and further flatten that modern data stack. >> But with all this metadata and all this intelligence, we're talking about injecting AI into applications, it does seem like we're entering a new era of not only data, but new era of apps. Today, most applications are about filling forms out or codifying processes and require a human input. And it seems like there's enough data now and enough intelligence in the system that the system can actually pull data from, whether it's the transaction system, e-commerce, the supply chain, ERP, and actually do something with that data without human involvement, present it to humans. Do you guys see this as a new frontier? >> I think, that's certainly- >> Very much so, but it's going to take a while, as Carl said. You have to design it, you have to get the prediction into the system, you have to get the analytics at the point of decision has to be relevant to that decision point. >> And I also recall basically a lot of the ERP vendors back like 10 years ago, we're promising that. And the fact that we're still looking at the promises shows just how difficult, how much of a challenge it is to get to what Doug's saying. >> One element that could be applied in this case is (indistinct) architecture. If applications are developed that are event-driven rather than following the script or sequence that some programmer or designer had preconceived, then you'll have much more flexible applications. You can inject decisions at various points using this technology much more easily. It's a completely different way of writing applications. And it actually involves a lot more data, which is why we should all like it. (laughs) But in the end (Tony laughing) it's more stable, it's easier to manage, easier to maintain, and it's actually more efficient, which is the result of an MIT study from about 10 years ago, and still, we are not seeing this come to fruition in most business applications. >> And do you think it's going to require a new type of data platform database? Today, data's all far-flung. We see that's all over the clouds and at the edge. Today, you cache- >> We need a super cloud. >> You cache that data, you're throwing into memory. I mentioned, MySQL heat wave. There are other examples where it's a brute force approach, but maybe we need new ways of laying data out on disk and new database architectures, and just when we thought we had it all figured out. >> Well, without referring to disk, which to my mind, is almost like talking about cave painting. I think, that (Dave laughing) all the things that have been mentioned by all of us today are elements of what I'm talking about. In other words, the whole improvement of the data mesh, the improvement of metadata across the board and improvement of the ability to track data and judge its freshness the way we judge the freshness of a melon or something like that, to determine whether we can still use it. Is it still good? That kind of thing. Bringing together data from multiple sources dynamically and real-time requires all the things we've been talking about. All the predictions that we've talked about today add up to elements that can make this happen. >> Well, guys, it's always tremendous to get these wonderful minds together and get your insights, and I love how it shapes the outcome here of the predictions, and let's see how we did. We're going to leave it there. I want to thank Sanjeev, Tony, Carl, David, and Doug. Really appreciate the collaboration and thought that you guys put into these sessions. Really, thank you. >> Thank you. >> Thanks, Dave. >> Thank you for having us. >> Thanks. >> Thank you. >> All right, this is Dave Valente for theCUBE, signing off for now. Follow these guys on social media. Look for coverage on siliconangle.com, theCUBE.net. Thank you for watching. (upbeat music)

>>Now welcome back to the Cube as we continue our coverage here. AWS Reinvent 2022, going out here at the Venetian in Las Vegas. Tens of thousands of attendees. That exhibit Hall is full. Let me tell you, it's been something else. Well, here in the executive summit, sponsored by Accenture. Accenture rather. We're gonna talk about Baptist Health, what's going on with that organization down in South Florida with me. To do that, I have Tony Abro, who's the SVP and Chief Digital and Information Officer. I have Ashley Lane, the managing director of the Accenture Healthcare Practice, and on the far end Poop Kumar, who is the VP and cto Baptist Health Florida won and all. Welcome. Thank you. First off, let's just talk about Baptist Health, the size of your footprint. One and a half million patient visits a year, not a small number. >>That was probably last year's number, but okay. >>Right. But not a small number about your footprint and, and what, I guess the client base basically that you guys are serving in it. >>Absolutely. So we are the largest organization in South Florida system provider and the 11 hospitals soon to be 12, as you said, it's probably about 1.8 million by now. People were, were, were supporting a lot of other units and you know, we're focusing on the four southern counties of South Florida. Okay. >>So got day Broward. Broward, yep. Down that way. Got it. So now let's get to your migration or your cloud transformation. As we're talking about a lot this week, what's been your, I guess, overarching goal, you know, as you worked with Accenture and, and developed a game plan going forward, you know, what was on the front end of that? What was the motivation to say this is the direction we're going to go and this is how we're gonna get there? >>Perfect. So Baptist started a digital transformation initiative before I came about three years ago. The board, the executive steering committee, decided that this is gonna be very important for us to support us, to help our patients and, and consumers. So I was brought in for that digital transformation. And by the way, digital transformation is kind of an umbrella. It's really business transformation with technology, digital technologies. So that's, that's basically where we started in terms of consumer focused and, and, and patient focus. And digital is a big word that really encompasses a lot of things. Cloud is one of, of course. And, you know, AI and ML and all the things that we are here for this, this event, you know, and, and we've started that journey about two years ago. And obviously cloud is very important. AWS is our main cloud provider and clearly in AWS or any club providers is not just the infrastructure they're providing, it's the whole ecosystem that provides us back value into, into our transformation. And then somebody, I think Adam this morning at the keynote said, this is a team sport. So with this big transformation, we need all the help and that we can get to mines and, and, and hands. And that's where Accenture has been invaluable over the last two years. >>Yeah, so as a team sport then depu, you, you've got external stakeholders, otherwise we talked about patience, right? Internal, right. You've, you've got a whole different set of constituents there, basically, but it takes that team, right? You all have to work together. What kind of conversations or what kind of actions, I guess have you had with different departments and what different of sectors of, of the healthcare business as Baptist Health sees it in order to bring them along too, because this is, you know, kind of a shocking turn for them too, right? And how they're gonna be doing business >>Mostly from an end user perspective. This is something that they don't care much about where the infrastructure is hosted or how the services are provided from that perspective. As long as the capabilities function in a better way, they are seemingly not worried about where the hosting is. So what we focus on is in terms of how it's going to be a better experience for, from them, from, from their perspective, right? How is it going to be better responsiveness, availability, or stability overall? So that's been the mode of communication from that perspective. Other than that, from a, from a hosting and service perspective, the clientele doesn't care as much as the infrastructure or the security or the, the technology and digital teams themselves. >>But you know, some of us are resistant to change, right? We're, we're just, we are old dogs. We don't like new tricks and, and change can be a little daunting sometimes. So even though it is about my ease of use and my efficiency and why I can then save my time on so and so forth, if I'm used to doing something a certain way, and that's worked fine for me and here comes Tony and Depo and here comes a, >>They're troublemaker >>And they're stir my pot. Yeah. So, so how do you, the work, you were giving advice maybe to somebody watching this and say, okay, you've got internal, I wouldn't say battles, but discussions to be held. How did you navigate through that? >>Yeah, no, absolutely. And Baptist has been a very well run system, very successful for 60 something odd years. Clearly that conversation did come, why should we change? But you always start with, this is what we think is gonna happen in the future. These are the changes that very likely will happen in the future. One is the consumer expectations are the consumer expectations in terms of their ability to have access to information, get access to care, being control of the process and their, their health and well-being. Everything else that happens in the market. And so you start with the, with that, and that's where clearly there are, there are a lot of signs that point to quite a lot of change in the ecosystem. And therefore, from there, the conversation is how do we now meet that challenge, so to speak, that we all face in, in, in healthcare. >>And then from there, you kind of designed the, a vision of where we want to be in terms of that digital transformation and how do we get there. And then once that is well explained and evangelized, and that's part of our jobs with the help of our colleagues who have, have been doing this with others, then is the, what I call a tell end show. We're gonna say, okay, in this, in this road, we're gonna start with this. It's a small thing and we're gonna show you how it works in terms of, in terms of the process, right? And then as, as you go along and you deliver some things, people understand more, they're on board more and they're ready for for more. So it's iterative from small to larger. >>The proof is always in the place, right? If you can show somebody, so actually I, I obviously we know about Accenture's role, but in terms of almost, almost what Tony was just saying, that you have to show people that it works. How, how do you interface with a client? And when you're talking about these new approaches and you're suggesting changes and, and making these maybe rather dramatic proposals, you know, to how they do things internally, from Accenture's perspective, how do you make it happen? How, how do you bring the client along in this case, batches >>Down? Well, in this case, with Tony and Depu, I mean, they have been on this journey already at another client, right? So they came to Baptist where they had done a similar journey previously. And so it wasn't really about convincing >>Also with Accenture's >>Health, also with Accenture's Health, correct. But it wasn't about telling Tony Dupe, how do we do this? Or anything like that. Cuz they were by far the experts and have, you know, the experience behind it. Well, it's really like, how do we make sure that we're providing the right, right team, the right skills to match, you know, what they wanted to do and their aspirations. So we had brought the, the healthcare knowledge along with the AWS knowledge and the architects and you know, we said that we gotta, you know, let's look at the roadmap and let's make sure that we have the right team and moving at the right pace and, you know, testing everything out and working with all the different vendors in the provider world specifically, there's a lot of different vendors and applications that are, you know, that are provided to them. It's not a lot of custom activity, you know, applications or anything like that. So it was a lot of, you know, working with other third party that we really had to align with them and with Baptist to make sure that, you know, we were moving together at speed. >>Yeah, we've heard about transformation quite a bit. Tony, you brought it up a little bit ago, depu, just, if you had to define transformation in this case, I mean, how big of a, of a, of a change is that? I mean, how, how would you describe it when you say we're gonna transform our, you know, our healthcare business? I mean, I think there are a lot of things that come to my mind, but, but how do you define it and, and when you're, when you're talking to the folks with whom you've got to bring along on this journey? >>So there's the transformation umbrella and compos two or three things. As Tony said, there is this big digital transformation that everybody's talking about. Then there is this technology transformation that powers the digital transformation and business transformation. That's the outcome of the digital transformation. So I think we, we started focusing on all three areas to get the right digital experience for the consumers. We have to transform the way we operate healthcare in its current state or, or in the existing state. It's a lot of manual processes, a lot of antiquated processes, so to speak. So we had to go and reassess some of that and work with the respective business stakeholders to streamline those because in, it's not about putting a digital solution out there with the anti cured processes because the outcome is not what you expect when you do that. So from that perspective, it has been a heavy lifting in terms of how we transform the operations or the processes that facilitates some of the outcomes. >>How do you know it's working >>Well? So I I, to add to what Deep was saying is I think we are fortunate and that, you know, there are a lot of folks inside Baptist who have been wanting this and they're instrumental to this. So this is not a two man plus, you know, show is really a, you know, a, a team sport. Again, that same. So in, in that, that in terms of how do we know it works well when, when we define what we want to do, there is some level of precision along the way. In those iterations, what is it that we want to do next, right? So whatever we introduce, let's say a, a proper fluid check in for a patient into a, for an appointment, we measure that and then we measure the next one, and then we kind of zoom out and we look at the, the journey and say, is this better? >>Is this better for the consumer? Do they like it better? We measure that and it's better for the operations in terms of, but this is the interesting thing is it's always a balance of how much you can change. We want to improve the consumer experience, but as deeply said, there's lot to be changed in, in the operations, how much you do at the same time. And that's where we have to do the prioritization. But you know, the, the interesting thing is that a lot of times, especially on the self servicing for consumers, there are a lot of benefits for the operations as well. And that's, that's where we're in, we're in it together and we measure. Yeah, >>Don't gimme too much control though. I don't, I'm gonna leave the hard lifting for you. >>Absolutely, absolutely right. Thank you. >>So, and, and just real quick, Ashley, maybe you can shine some light on this, about the relationship, about, about next steps, about, you know, you, you're on this, this path and things are going well and, and you've got expansion plans, you want, you know, bring in other services, other systems. Where do you want to take 'em in the big picture in terms of capabilities? >>Well, I, I mean, they've been doing a fantastic job just being one of the first to actually say, Hey, we're gonna go and make an investment in the cloud and digital transformation. And so it's really looking at like, what are the next problems that we need to solve, whether it's patient care diagnosis or how we're doing research or, you know, the next kind of realm of, of how we're gonna use data and to improve patient care. So I think it's, you know, we're getting the foundation, the basics and everything kind of laid out right now. And then it's really, it's like what's the next thing and how can we really improve the patient care and the access that they have. >>Well, it sure sounds like you have a winning accommodation, so I I keep the team together. >>Absolutely. >>Teamwork makes the dream >>Work. Absolutely. It is, as you know. So there's a certain amount of, if you look at the healthcare industry as a whole, and not, not just Baptist, Baptist is, you know, fourth for thinking, but entire industry, there's a lot of catching up to do compared to whatever else is doing, whatever else the consumers are expecting of, of an entity, right? But then once we catch up, there's a lot of other things that we were gonna have to move on, innovate for, for problems that we maybe we don't know we have will have right now. So plenty of work to do. Right. >>Which is job security for everybody, right? >>Yes. >>Listen, thanks for sharing the story. Yeah, yeah. Continued success. I wish you that and I appreciate the time and expertise here today. Thank you. Thanks for being with us. Thank you. Thank you. We'll be back with more. You're watching the Cube here. It's the Executive Summit sponsored by Accenture. And the cube, as I love to remind you, is the leader in tech coverage.

foreign welcome back everyone to our special presentation here at thecube with Horizon 3.a I'm John Furrier host thecube here in Palo Alto back it's niho and Tony CEO and co-founder of horizon 3 for deep dive on going under the hood around the big news and also the platform autonomous pen testing changing the game and security great to see you welcome back thank you John I love what you guys have been doing with the cube huge fan been here a bunch of times and yeah looking forward to the conversation let's get into it all right so what what's the market look like and how do you see it evolving we're in a down Market relative to startups some say our data we're reporting on siliconangle in the cube that yeah there might be a bit of downturn in the economy with inflation but the tech Market is booming because the hyperscalers are still pumping out massive scale and still innovating so so you know for the first time in history this is a recession or downturn where there's now Cloud scale players that are an economic engine what's your view on this where's the market heading relative to the downturn and how are you guys navigating that so um I think about it one the there's a lot of belief out there that we're going to hit a downturn and we started to see that we started to see deals get longer and longer to close back in May across the board in the industry we continue to see deals get at least backloaded in the quarter as people understand their procurement how much money they really have to spend what their earnings are going to be so we're seeing this across the board one is quarters becoming lumpier for tech companies and we think that that's going to become kind of the norm over the next over the next year but what's interesting in our space of security testing is a very basic supply and demand problem the demand for security testing has skyrocketed when I was a CIO eight years ago I only had to worry about my on-prem attack surface my perimeter and Insider threat those are my primary threat vectors now if I was a CIO I have to include multiple clouds all of the data in my SAS offerings my Salesforce account and so on as well as work from home threat vectors and other pieces and I've got Regulatory Compliance in Europe in Asia in in the U.S tons of demand for testing and there's just not enough Supply there's only 5 000 certified pen testers in the United States so I think for starters you have a fundamental supply and demand problem that plays to our strength because we're able to bring a tremendous amount of pen testing supply to the table but now let's flip to if you are the CEO of a large security company or whether it's a Consulting shop or so on you've got a whole bunch of deferred revenue in your business model around security testing services and what we've done in our past in previous companies I worked at is if we didn't think we were going to make the money the quarter with product Revenue we would start to unlock some of that deferred Services Revenue to make the number to hit what we expected Wall Street to hit what Wall Street expected of us in testing that's not possible because there's not enough Supply except us so if I'm the CEO of an mssp or a large security company and I need I see a huge backlog of security testing revenue on the table the easy button to convert that to recognized revenue is Horizon 3. and when I think about the next six months and the amount of Revenue misses we're going to see in security shops especially those that can't fulfill their orders I think there's a ripe opportunity for us to win yeah one of the few opportunities where on any Market you win because the forces will drive your flywheel that's exactly right very basic supply and demand forces that are only increasing with pressure and there's no way it takes 10 years just to build a master hacker just it's a very hard complex space we become the easy button to address that supply problem yeah and this and the autonomous aspect makes appsec reviews as new things get pushed with Cloud native developers they're shifting left but still the security policies need to stay Pace as these new vectors threat vectors appear yeah I mean because that's what's happening a new new thing makes a vector possible that's exactly right I think there's two aspects one is the as you in increase change in your environment you need to increase testing they are absolutely correlated the second thing though is you know for 20 years we focused on remote code execution or rces as an industry what was the latest rce that gave an attacker access to my environment but if you look over the past few years that entire mindset has shifted credentials are the new code execution what I mean by that is if I have a large organization with a hundred a thousand ten thousand employees all it takes is one of them to have a password I can crack in credential spray and gain access to as an attacker and once I've gained access to a single user I'm going to systematically snowball that into something of consequence and so I think that the attackers have shifted away from looking for code execution and looked more towards harvesting credentials and cascading credentials from a regular domain user into an admin this brings up the conversation I would like to do it more Deep dive now shift into more of like the real kind of landscape of the market and your positioning and value proposition in that and that is managed services are becoming really popular as we move into this next next wave of super cloud and multi-cloud and hybrid Cloud because I mean multi-cloud and hybrid hybrid than multi-cloud sounds good on paper but the security Ops become big and one of the things we're reporting with here on the cube and siliconangle the past six months is devops has made the developer the IT team because they've essentially run it now in CI CD pipeline as they say that means it's replaced by data Ops or AI Ops or security Ops and data and security kind of go hand in hand so I can see that playing out do you believe that to be true that that's kind of the new operational kind of beach head that's critical and if so secure if data is part of security that makes security the new it yeah I I think that if you think about organizations hell even for Horizon 3 right now I don't need to hire a CIO I'll have a CSO and that CSO will own it and governance risk and compliance and security operations because at the end of the day the most pressing question for me to answer as a CEO is my security posture IIT is a supporting function of that security posture and we see that at say or a growth stage company like Horizon 3 but when I thought about my time at GE Capital we really shifted to this mindset of security by Design architecture as code and it was very much security driven conversation and I think that is the norm going forward and how do you view the idea that you have to enable a managed service provider with security also managing comp and which then manages the company to enable them to have agile security um security is code because what you're getting at is this autonomous layer that's going to be automated away to make the next talented layer whether it's coder or architect scale so the question is what is abstracted away at at automation seems to be the conversation that's coming out of this big cloud native or super cloud next wave of cloud scale I think there's uh there's two Dimensions to that and honestly I think the more interesting Dimension is not the technical side of it but rather think of the Equifax hack a bunch of years ago had Equifax used a managed security services provider would the CEO have been fired after the breach and the answer is probably not I think the CEO would have transferred enough reputational risk in operational risk to the third party mssp to save his job from being you know from him being fired you can look at that across the board I think that if if I were a CIO again I would be hard-pressed to build my own internal security function because I'm accepting that risk as an executive and we saw what just happened at Uber there's a ton of risk coming with that with the with accepting that as a security person so I think in the future the role of the mssp becomes more significant as a mechanism for transferring enough reputational and operational and legal risk to a third party so that you as the Core Company are able to protect yourself and your people now then what you think is a super cloud printables and Concepts being applied at mssp scale and I think that becomes really interesting talk about the talent opportunity because I think the managed service providers point to markets that are growing and changing also having managed service means that the customers can't always hire Talent hence they go to a Channel or a partner this seems to be a key part of the growth in your area talk about the talent aspect of it yeah um think back to what we saw in Cloud so as as Cloud picked up we saw IBM HP other Hardware companies sell more servers but to fewer customers Amazon Google and others right and so I think something similar is going to happen in the security space where I think you're going to see security tools providers selling more volume but to fewer customers that are just really big mssps so that is the the path forward and I think that the underlying Talent issue gives us economies at scale and that's what we saw this with Cloud we're going to see the same thing in the mssp space I've got a density of Talent Plus a density of automation plus a density of of relationships and ecosystem that give mssps a huge economies of scale advantage over everybody else I mean I want to get into the mssp business sounds like I make a lot of money yeah definitely it's profitable no doubt about it like that I got to ask more on the more of the burden side of it because if you're a partner I don't need another training class I don't need another tool I don't need someone saying this is the highest margin product I need to actually downsize my tools so right now there's hundreds of tools that mssps have all the time dealing with and does the customer so tools platforms we've kind of teased this out in previous conversations together but more more relevant to the mssp is what they do to the customers so talk about this uh burden of tools and the socks out there in the in in the landscape how do you how do you view that and what's the conversation like on average an organization has 130 different cyber security tools installed none of those tools were designed to work together none of those tools are from the same vendor and in fact oftentimes they're from vendors that have competing products and so what we don't have and they're still getting breached in the industry we don't have a tools problem we have an Effectiveness problem we have to reduce the number of tools we have get more out of out of the the effectiveness out of the existing infrastructure build muscle memory you know how to detect and respond to a breach and continuously verify that posture I think that's what the the most successful security organizations have mastered the fundamentals and they mastered that by making sure they were effective in detection and response not mastering it by buying the next shiny AI tool on the defensive side okay so you mentioned supply and demand early since you're brought up economics we'll get into the economic equations here when you have great profits that's going to attract more entrance into the marketplace so as more mssps enter the market you're going to start to see a little bit of competition maybe some fud maybe some price competitive price penetration all kinds of different Tactics get out go on there um how does that impact you because now does that impact your price or are you now part of them just competing on their own value what's that mean for the channel as more entrants come in hey you know I can compete against that other one does that create conflict is that an opportunity does are you neutral on that what's the position it's a great question actually I think the way it plays out is one we are neutral two the mssp has to stand on their own with their own unique value proposition otherwise they're going to become commoditized we saw this in the early cloud provider days the cloud providers that were just basically wrapping existing Hardware with with a race to the bottom pricing model didn't survive those that use the the cloud infrastructure as a starting point to build higher value capabilities they're the ones that have succeeded to this day the same Mo I think will occur in mssps which is there's a base level of capability that they've got to be able to deliver and it is the burden of the mssp to innovate effectively to elevate their value problem it's interesting Dynamic and I brought it up mainly because if you believe that this is going to be a growing New Market price erosion is more in mature markets so it's interesting to see that Dynamic come up and we'll see how that handles on the on the economics and just the macro side of it getting more into kind of like the next gen autonomous pen testing is a leading indicator that a new kind of security assessment is here um if I said that to you how do you respond to that what is this new security assessment mean what does that mean for the customer and to the partner and that that relationship down that whole chain yeah um back to I'm wearing a CIO hat right now don't tell me we're secure in PowerPoint show me we're secure Today Show me where we're secure tomorrow and then show me we're secure again next week because that's what matters to me if you can show me we're secure I can understand the risk I'm accepting and articulate it up to my board to my Regulators up until now we've had a PowerPoint tell me where secure culture and security and I just don't think that's going to last all that much longer so I think the future of security testing and assessment is this shift from a PowerPoint report to truly showing me that my I'm secure enough you guys auto-generate those statements now you mentioned that earlier that's exactly right because the other part is you know the classic way to do security reports was garbage in garbage out you had a human kind of theoretically fill out a spreadsheet that magically came up with the risk score or security posture that doesn't work that's a check the box mentality what you want to have is an accurate High Fidelity understanding of your blind spots your threat vectors what data is at risk what credentials are at risk you want to look at those results over time how quickly did I find problems how quickly did I fix them how often did they reoccur and that is how you get to a show me where secure culture whether I'm a company or I'm a channel partner working with Horizon 3.ai I have to put my name on the line and say Here's a service level agreement I'm going to stand behind there's levels of compliance you mentioned that earlier how do you guys help that area because that becomes I call the you know below the line I got to do it anyway usually it's you know they grind out the work but it has to be fundamental because if the threats vectors are increasing and you're handling it like you say you are the way it is real time today tomorrow the next day you got to have that other stuff flow into it can you describe how that works under the hood yeah there's there's two parts to it the first part is that attackers don't have to hack in with zero days they log in with credentials that they found but often what attackers are doing is chaining together different types of problems so if you have 10 different tactics you can chain those together a number of different ways it's not just 10 to the 10th it's it's actually because you don't you don't have to use all the tactics at once this is a very large number of combinations that an attacker can apply upon you is what it comes down to and so at the base level what you want to have is what are the the primary tactics that are being used and those tactics are always being added to and evolving what are the primary outcomes that an attacker is trying to achieve steal your data disrupt your systems become a domain admin and borrow and now what you have is it actually looks more like a chess game algorithm than it does any sort of hard-coded automation or anything else which is based on the pieces on the board the the it infrastructure I've discovered what is the next best action to become a domain admin or steal your data and that's the underlying innovation in IP we've created which is next best action Knowledge Graph analytics and adaptiveness to figure out how to combine different problems together to achieve an objective that an attacker cares about so the 3D chess players out there I'd say that's more like 3D chess are the practitioners implementing it but when I think about compliance managers I don't see 3D chess players I see back office accountants in my mind like okay are they actually even understand what comes out of that so how do you handle the compliance side do you guys just check the boxes there is it not part of it is it yeah I I know I don't Envision the compliance guys on the front lines identifying vectors do you know what it doesn't even know what it means yeah it's a great question when you think about uh the market segmentation I think there are we've seen are three basic types of users you've got the the really mature high frequency security testing purple team type folks and for them we are the the force multiplier for them to secure the environment you then have the middle group where the IT person and the security person are the same individual they are barely Treading Water they don't know what their attack surface is and they don't know what to focus on we end up that's actually where we started with the barely Treading Water Persona and that's why we had a product that helped those Network Engineers become superheroes the third segment are those that view security and compliance as synonymous and they don't really care about continuous they care about running and checking the box for PCI and forever else and those customers while they use us they are better served by our partner ecosystem and that's really so the the first two categories tend to use us directly self-service pen tests as often as they want that compliance-minded folks end up going through our partners because they're better served there steel great to have you on thanks for this deep dive on um under the hood section of the interview appreciate it and I think autonomous is is an indicator Beyond pen testing pen testing has become like okay penetration security but this is not going away where do you see this evolving what's next what's next for Horizon take a minute to give a plug for what's going on with copy how do you see it I know you got good margins you're raising Capital always raising money you're not yet public um looking good right now as they say yeah yeah well I think the first thing is our company strategy is in three chapters chapter one is become the best security testing platform in the industry period that's it and be very good at helping you find and fix your security blind spots that's chapter one we've been crushing it there with great customer attraction great partner traction chapter two which we've started to enter is look at our results over time to help that that GRC officer or auditor accurately assess the security posture of an organization and we're going to enter that chapter about this time next year longer term though the big Vision I have is how do I use offense to inform defense so for me chapter three is how do I get away from just security testing towards autonomous security overall where you can use our security testing platform to identify ways to attack that informs defensive tools exactly where to focus how to adjust and so on and now you've got offset and integrated learning Loop between attack and defense that's the future never been done before Master the art of attack to become a better Defender is the bigger vision of the company love the new paradigm security congratulations been following you guys we will continue to follow you thanks for coming on the Special Report congratulations on the new Market expansion International going indirect that a big way congratulations thank you John appreciate it okay this is a special presentation with the cube and Horizon 3.ai I'm John Furrier your host thanks for watching thank you

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

>>Welcome back to a blueprint for trusted infrastructure. We're here with Rob Emsley. Who's the director of product marketing for data protection and cyber security. Rob. Good to see you a new role. >>Yeah. Good to be back, Dave. Good to see you. Yeah, it's been a while since we chatted last and you know, one of the changes in, in my world is that I've expanded my responsibilities beyond data protection marketing, to also focus on cyber security marketing specifically for our infrastructure solutions group. So certainly that's, you know, something that really has driven us to, you know, to come and have this conversation with you today. >>So data protection obviously has become an increasingly important component of the cyber security space. I, I don't think necessarily of, you know, traditional backup and recovery as security it's to me, it's an adjacency. I know some companies have said, oh yeah, now we're a security company. They're kind of chasing the valuation for sure. Bubble. Dell's interesting because you, you have, you know, data protection in the form of backup and recovery and data management, but you also have security, you know, direct security capabilities. So you're sort of bringing those two worlds together and it sounds like your responsibility is to, to connect those, those dots. Is that right? >>Absolutely. Yeah. I mean, I think that the reality is, is that security is a, a multi-layer discipline. I think the, the days of thinking that it's one or another technology that you can use or process that you can use to make your organization secure long gone. I mean, certainly you actually correct. If you think about the backup and recovery space, I mean, people have been doing that for years, you know, certainly backup and recovery. It's all about the recovery. It's all about getting yourself backup and running when bad things happen. And one of the realities, unfortunately today is that one of the worst things that can happen is cyber attacks. You know, ransomware, malware are all things that are top of mind for all organizations today. And that's why you see a lot of technology and a lot of innovation going into the backup and recovery space, because if you have a copy, a good copy of your data, then that is really the, the first place you go to recover from a cyber attack. >>And that's why it's so important. The reality is is that unfortunately the cyber criminals keep on getting smarter. I don't know how it happens, but one of the things that is happening is that the days of them just going after your production data are no longer the only challenge that you have, they go after your, your backup data as well. So over the last half a decade, Dell technologies with its backup and recovery portfolio has introduced the concept of isolated cyber recovery volts. And that is really the, you know, we've had many conversations about that over the years. Yeah. And that's really a big tenant of what we do in the debt protection portfolio. >>So this idea of, of cybersecurity resilience, that definition is evolving. What does it mean to you? >>Yeah, I think the, the analyst team over at Gartner, they wrote a, a very insightful paper called you will be hacked, embraced the breach. And the whole basis of this analysis is so much money's been spent on prevention is that what's outta balance is the amount of budget that companies have spent on cyber resilience and cyber resilience is based upon the premise that you will be hacked. You have to embrace that fact and be ready and prepared to bring yourself back into business. You know, and that's really where cyber resiliency is very, very different than cyber security and prevention, you know, and I think that balance of get your security disciplines well funded, get your defenses as good as you can get them, but make sure that if the inevitable happens and you find yourself compromised that you have a great recovery plan and certainly a great recovery plan, it's really the basis of any good solid data protection backup from recovery philosophy. >>So if I had to do a SWOT analysis, we don't have to do the w OT, but let's focus on the S what would you say are Dell's strengths in this, you know, cybersecurity space, as it relates to data protection. >>One is we've been doing it a long time. You know, we talk a lot about Dell's data protection being proven and modern. You know, certainly the experience that we've had over literally three decades of providing enterprise scale data protection solutions to our customers has really allowed us to have a lot of insight into what works and what doesn't, as I mentioned to you, one of the unique differentiators of our solution is the cyber recovery vaulting solution that we introduce a little over five years ago, five, six years, power protect cyber recovery is something which has become a unique capability for customers to adopt on top of their investment in Dell technologies, data protection, you know, the, the unique elements of our solution already threefold, and it's, we call them the three eyes. It's isolation, it's a mutability and its intelligence. And the, the isolation part is really so important because you need to reduce the attack surface of your good known copies of data. >>You know, you need to put it in a location that the bad actors can't get to it. And that really is the, the, the, the essence of a cyber recovery vault. Interestingly enough, you're starting to see the market throw out that word, you know, from many other places, but really it comes down to having a real discipline that you don't allow the security of your cyber recovery vault to be compromised insofar as allowing it to be controlled from outside of the vault, you know, allowing it to be controlled by your backup application. Our cyber recovery vaulting technology is independent of the backup infrastructure. It uses it, but it controls its own security. And that is so, so important. It's like having a, a vault that the only way to open it is from the inside, you know, and think about that. If you think about, you know, vaults in banks or vaults in your home, normally you have a keypad on the outside, think of our cyber recovery vault as having its security controlled from inside of the vault. >>So nobody can get in, nothing can get in unless it's already in. And if it's already in, then it's trusted. Exactly. Yeah, exactly. Yeah. So isolation's the key. And then you, you mentioned immutability is the second piece. >>Yeah, so I, mutability is, is also something which has been around for a long time. People talk about backup mutability or immutable backup copies. So immutability is just the, the, the additional technology that allows the data that's inside of the vault to be unchangeable, you know, but again, that immutability, you know, your mileage varies, you know, when you look across the, the different offers that are out there in the market, especially in the backup industry, you make a very valid point earlier that the backup vendors in the market seem to be security, washing their marketing messages. I mean, everybody is leaning into the ever present danger of cyber security, not a bad thing, but the reality is is that you have to have the technology to back it up, you know, quite literally, >>Yeah, yeah, no pun intended. Right. And then actually pun intended. Now what about the intelligence piece of it? That's that's AI ML, where does that fit >>For sure. So the intelligence piece is delivered by a solution called cyber sense. And cyber sense for us is what really gives you the confidence that what you have in your cyber recovery volt is a good clean copy of data. So it's looking at the backup copies that get driven into the cyber volt, and it's looking for anomalies. So it's not looking for signatures of malware. You know, that's what your antivirus software does. That's what your endpoint protection software does. That's on the prevention side of the equation. But what we're looking for is we're looking to ensure that the data that you need when all hell breaks loose is good, and that when you get a request to restore and recover your business, you go right, let's go and do it. And you don't have any concern that what you have in the vault has been compromised. >>So cyber sense is really a, a unique analytics solution in the market, based upon the fact that it, it, isn't looking at at cursory indicators of, of, of, of, of malware infection or, or, or ransomware introduction it's doing full content analytics, you know, looking at, you know, has the data in any way changed, has it suddenly become encrypted? Has it suddenly become different to how it was in the previous scan? So that anomaly detection is very, very different. It's looking for, you know, like different characteristics that really are an indicator that something is going on. And of course, if it sees it, you immediately get flagged. But the good news is, is that you always have in the vault, the previous copy of good known data, which now becomes your restore point. >>So we're talking to Rob Emsley about how data protection fits into what Dell calls DT, I, Dell trusted infrastructure. And, and I'm, I want to come back Rob to this notion of, and, or cuz I think a lot of people are skeptical. Like how can I have great security and not introduce friction into my organization? Is that an automation play? How, how does Dell tackle that problem? >>I mean, I think a lot of it is across our infrastructure is, is security has to be built in, I mean, intrinsic security within our servers, within our storage devices, within our elements of our backup infrastructure. I mean, security, multifactor authentication, you know, elements that make the overall infrastructure secure. You know, we have capabilities that, you know, allow us to identify whether or not configurations have changed. You know, we'll probably be talking about that a little bit more to you later in the segment, but the, the essence is, is security is not, not a Bolton. It has to be part of the overall infrastructure. And that's so true, certainly in the data protection space, >>Give us the, the, the bottom line on, on how you see Dell's key differentiators. Maybe you could talk about Dell, of course always talks about its portfolio, but, but why should customers, you know, lead in to Dell in, in this whole cyber resilience space, >>You know, staying on the data protection space. As I mentioned, the, the, the work we've been doing to introduce this cyber resiliency solution for debt protection is in our opinion, as good as it gets, you know, the, you know, you've spoken to a number of our, of our best customers, whether it be Bob bender from founders, federal, or more recently at Delta arches world, you spoke to Tony Bryson yep. From the town of Gilbert. And these are customers that we've had for many years that have implemented cyber recovery volts. And at the end of the day, they can now sleep at night. You know, that's really the, the peace of mind that they have is that the insurance that a data protection from Dell cyber recovery vault a para protect cyber recovery solution, gives them, you know, really allows them to, you know, just have the assurance that they don't have to pay a ransom if they have a, an insider threat issue. And you know, all the way down to data deletion is they know that what's in the cyber recovery vault is good and ready for them to recover from. >>Great, well, Rob, congratulations on the new scope of responsibility. I like how you know, your organization is expanding as the threat surface is expanding. As we said, data protection becoming an adjacency to, to security, not security in and of itself. A key component of a comprehensive security strategy. Rob Emsley. Thank you for coming back in the cube. Good to see you again. >>You too, Dave. Thanks. >>All right. In a moment, I'll be back to wrap up a blueprint for trusted infrastructure. You watching the cube.

the cyber security landscape has changed dramatically over the past 24 to 36 months rapid cloud migration has created a new layer of security defense sure but that doesn't mean csos can relax in many respects it further complicates or at least changes the ciso's scope of responsibilities in particular the threat surface has expanded and that creates more seams and cisos have to make sure their teams pick up where the hyperscaler clouds leave off application developers have become a critical execution point for cyber assurance shift left is the kind of new buzz phrase for devs but organizations still have to shield right meaning the operational teams must continue to partner with secops to make sure infrastructure is resilient so it's no wonder that in etr's latest survey of nearly 1500 cios and it buyers that business technology executives cite security as their number one priority well ahead of other critical technology initiatives including collaboration software cloud computing and analytics rounding out the top four but budgets are under pressure and csos have to prioritize it's not like they have an open checkbook they have to contend with other key initiatives like those just mentioned to secure the funding and what about zero trust can you go out and buy xero trust or is it a framework a mindset in a series of best practices applied to create a security consciousness throughout the organization can you implement zero trust in other words if a machine or human is not explicitly allowed access then access is denied can you implement that policy without constricting organizational agility the question is what's the most practical way to apply that premise and what role does infrastructure play as the enforcer how does automation play in the equation the fact is that today's approach to cyber resilient type resilience can't be an either or it has to be an and conversation meaning you have to ensure data protection while at the same time advancing the mission of the organization with as little friction as possible and don't even talk to me about the edge that's really going to keep you up at night hello and welcome to the special cube presentation a blueprint for trusted infrastructure made possible by dell technologies in this program we explore the critical role that trusted infrastructure plays in cyber security strategies how organizations should think about the infrastructure side of the cyber security equation and how dell specifically approaches securing infrastructure for your business we'll dig into what it means to transform and evolve toward a modern security infrastructure that's both trusted and agile first up are pete gear and steve kenniston they're both senior cyber security consultants at dell technologies and they're going to talk about the company's philosophy and approach to trusted infrastructure and then we're going to speak to paris arcadi who's a senior consultant for storage at dell technologies to understand where and how storage plays in this trusted infrastructure world and then finally rob emsley who heads product marketing for data protection and cyber security he's going to take a deeper dive with rob into data protection and explain how it has become a critical component of a comprehensive cyber security strategy okay let's get started pete gear steve kenniston welcome to the cube thanks for coming into the marlboro studios today great to be here dave thanks dave good to see you great to see you guys pete start by talking about the security landscape you heard my little rap up front what are you seeing i thought you wrapped it up really well and you touched on all the key points right technology is ubiquitous today it's everywhere it's no longer confined to a monolithic data center it lives at the edge it lives in front of us it lives in our pockets and smartphones along with that is data and as you said organizations are managing sometimes 10 to 20 times the amount of data that they were just five years ago and along with that cyber crime has become a very profitable enterprise in fact it's been more than 10 years since uh the nsa chief actually called cyber crime the biggest transfer of wealth in history that was 10 years ago and we've seen nothing but accelerating cyber crime and really sophistication of how those attacks are perpetrated and so the new security landscape is really more of an evolution we're finally seeing security catch up with all of the technology adoption all the build out the work from home and work from anywhere that we've seen over the last couple of years we're finally seeing organizations and really it goes beyond the i t directors it's a board level discussion today security's become a board level discussion yeah i think that's true as well it's like it used to be the security was okay the secops team you're responsible for security now you've got the developers are involved the business lines are involved it's part of onboarding for most companies you know steve this concept of zero trust it was kind of a buzzword before the pandemic and i feel like i've often said it's now become a mandate but it's it's it's still fuzzy to a lot of people how do you guys think about zero trust what does it mean to you how does it fit yeah i thought again i thought your opening was fantastic in in this whole lead into to what is zero trust it had been a buzzword for a long time and now ever since the federal government came out with their implementation or or desire to drive zero trust a lot more people are taking a lot more seriously because i don't think they've seen the government do this but ultimately let's see ultimately it's just like you said right if if you don't have trust to those particular devices uh applications or data you can't get at it the question is and and you phrase it perfectly can you implement that as well as allow the business to be as agile as it needs to be in order to be competitive because we're seeing with your whole notion around devops and the ability to kind of build make deploy build make deploy right they still need that functionality but it also needs to be trusted it needs to be secure and things can't get away from you yeah so it's interesting we attended every uh reinforce since 2019 and the narrative there is hey everything in this in the cloud is great you know and this narrative around oh security is a big problem is you know doesn't help the industry the fact is that the big hyperscalers they're not strapped for talent but csos are they don't have the the capabilities to really apply all these best practices they're they're playing whack-a-mole so they look to companies like yours to take their r your r d and bake it into security products and solutions so what are the critical aspects of the so-called dell trusted infrastructure that we should be thinking about yeah well dell trusted infrastructure for us is a way for us to describe uh the the work that we do through design development and even delivery of our it system so dell trusted infrastructure includes our storage it includes our servers our networking our data protection our hyper converged everything that infrastructure always has been it's just that today customers consume that infrastructure at the edge as a service in a multi-cloud environment i mean i view the cloud as really a way for organizations to become more agile and to become more flexible and also to control costs i don't think organizations move to the cloud or move to a multi-cloud environment to enhance security so i don't see cloud computing as a panacea for security i see it as another attack surface and another uh aspect in front that organizations and and security organizations and departments have to manage it's part of their infrastructure today whether it's in their data center in a cloud or at the edge i mean i think it's a huge point because a lot of people think oh data's in the cloud i'm good it's like steve we've talked about oh why do i have to back up my data it's in the cloud well you might have to recover it someday so i don't know if you have anything to add to that or any additional thoughts on it no i mean i think i think like what pete was saying when it comes to when it comes to all these new vectors for attack surfaces you know people did choose the cloud in order to be more agile more flexible and all that did was open up to the csos who need to pay attention to now okay where can i possibly be attacked i need to be thinking about is that secure and part of the part of that is dell now also understands and thinks about as we're building solutions is it is it a trusted development life cycle so we have our own trusted development life cycle how many times in the past did you used to hear about vendors saying you got to patch your software because of this we think about what changes to our software and what implementations and what enhancements we deliver can actually cause from a security perspective and make sure we don't give up or or have security become a whole just in order to implement a feature we got to think about those things yeah and as pete alluded to our secure supply chain so all the way through knowing what you're going to get when you actually receive it is going to be secure and not be tampered with becomes vitally important and pete and i were talking earlier when you have tens of thousands of devices that need to be delivered whether it be storage or laptops or pcs or or whatever it is you want to be you want to know that that that those devices are can be trusted okay guys maybe pete you could talk about the how dell thinks about it's its framework and its philosophy of cyber security and then specifically what dell's advantages are relative to the competition yeah definitely dave thank you so we've talked a lot about dell as a technology provider but one thing dell also is is a partner in this larger ecosystem we realize that security whether it's a zero trust paradigm or any other kind of security environment is an ecosystem uh with a lot of different vendors so we look at three areas one is protecting data in systems we know that it starts with and ends with data that helps organizations combat threats across their entire infrastructure and what it means is dell's embedding security features consistently across our portfolios of storage servers networking the second is enhancing cyber resiliency over the last decade a lot of the funding and spending has been in protecting or trying to prevent cyber threats not necessarily in responding to and recovering from threats right we call that resiliency organizations need to build resiliency across their organization so not only can they withstand a threat but they can respond recover and continue with their operations and the third is overcoming security complexity security is hard it's more difficult because of the things we've talked about about distributed data distributed technology and and attack surfaces everywhere and so we're enabling organizations to scale confidently to continue their business but know that all all the i.t decisions that they're making um have these intrinsic security features and are built and delivered in a consistent security so those are kind of the three pillars maybe we could end on what you guys see as the key differentiators that people should know about that that dell brings to the table maybe each of you could take take a shot at that yeah i think first of all from from a holistic portfolio perspective right the uh secure supply chain and the secure development life cycle permeate through everything dell does when building things so we build things with security in mind all the way from as pete mentioned from from creation to delivery we want to make sure you have that that secure device or or asset that permeates everything from servers networking storage data protection through hyper converge through everything that to me is really a key asset because that means you can you understand when you receive something it's a trusted piece of your infrastructure i think the other core component to think about and pete mentioned as dell being a partner for making sure you can deliver these things is that even though those are that's part of our framework these pillars are our framework of how we want to deliver security it's also important to understand that we are partners and that you don't need to rip and replace but as you start to put in new components you can be you can be assured that the components that you're replacing as you're evolving as you're growing as you're moving to the cloud as you're moving to a more on-prem type services or whatever that your environment is secure i think those are two key things got it okay pete bring us home yeah i think one of one of the big advantages of dell is our scope and our scale right we're a large technology vendor that's been around for decades and we develop and sell almost every piece of technology we also know that organizations are might make different decisions and so we have a large services organization with a lot of experienced services people that can help customers along their security journey depending on whatever type of infrastructure or solutions that they're looking at the other thing we do is make it very easy to consume our technology whether that's traditional on-premise in a multi-cloud environment uh or as a service and so the best of breed technology can be consumed in any variety of fashion and know that you're getting that consistent secure infrastructure that dell provides well and dell's forgot the probably top supply chain not only in the tech business but probably any business and so you can actually take take your dog food and then and allow other billionaire champagne sorry allow other people to you know share share best practices with your with your customers all right guys thanks so much for coming thank you appreciate it okay keep it right there after this short break we'll be back to drill into the storage domain you're watching a blueprint for trusted infrastructure on the cube the leader in enterprise and emerging tech coverage be right back concern over cyber attacks is now the norm for organizations of all sizes the impact of these attacks can be operationally crippling expensive and have long-term ramifications organizations have accepted the reality of not if but when from boardrooms to i.t departments and are now moving to increase their cyber security preparedness they know that security transformation is foundational to digital transformation and while no one can do it alone dell technologies can help you fortify with modern security modern security is built on three pillars protect your data and systems by modernizing your security approach with intrinsic features and hardware and processes from a provider with a holistic presence across the entire it ecosystem enhance your cyber resiliency by understanding your current level of resiliency for defending your data and preparing for business continuity and availability in the face of attacks overcome security complexity by simplifying and automating your security operations to enable scale insights and extend resources through service partnerships from advanced capabilities that intelligently scale a holistic presence throughout it and decades as a leading global technology provider we'll stop at nothing to help keep you secure okay we're back digging into trusted infrastructure with paris sarcadi he's a senior consultant for product marketing and storage at dell technologies parasaur welcome to the cube good to see you great to be with you dave yeah coming from hyderabad awesome so i really appreciate you uh coming on the program let's start with talking about your point of view on what cyber security resilience means to to dell generally but storage specifically yeah so for something like storage you know we are talking about the data layer name and if you look at cyber security it's all about securing your data applications and infrastructure it has been a very mature field at the network and application layers and there are a lot of great technologies right from you know enabling zero trust advanced authentications uh identity management systems and so on and and in fact you know with the advent of you know the the use of artificial intelligence and machine learning really these detection tools for cyber securities have really evolved in the network and the application spaces so for storage what it means is how can you bring them to the data layer right how can you bring you know the principles of zero trust to the data layer uh how can you leverage artificial intelligence and machine learning to look at you know access patterns and make intelligent decisions about maybe an indicator of a compromise and identify them ahead of time just like you know how it's happening and other ways of applications and when it comes to cyber resilience it's it's basically a strategy which assumes that a threat is imminent and it's a good assumption with the severity of the frequency of the attacks that are happening and the question is how do we fortify the infrastructure in the switch infrastructure to withstand those attacks and have a plan a response plan where we can recover the data and make sure the business continuity is not affected so that's uh really cyber security and cyber resiliency and storage layer and of course there are technologies like you know network isolation immutability and all these principles need to be applied at the storage level as well let me have a follow up on that if i may the intelligence that you talked about that ai and machine learning is that do you do you build that into the infrastructure or is that sort of a separate software module that that points at various you know infrastructure components how does that work both dave right at the data storage level um we have come with various data characteristics depending on the nature of data we developed a lot of signals to see what could be a good indicator of a compromise um and there are also additional applications like cloud iq is the best example which is like an infrastructure wide health monitoring system for dell infrastructure and now we have elevated that to include cyber security as well so these signals are being gathered at cloud iq level and other applications as well so that we can make those decisions about compromise and we can either cascade that intelligence and alert stream upstream for uh security teams um so that they can take actions in platforms like sign systems xtr systems and so on but when it comes to which layer the intelligence is it has to be at every layer where it makes sense where we have the information to make a decision and being closest to the data we have we are basically monitoring you know the various parallels data access who is accessing um are they crossing across any geo fencing uh is there any mass deletion that is happening or a mass encryption that is happening and we are able to uh detect uh those uh patterns and flag them as indicators of compromise and in allowing automated response manual control and so on for it teams yeah thank you for that explanation so at dell technologies world we were there in may it was one of the first you know live shows that that we did in the spring certainly one of the largest and i interviewed shannon champion and a huge takeaway from the storage side was the degree to which you guys emphasized security uh within the operating systems i mean really i mean powermax more than half i think of the features were security related but also the rest of the portfolio so can you talk about the the security aspects of the dell storage portfolio specifically yeah yeah so when it comes to data security and broadly data availability right in the context of cyber resiliency dell storage this you know these elements have been at the core of our um a core strength for the portfolio and the source of differentiation for the storage portfolio you know with almost decades of collective experience of building highly resilient architectures for mission critical data something like power max system which is the most secure storage platform for high-end enterprises and now with the increased focus on cyber security we are extending those core technologies of high availability and adding modern detection systems modern data isolation techniques to offer a comprehensive solution to the customer so that they don't have to piece together multiple things to ensure data security or data resiliency but a well-designed and well-architected solution by design is delivered to them to ensure cyber protection at the data layer got it um you know we were talking earlier to steve kenniston and pete gear about this notion of dell trusted infrastructure how does storage fit into that as a component of that sort of overall you know theme yeah and you know and let me say this if you could adjust because a lot of people might be skeptical that i can actually have security and at the same time not constrict my organizational agility that's old you know not an ore it's an end how do you actually do that if you could address both of those that would be great definitely so for dell trusted infrastructure cyber resiliency is a key component of that and just as i mentioned you know uh air gap isolation it really started with you know power protect cyber recovery you know that was the solution more than three years ago we launched and that was first in the industry which paved way to you know kind of data isolation being a core element of data management and uh for data infrastructure and since then we have implemented these technologies within different storage platforms as well so that customers have the flexibility depending on their data landscape they can approach they can do the right data isolation architecture right either natively from the storage platform or consolidate things into the backup platform and isolate from there and and the other key thing we focus in trusted infrastructure dell infra dell trusted infrastructure is you know the goal of simplifying security for the customers so one good example here is uh you know being able to respond to these cyber threats or indicators of compromise is one thing but an i.t security team may not be looking at the dashboard of the storage systems constantly right storage administration admins may be looking at it so how can we build this intelligence and provide this upstream platforms so that they have a single pane of glass to understand security landscape across applications across networks firewalls as well as storage infrastructure and in compute infrastructure so that's one of the key ways where how we are helping simplify the um kind of the ability to uh respond ability to detect and respond these threads uh in real time for security teams and you mentioned you know about zero trust and how it's a balance of you know not uh kind of restricting users or put heavy burden on you know multi-factor authentication and so on and this really starts with you know what we're doing is provide all the tools you know when it comes to advanced authentication uh supporting external identity management systems multi-factor authentication encryption all these things are intrinsically built into these platforms now the question is the customers are actually one of the key steps is to identify uh what are the most critical parts of their business or what are the applications uh that the most critical business operations depend on and similarly identify uh mission critical data where part of your response plan where it cannot be compromised where you need to have a way to recover once you do this identification then the level of security can be really determined uh by uh by the security teams by the infrastructure teams and you know another you know intelligence that gives a lot of flexibility uh for for even developers to do this is today we have apis um that so you can not only track these alerts at the data infrastructure level but you can use our apis to take concrete actions like blocking a certain user or increasing the level of authentication based on the threat level that has been perceived at the application layer or at the network layer so there is a lot of flexibility that is built into this by design so that depending on the criticality of the data criticality of the application number of users affected these decisions have to be made from time to time and it's as you mentioned it's it's a balance right and sometimes you know if if an organization had a recent attack you know the level of awareness is very high against cyber attacks so for a time you know these these settings may be a bit difficult to deal with but then it's a decision that has to be made by security teams as well got it so you're surfacing what may be hidden kpis that are being buried inside for instance the storage system through apis upstream into a dashboard so that somebody could you know dig into the storage tunnel extract that data and then somehow you know populate that dashboard you're saying you're automating that that that workflow that's a great example and you may have others but is that the correct understanding absolutely and it's a two-way integration let's say a detector an attack has been detected at a completely different layer right in the application layer or at a firewall we can respond to those as well so it's a two-way integration we can cascade things up as well as respond to threats that have been detected elsewhere um uh through the api that's great all right hey api for power skill is the best example for that uh excellent so thank you appreciate that give us the last word put a bow on this and and bring this segment home please absolutely so a dell storage portfolio um using advanced data isolation um with air gap having machine learning based algorithms to detect uh indicators of compromise and having rigor mechanisms with granular snapshots being able to recover data and restore applications to maintain business continuity is what we deliver to customers uh and these are areas where a lot of innovation is happening a lot of product focus as well as you know if you look at the professional services all the way from engineering to professional services the way we build these systems the way we we configure and architect these systems um cyber security and protection is a key focus uh for all these activities and dell.com securities is where you can learn a lot about these initiatives that's great thank you you know at the recent uh reinforce uh event in in boston we heard a lot uh from aws about you know detent and response and devops and machine learning and some really cool stuff we heard a little bit about ransomware but i'm glad you brought up air gaps because we heard virtually nothing in the keynotes about air gaps that's an example of where you know this the cso has to pick up from where the cloud leaves off but that was in front and so number one and number two we didn't hear a ton about how the cloud is making the life of the cso simpler and that's really my takeaway is is in part anyway your job and companies like dell so paris i really appreciate the insights thank you for coming on thecube thank you very much dave it's always great to be in these uh conversations all right keep it right there we'll be right back with rob emsley to talk about data protection strategies and what's in the dell portfolio you're watching thecube data is the currency of the global economy it has value to your organization and cyber criminals in the age of ransomware attacks companies need secure and resilient it infrastructure to safeguard their data from aggressive cyber attacks [Music] as part of the dell technologies infrastructure portfolio powerstor and powermax combine storage innovation with advanced security that adheres to stringent government regulations and corporate compliance requirements security starts with multi-factor authentication enabling only authorized admins to access your system using assigned roles tamper-proof audit logs track system usage and changes so it admins can identify suspicious activity and act with snapshot policies you can quickly automate the protection and recovery process for your data powermax secure snapshots cannot be deleted by any user prior to the retention time expiration dell technologies also make sure your data at rest stays safe with power store and powermax data encryption protects your flash drive media from unauthorized access if it's removed from the data center while adhering to stringent fips 140-2 security requirements cloud iq brings together predictive analytics anomaly detection and machine learning with proactive policy-based security assessments monitoring and alerting the result intelligent insights that help you maintain the security health status of your storage environment and if a security breach does occur power protect cyber recovery isolates critical data identifies suspicious activity and accelerates data recovery using the automated data copy feature unchangeable data is duplicated in a secure digital vault then an operational air gap isolates the vault from the production and backup environments [Music] architected with security in mind dell emc power store and powermax provides storage innovation so your data is always available and always secure wherever and whenever you need it [Music] welcome back to a blueprint for trusted infrastructure we're here with rob emsley who's the director of product marketing for data protection and cyber security rob good to see a new role yeah good to be back dave good to see you yeah it's been a while since we chatted last and you know one of the changes in in my world is that i've expanded my responsibilities beyond data protection marketing to also focus on uh cyber security marketing specifically for our infrastructure solutions group so certainly that's you know something that really has driven us to you know to come and have this conversation with you today so data protection obviously has become an increasingly important component of the cyber security space i i don't think necessarily of you know traditional backup and recovery as security it's to me it's an adjacency i know some companies have said oh yeah now we're a security company they're kind of chasing the valuation for sure bubble um dell's interesting because you you have you know data protection in the form of backup and recovery and data management but you also have security you know direct security capability so you're sort of bringing those two worlds together and it sounds like your responsibility is to to connect those those dots is that right absolutely yeah i mean i think that uh the reality is is that security is a a multi-layer discipline um i think the the days of thinking that it's one uh or another um technology that you can use or process that you can use to make your organization secure uh are long gone i mean certainly um you actually correct if you think about the backup and recovery space i mean people have been doing that for years you know certainly backup and recovery is all about the recovery it's all about getting yourself back up and running when bad things happen and one of the realities unfortunately today is that one of the worst things that can happen is cyber attacks you know ransomware malware are all things that are top of mind for all organizations today and that's why you see a lot of technology and a lot of innovation going into the backup and recovery space because if you have a copy a good copy of your data then that is really the the first place you go to recover from a cyber attack and that's why it's so important the reality is is that unfortunately the cyber criminals keep on getting smarter i don't know how it happens but one of the things that is happening is that the days of them just going after your production data are no longer the only challenge that you have they go after your your backup data as well so over the last half a decade dell technologies with its backup and recovery portfolio has introduced the concept of isolated cyber recovery vaults and that is really the you know we've had many conversations about that over the years um and that's really a big tenant of what we do in the data protection portfolio so this idea of of cyber security resilience that definition is evolving what does it mean to you yeah i think the the analyst team over at gartner they wrote a very insightful paper called you will be hacked embrace the breach and the whole basis of this analysis is so much money has been spent on prevention is that what's out of balance is the amount of budget that companies have spent on cyber resilience and cyber resilience is based upon the premise that you will be hacked you have to embrace that fact and be ready and prepared to bring yourself back into business you know and that's really where cyber resiliency is very very different than cyber security and prevention you know and i think that balance of get your security disciplines well-funded get your defenses as good as you can get them but make sure that if the inevitable happens and you find yourself compromised that you have a great recovery plan and certainly a great recovery plan is really the basis of any good solid data protection backup and recovery uh philosophy so if i had to do a swot analysis we don't have to do the wot but let's focus on the s um what would you say are dell's strengths in this you know cyber security space as it relates to data protection um one is we've been doing it a long time you know we talk a lot about dell's data protection being proven and modern you know certainly the experience that we've had over literally three decades of providing enterprise scale data protection solutions to our customers has really allowed us to have a lot of insight into what works and what doesn't as i mentioned to you one of the unique differentiators of our solution is the cyber recovery vaulting solution that we introduced a little over five years ago five six years parapatek cyber recovery is something which has become a unique capability for customers to adopt uh on top of their investment in dell technologies data protection you know the the unique elements of our solution already threefold and it's we call them the three eyes it's isolation it's immutability and it's intelligence and the the isolation part is really so important because you need to reduce the attack surface of your good known copies of data you know you need to put it in a location that the bad actors can't get to it and that really is the the the the essence of a cyber recovery vault interestingly enough you're starting to see the market throw out that word um you know from many other places but really it comes down to having a real discipline that you don't allow the security of your cyber recovery vault to be compromised insofar as allowing it to be controlled from outside of the vault you know allowing it to be controlled by your backup application our cyber recovery vaulting technology is independent of the backup infrastructure it uses it but it controls its own security and that is so so important it's like having a vault that the only way to open it is from the inside you know and think about that if you think about you know volts in banks or volts in your home normally you have a keypad on the outside think of our cyber recovery vault as having its security controlled from inside of the vault so nobody can get in nothing can get in unless it's already in and if it's already in then it's trusted exactly yeah exactly yeah so isolation is the key and then you mentioned immutability is the second piece yeah so immutability is is also something which has been around for a long time people talk about uh backup immunoability or immutable backup copies so immutability is just the the the additional um technology that allows the data that's inside of the vault to be unchangeable you know but again that immutability you know your mileage varies you know when you look across the uh the different offers that are out there in the market especially in the backup industry you make a very valid point earlier that the backup vendors in the market seems to be security washing their marketing messages i mean everybody is leaning into the ever-present danger of cyber security not a bad thing but the reality is is that you have to have the technology to back it up you know quite literally yeah no pun intended and then actually pun intended now what about the intelligence piece of it uh that's that's ai ml where does that fit for sure so the intelligence piece is delivered by um a solution called cybersense and cybersense for us is what really gives you the confidence that what you have in your cyber recovery vault is a good clean copy of data so it's looking at the backup copies that get driven into the cyber vault and it's looking for anomalies so it's not looking for signatures of malware you know that's what your antivirus software does that's what your endpoint protection software does that's on the prevention side of the equation but what we're looking for is we're looking to ensure that the data that you need when all hell breaks loose is good and that when you get a request to restore and recover your business you go right let's go and do it and you don't have any concern that what you have in the vault has been compromised so cyber sense is really a unique analytic solution in the market based upon the fact that it isn't looking at cursory indicators of of um of of of malware infection or or ransomware introduction it's doing full content analytics you know looking at you know has the data um in any way changed has it suddenly become encrypted has it suddenly become different to how it was in the previous scan so that anomaly detection is very very different it's looking for um you know like different characteristics that really are an indicator that something is going on and of course if it sees it you immediately get flagged but the good news is is that you always have in the vault the previous copy of good known data which now becomes your restore point so we're talking to rob emsley about how data protection fits into what dell calls dti dell trusted infrastructure and and i want to come back rob to this notion of and not or because i think a lot of people are skeptical like how can i have great security and not introduce friction into my organization is that an automation play how does dell tackle that problem i mean i think a lot of it is across our infrastructure is is security has to be built in i mean intrinsic security within our servers within our storage devices uh within our elements of our backup infrastructure i mean security multi-factor authentication you know elements that make the overall infrastructure secure you know we have capabilities that you know allow us to identify whether or not configurations have changed you know we'll probably be talking about that a little bit more to you later in the segment but the the essence is is um security is not a bolt-on it has to be part of the overall infrastructure and that's so true um certainly in the data protection space give us the the bottom line on on how you see dell's key differentiators maybe you could talk about dell of course always talks about its portfolio but but why should customers you know lead in to dell in in this whole cyber resilience space um you know staying on the data protection space as i mentioned the the the work we've been doing um to introduce this cyber resiliency solution for data protection is in our opinion as good as it gets you know the you know you've spoken to a number of our of our best customers whether it be bob bender from founders federal or more recently at delton allergies world you spoke to tony bryson from the town of gilbert and these are customers that we've had for many years that have implemented cyber recovery vaults and at the end of the day they can now sleep at night you know that's really the the peace of mind that they have is that the insurance that a data protection from dell cyber recovery vault a parapatex cyber recovery solution gives them you know really allows them to you know just have the assurance that they don't have to pay a ransom if they have a an insider threat issue and you know all the way down to data deletion is they know that what's in the cyber recovery vault is good and ready for them to recover from great well rob congratulations on the new scope of responsibility i like how you know your organization is expanding as the threat surface is expanding as we said data protection becoming an adjacency to security not security in and of itself a key component of a comprehensive security strategy rob emsley thank you for coming back in the cube good to see you again you too dave thanks all right in a moment i'll be back to wrap up a blueprint for trusted infrastructure you're watching the cube every day it seems there's a new headline about the devastating financial impacts or trust that's lost due to ransomware or other sophisticated cyber attacks but with our help dell technologies customers are taking action by becoming more cyber resilient and deterring attacks so they can greet students daily with a smile they're ensuring that a range of essential government services remain available 24 7 to citizens wherever they're needed from swiftly dispatching public safety personnel or sending an inspector to sign off on a homeowner's dream to protecting restoring and sustaining our precious natural resources for future generations with ever-changing cyber attacks targeting organizations in every industry our cyber resiliency solutions are right on the money providing the security and controls you need we help customers protect and isolate critical data from ransomware and other cyber threats delivering the highest data integrity to keep your doors open and ensuring that hospitals and healthcare providers have access to the data they need so patients get life-saving treatment without fail if a cyber incident does occur our intelligence analytics and responsive team are in a class by themselves helping you reliably recover your data and applications so you can quickly get your organization back up and running with dell technologies behind you you can stay ahead of cybercrime safeguarding your business and your customers vital information learn more about how dell technology's cyber resiliency solutions can provide true peace of mind for you the adversary is highly capable motivated and well equipped and is not standing still your job is to partner with technology vendors and increase the cost of the bad guys getting to your data so that their roi is reduced and they go elsewhere the growing issues around cyber security will continue to drive forward thinking in cyber resilience we heard today that it is actually possible to achieve infrastructure security while at the same time minimizing friction to enable organizations to move quickly in their digital transformations a xero trust framework must include vendor r d and innovation that builds security designs it into infrastructure products and services from the start not as a bolt-on but as a fundamental ingredient of the cloud hybrid cloud private cloud to edge operational model the bottom line is if you can't trust your infrastructure your security posture is weakened remember this program is available on demand in its entirety at thecube.net and the individual interviews are also available and you can go to dell security solutions landing page for for more information go to dell.com security solutions that's dell.com security solutions this is dave vellante thecube thanks for watching a blueprint for trusted infrastructure made possible by dell we'll see you next time

>>Hey everyone. Lisa Martin here with you. I'm with HPE right now. Tony Taylor joins me the director global test and supply chain cybersecurity at HPE. Tony. It's great to have you on the cube. >>Hi, thank you. Lisa's please, please, to be here. >>Tell me a little bit about your role and your background. >>I've been in the computer industry for about 33 years. Done a variety of roles throughout operations, fulfillment, R and D doing different things. My current role here at HPE is to lead in the organization, responsible for developing test solutions and our PCA manufacturing process and our systems integration team. And then we implement a supply chain cybersecurity process. That's focused on internal aspects of development, activities, and strategies, and then how we will drive our supply chain, our suppliers, to make sure that they adhere to these guidelines. >>And your background is engineering. I saw LinkedIn a little bit of science in there. Tell me a little bit about your background and how you got to where you are now. >>Oh, that's a, that's a long story going through school and doing that type of work. I, I, I got a phone call too many years ago and got involved in the computer industry, going from a, a user and working on those processes and then changing that to building product, introducing new product, developing new solutions and ideas, working on innovation and design of new products, new, new hardware, working on new software processes did heuristics level customer testing. So it's just a wide variety of activities. I've spanned a lot of different things over the years, been very fortunate to travel the world live in different parts of the world to bring up these activities. >>I always love to hear people's back stories on how they got to where they were. If it was a zigzaggy path or kind a path >>Was get a phone call from buddy one day, Hey, we're doing this. You wanna do it. Then that's where I ended up. >>And the rest is history. So a lot of dynamics in the last couple of years, obviously we've been hearing so much about the supply chain in the news for various reasons, but what are you seeing in the marketplace where with regards to security and the trusted supply chain, obviously a big focus there. What are you seeing? >>A lot of changes that have been occurring over time and especially in the last couple years with the things that we're seeing geopolitically is changing our, our environments, the threat vectors that we're seeing in, in cybersecurity are changing. They're becoming more sophisticated. They're coming in in different areas. What we're seeing is greater penetration and our customers. We're seeing a greater number of incidences in the, in the field where that, that I told you I'd stumble. The we're seeing a greater number of instances in the field and it's becoming a bigger impact for our customers and, and the supply chain. So we we've seen a tax at the root of the cause where neon gas, we're no longer having those activities that are coming into the, into the space. You're seeing greater ransomware processes and additional challenges associated with the cost associated with these programs. The, the infiltration from a hardware perspective, we've looked at those types of processes going through the supply chain processes are getting hacked more with that increased sophistication, even at the user level with phishing and Sping, those kind of things. And then you're seeing the, the changes in the geopolitical market. That's beginning to drive, you know, governmental aspects and things like that are coming in. So we we've seen roughly about what 10 and a half trillion worth of cybersecurity estimated in 2025, our loss on an annual perspective across the globe is right around a hundred billion, 45% of organizations have experienced or will be experiencing an attack. And by, so it it's just on the rise and it's creating a lot of concern with, with our customers. >>Yeah, it's really not a matter of these days. If we get hit it's when, when, so organizations right across every industry have to be prepared, what is HPE? What is HPE C as opportunities, obviously the threat landscape changing dramatically, but there's opportunities there for your customers truly tighten security. What are some of those opportunities through the HPE lens? >>The, the opportunities as we're looking at it is from an internal perspective, we need to begin focusing on all the activities and work that we're doing. How do we at hard in our environments, how do we, how do we grow those things? And then begin to investigate the things that we need to do at, at the, in the supply base, as those customers are beginning to look at things, hardening their environments, looking at their it systems, where are the areas for penetration within their environments? When you look at the process, we, we think cyber security a lot of times is just about it. Attacks counterfeit is a big aspect associated with this, and that can impact many of the different types of organizations. So what we've done is we created a, a heat map, looking at the different places where we believe those penetrations can take place internal. And that's our, our communication back out to our customers, look at the areas where you can be penetrated. And then where do you think are the, the areas that you really need to focus on? And then look for that remediation plan? I think that's the opportunity for our, our customers is to harden, you know, have a zero trust, but verified type process, >>Right? That's critical these days, as we know that threat landscape has changed so much recently and is only going to continue to change. As we said, it's not a matter of if it's now a matter of when an organizations need to be ready for that. So then you talked about the heat map from a technology. What is to help organizations really achieve a 360 degree approach to security >>From an H focus starts with our chief technology office, right? So we're looking at all the strategies as are coming down. They, we look at designing our hardware solutions to be able to support those activities. We're designing our systems and, and the integration programs around like GreenLake as services that we're able to provide to our customers to support that. And, and then, you know, as we continue to do that, we, we will, you know, look at, look within the supply chain and what are the things that we can do there to help, you know, drive, you know, the, the improvements there to really ensure that the products that are being delivered will make those customers requirements. >>And I understand you might have a teaser for me in terms of what we can expect going forward with HPE, with respect to cybersecurity in the supply chain, >>Lots of really good things that are coming up. And from a supply chain perspective, look for an announcement coming up in October for cybersecurity month, about what our next steps are and how we're really going to attack this problem. >>Excellent. And we'll be waiting for cybersecurity month in October. And to hear that announced from, from HPE, Tony, thanks so much for joining me on the queue today. Talking a little bit about your background, how you got to where you are now, the trusted supply chain and what HPE is doing there to really help customers mitigate the risk. We appreciate your insights and your time. >>Thank you. I appreciate your time. >>All Tony Taylor. I'm Lisa Martin. Thank you so much for watching this conversation. We'll see you next time.

>> From theCUBE Studios in Palo Alto in Boston, bringing you data driven insights from theCUBE and ETR, This is "Breaking Analysis with Dave Vellante". >> Black Hat 22 was held in Las Vegas last week, the same time as theCUBE Supercloud event. Unlike AWS re:Inforce where words are carefully chosen to put a positive spin on security, Black Hat exposes all the warts of cyber and openly discusses its hard truths. It's a conference that's attended by technical experts who proudly share some of the vulnerabilities they've discovered, and, of course, by numerous vendors marketing their products and services. Hello, and welcome to this week's Wikibon CUBE Insights powered by ETR. In this "Breaking Analysis", we summarize what we learned from discussions with several people who attended Black Hat and our analysis from reviewing dozens of keynotes, articles, sessions, and data from a recent Black Hat Attendees Survey conducted by Black Hat and Informa, and we'll end with the discussion of what it all means for the challenges around securing the supercloud. Now, I personally did not attend, but as I said at the top, we reviewed a lot of content from the event which is renowned for its hundreds of sessions, breakouts, and strong technical content that is, as they say, unvarnished. Chris Krebs, the former director of Us cybersecurity and infrastructure security agency, CISA, he gave the keynote, and he spoke about the increasing complexity of tech stacks and the ripple effects that that has on organizational risk. Risk was a big theme at the event. Where re:Inforce tends to emphasize, again, the positive state of cybersecurity, it could be said that Black Hat, as the name implies, focuses on the other end of the spectrum. Risk, as a major theme of the event at the show, got a lot of attention. Now, there was a lot of talk, as always, about the expanded threat service, you hear that at any event that's focused on cybersecurity, and tons of emphasis on supply chain risk as a relatively new threat that's come to the CISO's minds. Now, there was also plenty of discussion about hybrid work and how remote work has dramatically increased business risk. According to data from in Intel 471's Mark Arena, the previously mentioned Black Hat Attendee Survey showed that compromise credentials posed the number one source of risk followed by infrastructure vulnerabilities and supply chain risks, so a couple of surveys here that we're citing, and we'll come back to that in a moment. At an MIT cybersecurity conference earlier last decade, theCUBE had a hypothetical conversation with former Boston Globe war correspondent, Charles Sennott, about the future of war and the role of cyber. We had similar discussions with Dr. Robert Gates on theCUBE at a ServiceNow event in 2016. At Black Hat, these discussions went well beyond the theoretical with actual data from the war in Ukraine. It's clear that modern wars are and will be supported by cyber, but the takeaways are that they will be highly situational, targeted, and unpredictable because in combat scenarios, anything can happen. People aren't necessarily at their keyboards. Now, the role of AI was certainly discussed as it is at every conference, and particularly cyber conferences. You know, it was somewhat dissed as over hyped, not surprisingly, but while AI is not a panacea to cyber exposure, automation and machine intelligence can definitely augment, what appear to be and have been stressed out, security teams can do this by recommending actions and taking other helpful types of data and presenting it in a curated form that can streamline the job of the SecOps team. Now, most cyber defenses are still going to be based on tried and true monitoring and telemetry data and log analysis and curating known signatures and analyzing consolidated data, but increasingly, AI will help with the unknowns, i.e. zero-day threats and threat actor behaviors after infiltration. Now, finally, while much lip service was given to collaboration and public-private partnerships, especially after Stuxsnet was revealed early last decade, the real truth is that threat intelligence in the private sector is still evolving. In particular, the industry, mid decade, really tried to commercially exploit proprietary intelligence and, you know, do private things like private reporting and monetize that, but attitudes toward collaboration are trending in a positive direction was one of the sort of outcomes that we heard at Black Hat. Public-private partnerships are being both mandated by government, and there seems to be a willingness to work together to fight an increasingly capable adversary. These things are definitely on the rise. Now, without this type of collaboration, securing the supercloud is going to become much more challenging and confined to narrow solutions. and we're going to talk about that little later in the segment. Okay, let's look at some of the attendees survey data from Black Hat. Just under 200 really serious security pros took the survey, so not enough to slice and dice by hair color, eye color, height, weight, and favorite movie genre, but enough to extract high level takeaways. You know, these strongly agree or disagree survey responses can sometimes give vanilla outputs, but let's look for the ones where very few respondents strongly agree or disagree with a statement or those that overwhelmingly strongly agree or somewhat agree. So it's clear from this that the respondents believe the following, one, your credentials are out there and available to criminals. Very few people thought that that was, you know, unavoidable. Second, remote work is here to stay, and third, nobody was willing to really jinx their firms and say that they strongly disagree that they'll have to respond to a major cybersecurity incident within the next 12 months. Now, as we've reported extensively, COVID has permanently changed the cybersecurity landscape and the CISO's priorities and playbook. Check out this data that queries respondents on the pandemic's impact on cybersecurity, new requirements to secure remote workers, more cloud, more threats from remote systems and remote users, and a shift away from perimeter defenses that are no longer as effective, e.g. firewall appliances. Note, however, the fifth response that's down there highlighted in green. It shows a meaningful drop in the percentage of remote workers that are disregarding corporate security policy, still too many, but 10 percentage points down from 2021 survey. Now, as we've said many times, bad user behavior will trump good security technology virtually every time. Consistent with the commentary from Mark Arena's Intel 471 threat report, fishing for credentials is the number one concern cited in the Black Hat Attendees Survey. This is a people and process problem more than a technology issue. Yes, using multifactor authentication, changing passwords, you know, using unique passwords, using password managers, et cetera, they're all great things, but if it's too hard for users to implement these things, they won't do it, they'll remain exposed, and their organizations will remain exposed. Number two in the graphic, sophisticated attacks that could expose vulnerabilities in the security infrastructure, again, consistent with the Intel 471 data, and three, supply chain risks, again, consistent with Mark Arena's commentary. Ask most CISOs their number one problem, and they'll tell you, "It's a lack of talent." That'll be on the top of their list. So it's no surprise that 63% of survey respondents believe they don't have the security staff necessary to defend against cyber threats. This speaks to the rise of managed security service providers that we've talked about previously on "Breaking Analysis". We've seen estimates that less than 50% of organizations in the US have a SOC, and we see those firms as ripe for MSSP support as well as larger firms augmenting staff with managed service providers. Now, after re:Invent, we put forth this conceptual model that discussed how the cloud was becoming the first line of defense for CISOs, and DevOps was being asked to do more, things like securing the runtime, the containers, the platform, et cetera, and audit was kind of that last line of defense. So a couple things we picked up from Black Hat which are consistent with this shift and some that are somewhat new, first, is getting visibility across the expanded threat surface was a big theme at Black Hat. This makes it even harder to identify risk, of course, this being the expanded threat surface. It's one thing to know that there's a vulnerability somewhere. It's another thing to determine the severity of the risk, but understanding how easy or difficult it is to exploit that vulnerability and how to prioritize action around that. Vulnerability is increasingly complex for CISOs as the security landscape gets complexified. So what's happening is the SOC, if there even is one at the organization, is becoming federated. No longer can there be one ivory tower that's the magic god room of data and threat detection and analysis. Rather, the SOC is becoming distributed following the data, and as we just mentioned, the SOC is being augmented by the cloud provider and the managed service providers, the MSSPs. So there's a lot of critical security data that is decentralized and this will necessitate a new cyber data model where data can be synchronized and shared across a federation of SOCs, if you will, or mini SOCs or SOC capabilities that live in and/or embedded in an organization's ecosystem. Now, to this point about cloud being the first line of defense, let's turn to a story from ETR that came out of our colleague Eric Bradley's insight in a one-on-one he did with a senior IR person at a manufacturing firm. In a piece that ETR published called "Saved by Zscaler", check out this comment. Quote, "As the last layer, we are filtering all the outgoing internet traffic through Zscaler. And when an attacker is already on your network, and they're trying to communicate with the outside to exchange encryption keys, Zscaler is already blocking the traffic. It happened to us. It happened and we were saved by Zscaler." So that's pretty cool. So not only is the cloud the first line of defense, as we sort of depicted in that previous graphic, here's an example where it's also the last line of defense. Now, let's end on what this all means to securing the supercloud. At our Supercloud 22 event last week in our Palo Alto CUBE Studios, we had a session on this topic on supercloud, securing the supercloud. Security, in our view, is going to be one of the most important and difficult challenges for the idea of supercloud to become real. We reviewed in last week's "Breaking Analysis" a detailed discussion with Snowflake co-founder and president of products, Benoit Dageville, how his company approaches security in their data cloud, what we call a superdata cloud. Snowflake doesn't use the term supercloud. They use the term datacloud, but what if you don't have the focus, the engineering depth, and the bank roll that Snowflake has? Does that mean superclouds will only be developed by those companies with deep pockets and enormous resources? Well, that's certainly possible, but on the securing the supercloud panel, we had three technical experts, Gee Rittenhouse of Skyhigh Security, Piyush Sharrma who's the founder of Accurics who sold to Tenable, and Tony Kueh, who's the former Head of Product at VMware. Now, John Furrier asked each of them, "What is missing? What's it going to take to secure the supercloud? What has to happen?" Here's what they said. Play the clip. >> This is the final question. We have one minute left. I wish we had more time. This is a great panel. We'll bring you guys back for sure after the event. What one thing needs to happen to unify or get through the other side of this fragmentation and then the challenges for supercloud? Because remember, the enterprise equation is solve complexity with more complexity. Well, that's not what the market wants. They want simplicity. They want SaaS. They want ease of use. They want infrastructure risk code. What has to happen? What do you think, each of you? >> So I can start, and extending to the previous conversation, I think we need a consortium. We need a framework that defines that if you really want to operate on supercloud, these are the 10 things that you must follow. It doesn't matter whether you take AWS, Slash, or TCP or you have all, and you will have the on-prem also, which means that it has to follow a pattern, and that pattern is what is required for supercloud, in my opinion. Otherwise, security is going everywhere. They're like they have to fix everything, find everything, and so on and so forth. It's not going to be possible. So they need a framework. They need a consortium, and this consortium needs to be, I think, needs to led by the cloud providers because they're the ones who have these foundational infrastructure elements, and the security vendor should contribute on providing more severe detections or severe findings. So that's, in my opinion, should be the model. >> Great, well, thank you, Gee. >> Yeah, I would think it's more along the lines of a business model. We've seen in cloud that the scale matters, and once you're big, you get bigger. We haven't seen that coalesce around either a vendor, a business model, or whatnot to bring all of this and connect it all together yet. So that value proposition in the industry, I think, is missing, but there's elements of it already available. >> I think there needs to be a mindset. If you look, again, history repeating itself. The internet sort of came together around set of IETF, RSC standards. Everybody embraced and extended it, right? But still, there was, at least, a baseline, and I think at that time, the largest and most innovative vendors understood that they couldn't do it by themselves, right? And so I think what we need is a mindset where these big guys, like Google, let's take an example. They're not going to win at all, but they can have a substantial share. So how do they collaborate with the ecosystem around a set of standards so that they can bring their differentiation and then embrace everybody together. >> Okay, so Gee's point about a business model is, you know, business model being missing, it's broadly true, but perhaps Snowflake serves as a business model where they've just gone out and and done it, setting or trying to set a de facto standard by which data can be shared and monetized. They're certainly setting that standard and mandating that standard within the Snowflake ecosystem with its proprietary framework. You know, perhaps that is one answer, but Tony lays out a scenario where there's a collaboration mindset around a set of standards with an ecosystem. You know, intriguing is this idea of a consortium or a framework that Piyush was talking about, and that speaks to the collaboration or lack thereof that we spoke of earlier, and his and Tony's proposal that the cloud providers should lead with the security vendor ecosystem playing a supporting role is pretty compelling, but can you see AWS and Azure and Google in a kumbaya moment getting together to make that happen? It seems unlikely, but maybe a better partnership between the US government and big tech could be a starting point. Okay, that's it for today. I want to thank the many people who attended Black Hat, reported on it, wrote about it, gave talks, did videos, and some that spoke to me that had attended the event, Becky Bracken, who is the EIC at Dark Reading. They do a phenomenal job and the entire team at Dark Reading, the news desk there, Mark Arena, whom I mentioned, Garrett O'Hara, Nash Borges, Kelly Jackson, sorry, Kelly Jackson Higgins, Roya Gordon, Robert Lipovsky, Chris Krebs, and many others, thanks for the great, great commentary and the content that you put out there, and thanks to Alex Myerson, who's on production, and Alex manages the podcasts for us. Ken Schiffman is also in our Marlborough studio as well, outside of Boston. Kristen Martin and Cheryl Knight, they help get the word out on social media and in our newsletters, and Rob Hoff is our Editor-in-Chief at SiliconANGLE and does some great editing and helps with the titles of "Breaking Analysis" quite often. Remember these episodes, they're all available as podcasts, wherever you listen, just search for "Breaking Analysis Podcasts". I publish each on wikibon.com and siliconangle.com, and you could email me, get in touch with me at david.vellante@siliconangle.com or you can DM me @dvellante or comment on my LinkedIn posts, and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching, and we'll see you next time on "Breaking Analysis". (upbeat music)

from the cube studios in palo alto in boston bringing you data driven insights from the cube and etr this is breaking analysis with dave vellante at our inaugural super cloud 22 event we further refined the concept of a super cloud iterating on the definition the salient attributes and some examples of what is and what is not a super cloud welcome to this week's wikibon cube insights powered by etr you know snowflake has always been what we feel is one of the strongest examples of a super cloud and in this breaking analysis from our studios in palo alto we unpack our interview with benoit de javille co-founder and president of products at snowflake and we test our super cloud definition on the company's data cloud platform and we're really looking forward to your feedback first let's examine how we defl find super cloudant very importantly one of the goals of super cloud 22 was to get the community's input on the definition and iterate on previous work super cloud is an emerging computing architecture that comprises a set of services which are abstracted from the underlying primitives of hyperscale clouds we're talking about services such as compute storage networking security and other native tooling like machine learning and developer tools to create a global system that spans more than one cloud super cloud as shown on this slide has five essential properties x number of deployment models and y number of service models we're looking for community input on x and y and on the first point as well so please weigh in and contribute now we've identified these five essential elements of a super cloud let's talk about these first the super cloud has to run its services on more than one cloud leveraging the cloud native tools offered by each of the cloud providers the builder of the super cloud platform is responsible for optimizing the underlying primitives of each cloud and optimizing for the specific needs be it cost or performance or latency or governance data sharing security etc but those primitives must be abstracted such that a common experience is delivered across the clouds for both users and developers the super cloud has a metadata intelligence layer that can maximize efficiency for the specific purpose of the super cloud i.e the purpose that the super cloud is intended for and it does so in a federated model and it includes what we call a super pass this is a prerequisite that is a purpose-built component and enables ecosystem partners to customize and monetize incremental services while at the same time ensuring that the common experiences exist across clouds now in terms of deployment models we'd really like to get more feedback on this piece but here's where we are so far based on the feedback we got at super cloud 22. we see three deployment models the first is one where a control plane may run on one cloud but supports data plane interactions with more than one other cloud the second model instantiates the super cloud services on each individual cloud and within regions and can support interactions across more than one cloud with a unified interface connecting those instantiations those instances to create a common experience and the third model superimposes its services as a layer or in the case of snowflake they call it a mesh on top of the cloud on top of the cloud providers region or regions with a single global instantiation a single global instantiation of those services which spans multiple cloud providers this is our understanding from a comfort the conversation with benoit dejaville as to how snowflake approaches its solutions and for now we're going to park the service models we need to more time to flesh that out and we'll propose something shortly for you to comment on now we peppered benoit dejaville at super cloud 22 to test how the snowflake data cloud aligns to our concepts and our definition let me also say that snowflake doesn't use the term data cloud they really want to respect and they want to denigrate the importance of their hyperscale partners nor do we but we do think the hyperscalers today anyway are building or not building what we call super clouds but they are but but people who bar are building super clouds are building on top of hyperscale clouds that is a prerequisite so here are the questions that we tested with snowflake first question how does snowflake architect its data cloud and what is its deployment model listen to deja ville talk about how snowflake has architected a single system play the clip there are several ways to do this you know uh super cloud as as you name them the way we we we picked is is to create you know one single system and that's very important right the the the um [Music] there are several ways right you can instantiate you know your solution uh in every region of a cloud and and you know potentially that region could be a ws that region could be gcp so you are indeed a multi-cloud solution but snowflake we did it differently we are really creating cloud regions which are superposed on top of the cloud provider you know region infrastructure region so we are building our regions but but where where it's very different is that each region of snowflake is not one in instantiation of our service our service is global by nature we can move data from one region to the other when you land in snowflake you land into one region but but you can grow from there and you can you know exist in multiple clouds at the same time and that's very important right it's not one single i mean different instantiation of a system is one single instantiation which covers many cloud regions and many cloud providers snowflake chose the most advanced level of our three deployment models dodgeville talked about too presumably so it could maintain maximum control and ensure that common experience like the iphone model next we probed about the technical enablers of the data cloud listen to deja ville talk about snow grid he uses the term mesh and then this can get confusing with the jamaicani's data mesh concept but listen to benoit's explanation well as i said you know first we start by building you know snowflake regions we have today furry region that spawn you know the world so it's a worldwide worldwide system with many regions but all these regions are connected together they are you know meshed together with our technology we name it snow grid and that makes it hard because you know regions you know azure region can talk to a ws region or gcp regions and and as a as a user of our cloud you you don't see really these regional differences that you know regions are in different you know potentially clown when you use snowflake you can exist your your presence as an organization can be in several regions several clouds if you want geographic and and and both geographic and cloud provider so i can share data irrespective of the the cloud and i'm in the snowflake data cloud is that correct i can do that today exactly and and that's very critical right what we wanted is to remove data silos and and when you instantiate a system in one single region and that system is locked in that region you cannot communicate with other parts of the world you are locking the data in one region right and we didn't want to do that we wanted you know data to be distributed the way customer wants it to be distributed across the world and potentially sharing data at world scale now maybe there are many ways to skin the other cat meaning perhaps if a platform does instantiate in multiple places there are ways to share data but this is how snowflake chose to approach the problem next question how do you deal with latency in this big global system this is really important to us because while snowflake has some really smart people working as engineers and and the like we don't think they've solved for the speed of light problem the best people working on it as we often joke listen to benoit deja ville's comments on this topic so yes and no the the way we do it it's very expensive to do that because generally if you want to join you know data which is in which are in different regions and different cloud it's going to be very expensive because you need to move you know data every time you join it so the way we do it is that you replicate the subset of data that you want to access from one region from other regions so you can create this data mesh but data is replicated to make it very cheap and very performant too and is the snow grid does that have the metadata intelligence yes to actually can you describe that a little bit yeah snow grid is both uh a way to to exchange you know metadata about so each region of snowflake knows about all the other regions of snowflake every time we create a new region diary you know the metadata is distributed over our data cloud not only you know region knows all the regions but knows you know every organization that exists in our clouds where this organization is where data can be replicated by this organization and then of course it's it's also used as a way to uh uh exchange data right so you can exchange you know beta by scale of data size and we just had i was just receiving an email from one of our customers who moved more than four petabytes of data cross-region cross you know cloud providers in you know few days and you know it's a lot of data so it takes you know some time to move but they were able to do that online completely online and and switch over you know to the diff to the other region which is failover is very important also so yes and no probably means typically no he says yes and no probably means no so it sounds like snowflake is selectively pulling small amounts of data and replicating it where necessary but you also heard him talk about the metadata layer which is one of the essential aspects of super cloud okay next we dug into security it's one of the most important issues and we think one of the hardest parts related to deploying super cloud so we've talked about how the cloud has become the first line of defense for the cso but now with multi-cloud you have multiple first lines of defense and that means multiple shared responsibility models and multiple tool sets from different cloud providers and an expanded threat surface so listen to benoit's explanation here please play the clip this is a great question uh security has always been the most important aspect of snowflake since day one right this is the question that every customer of ours has you know how you can you guarantee the security of my data and so we secure data really tightly in region we have several layers of security it starts by by encrypting it every data at rest and that's very important a lot of customers are not doing that right you hear these attacks for example on on cloud you know where someone left you know their buckets uh uh open and then you know you can access the data because it's a non-encrypted uh so we are encrypting everything at rest we are encrypting everything in transit so a region is very secure now you know you never from one region you never access data from another region in snowflake that's why also we replicate data now the replication of that data across region or the metadata for that matter is is really highly secure so snow grits ensure that everything is encrypted everything is you know we have multiple you know encryption keys and it's you know stored in hardware you know secure modules so we we we built you know snow grids such that it's secure and it allows very secure movement of data so when we heard this explanation we immediately went to the lowest common denominator question meaning when you think about how aws for instance deals with data in motion or data and rest it might be different from how another cloud provider deals with it so how does aws uh uh uh differences for example in the aws maturity model for various you know cloud capabilities you know let's say they've got a faster nitro or graviton does it do do you have to how does snowflake deal with that do they have to slow everything else down like imagine a caravan cruising you know across the desert so you know every truck can keep up let's listen it's a great question i mean of course our software is abstracting you know all the cloud providers you know infrastructure so that when you run in one region let's say aws or azure it doesn't make any difference as far as the applications are concerned and and this abstraction of course is a lot of work i mean really really a lot of work because it needs to be secure it needs to be performance and you know every cloud and it has you know to expose apis which are uniform and and you know cloud providers even though they have potentially the same concept let's say blob storage apis are completely different the way you know these systems are secure it's completely different the errors that you can get and and the retry you know mechanism is very different from one cloud to the other performance is also different we discovered that when we were starting to port our software and and and you know we had to completely rethink how to leverage blob storage in that cloud versus that cloud because just of performance too so we had you know for example to you know stripe data so all this work is work that's you know you don't need as an application because our vision really is that applications which are running in our data cloud can you know be abstracted of all this difference and and we provide all the services all the workload that this application need whether it's transactional access to data analytical access to data you know managing you know logs managing you know metrics all of these is abstracted too such that they are not you know tied to one you know particular service of one cloud and and distributing this application across you know many regions many cloud is very seamless so from that answer we know that snowflake takes care of everything but we really don't understand the performance implications in you know in that specific case but we feel pretty certain that the promises that snowflake makes around governance and security within their data sharing construct construct will be kept now another criterion that we've proposed for super cloud is a super pass layer to create a common developer experience and an enabler for ecosystem partners to monetize please play the clip let's listen we build it you know a custom build because because as you said you know what exists in one cloud might not exist in another cloud provider right so so we have to build you know on this all these this components that modern application mode and that application need and and and and that you know goes to machine learning as i say transactional uh analytical system and the entire thing so such that they can run in isolation basically and the objective is the developer experience will be identical across those clouds yes right the developers doesn't need to worry about cloud provider and actually our system we have we didn't talk about it but the marketplace that we have which allows actually to deliver we're getting there yeah okay now we're not going to go deep into ecosystem today we've talked about snowflakes strengths in this regard but snowflake they pretty much ticked all the boxes on our super cloud attributes and definition we asked benoit dejaville to confirm that this is all shipping and available today and he also gave us a glimpse of the future play the clip and we are still developing it you know the transactional you know unistore as we call it was announced in last summit so so they are still you know working properly but but but that's the vision right and and and that's important because we talk about the infrastructure right you mentioned a lot about storage and compute but it's not only that right when you think about application they need to use the transactional database they need to use an analytical system they need to use you know machine learning so you need to provide also all these services which are consistent across all the cloud providers so you can hear deja ville talking about expanding beyond taking advantage of the core infrastructure storage and networking et cetera and bringing intelligence to the data through machine learning and ai so of course there's more to come and there better be at this company's valuation despite the recent sharp pullback in a tightening fed environment okay so i know it's cliche but everyone's comparing snowflakes and data bricks databricks has been pretty vocal about its open source posture compared to snowflakes and it just so happens that we had aligotsy on at super cloud 22 as well he wasn't in studio he had to do remote because i guess he's presenting at an investor conference this week so we had to bring him in remotely now i didn't get to do this interview john furrier did but i listened to it and captured this clip about how data bricks sees super cloud and the importance of open source take a listen to goatzee yeah i mean let me start by saying we just we're big fans of open source we think that open source is a force in software that's going to continue for you know decades hundreds of years and it's going to slowly replace all proprietary code in its way we saw that you know it could do that with the most advanced technology windows you know proprietary operating system very complicated got replaced with linux so open source can pretty much do anything and what we're seeing with the data lake house is that slowly the open source community is building a replacement for the proprietary data warehouse you know data lake machine learning real-time stack in open source and we're excited to be part of it for us delta lake is a very important project that really helps you standardize how you lay out your data in the cloud and with it comes a really important protocol called delta sharing that enables you in an open way actually for the first time ever share large data sets between organizations but it uses an open protocol so the great thing about that is you don't need to be a database customer you don't even like databricks you just need to use this open source project and you can now securely share data sets between organizations across clouds and it actually does so really efficiently just one copy of the data so you don't have to copy it if you're within the same cloud so the implication of ellie gotzi's comments is that databricks with delta sharing as john implied is playing a long game now i don't know if enough about the databricks architecture to comment in detail i got to do more research there so i reached out to my two analyst friends tony bear and sanji mohan to see what they thought because they cover these companies pretty closely here's what tony bear said quote i've viewed the divergent lake house strategies of data bricks and snowflake in the context of their roots prior to delta lake databrick's prime focus was the compute not the storage layer and more specifically they were a compute engine not a database snowflake approached from the opposite end of the pool as they originally fit the mold of the classic database company rather than a specific compute engine per se the lake house pushes both companies outside of their original comfort zones data bricks to storage snowflake to compute engine so it makes perfect sense for databricks to embrace the open source narrative at the storage layer and for snowflake to continue its walled garden approach but in the long run their strategies are already overlapping databricks is not a 100 open source company its practitioner experience has always been proprietary and now so is its sql query engine likewise snowflake has had to open up with the support of iceberg for open data lake format the question really becomes how serious snowflake will be in making iceberg a first-class citizen in its environment that is not necessarily officially branding a lake house but effectively is and likewise can databricks deliver the service levels associated with walled gardens through a more brute force approach that relies heavily on the query engine at the end of the day those are the key requirements that will matter to data bricks and snowflake customers end quote that was some deep thought by by tony thank you for that sanjay mohan added the following quote open source is a slippery slope people buy mobile phones based on open source android but it's not fully open similarly databricks delta lake was not originally fully open source and even today its photon execution engine is not we are always going to live in a hybrid world snowflake and databricks will support whatever model works best for them and their customers the big question is do customers care as deeply about which vendor has a higher degree of openness as we technology people do i believe customers evaluation criteria is far more nuanced than just to decipher each vendor's open source claims end quote okay so i had to ask dodgeville about their so-called wall garden approach and what their strategy is with apache iceberg here's what he said iceberg is is very important so just to to give some context iceberg is an open you know table format right which was you know first you know developed by netflix and netflix you know put it open source in the apache community so we embrace that's that open source standard because because it's widely used by by many um many you know companies and also many companies have you know really invested a lot of effort in building you know big data hadoop solution or data like solution and they want to use snowflake and they couldn't really use snowflake because all their data were in open you know formats so we are embracing icebergs to help these companies move through the cloud but why we have been relentless with direct access to data direct access to data is a little bit of a problem for us and and the reason is when you direct access to data now you have direct access to storage now you have to understand for example the specificity of one cloud versus the other so as soon as you start to have direct access to data you lose your you know your cloud diagnostic layer you don't access data with api when you have direct access to data it's very hard to secure data because you need to grant access direct access to tools which are not you know protected and you see a lot of you know hacking of of data you know because of that so so that was not you know direct access to data is not serving well our customers and that's why we have been relented to do that because it's it's cr it's it's not cloud diagnostic it's it's you you have to code that you have to you you you need a lot of intelligence while apis access so we want open apis that's that's i guess the way we embrace you know openness is is by open api versus you know you access directly data here's my take snowflake is hedging its bets because enough people care about open source that they have to have some open data format options and it's good optics and you heard benoit deja ville talk about the risks of directly accessing the data and the complexities it brings now is that maybe a little fud against databricks maybe but same can be said for ollie's comments maybe flooding the proprietaryness of snowflake but as both analysts pointed out open is a spectrum hey i remember unix used to equal open systems okay let's end with some etr spending data and why not compare snowflake and data bricks spending profiles this is an xy graph with net score or spending momentum on the y-axis and pervasiveness or overlap in the data set on the x-axis this is data from the january survey when snowflake was holding above 80 percent net score off the charts databricks was also very strong in the upper 60s now let's fast forward to this next chart and show you the july etr survey data and you can see snowflake has come back down to earth now remember anything above 40 net score is highly elevated so both companies are doing well but snowflake is well off its highs and data bricks has come down somewhat as well databricks is inching to the right snowflake rocketed to the right post its ipo and as we know databricks wasn't able to get to ipo during the covet bubble ali gotzi is at the morgan stanley ceo conference this week they got plenty of cash to withstand a long-term recession i'm told and they've started the message that they're a billion dollars in annualized revenue i'm not sure exactly what that means i've seen some numbers on their gross margins i'm not sure what that means i've seen some numbers on their net retention revenue or net revenue retention again i'll reserve judgment until we see an s1 but it's clear both of these companies have momentum and they're out competing in the market well as always be the ultimate arbiter different philosophies perhaps is it like democrats and republicans well it could be but they're both going after a solving data problem both companies are trying to help customers get more value out of their data and both companies are highly valued so they have to perform for their investors to paraphrase ralph nader the similarities may be greater than the differences okay that's it for today thanks to the team from palo alto for this awesome super cloud studio build alex myerson and ken shiffman are on production in the palo alto studios today kristin martin and sheryl knight get the word out to our community rob hoff is our editor-in-chief over at siliconangle thanks to all please check out etr.ai for all the survey data remember these episodes are all available as podcasts wherever you listen just search breaking analysis podcasts i publish each week on wikibon.com and siliconangle.com and you can email me at david.vellante at siliconangle.com or dm me at devellante or comment on my linkedin posts and please as i say etr has got some of the best survey data in the business we track it every quarter and really excited to be partners with them this is dave vellante for the cube insights powered by etr thanks for watching and we'll see you next time on breaking analysis [Music] you

(gentle upbeat music) >> Welcome back everyone, to "theCUBE"'s live stage performance here in Palo Alto, California at "theCUBE" Studios. I'm John Furrier with Dave Vellante, kicking off our first inaugural Supercloud event. It's an editorial event, we wanted to bring together the best in the business, the smartest, the biggest, the up-and-coming startups, venture capitalists, everybody, to weigh in on this new Supercloud trend, this structural change in the cloud computing business. We're about to run the Ecosystem Speaks, which is a bunch of pre-recorded companies that wanted to get their voices on the record, so stay tuned for the rest of the day. We'll be replaying all that content and they're going to be having some really good commentary and hear what they have to say. I had a chance to interview and so did Dave. Dave, this is our closing segment where we kind of unpack everything or kind of digest and report. So much to kind of digest from the conversations today, a wide range of commentary from Supercloud operating system to developers who are in charge to maybe it's an ops problem or maybe Oracle's a Supercloud. I mean, that was debated. So so much discussion, lot to unpack. What was your favorite moments? >> Well, before I get to that, I think, I go back to something that happened at re:Invent last year. Nick Sturiale came up, Steve Mullaney from Aviatrix; we're going to hear from him shortly in the Ecosystem Speaks. Nick Sturiale's VC said "it's happening"! And what he was talking about is this ecosystem is exploding. They're building infrastructure or capabilities on top of the CapEx infrastructure. So, I think it is happening. I think we confirmed today that Supercloud is a thing. It's a very immature thing. And I think the other thing, John is that, it seems to me that the further you go up the stack, the weaker the business case gets for doing Supercloud. We heard from Marianna Tessel, it's like, "Eh, you know, we can- it was easier to just do it all on one cloud." This is a point that, Adrian Cockcroft just made on the panel and so I think that when you break out the pieces of the stack, I think very clearly the infrastructure layer, what we heard from Confluent and HashiCorp, and certainly VMware, there's a real problem there. There's a real need at the infrastructure layer and then even at the data layer, I think Benoit Dageville did a great job of- You know, I was peppering him with all my questions, which I basically was going through, the Supercloud definition and they ticked the box on pretty much every one of 'em as did, by the way Ali Ghodsi you know, the big difference there is the philosophy of Republicans and Democrats- got open versus closed, not to apply that to either one side, but you know what I mean! >> And the similarities are probably greater than differences. >> Berkely, I would probably put them on the- >> Yeah, we'll put them on the Democrat side we'll make Snowflake the Republicans. But so- but as we say there's a lot of similarities as well in terms of what their objectives are. So, I mean, I thought it was a great program and a really good start to, you know, an industry- You brought up the point about the industry consortium, asked Kit Colbert- >> Yep. >> If he thought that was something that was viable and what'd they say? That hyperscale should lead it? >> Yeah, they said hyperscale should lead it and there also should be an industry consortium to get the voices out there. And I think VMware is very humble in how they're putting out their white paper because I think they know that they can't do it all and that they do not have a great track record relative to cloud. And I think, but they have a great track record of loyal installed base ops people using VMware vSphere all the time. >> Yeah. >> So I think they need a catapult moment where they can catapult to the cloud native which they've been working on for years under Raghu and the team. So the question on VMware is in the light of Broadcom, okay, acquisition of VMware, this is an opportunity or it might not be an opportunity or it might be a spin-out or something, I just think VMware's got way too much engineering culture to be ignored, Dave. And I think- well, I'm going to watch this very closely because they can pull off some sort of rallying moment. I think they could. And then you hear the upstarts like Platform9, Rafay Systems and others they're all like, "Yes, we need to unify behind something. There needs to be some sort of standard". You know, we heard the argument of you know, more standards bodies type thing. So, it's interesting, maybe "theCUBE" could be that but we're going to certainly keep the conversation going. >> I thought one of the most memorable statements was Vittorio who said we- for VMware, we want our cake, we want to eat it too and we want to lose weight. So they have a lot of that aspirations there! (John laughs) >> And then I thought, Adrian Cockcroft said you know, the devs, they want to get married. They were marrying everybody, and then the ops team, they have to deal with the divorce. >> Yeah. >> And I thought that was poignant. It's like, they want consistency, they want standards, they got to be able to scale And Lori MacVittie, I'm not sure you agree with this, I'd have to think about it, but she was basically saying, all we've talked about is devs devs devs for the last 10 years, going forward we're going to be talking about ops. >> Yeah, and I think one of the things I learned from this day and looking back, and some kind of- I've been sauteing through all the interviews. If you zoom out, for me it was the epiphany of developers are still in charge. And I've said, you know, the developers are doing great, it's an ops security thing. Not sure I see that the way I was seeing before. I think what I learned was the refactoring pattern that's emerging, In Sik Rhee brought this up from Vertex Ventures with Marianna Tessel, it's a nuanced point but I think he's right on which is the pattern that's emerging is developers want ease-of-use tooling, they're driving the change and I think the developers in the devs ops ethos- it's never going to be separate. It's going to be DevOps. That means developers are driving operations and then security. So what I learned was it's not ops teams leveling up, it's devs redefining what ops is. >> Mm. And I think that to me is where Supercloud's going to be interesting- >> Forcing that. >> Yeah. >> Forcing the change because the structural change is open sources thriving, devs are still in charge and they still want more developers, Vittorio "we need more developers", right? So the developers are in charge and that's clear. Now, if that happens- if you believe that to be true the domino effect of that is going to be amazing because then everyone who gets on the wrong side of history, on the ops and security side, is going to be fighting a trend that may not be fight-able, you know, it might be inevitable. And so the winners are the ones that are refactoring their business like Snowflake. Snowflake is a data warehouse that had nothing to do with Amazon at first. It was the developers who said "I'm going to refactor data warehouse on AWS". That is a developer-driven refactorization and a business model. So I think that's the pattern I'm seeing is that this concept refactoring, patterns and the developer trajectory is critical. >> I thought there was another great comment. Maribel Lopez, her Lord of the Rings comment: "there will be no one ring to rule them all". Now at the same time, Kit Colbert, you know what we asked him straight out, "are you the- do you want to be the, the Supercloud OS?" and he basically said, "yeah, we do". Now, of course they're confined to their world, which is a pretty substantial world. I think, John, the reason why Maribel is so correct is security. I think security's a really hard problem to solve. You've got cloud as the first layer of defense and now you've got multiple clouds, multiple layers of defense, multiple shared responsibility models. You've got different tools for XDR, for identity, for governance, for privacy all within those different clouds. I mean, that really is a confusing picture. And I think the hardest- one of the hardest parts of Supercloud to solve. >> Yeah, and I thought the security founder Gee Rittenhouse, Piyush Sharrma from Accurics, which sold to Tenable, and Tony Kueh, former head of product at VMware. >> Right. >> Who's now an investor kind of looking for his next gig or what he is going to do next. He's obviously been extremely successful. They brought up the, the OS factor. Another point that they made I thought was interesting is that a lot of the things to do to solve the complexity is not doable. >> Yeah. >> It's too much work. So managed services might field the bit. So, and Chris Hoff mentioned on the Clouderati segment that the higher level services being a managed service and differentiating around the service could be the key competitive advantage for whoever does it. >> I think the other thing is Chris Hoff said "yeah, well, Web 3, metaverse, you know, DAO, Superclouds" you know, "Stupercloud" he called it and this bring up- It resonates because one of the criticisms that Charles Fitzgerald laid on us was, well, it doesn't help to throw out another term. I actually think it does help. And I think the reason it does help is because it's getting people to think. When you ask people about Supercloud, they automatically- it resonates with them. They play back what they think is the future of cloud. So Supercloud really talks to the future of cloud. There's a lot of aspects to it that need to be further defined, further thought out and we're getting to the point now where we- we can start- begin to say, okay that is Supercloud or that isn't Supercloud. >> I think that's really right on. I think Supercloud at the end of the day, for me from the simplest way to describe it is making sure that the developer experience is so good that the operations just happen. And Marianna Tessel said, she's investing in making their developer experience high velocity, very easy. So if you do that, you have to run on premise and on the cloud. So hybrid really is where Supercloud is going right now. It's not multi-cloud. Multi-cloud was- that was debunked on this session today. I thought that was clear. >> Yeah. Yeah, I mean I think- >> It's not about multi-cloud. It's about operationally seamless operations across environments, public cloud to on-premise, basically. >> I think we got consensus across the board that multi-cloud, you know, is a symptom Chuck Whitten's thing of multi-cloud by default versus multi- multi-cloud has not been a strategy, Kit Colbert said, up until the last couple of years. Yeah, because people said, "oh we got all these multiple clouds, what do we do with it?" and we got this mess that we have to solve. Whereas, I think Supercloud is something that is a strategy and then the other nuance that I keep bringing up is it's industries that are- as part of their digital transformation, are building clouds. Now, whether or not they become superclouds, I'm not convinced. I mean, what Goldman Sachs is doing, you know, with AWS, what Walmart's doing with Azure connecting their on-prem tools to those public clouds, you know, is that a supercloud? I mean, we're going to have to go back and really look at that definition. Or is it just kind of a SAS that spans on-prem and cloud. So, as I said, the further you go up the stack, the business case seems to wane a little bit but there's no question in my mind that from an infrastructure standpoint, to your point about operations, there's a real requirement for super- what we call Supercloud. >> Well, we're going to keep the conversation going, Dave. I want to put a shout out to our founding supporters of this initiative. Again, we put this together really fast kind of like a pilot series, an inaugural event. We want to have a face-to-face event as an industry event. Want to thank the founding supporters. These are the people who donated their time, their resource to contribute content, ideas and some cash, not everyone has committed some financial contribution but we want to recognize the names here. VMware, Intuit, Red Hat, Snowflake, Aisera, Alteryx, Confluent, Couchbase, Nutanix, Rafay Systems, Skyhigh Security, Aviatrix, Zscaler, Platform9, HashiCorp, F5 and all the media partners. Without their support, this wouldn't have happened. And there are more people that wanted to weigh in. There was more demand than we could pull off. We'll certainly continue the Supercloud conversation series here on "theCUBE" and we'll add more people in. And now, after this session, the Ecosystem Speaks session, we're going to run all the videos of the big name companies. We have the Nutanix CEOs weighing in, Aviatrix to name a few. >> Yeah. Let me, let me chime in, I mean you got Couchbase talking about Edge, Platform 9's going to be on, you know, everybody, you know Insig was poopoo-ing Oracle, but you know, Oracle and Azure, what they did, two technical guys, developers are coming on, we dig into what they did. Howie Xu from Zscaler, Paula Hansen is going to talk about going to market in the multi-cloud world. You mentioned Rajiv, the CEO of Nutanix, Ramesh is going to talk about multi-cloud infrastructure. So that's going to run now for, you know, quite some time here and some of the pre-record so super excited about that and I just want to thank the crew. I hope guys, I hope you have a list of credits there's too many of you to mention, but you know, awesome jobs really appreciate the work that you did in a very short amount of time. >> Well, I'm excited. I learned a lot and my takeaway was that Supercloud's a thing, there's a kind of sense that people want to talk about it and have real conversations, not BS or FUD. They want to have real substantive conversations and we're going to enable that on "theCUBE". Dave, final thoughts for you. >> Well, I mean, as I say, we put this together very quickly. It was really a phenomenal, you know, enlightening experience. I think it confirmed a lot of the concepts and the premises that we've put forth, that David Floyer helped evolve, that a lot of these analysts have helped evolve, that even Charles Fitzgerald with his antagonism helped to really sharpen our knives. So, you know, thank you Charles. And- >> I like his blog, by the I'm a reader- >> Yeah, absolutely. And it was great to be back in Palo Alto. It was my first time back since pre-COVID, so, you know, great job. >> All right. I want to thank all the crew and everyone. Thanks for watching this first, inaugural Supercloud event. We are definitely going to be doing more of these. So stay tuned, maybe face-to-face in person. I'm John Furrier with Dave Vellante now for the Ecosystem chiming in, and they're going to speak and share their thoughts here with "theCUBE" our first live stage performance event in our studio. Thanks for watching. (gentle upbeat music)

>>Okay, welcome back everyone to Supercloud 22, this is the cube studio's live performance. We streaming virtually@siliconangledotcomandthecube.net. I'm John for host the cube at Dave Alane with a distinguished panel talking about securing the Supercloud all cube alumni G written house was the CEO of Skyhigh security, Peter Sharma founder of, of QX sold to tenable and Tony qua who's investor. Co-founder former head of product at VMware chance. Thanks for coming on and to our, in all girls super cloud pilot event. >>Good to see you guys big topic. >>Okay. So before we get into secure in the cloud, one of the things that we were discussing before we came on camera was how cloud, the relationship between cloud and on premise and multi-cloud and how Supercloud fits into that. At the end of the day, security's driving a lot of the conversations at the op side and dev shift left is happening. We see that out there. So before we get into it, how do you guys see super cloud Tony? We'll start with you. We'll go down the line. What is Supercloud to you? >>Well, to me, super cloud is really the next evolution, the culmination of the services coming all together, right? As a application developer today, you really don't need to worry about where this thing is. Sit sitting or what's the latency cuz cuz the internet is fast enough. Now I really wanna know what services something provides. What, how do I get access to it now? Security. We'll talk about that later. That that becomes a, a big issue because of the fragmentation of how security is implemented across all the different vendors. So to me it's an IP address I program to it and you know, off we go, but there's a lot of >>You like that pipe happens >>Iceberg chart, right? Like I'm the developer touching the APIs up there. There's a bunch of other things. BU service. >>Okay. Looking forward again. Gee, what's your take? Obviously we've had many conversations on the cube. What's your super cloud update. >>Yeah, so I, I view it as just an extension of what we see today before like maybe 10 years ago we were mashing up applications built on other SAS applications and whatnot. Now we're just extending that down to further primitives, not, we don't really care where our mashup resides, what cloud platform, where it sits to Tony's point, as long as you have an IP address. But beyond that, we're just gonna start to get little micro services and deeper into the applications. >>BP, what should you take? >>I think, I think super cloud to me is something that don't don't exist. It exists only on my laptop. That's the super cloud means to me. I know it takes a lot behind the scene to get that working of and running. But, but essentially, essentially that the everything having be able to touch physically versus not being able to touch anything is super cloud to me. >>So we, what Victoria was saying. Yeah, we see serverless out there, all these cool things happening. Exactly. And you look at the, some of the successful companies that have come in, I call V two cloud. Some are, some are saying the next gen, they're all building on top of the CapEx. I mean, if, why would you not wanna leverage all that work AWS is doing and now Azure, and obviously Google's out there and you got other, other, other clouds out there. But in terms of AWS as a hyperscaler, they're spending all the money and they're getting better. They're getting lower level. We're talking about some of that yesterday, data bricks, snowflake, Goldman Sachs there's industry clouds that could be powerhouse service providers to themselves and their vertical. Then you got specialty clouds. Like there could be a data cloud, there could be an identity cloud. So yeah. How does this sort itself out? How do you guys see that? Because can they coexist? >>But I think they have to right, because I, I think, you know, eventually organizations will get big enough where they can be strong and really market leading in multiple segments. But if you think about what it takes to really build a massive scaled out database company that, that DNA doesn't just overnight translate to identity or translate to video, it takes years to build that up. So in the meantime, all these guys have to understand that they are one part of the service stack to power the next gen solutions. And if they don't play well with each other, then you're gonna have a problem. >>So security, I think is one of the hardest problems of, of super cloud. And not only do you have too many tools and a lack of talent, but you've now got this new first line of defense, which is the cloud. And the problem is you've got multiple clouds. So you've got multiple first lines of defense with multiple cloud provider tools. And then the CISO, I guess, is the next line of defense with the application development team. You know, there to be the pivot point between strategy and execution. And I guess audit is the third line of the defense. So it's an even more complicated environment. So gee, how do you see that CSO role changing and, and can there actually be a unified security layer in Supercloud? >>Yeah, so I believe that that they can be, the role is definitely changing because now a CSO actually has to have a basic understanding of how clouds work, the dependency of clouds on the, on the business that they serve. And, and this is to your point, not only do we have these new lines and opening up in a tax surface, but they're coupled together. So we have supply chain type connections between this. So there's a coherence across these systems that a CISO has to kind of think about not only these Bo cloud boundaries, but the trust boundaries between them. So classic example visibility, wh what, where are these things and what are the dependencies in my business then of course you mentioned compliance. Am I regulatory? And then of course protecting and responding to this, >>You know? Yeah. The, the, the supply chain piece that you just mentioned. I mean, I feel like there's like these milestones stocks, net was a milestone, you know, obvious obviously log four J was another one, the supply chain hack with solar winds. Yep. You know, it's just, the adversary just keeps getting stronger and stronger and, and, and more agile. So, so is this a data? Do we solve this as a data problem? Is it, you know, you can't just throw more infrastructure at it. What are your thoughts >>For it? I think, you know, great, great point that you're brought up. We need to look at things very fundamentally. What is happening is security has the most difficult job in the cloud, especially super cloud. The poor guys are managing some, managing something or securing something that they can't govern, right? Your, your custodian of the cloud as your developers and DevOps, they are the ones who are defining, creating, destroying things in the cloud. And that guy sitting at the end of the tunnel, looking at things that what he gets and he has to immediately respond. That's why it has to be fundamentally solve. Number one, we talked about supply chain. We talked about the, the, the stuck net to wanna cry, to sort of wins, to know the most recent one on the pipeline. Once the interesting phenomena is that the way industry has moved super cloud, the attackers are also moving them super attackers, right? They have stopped. They have not stopped, but they have started slowly moving to the left, which is the governance part. So they have started attacking your source code, you know, impersonating the codes, replacing the binary, finding one is there. So if they can, if the cloud is built so early, why can't I go early and, and, and inject myself. >>So super hackers is coming to super thinking Hollywood right now. I mean, that brings up a good point. I mean, this whole trust thing is huge. I mean, I hear zero trust. I think, wait a minute, that's not the conference I was just at, we went to, we managed, we work with DockerCon and they were talking about trust services. Yeah. So supply chain source code has trust brokering going on. And yet you got zero trust, which is which are they contextually different? I mean, what, what, >>What, from my perspective, though, the same in that zero trust is a framework that starts with minimum privileges and then build up those privileges over time. Normally in today's dialogue, zero trust is around access. I'm not having a broad access. I'm having a narrow access around an application, but you can also extend those principles to usage. What can, how much privilege do I have within an application? I have to build up my trust to enhance and, and get extended privileges within an application. Of course you can then extend this naturally to applications, APIs, applications, talking with each other. And so by you, you have to restrict the attack surface that is based on a trust model fundamentally. And then to your point, I mean, there's always this residual that you have to deal with afterwards. >>So, so super cloud implies more surface area. You're talking about private. So here we go. So how, and by the way, the AWS was supposed to be at this conference. They said they couldn't make it. They had a schedule issue, but they wanted to be here, but I would ask them, how do you differentiate AWS going forward? Do you go IAS all the way? Do you release the pass layer up? How does this solve? Because you have native clouds that are doing great, the complexity on super cloud, and multi-cloud has to be solved. >>Let me offer maybe a different argument. So if you think about we're all old enough to see the history sort of re pendulum shift and it shifting back in a way, if you're arguing that this culmination of all these services in the form of cloud today, essentially moving up stack, then really this is a architectural pattern that's emerging, right? And therefore there needs to be a super cloud, almost operating system. So operating systems, if you build one before you need a scheduler, you need process handler, you need process isolation, you need memory storage, compute all that together. Now that is our sitting in different parts of the internet. And, and there is no operating system. Yes. And that's the gap, right? And so if you don't even have an operating system, how do you implement security? And that's the pain. Yeah, because today it's one off, directly from service to service. Like how many times can you set up SAML orchestration? You can have an entire team doing that, right. If that's, that's what you have to do. So I think that's ultimately the gap and, and we're sort of just revolving around this concept that there's missing an operating system for superpower. >>It's like Maribel Lopez said in the previous panel that Lord of the rings, there will be no one ring rule the ball. Right. Probably there is needs one. Oh yeah. But, but, but, so what happens? So again, security's the hardest problem. So Snowflake's gotta implement its security, you know, data bricks with an open source model has to implement its security. So there's these multiple security models. You talk about zero trust, which I, if, if I infer what you said, gee, it's essentially, if you don't have privilege access, you don't get access. Yeah. Right. If you, okay. Okay. So that's the framework. Fine. And then you gotta earn it over time. Yeah. Now companies like Amazon, they have the, the talent and the skills to implement that zero trust framework. Exactly. So, so the, the industry, you, you guys with the R and D have to actually ultimately build that, that super cloud framework, don't you? >>Yeah. But I would just look all of the major cloud providers, the ones you mentioned and more will have their own framework within their own environment. Right? Yeah. The problem is with super cloud, you're extending it across multiple ones. There's no standards. There's no easy way to integrate that. So now all of that is left to the developer who is like throwing out code as fast as they can >>Is their, their job is to abstract that, I mean, they've gotta secure the, the run time, they gotta secure the container. >>You have to >>Abstract it. Right. Okay. But, but they're not security pros or ops. >>Exactly. They're haves. >>But to, but to G's point, right. If everyone's implementing their own little Z TNA, then inherently, there's a blind trust between two vendors. Right. That has to >>Be, >>That has to be >>Established. That's implicit. You're saying, >>Yeah. But, but it's, it's contractual, it's not technology. Right. Because I'm turning something out in my cloud, you're turning out something in your cloud that says we've got something, some token exchange, which gives us trust. But what happens if that breaks down and whatever happens to the third party comes in? I think that's the problem. >>Yeah. In fact, in fact, the, if I put the, you know, combine one of those commons, the zero trust was build, keeping identity authentication, then authorization in mind, right? Yeah. This needs to be extended because the zero test definition now probably go into integrity. Yeah, exactly. Right. Yeah. I authenticated. I worked well with Tony in the past, but how do I know that something has changed on the Tony's side? Yeah, exactly. Right, right. That, that integrity is going to be very, very foundational. Given developers are building those third party libraries, those source code pumping stuff. The only way I can validate is, Hey, what has changed? >>And then throw edge into the equation, John and IOT and machine to machine. Exactly. It's just, >>Well, >>Yeah. I think, I think we have another example to build on Tony's operating system model. Okay. And that is the cloud access service broker model for SAS. So we, we have these services sitting out there, we've brokered them together. They're normally on user policies. What I can have access to what I can do, what I can't do, but that can be extended down to services and have the same kind of broker arrangement all through APIs. You have to establish that trust and the, and the policies there, and they can be dynamic and all of this stuff. But you can from an, either an operating system or a SAS interaction and integration model come to these same kind of points. So who >>Builds the, the, the secure Supercloud? Is it new guys like you? Is it your old company giants like Palo Alto? Who, who actually builds the and secures the Supercloud it sounds like it's an ecosystem. >>Yeah. It is an ecosystem. Absolutely. It's an ecosystem. >>Yeah. There's no one security Supercloud >>As well. No, but I, I do think there's one, there's one difference in that historically security has always focused on that shiny object. The, the, the, a particular solution to a particular threat when you're dealing with a, a cloud or super cloud, like the number of that is incalculable. So you have to come into some sort of platform. And so you will see if it's not one, you know, a finite number of platform type solutions that are trying to solve this on behalf of the >>Customer. That to your point, then get connected. >>I think it's gonna be like Unix, right? Like how many flavors of Unix were there out there? All of them 'em had a scheduler. All of them had these processes. All of them had their little compilers. You can compile to that system, target to that system. And for a while, it's gonna be very fragmented until multiple parties decide to converge. >>Right? Well, this is, this is the final question we have one minute left. I wish we had more time. This is a great panel. We'll we'll bring you guys back for sure. After the event, what one thing needs to happen to unify or get through the other side of this fragmentation than the challenges for Supercloud. Because remember the enterprise equation is solve complexity with more complexity. Well, that's not what the market wants. They want simplicity. They want SA they want ease of use. They want infrastructure risk code. What has to happen? What do you think each of you? >>So I, I can start and extending to the previous conversation. I think we need a consortium. We need, we need a framework that defines that if you really want to operate in super cloud, these are the 10 things that you must follow. It doesn't matter whether you take AWS slash or GCP, or you have all, and you will have the on-prem also, which means that it has to follow a pattern. And that pattern is what is required for super cloud. In my opinion, otherwise security is going everywhere. They're like they have to fix everything, find everything and so on. So forth, it's not gonna be possible. So they need a, they need a framework. They need a consortium. And it, this consortium needs to be, I think, needs to led by the cloud providers, because they're the ones who have these foundational infrastructure elements and the security vendor should contribute on providing more severe detections or findings. So that's, in my opinion is, should be the model. >>Well, thank you G >>Yeah, I would think it's more along the lines of a business model we've seen in cloud that the scale matters. And once you're big, you get bigger. We haven't seen that coals around either a vendor, a business model, whatnot, to bring all of this and connect it all together yet. So that value proposition in the industry I think is missing, but there's elements of it already available. >>I, I think there needs to be a mindset. If you look again, history repeating itself, the internet sort of came together around set of I ETF, RSC standards, everybody embraced and extended it. Right. But still there was at least a baseline. Yeah. And I think at that time, the, the largest and most innovative vendors understood that they couldn't do it by themselves. Right. And so I think what we need is a mindset where these big guys like Google, let's take an example. They're not gonna win at all, but they can have a substantial share. So how do they collaborate with the ecosystem around a set of standards so that they can bring, bring their differentiation and then embrace everybody >>Together. Guys, this has been fantastic. I mean, I would just chime in back in the day, those was proprietary nosis proprietary network protocols. You had kind of an enemy to rally around. I'm not sure. I see an enemy out here right now. So the clouds are doing great. Right? So it's a tough one, but I think super OS super consortiums, super business models are gonna emerge. Thanks so much for spending the time. Great conversation. Thank you for having us to bring, keep going hour superclouds here in Palo Alto, live coverage stream virtually I'm John with Dave. Thanks for watching. Stay with us for more coverage. This break.

(upbeat music) >> Welcome back to a Blueprint For Trusted Infrastructure. We're here with Rob Emsley. Who's the director of product marketing for data protection and cyber security. Rob, good to see you. A new role. >> Yeah. Good to be back, Dave. Good to see you. Yeah, it's been a while since we chatted last and, you know, one of the changes in my world is that I've expanded my responsibilities beyond data protection marketing to also focus on cybersecurity marketing specifically for our infrastructure solutions group. So certainly that's, you know, something that really has driven us, you know, to come and have this conversation with you today. >> So data protection obviously has become an increasingly important component of the cyber security space. I don't think necessarily of, you know, traditional backup and recovery as security, to me, it's an adjacency. I know some companies have said, oh, yeah. Now we're a security company. They're kind of chasing the valuation bubble. >> For sure. >> Dell's interesting because you have, you know, data protection in the form of backup and recovery and data management, but you also have security, you know, direct security capabilities. So you're sort of bringing those two worlds together and it sounds like your responsibility is to connect those dots. Is that right? >> Absolutely. Yeah. I mean, I think that the reality is is that security is a multi-layer discipline. I think the days of thinking that it's one or another technology that you can use or process that you can use to make your organization secure are long gone. I mean, certainly you actually correct. If you think about the backup and recovery space, I mean, people have been doing that for years, you know, certainly backup and recovery, it's all about the recovery. It's all about getting yourself backup and running when bad things happen. And one of the realities, unfortunately today is that one of the worst things that can happen is cyber attacks. You know, ransomware, malware are all things that are top of mind for all organizations today. And that's why you see a lot of technology and a lot of innovation going into the backup and recovery space because if you have a copy, a good copy of your data, then that is really the first place you go to recover from a cyber attack. And that's why it's so important. The reality is is that unfortunately the cyber criminals keep on getting smarter. I don't know how it happens, but one of the things that is happening is that the days of them just going after your production data are no longer the only challenge that you have, they go after your backup data as well. So over the last half a decade, Dell Technologies with its backup and recovery portfolio has introduced the concept of isolated cyber recovery vaults. We've had many conversations about that over the years and that's really a big tenant of what we do in the data protection portfolio. >> So this idea of cybersecurity resilience that definition is evolving. What does it mean to you? >> Yeah, I think the analyst team over at Gartner, they wrote a very insightful paper called you will be hacked embrace the breach. And the whole basis of this analysis is so much money's been spent on prevention is that what's out of balance is the amount of budget that companies have spent on cyber resilience and cyber resilience is based upon the premise that you will be hacked. You have to embrace that fact and be ready and prepared to bring yourself back into business. You know, and that's really where cyber resiliency is very, very different than cyber security and prevention, you know, and I think that balance of get your security disciplines well funded, get your defenses as good as you can get them but make sure that if the inevitable happens and you find yourself compromised that you have a great recovery plan and certainly a great recovery plan, it's really the basis of any good, solid data protection backup from recovery philosophy. >> So if I had to do a SWOT analysis, we don't have to do the WOT, but let's focus on the S. What would you say are Dell's strengths in this, you know, cyber security space as it relates to data protection? >> One is we've been doing it a long time. You know, we talk a lot about Dell's data protection being proven and modern. You know, certainly the experience that we've had over literally three decades of providing enterprise scale data protection solutions to our customers has really allowed us to have a lot of insight into what works and what doesn't. As I mentioned to you, one of the unique differentiators of our solution is the cyber recovery vaulting solution that we introduce a little over five years ago, five, six years. Power protect cyber recovery is something which has become a unique capability for customers to adopt on top of their investment in Dell Technologies data protection, you know, the unique elements of our solution already threefold, and we call them the three Is. It's isolation, it's a immutability and it's intelligence. And the, the isolation part is really so important because you need to reduce the attack surface of your good known copies of data. You know, you need to put it in a location that the bad actors can't get to it. And that really is the essence of a cyber recovery vault. Interestingly enough, you're starting to see the market throw out that word, you know, from many other places, but really it comes down to having a real discipline that you don't allow the security of your cyber recovery vault to be compromised insofar as allowing it to be controlled from outside of the vault, you know, allowing it to be controlled by your backup application. Our cyber recovery vaulting technology is independent of the backup infrastructure. It uses it, but it controls its own security. And that is so, so important. It's like having a vault that the only way to open it is from the inside, you know, and think about that. If you think about, you know, vaults in banks or vaults in your home, normally you have a key pad on the outside. Think of our cyber recovery vault as having its security controlled from inside of the vault. >> So nobody can get in, nothing can get in unless it's already in. And if it's already in, then it's trusted. >> Exactly, exactly. >> Yeah. So isolation's the key. And then you mentioned immutability is the second piece. >> Yeah, so immutability is also something which has been around for a long time. People talk about backup mutability or immutable backup copies. So I mutability is just the additional technology that allows the data that's inside of the vault to be unchangeable, you know, but again that immutability, you know, your mileage varies, you know, when you look across the different offers that are out there in the market especially in the backup industry. You made a very valid point earlier that the backup vendors in the market seem to be security washing their marketing messages. I mean, everybody is leaning into the ever present danger of cybersecurity, not a bad thing, but the reality is is that you have to have the technology to back it up, you know, quite literally >> Yeah, no pun intended. Right. Actually pun intended. Now what about the intelligence piece of it? That's that's AI, ML, where does that fit? >> For sure. So the intelligence piece is delivered by a solution called CyberSense. And CyberSense for us is what really gives you the confidence that what you have in your cyber recovery vault is a good clean copy of data. So it's looking at the backup copies that get driven into the cyber vault, and it's looking for anomalies. So it's not looking for signatures of malware. You know, that's what your antivirus software does. That's what your endpoint protection software does. That's on the prevention side of the equation. But what we're looking for is we're looking to ensure that the data that you need when all hell breaks loose is good and that when you get a request to restore and recover your business, you go, right, let's go and do it. And you don't have any concern that what you have in the vault has been compromised. So cyber sense is really a unique analytic solution in the market based upon the fact that it isn't looking at at cursory indicators of malware infection or ransomware introduction, it's doing full content analytics, you know, looking at, you know, has the data in any way changed, has it suddenly become encrypted? Has it suddenly become different to how it was in the previous scan? So that anomaly detection is very, very different. It's looking for, you know, like different characteristics that really are an indicator that something is going on. And, of course, if it sees it, you immediately get flagged. But the good news is is that you always have in the vault the previous copy of good known data which now becomes your restore point. >> So we're talking to Rob Emsley about how data protection fits into what Dell calls DTI, Dell Trusted Infrastructure. And I want to come back, Rob, to this notion of, and not or cause I think a lot of people are skeptical. Like how can I have great security and not introduce friction into my organization? Is that an automation play? How does Dell tackle that problem? >> I mean, I think a lot of it is across our infrastructure is is security has to be built in, I mean, intrinsic security within our servers, within our storage devices, within our elements of our backup infrastructure. I mean, security, multifactor authentication, you know, elements that make the overall infrastructure secure. You know, we have capabilities that, you know, allow us to identify whether or not configurations have changed. You know, we'll probably be talking about that a little bit more to you later in the segment, but the essence is security is not a Bolton. It has to be part of the overall infrastructure. And that's so true, certainly in the data protection space >> Give us the bottom line on how you see Dell's key differentiators. Maybe you could talk about Dell, of course, always talks about its portfolio, but why should customers, you know, lead in to Dell in this whole cyber resilience space? >> You know, staying on the data protection space as I mentioned, the work we've been doing to introduce this cyber resiliency solution for data protection is in our opinion, as good as it gets. You know, you've spoken to a number of our best customers whether it be Bob Bender from Founders Federal or more recently at (indistinct) you spoke to Tony Bryson from the Town of Gilbert. And these are customers that we've had for many years that have implemented cyber recovery vaults. And at the end of the day, they can now sleep at night. You know, that's really the peace of mind that they have is that the insurance that a data protection from Dell cyber recovery vault, a power protect cyber recovery solution gives them, you know, really allows them to, you know, just have the assurance that they don't have to pay a ransom. If they have an insider threat issue and, you know, all the way down to data deletion is they know that what's in the cyber recovery vault is good and ready for them to recover from. >> Great. Well, Rob, congratulations on the new scope of responsibility. I like how, you know, your organization is expanding as the threat surface is expanding. As we said, data protection becoming an adjacency to security, not security in and of itself. A key component of a comprehensive security strategy. Rob Emsley, thank you for coming back in theCUBE. Good to see you again. >> You too, Dave. Thanks. >> All right, in a moment, I'll be back to wrap up a blueprint for trusted infrastructure. You are watching theCUBE. (upbeat music)

>>The cube presents HPE discover 2022 brought to you by HPE. >>Hey everyone. Welcome back to the Cube's day one coverage of HPE discover 22 live from the Venetian in Las Vegas. I got a power panel here, Lisa Martin, with Dave Valante, John furrier, Holger Mueller also joins us. We are gonna wrap this, like you've never seen a rap before guys. Lot of momentum today, lot, lot of excitement, about 8,000 or so customers, partners, HPE leaders here. Holger. Let's go ahead and start with you. What are some of the things that you heard felt saw observed today on day one? >>Yeah, it's great to be back in person. Right? 8,000 people events are rare. Uh, I'm not sure. Have you been to more than 8,000? <laugh> yeah, yeah. Okay. This year, this year. I mean, historically, yes, but, um, >>Snowflake was 10. Yeah. >>So, oh, wow. Okay. So 8,000 was my, >>Cisco was, they said 15, >>But is my, my 8,000, my record, I let us down with 7,000 kind of like, but it's in the Florida swarm. It's not nicely. Like, and there's >>Usually what SFI, there's usually >>20, 20, 30, 40, 50. I remember 50 in the nineties. Right. That was a different time. But yeah. Interesting. Yeah. Interesting what people do and it depends how much time there is to come. Right. And know that it happens. Right. But yeah, no, I think it's interesting. We, we had a good two analyst track today. Um, interesting. Like HPE is kind of like back not being your grandfather's HPE to a certain point. One of the key stats. I know Dave always for the stats, right. Is what I found really interesting that over two third of GreenLake revenue is software and services. Now a love to know how much of that services, how much of that software. But I mean, I, I, I, provocate some, one to ones, the HP executives saying, Hey, you're a hardware company. Right. And they didn't even come back. Right. But Antonio said, no, two thirds is, uh, software and services. Right. That's interesting. They passed the one exabyte, uh, being managed, uh, as a, as a hallmark. Right. I was surprised only 120,000 users if I had to remember the number. Right, right. So that doesn't seem a terrible high amount of number of users. Right. So, but that's, that's, that's promising. >>So what software is in there, cuz it's gotta be mostly services. >>Right? Well it's the 70 plus cloud services, right. That everybody's talking about where the added eight of them shockingly back up and recovery, I thought that was done at launch. Right. >>Still who >>Keep recycling storage and you back. But now it's real. Yeah. >>But the company who knows the enterprise, right. HPE, what I've been doing before with no backup and recovery GreenLake. So that was kind of like, okay, we really want to do this now and nearly, and then say like, oh, by the way, we've been doing this all the time. Yeah. >>Oh, what's your take on the installed base of HP. We had that conversation, the, uh, kickoff or on who's their target, what's the target audience environment look like. It certainly is changing. Right? If it's software and services, GreenLake is resonating. Yeah. Um, ecosystems responding. What's their customers cuz managed services are up too Kubernetes, all the managed services what's what's it like what's their it transformation base look like >>Much of it is of course install base, right? The trusted 20, 30 plus year old HP customer. Who's keeping doing stuff of HP. Right. And call it GreenLake. They've been for so many name changes. It doesn't really matter. And it's kind of like nice that you get the consume pain only what you consume. Right. I get the cloud broad to me then the general markets, of course, people who still need to run stuff on premises. Right. And there's three reasons of doing this performance, right. Because we know the speed of light is relative. If you're in the Southern hemisphere and even your email servers in Northern hemisphere, it takes a moment for your email to arrive. It's a very different user experience. Um, local legislation for data, residency privacy. And then, I mean Charles Phillips who we all know, right. Former president of uh, info nicely always said, Hey, if the CIOs over 50, I don't have to sell qu. Right. So there is not invented. I'm not gonna do cloud here. And now I've kind of like clouded with something like HP GreenLake. That's the customers. And then of course procurement is a big friend, right? Yeah. Because when you do hardware refresh, right. You have to have two or three competitors who are the two or three competitors left. Right. There's Dell. Yeah. And then maybe Lenovo. Right? So, so like a >>Little bit channels, the strength, the procurement physicians of strength, of course install base question. Do you think they have a Microsoft opportunity where, what 365 was Microsoft had office before 365, but they brought in the cloud and then everything changed. Does HP have that same opportunity with kind of the GreenLake, you know, model with their existing stuff. >>It has a GreenLake opportunity, but there's not much software left. It's a very different situation like Microsoft. Right? So, uh, which green, which HP could bring along to say, now run it with us better in the cloud because they've been selling much of it. Most of it, of their software portfolio, which they bought as an HP in the past. Right. So I don't see that happening so much, but GreenLake as a platform itself course interesting because enterprise need a modern container based platform. >>I want, I want to double click on this a little bit because the way I see it is HP is going to its installed base. I think you guys are right on say, this is how we're doing business now. Yeah. You know, come on along. But my sense is, some customers don't want to do the consumption model. There are actually some customers that say, Hey, of course I got, I don't have a cash port problem. I wanna pay for it up front and leave me alone. >>I've been doing this since 50 years. Nice. As I changed it, now <laugh> two know >>Money's wants to do it. And I don't wanna rent because rental's more expensive and blah, blah, blah. So do you see that in the customer base that, that some are pushing back? >>Of course, look, I have a German accent, right? So I go there regularly and uh, the Germans are like worried about doing anything in the cloud. And if you go to a board in Germany and say, Hey, we can pay our usual hardware, refresh, CapEx as usual, or should we bug consumption? And they might know what we are running. <laugh> so not whole, no offense against the Germans out. The German parts are there, but many of them will say, Hey, so this is change with COVID. Right. Which is super interesting. Right? So the, the traditional boards non-technical have been hearing about this cloud variable cost OPEX to CapEx and all of a sudden there's so much CapEx, right. Office buildings, which are not being used truck fleets. So there's a whole new sensitivity by traditional non-technical boards towards CapEx, which now the light bulb went on and say, oh, that's the cloud thing about also. So we have to find a way to get our cost structure, to ramp up and ramp down as our business might be ramping up through COVID through now inflation fears, recession, fears, and so on. >>So, okay. HP's, HP's made the statement that anything you can do in the cloud you can do in GreenLake. Yes. And I've said you can't run on snowflake. You can't run Mongo Atlas, you can't run data bricks, but that's okay. That's fine. Let's be, I think they're talking about, there's >>A short list of things. I think they're talking about the, their >>Stuff, their, >>The operating experience. So we've got single sign on through a URL, right. Uh, you've got, you know, some level of consistency in terms of policy. It's unclear exactly what that is. You've got storage backup. Dr. What, some other services, seven other services. If you had to sort of take your best guess as to where HP is now and peg it toward where Amazon was in which year? >>20 14, 20 14. >>Yeah. Where they had their first conference or the second we invent here with 3000 people and they were thinking, Hey, we're big. Yeah. >>Yeah. And I think GreenLake is the building blocks. So they quite that's the >>Building. Right? I mean similar. >>Okay. Well, I mean they had E C, Q and S3 and SQS, right. That was the core. And then the rest of those services were, I mean, base stock was one of that first came in behind and >>In fairness, the industry has advanced since then, Kubernetes is further along. And so HPE can take advantage of that. But in terms of just the basic platform, I, I would agree. I think it's >>Well, I mean, I think, I mean the software, question's a big one. I wanna bring up because the question is, is that software is getting the world. Hardware is really software scales, everything, data, the edge story. I love their story. I think HP story is wonderful Aruba, you know, hybrid cloud, good story, edge edge. But if you look under the covers, it's weak, right? It's like, it's not software. They don't have enough software juice, but the ecosystem opportunity to me is where you plug and play. So HP knows that game. But if you look historically over the past 25 years, HP now HPE, they understand plug and play interoperability. So the question is, can they thread the needle >>Right. >>Between filling the gaps on the software? Yeah. With partners, >>Can they get the partners? Right. And which have been long, long time. Right. For a long time, HP has been the number one platform under ICP, right? Same thing. You get certified for running this. Right. I know from my own history, uh, I joined Oracle last century and the big thing was, let's get your eBusiness suite certified on HP. Right? Like as if somebody would buy H Oracle work for them, right. This 20 years ago, server >>The original exit data was HP. Oracle. >>Exactly. Exactly. So there's this thinking that's there. But I think the key thing is we know that all modern forget about the hardware form in the platforms, right? All modern software has to move to containers and snowflake runs in containers. You mentioned that, right? Yeah. If customers force snowflake and HPE to the table, right, there will be a way to make it work. Right. And which will help HPE to be the partner open part will bring the software. >>I, I think it's, I think that's an opportunity because that changes the game and agility and speed. If HP plays their differentiation, right. Which we asked on their opening segment, what's their differentiation. They got size scale channel, >>What to the enterprise. And then the big benefit is this workload portability thing. Right? You understand what is run in the public cloud? I need to run it local. For whatever reason, performance, local residency of data. I can move that. There that's the big benefit to the ISVs, the sales vendors as well. >>But they have to have a stronger data platform story in my that's right. Opinion. I mean, you can run Oracle and HPE, but there's no reason they shouldn't be able to do a deal with, with snowflake. I mean, we saw it with Dell. Yep. We saw it with, with, with pure and I, if our HPE I'd be saying, Hey, because the way the snowflake deal worked, you probably know this is your reading data into the cloud. The compute actually occurs in the cloud viral HB going snowflake saying we can separate compute and storage. Right. And we have GreenLake. We have on demand. Why don't we run the compute on-prem and make it a full class, first class citizen, right. For all of our customers data. And that would be really innovative. And I think Mongo would be another, they've got OnPrem. >>And the question is, how many, how many snowflake customers are telling snowflake? Can I run you on premise? And how much defo open years will they hear from that? Right? This is >>Why would they deal Dell? That >>Deal though, with that, they did a deal. >>I think they did that deal because the customer came to them and said, you don't exactly that deal. We're gonna spend the >>Snowflake >>Customers think crazy things happen, right? Even, even put an Oracle database in a Microsoft Azure data center, right. Would off who, what as >>Possible snowflake, >>Oracle. So on, Aw, the >>Snow, the snowflakes in the world have to make a decision. Dave on, is it all snowflake all the time? Because what the reality is, and I think, again, this comes back down to the, the track that HP could go up or down is gonna be about software. Open source is now the software industry. There's no such thing as proprietary software, in my opinion, relatively speaking, cloud scale and integrated, integrated integration software is proprietary. The workflows are proprietary. So if they can get that right with the partners, I would focus on that. I think they can tap open source, look at Amazon with open source. They sucked it up and they integrated it in. No, no. So integration is the deal, not >>Software first, but Snowflake's made the call. You were there, Lisa. They basically saying it's we have, you have to be in snowflake in order to get the governance and the scalability, all that other wonderful stuff. Oh, but we we'll do Apache iceberg. We'll we'll open it up. We'll do Python. Yeah. >>But you can't do it data clean room unless you are in snowflake. Exactly. Snowflake on snowflake. >>Exactly. >>But got it. Isn't that? What you heard from AWS all the time till they came out outposts, right? I mean, snowflake is a market leader for what they're doing. Right. So that they want to change their platform. I mean, kudos to them. They don't need to change the platform. They will be the last to change their platform to a ne to anything on premises. Right. But I think the trend already shows that it's going that way. >>Well, if you look at outpost is an signal, Dave, the success of outpost launched what four years ago, they announced it. >>What >>EKS is beating, what outpost is doing. Outpost is there. There's not a lot of buzz and talk to the insiders and the open source community, uh, EKS and containers. To your point mm-hmm <affirmative> is moving faster on, I won't say commodity hardware, but like could be white box or HP, Dell, whatever it's gonna be that scale differentiation and the edge story is, is a good one. And I think with what we're seeing in the market now it's the industrial edge. The back office was gen one cloud back office data center. Now it's hybrid. The focus will be industrial edge machine learning and AI, and they have it here. And there's some, some early conversations with, uh, I heard it from, uh, this morning, you guys interviewed, uh, uh, John Schultz, right? With the world economic 4k birth Butterfield. She was amazing. And then you had Justin bring up a Hoar, bring up quantum. Yes. That is a differentiator. >>HP. >>Yes. Yeah. You, they have the computing shops. They had the R and D can they bring it to the table >>As, as HPC, right. To what they Schultz for of uh, the frontier system. Right. So very impressed. >>So the ecosystem is the key for them is because that's how they're gonna fill the gaps. They can't, they can't only, >>They could, they could high HPC edge piece. I wouldn't count 'em out of that game yet. If you co-locate a box, I'll use the word box, particularly at a telco tower. That's a data center. Yep. Right. If done properly. Yep. So, you know, what outpost was supposed to do actually is a hybrid opportunity. Aruba >>Gives them a unique, >>But the key thing is right. It's a yin and yang, right? It's the ecosystem it's partners to bring those software workload. Absolutely. Right. But HPE has to keep the platform attractive enough. Right. And the key thing there is that you have this workload capability thing that you can bring things, which you've built yourself. I mean, look at the telcos right. Network function, visualization, thousands of man, years into these projects. Right. So if I can't bring it to your edge box, no, I'm not trying to get to your Xbox. Right. >>Hold I gotta ask you since in the Dave too, since you guys both here and Lisa, you know, I said on the opening, they have serious customers and those customers have serious problems, cyber security, ransomware. So yeah. I teach transformation now. Industrial transformation machine learning, check, check, check. Oh, sounds good. But at the end of the day, their customers have some serious problems. Right? Cyber, this is, this is high stakes poker. Yeah. What do you think HP's position for in the security? You mentioned containers, you got all this stuff, you got open source, supply chain, you have to left supply chain issues. What is their position with security? Cuz that's the big one. >>I, I think they have to have a mature attitude that customers expect from HPE. Right? I don't have to educate HP on security. So they have to have the partner offerings again. We're back at the ecosystem to have what probably you have. So bring your own security apart from what they have to have out of the box to do business with them. This is why the shocker this morning was back up in recovery coming. <laugh> it's kind like important for that. Right? Well >>That's, that's, that's more ransomware and the >>More skeleton skeletons in the closet there, which customers should check of course. But I think the expectations HP understands that and brings it along either from partner or natively. >>I, I think it's, I think it's services. I think point next is the point of integration for their security. That's why two thirds is software and services. A lot of that is services, right? You know, you need security, we'll help you get there. We people trust HP >>Here, but we have nothing against point next or any professional service. They're all hardworking. But if I will have to rely on humans for my cyber security strategy on a daily level, I'm getting gray hair and I little gray hair >>Red. Okay. I that's, >>But >>I think, but I do think that's the camera strategy. I mean, I'm sure there's a lot of that stuff that's beginning to be designed in, but I, my guess is a lot of it is services. >>Well, you got the Aruba. Part of the booth was packed. Aruba's there. You mentioned that earlier. Is that good enough? Because the word zero trust is kicked around a lot. On one hand, on the other hand, other conversations, it's all about trust. So supply chain and software is trusting trust, trust and verified. So you got this whole mentality of perimeter gone mentality. It's zero trust. And if you've got software trust, interesting thoughts there, how do you reconcile zero trust? And then I need trust. What's what's you? What are you seeing older on that? Because I ask people all the time, they're like, uh, I'm zero trust or is it trust? >>Yeah. The middle ground. Right? Trusted. The meantime people are man manipulating what's happening in your runtime containers. Right? So, uh, drift control is a new password there that you check what's in your runtime containers, which supposedly impenetrable, but people finding ways to hack them. So we'll see this cat and mouse game going on all the time. Yeah. Yeah. There's always gonna be the need for being in a secure, good environment from that perspective. Absolutely. But the key is edge has to be more than Aruba, right? If yeah. HV goes away and says, oh yeah, we can manage your edge with our Aruba devices. That's not enough. It's the virtual probability. And you said the important thing before it's about the data, right? Because the dirty secret of containers is yeah, I move the code, but what enterprise code works without data, right? You can't say as enterprise, okay, we're done for the day check tomorrow. We didn't persist your data, auditor customer. We don't have your data anymore. So filling a way to transport the data. And there just one last thought, right? They have a super interesting asset. They want break lands for the venerable map R right. Which wrote their own storage drivers and gives you the chance to potentially do something in that area, which I'm personally excited about. But we'll see what happens. >>I mean, I think the holy grail is can I, can I put my data into a cloud who's ever, you know, call it a super cloud and can I, is it secure? Is it governed? Can I share it and be confident that it's discoverable and that the, the person I give it to has the right to use it. Yeah. And, and it's the correct data. There's not like a zillion copies running. That's the holy grail. And I, I think the answer today is no, you can, you can do that maybe inside of AWS or maybe inside of Azure, look maybe certainly inside of snowflake, can you do that inside a GreenLake? Well, you probably can inside a GreenLake, but then when you put it into the cloud, is it cross cloud? Is it really out to the edge? And that's where it starts to break down, but that's where the work is to be done. That's >>The one Exide is in there already. Right. So men being men. Yeah. >>But okay. But it it's in there. Yeah. Okay. What do you do with it? Can you share that data? What can you actually automate governance? Right? Uh, is that data discoverable? Are there multiple copies of that data? What's the, you know, master copy. Here's >>A question. You guys, here's a question for you guys analyst, what do you think the psychology is of the CIO or CSO when HP comes into town with GreenLake, uh, and they say, what's your relationship with the hyperscalers? Cause I'm a CIO. I got my environment. I might be CapEx centric or Hey, I'm open model. Open-minded to an operating model. Every one of these enterprises has a cloud relationship. Yeah. Yeah. What's the dynamic. What do you think the psychology is of the CIO when they're rationalizing their, their trajectory, their architecture, cloud, native scale integration with HPE GreenLake or >>HP service. I think she or he hears defensiveness from HPE. I think she hears HPE or he hears HPE coming in and saying, you don't need to go to the cloud. You know, you could keep it right here. I, I don't think that's the right posture. I think it should be. We are your cloud. And we can manage whether it's OnPrem hybrid in AWS, Azure, Google, across those clouds. And we have an edge story that should be the vision that they put forth. That's the super cloud vision, but I don't hear it >>From these guys. What do you think psycho, do you agree with that? >>I'm totally to make, sorry to be boring, but I totally agree with, uh, Dave on that. Right? So the, the, the multi-cloud capability from a trusted large company has worked for anybody up and down the stack. Right? You can look historically for, uh, past layers with cloud Foundry, right? It's history vulnerable. You can look for DevOps of Hashi coop. You can look for database with MongoDB right now. So if HPE provides that data access, right, with all the problems of data gravity and egres cost and the workability, they will be doing really, really well, but we need to hear it more, right. We didn't hear much software today in the keynote. Right. >>Do they have a competitive offering vis-a-vis or Azure? >>The question is, will it be an HPE offering or will, or the software platform, one of the offerings and you as customer can plug and play, right. Will software be a differentiator for HP, right. And will be close, proprietary to the point to again, be open enough for it, or will they get that R and D format that, or will they just say, okay, ES MES here on the side, your choice, and you can use OpenShift or whatever, we don't matter. That's >>The, that's the key question. That's the key question. Is it because it is a competitive strategy? Is it highly differentiated? Oracle is a highly differentiated strategy, right? Is Dell highly differentiated? Eh, Dell differentiates based on its breadth. What? >>Right. Well, let's try for the control plane too. Dell wants to be an, >>Their, their vision is differentiated. Okay. But their execution today is not >>High. All right. Let me throw, let me throw this out at you then. I'm I'm, I'm sorry. I'm I'm HPE. I wanna be the glue layer. Is that, does that fly? >>What >>Do you mean? The group glue layer? I'll I wanna be, you can do Amazon, but I wanna be the glue layer between the clouds and our GreenLake will. >>What's the, what's the incremental value that, that glue provides, >>Provides comfort and reliability and control for the single pane of glass for AWS >>And comes back to the data. In my opinion. Yeah. >>There, there there's glue levels on the data level. Yeah. And there's glue levels on API level. Right. And there's different vendors in the different spaces. Right. Um, I think HPE will want to play on the data side. We heard lots of data stuff. We >>Hear that, >>But we have to see it. Exactly. >>Yeah. But it's, it's lacking today. And so, Hey, you know, you guys know better than I APIs can be fragile and they can be, there's a lot of diversity in terms of the quality of APIs and the documentation, how they work, how mature they are, what, how, what kind of performance they can provide and recoverability. And so just saying, oh wow. We are living the API economy. You know, the it's gonna take time to brew, chime in here. Hi. >><laugh> oh, so guys, you've all been covering HPE for a long time. You know, when Antonio stood up on stage three years ago and said by 2022, and here we are, we're gonna be delivering everything as a service. He's saying we've, we've done it, but, and we're a new company. Do you guys agree with that? >>Definitely. >>I, yes. Yes. With the caveat, I think, yes. The COVID pandemic slowed them down a lot because, um, that gave a tailwind to the hyperscalers, um, because of the, the force of massive O under forecasting working at home. I mean, everyone I talked to was like, no one forecasted a hundred percent work at home, the, um, the CapEx investments. So I think that was an opportunity that they'd be much farther along if there's no COVID people >>Thought it wasn't impossible. Yeah. But so we had the old work from home thing right. Where people trying to get people fired at IBM and Yahoo. Right. So I would've this question covering the HR side and my other hat on. Right. And I would ask CHS let's assume, because I didn't know about COVID shame on me. Right. I said, big California, earthquake breaks. Right. Nobody gets hurt, but all the buildings have to be retrofitted and checked for seism logic down. So everybody's working from home, ask CHS, what kind of productivity gap hit would you get by forcing everybody working from home with the office unsafe? So one, one gentleman, I won't know him, his name, he said 20% and the other one's going ha you're smoking. It's 40 50%. We need to be in the office. We need to meet it first night. And now we went for this exercise. Luckily not with the California. Right. Well, through the price of COVID and we've seen what it can do to, to productivity well, >>The productivity, but also the impact. So like with all the, um, stories we've done over two years, the people that want came out ahead were the ones that had good cloud action. They were already in the cloud. So I, I think they're definitely in different company in the sense of they, I give 'em a pass. I think they're definitely a new company and I'm not gonna judge 'em on. I think they're doing great. But I think pandemic definitely slowed 'em down that about >>It. So I have a different take on this. I think. So we've go back a little history. I mean, you' said this, I steal your line. Meg Whitman took one for the Silicon valley team. Right. She came in. I don't think she ever was excited that I, that you said, you said that, and I think you wrote >>Up, get tape on that one. She >>Had to figure out how do I deal with this mess? I have EDS. I got PC. >>She never should have spun off the PC, but >>Okay. But >>Me, >>Yeah, you can, you certainly could listen. Maybe, maybe Gerstner never should have gone all in on services and IBM would dominate something other than mainframes. They had think pads even for a while, but, but, but so she had that mess to deal with. She dealt with it and however, they dealt with it, Antonio came in, he, he, and he said, all right, we're gonna focus the company. And we're gonna focus the mission on not the machine. Remember those yeah. Presentations, but you just make your eyes glaze over. We're going all in on Azure service >>And edge. He was all on. >>We're gonna build our own cloud. We acquired Aruba. He made some acquisitions in HPC to help differentiate. Yep. And they are definitely a much more focused company now. And unfortunately I wish Antonio would CEO in 2015, cuz that's really when this should have started. >>Yeah. And then, and if you remember back then, Dave, we were interviewing Docker with DevOps teams. They had composability, they were on hybrid really early. I think they might have even coined the term hybrid before VMware tri-state credit for it. But they were first on hybrid. They had DevOps, they had infrastructure risk code. >>HPE had an HP had an awesome cloud team. Yeah. But, and then, and then they tried to go public cloud. Yeah. You know, and then, you know, just made them, I mean, it was just a mess. The focus >>Is there. I give them huge props. And I think, I think the GreenLake to me is exciting here because it's much better than it was two years ago. When, when we talked to, when we started, it's >>Starting to get real. >>It's, it's a real thing. And I think the, the tell will be partners. If they make that right, can pull their different >>Ecosystem, >>Their scale and their customers and fill the software gas with partners mm-hmm <affirmative> and then create that integration opportunity. It's gonna be a home run if they don't do that, they're gonna miss the operating, >>But they have to have their own to your point. They have to have their own software innovation. >>They have to good infrastructure ways to build applications. I don't wanna build with somebody else. I don't wanna take a Microsoft stack on open source stack. I'm not sure if it's gonna work with HP. So they have to have an app dev answer. I absolutely agree with that. And the, the big thing for the partners is, which is a good thing, right? Yep. HPE will not move into applications. Right? You don't have to have the fear of where Microsoft is with their vocal large. Right. If AWS kind of like comes up with APIs and manufacturing, right. Google the same thing with their vertical push. Right. So HPE will not have the CapEx, but >>Application, >>As I SV making them, the partner, the bonus of being able to on premise is an attractive >>Part. That's a great point. >>Hold. So that's an inflection point for next 12 months to watch what we see absolutely running on GreenLake. >>Yeah. And I think one of the things that came out of the, the last couple events this past year, and I'll bring this up, we'll table it and we'll watch it. And it's early in this, I think this is like even, not even the first inning, the machine learning AI impact to the industrial piece. I think we're gonna see a, a brand new era of accelerated digital transformation on the industrial physical world, back office, cloud data center, accounting, all the stuff. That's applications, the app, the real world from space to like robotics. I think that HP edge opportunity is gonna be visible and different. >>So guys, Antonio Neri is on tomorrow. This is only day one. If you can imagine this power panel on day one, can you imagine tomorrow? What is your last question for each of you? What is your, what, what question would you want to ask him tomorrow? Hold start with you. >>How is HPE winning in the long run? Because we know their on premise market will shrink, right? And they can out execute Dell. They can out execute Lenovo. They can out Cisco and get a bigger share of the shrinking market. But that's the long term strategy, right? So why should I buy HPE stock now and have a good return put in the, in the safe and forget about it and have a great return 20 years from now? What's the really long term strategy might be unfair because they, they ran in survival mode to a certain point out of the mass post equipment situation. But what is really the long term strategy? Is it more on the hardware side? Is it gonna go on the HPE, the frontier side? It's gonna be a DNA question, which I would ask Antonio. >>John, >>I would ask him what relative to the macro conditions relative to their customer base, I'd say, cuz the customers are the scoreboard. Can they create a value proposition with their, I use the Microsoft 365 example how they kind of went to the cloud. So my question would be Antonio, what is your core value proposition to CIOs out there who want to transform and take a step function, increase for value with HPE? Tell me that story. I wanna hear. And I don't want to hear, oh, we got a portfolio and no, what value are you enabling your customers to do? >>What and what should that value be? >>I think it's gonna be what we were kind of riffing on, which is you have to provide either what their product market fit needs are, which is, are you solving a problem? Is it a pain point is a growth driver. Uh, and what's the, what's that tailwind. And it's obviously we know at cloud we know edge. The story is great, but what's the value proposition. But by going with HPE, you get X, Y, and Z. If they can explain that clearly with real, so qualitative and quantitative data it's home >>Run. He had a great line of the analyst summit today where somebody asking questions, I'm just listening to the customer. So be ready for this Steve jobs photo, listening to the customer. You can't build something great listening to the customer. You'll be good for the next quarter. The next exponential >>Say, what are the customers saying? <laugh> >>So I would make an observation. And my question would, so my observation would be cloud is growing collectively at 35%. It's, you know, it's approaching 200 billion with a big, big four. If you include Alibaba, IBM has actually said, Hey, we're gonna gr they've promised 6% growth. Uh, Cisco I think is at eight or 9% growth. Dow's growing in double digits. Antonio and HPE have promised three to 4% growth. So what do you have to do to actually accelerate growth? Because three to 4%, my view, not enough to answer Holger's question is why should I buy HPE stock? Well, >>If they have product, if they have customer and there's demand and traction to me, that's going to drive the growth numbers. And I think the weak side of the forecast means that they don't have that fit yet. >>Yeah. So what has to happen for them to get above five, 6% growth? >>That's what we're gonna analyze. I mean, I, I mean, I don't have an answer for that. I wish I had a better answer. I'd tell them <laugh> but I feel, it feels, it feels like, you know, HP has an opportunity to say here's the new HPE. Yeah. Okay. And this is what we stand for. And here's the one thing that we're going to do that consistently drives value for you, the customer. And that's gonna have to come into some, either architectural cloud shift or a data thing, or we are your store for blank. >>All of the above. >>I guess the other question is, would, would you know, he won't answer a rude question, would suspending things like dividends and stock buybacks and putting it into R and D. I would definitely, if you have confidence in the market and you know what to do, why wouldn't you just accelerate R and D and put the money there? IBM, since 2007, IBM spent is the last stat. And I'm looking go in 2007, IBM way, outspent, Google, and Amazon and R and D and, and CapEx two, by the way. Yep. Subsequent to that, they've spent, I believe it's the numbers close to 200 billion on stock buyback and dividends. They could have owned cloud. And so look at this business, the technology business by and large is driven by innovation. Yeah. And so how do you innovate if >>You have I'm buying, I'm buying HP because they're reliable high quality and they have the outcomes that I want. Oh, >>Buy their products and services. I'm not sure I'd buy the stock. Yeah. >>Yeah. But she has to answer ultimately, because a public company. Right. So >>Right. It's this job. Yeah. >>Never a dull moment with the three of you around <laugh> guys. Thank you so much for sharing your insights, your, an analysis from day one. I can't imagine what day two is gonna bring tomorrow. Debut and I are gonna be anchoring here. We've got a jam packed day, lots going on, hearing from the ecosystem from leadership. As we mentioned, Antonio is gonna be Tony >>Alma Russo. I'm dying. Dr. >>EDMA as well as on the CTO gonna be another action pack day. I'm excited for it, guys. Thanks so much for sharing your insights and for letting me join this power panel. >>Great. Great to be here. >>Power panel plus me. All right. For Holger, John and Dave, I'm Lisa, you're watching the cube our day one coverage of HPE discover wraps right now. Don't go anywhere, cuz we'll see you tomorrow for day two, live from Vegas, have a good night.

>> From theCUBE studios in Palo Alto in Boston, bringing you data driven insights from theCUBE and ETR. This is "Breaking Analysis" with Dave Vellante. >> Snowflake Summit 2022 underscored that the ecosystem excitement which was once forming around Hadoop is being reborn, escalated and coalescing around Snowflake's data cloud. What was once seen as a simpler cloud data warehouse and good marketing with the data cloud is evolving rapidly with new workloads of vertical industry focus, data applications, monetization, and more. The question is, will the promise of data be fulfilled this time around, or is it same wine, new bottle? Hello, and welcome to this week's Wikibon CUBE Insights powered by ETR. In this "Breaking Analysis," we'll talk about the event, the announcements that Snowflake made that are of greatest interest, the major themes of the show, what was hype and what was real, the competition, and some concerns that remain in many parts of the ecosystem and pockets of customers. First let's look at the overall event. It was held at Caesars Forum. Not my favorite venue, but I'll tell you it was packed. Fire Marshall Full, as we sometimes say. Nearly 10,000 people attended the event. Here's Snowflake's CMO Denise Persson on theCUBE describing how this event has evolved. >> Yeah, two, three years ago, we were about 1800 people at a Hilton in San Francisco. We had about 40 partners attending. This week we're close to 10,000 attendees here. Almost 10,000 people online as well, and over over 200 partners here on the show floor. >> Now, those numbers from 2019 remind me of the early days of Hadoop World, which was put on by Cloudera but then Cloudera handed off the event to O'Reilly as this article that we've inserted, if you bring back that slide would say. The headline it almost got it right. Hadoop World was a failure, but it didn't have to be. Snowflake has filled the void created by O'Reilly when it first killed Hadoop World, and killed the name and then killed Strata. Now, ironically, the momentum and excitement from Hadoop's early days, it probably could have stayed with Cloudera but the beginning of the end was when they gave the conference over to O'Reilly. We can't imagine Frank Slootman handing the keys to the kingdom to a third party. Serious business was done at this event. I'm talking substantive deals. Salespeople from a host sponsor and the ecosystems that support these events, they love physical. They really don't like virtual because physical belly to belly means relationship building, pipeline, and deals. And that was blatantly obvious at this show. And in fairness, all theCUBE events that we've done year but this one was more vibrant because of its attendance and the action in the ecosystem. Ecosystem is a hallmark of a cloud company, and that's what Snowflake is. We asked Frank Slootman on theCUBE, was this ecosystem evolution by design or did Snowflake just kind of stumble into it? Here's what he said. >> Well, when you are a data clouding, you have data, people want to do things with that data. They don't want just run data operations, populate dashboards, run reports. Pretty soon they want to build applications and after they build applications, they want build businesses on it. So it goes on and on and on. So it drives your development to enable more and more functionality on that data cloud. Didn't start out that way, you know, we were very, very much focused on data operations. Then it becomes application development and then it becomes, hey, we're developing whole businesses on this platform. So similar to what happened to Facebook in many ways. >> So it sounds like it was maybe a little bit of both. The Facebook analogy is interesting because Facebook is a walled garden, as is Snowflake, but when you come into that garden, you have assurances that things are going to work in a very specific way because a set of standards and protocols is being enforced by a steward, i.e. Snowflake. This means things run better inside of Snowflake than if you try to do all the integration yourself. Now, maybe over time, an open source version of that will come out but if you wait for that, you're going to be left behind. That said, Snowflake has made moves to make its platform more accommodating to open source tooling in many of its announcements this week. Now, I'm not going to do a deep dive on the announcements. Matt Sulkins from Monte Carlo wrote a decent summary of the keynotes and a number of analysts like Sanjeev Mohan, Tony Bear and others are posting some deeper analysis on these innovations, and so we'll point to those. I'll say a few things though. Unistore extends the type of data that can live in the Snowflake data cloud. It's enabled by a new feature called hybrid tables, a new table type in Snowflake. One of the big knocks against Snowflake was it couldn't handle and transaction data. Several database companies are creating this notion of a hybrid where both analytic and transactional workloads can live in the same data store. Oracle's doing this for example, with MySQL HeatWave and there are many others. We saw Mongo earlier this month add an analytics capability to its transaction system. Mongo also added sequel, which was kind of interesting. Here's what Constellation Research analyst Doug Henschen said about Snowflake's moves into transaction data. Play the clip. >> Well with Unistore, they're reaching out and trying to bring transactional data in. Hey, don't limit this to analytical information and there's other ways to do that like CDC and streaming but they're very closely tying that again to that marketplace, with the idea of bring your data over here and you can monetize it. Don't just leave it in that transactional database. So another reach to a broader play across a big community that they're building. >> And you're also seeing Snowflake expand its workload types in its unique way and through Snowpark and its stream lit acquisition, enabling Python so that native apps can be built in the data cloud and benefit from all that structure and the features that Snowflake is built in. Hence that Facebook analogy, or maybe the App Store, the Apple App Store as I propose as well. Python support also widens the aperture for machine intelligence workloads. We asked Snowflake senior VP of product, Christian Kleinerman which announcements he thought were the most impactful. And despite the who's your favorite child nature of the question, he did answer. Here's what he said. >> I think the native applications is the one that looks like, eh, I don't know about it on the surface but he has the biggest potential to change everything. That's create an entire ecosystem of solutions for within a company or across companies that I don't know that we know what's possible. >> Snowflake also announced support for Apache Iceberg, which is a new open table format standard that's emerging. So you're seeing Snowflake respond to these concerns about its lack of openness, and they're building optionality into their cloud. They also showed some cost op optimization tools both from Snowflake itself and from the ecosystem, notably Capital One which launched a software business on top of Snowflake focused on optimizing cost and eventually the rollout data management capabilities, and all kinds of features that Snowflake announced that the show around governance, cross cloud, what we call super cloud, a new security workload, and they reemphasize their ability to read non-native on-prem data into Snowflake through partnerships with Dell and Pure and a lot more. Let's hear from some of the analysts that came on theCUBE this week at Snowflake Summit to see what they said about the announcements and their takeaways from the event. This is Dave Menninger, Sanjeev Mohan, and Tony Bear, roll the clip. >> Our research shows that the majority of organizations, the majority of people do not have access to analytics. And so a couple of the things they've announced I think address those or help to address those issues very directly. So Snowpark and support for Python and other languages is a way for organizations to embed analytics into different business processes. And so I think that'll be really beneficial to try and get analytics into more people's hands. And I also think that the native applications as part of the marketplace is another way to get applications into people's hands rather than just analytical tools. Because most people in the organization are not analysts. They're doing some line of business function. They're HR managers, they're marketing people, they're sales people, they're finance people, right? They're not sitting there mucking around in the data, they're doing a job and they need analytics in that job. >> Primarily, I think it is to contract this whole notion that once you move data into Snowflake, it's a proprietary format. So I think that's how it started but it's usually beneficial to the customers, to the users because now if you have large amount of data in paket files you can leave it on S3, but then you using the Apache Iceberg table format in Snowflake, you get all the benefits of Snowflake's optimizer. So for example, you get the micro partitioning, you get the metadata. And in a single query, you can join, you can do select from a Snowflake table union and select from an iceberg table and you can do store procedure, user defined function. So I think what they've done is extremely interesting. Iceberg by itself still does not have multi-table transactional capabilities. So if I'm running a workload, I might be touching 10 different tables. So if I use Apache Iceberg in a raw format, they don't have it, but Snowflake does. So the way I see it is Snowflake is adding more and more capabilities right into the database. So for example, they've gone ahead and added security and privacy. So you can now create policies and do even cell level masking, dynamic masking, but most organizations have more than Snowflake. So what we are starting to see all around here is that there's a whole series of data catalog companies, a bunch of companies that are doing dynamic data masking, security and governance, data observability which is not a space Snowflake has gone into. So there's a whole ecosystem of companies that is mushrooming. Although, you know, so they're using the native capabilities of Snowflake but they are at a level higher. So if you have a data lake and a cloud data warehouse and you have other like relational databases, you can run these cross platform capabilities in that layer. So that way, you know, Snowflake's done a great job of enabling that ecosystem. >> I think it's like the last mile, essentially. In other words, it's like, okay, you have folks that are basically that are very comfortable with Tableau but you do have developers who don't want to have to shell out to a separate tool. And so this is where Snowflake is essentially working to address that constituency. To Sanjeev's point, and I think part of it, this kind of plays into it is what makes this different from the Hadoop era is the fact that all these capabilities, you know, a lot of vendors are taking it very seriously to put this native. Now, obviously Snowflake acquired Streamlit. So we can expect that the Streamlit capabilities are going to be native. >> I want to share a little bit about the higher level thinking at Snowflake, here's a chart from Frank Slootman's keynote. It's his version of the modern data stack, if you will. Now, Snowflake of course, was built on the public cloud. If there were no AWS, there would be no Snowflake. Now, they're all about bringing data and live data and expanding the types of data, including structured, we just heard about that, unstructured, geospatial, and the list is going to continue on and on. Eventually I think it's going to bleed into the edge if we can figure out what to do with that edge data. Executing on new workloads is a big deal. They started with data sharing and they recently added security and they've essentially created a PaaS layer. We call it a SuperPaaS layer, if you will, to attract application developers. Snowflake has a developer-focused event coming up in November and they've extended the marketplace with 1300 native apps listings. And at the top, that's the holy grail, monetization. We always talk about building data products and we saw a lot of that at this event, very, very impressive and unique. Now here's the thing. There's a lot of talk in the press, in the Wall Street and the broader community about consumption-based pricing and concerns over Snowflake's visibility and its forecast and how analytics may be discretionary. But if you're a company building apps in Snowflake and monetizing like Capital One intends to do, and you're now selling in the marketplace, that is not discretionary, unless of course your costs are greater than your revenue for that service, in which case is going to fail anyway. But the point is we're entering a new error where data apps and data products are beginning to be built and Snowflake is attempting to make the data cloud the defacto place as to where you're going to build them. In our view they're well ahead in that journey. Okay, let's talk about some of the bigger themes that we heard at the event. Bringing apps to the data instead of moving the data to the apps, this was a constant refrain and one that certainly makes sense from a physics point of view. But having a single source of data that is discoverable, sharable and governed with increasingly robust ecosystem options, it doesn't have to be moved. Sometimes it may have to be moved if you're going across regions, but that's unique and a differentiator for Snowflake in our view. I mean, I'm yet to see a data ecosystem that is as rich and growing as fast as the Snowflake ecosystem. Monetization, we talked about that, industry clouds, financial services, healthcare, retail, and media, all front and center at the event. My understanding is that Frank Slootman was a major force behind this shift, this development and go to market focus on verticals. It's really an attempt, and he talked about this in his keynote to align with the customer mission ultimately align with their objectives which not surprisingly, are increasingly monetizing with data as a differentiating ingredient. We heard a ton about data mesh, there were numerous presentations about the topic. And I'll say this, if you map the seven pillars Snowflake talks about, Benoit Dageville talked about this in his keynote, but if you map those into Zhamak Dehghani's data mesh framework and the four principles, they align better than most of the data mesh washing that I've seen. The seven pillars, all data, all workloads, global architecture, self-managed, programmable, marketplace and governance. Those are the seven pillars that he talked about in his keynote. All data, well, maybe with hybrid tables that becomes more of a reality. Global architecture means the data is globally distributed. It's not necessarily physically in one place. Self-managed is key. Self-service infrastructure is one of Zhamak's four principles. And then inherent governance. Zhamak talks about computational, what I'll call automated governance, built in. And with all the talk about monetization, that aligns with the second principle which is data as product. So while it's not a pure hit and to its credit, by the way, Snowflake doesn't use data mesh in its messaging anymore. But by the way, its customers do, several customers talked about it. Geico, JPMC, and a number of other customers and partners are using the term and using it pretty closely to the concepts put forth by Zhamak Dehghani. But back to the point, they essentially, Snowflake that is, is building a proprietary system that substantially addresses some, if not many of the goals of data mesh. Okay, back to the list, supercloud, that's our term. We saw lots of examples of clouds on top of clouds that are architected to spin multiple clouds, not just run on individual clouds as separate services. And this includes Snowflake's data cloud itself but a number of ecosystem partners that are headed in a very similar direction. Snowflake still talks about data sharing but now it uses the term collaboration in its high level messaging, which is I think smart. Data sharing is kind of a geeky term. And also this is an attempt by Snowflake to differentiate from everyone else that's saying, hey, we do data sharing too. And finally Snowflake doesn't say data marketplace anymore. It's now marketplace, accounting for its application market. Okay, let's take a quick look at the competitive landscape via this ETR X-Y graph. Vertical access remembers net score or spending momentum and the x-axis is penetration, pervasiveness in the data center. That's what ETR calls overlap. Snowflake continues to lead on the vertical axis. They guide it conservatively last quarter, remember, so I wouldn't be surprised if that lofty height, even though it's well down from its earlier levels but I wouldn't be surprised if it ticks down again a bit in the July survey, which will be in the field shortly. Databricks is a key competitor obviously at a strong spending momentum, as you can see. We didn't draw it here but we usually draw that 40% line or red line at 40%, anything above that is considered elevated. So you can see Databricks is quite elevated. But it doesn't have the market presence of Snowflake. It didn't get to IPO during the bubble and it doesn't have nearly as deep and capable go-to market machinery. Now, they're getting better and they're getting some attention in the market, nonetheless. But as a private company, you just naturally, more people are aware of Snowflake. Some analysts, Tony Bear in particular, believe Mongo and Snowflake are on a bit of a collision course long term. I actually can see his point. You know, I mean, they're both platforms, they're both about data. It's long ways off, but you can see them sort of in a similar path. They talk about kind of similar aspirations and visions even though they're quite in different markets today but they're definitely participating in similar tam. The cloud players are probably the biggest or definitely the biggest partners and probably the biggest competitors to Snowflake. And then there's always Oracle. Doesn't have the spending velocity of the others but it's got strong market presence. It owns a cloud and it knows a thing about data and it definitely is a go-to market machine. Okay, we're going to end on some of the things that we heard in the ecosystem. 'Cause look, we've heard before how particular technology, enterprise data warehouse, data hubs, MDM, data lakes, Hadoop, et cetera. We're going to solve all of our data problems and of course they didn't. And in fact, sometimes they create more problems that allow vendors to push more incremental technology to solve the problems that they created. Like tools and platforms to clean up the no schema on right nature of data lakes or data swamps. But here are some of the things that I heard firsthand from some customers and partners. First thing is, they said to me that they're having a hard time keeping up sometimes with the pace of Snowflake. It reminds me of AWS in 2014, 2015 timeframe. You remember that fire hose of announcements which causes increased complexity for customers and partners. I talked to several customers that said, well, yeah this is all well and good but I still need skilled people to understand all these tools that I'm integrated in the ecosystem, the catalogs, the machine learning observability. A number of customers said, I just can't use one governance tool, I need multiple governance tools and a lot of other technologies as well, and they're concerned that that's going to drive up their cost and their complexity. I heard other concerns from the ecosystem that it used to be sort of clear as to where they could add value you know, when Snowflake was just a better data warehouse. But to point number one, they're either concerned that they'll be left behind or they're concerned that they'll be subsumed. Look, I mean, just like we tell AWS customers and partners, you got to move fast, you got to keep innovating. If you don't, you're going to be left. Either if your customer you're going to be left behind your competitor, or if you're a partner, somebody else is going to get there or AWS is going to solve the problem for you. Okay, and there were a number of skeptical practitioners, really thoughtful and experienced data pros that suggested that they've seen this movie before. That's hence the same wine, new bottle. Well, this time around I certainly hope not given all the energy and investment that is going into this ecosystem. And the fact is Snowflake is unquestionably making it easier to put data to work. They built on AWS so you didn't have to worry about provisioning, compute and storage and networking and scaling. Snowflake is optimizing its platform to take advantage of things like Graviton so you don't have to, and they're doing some of their own optimization tools. The ecosystem is building optimization tools so that's all good. And firm belief is the less expensive it is, the more data will get brought into the data cloud. And they're building a data platform on which their ecosystem can build and run data applications, aka data products without having to worry about all the hard work that needs to get done to make data discoverable, shareable, and governed. And unlike the last 10 years, you don't have to be a keeper and integrate all the animals in the Hadoop zoo. Okay, that's it for today, thanks for watching. Thanks to my colleague, Stephanie Chan who helps research "Breaking Analysis" topics. Sometimes Alex Myerson is on production and manages the podcasts. Kristin Martin and Cheryl Knight help get the word out on social and in our newsletters, and Rob Hof is our editor in chief over at Silicon, and Hailey does some wonderful editing, thanks to all. Remember, all these episodes are available as podcasts wherever you listen. All you got to do is search Breaking Analysis Podcasts. I publish each week on wikibon.com and siliconangle.com and you can email me at David.Vellante@siliconangle.com or DM me @DVellante. If you got something interesting, I'll respond. If you don't, I'm sorry I won't. Or comment on my LinkedIn post. Please check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching, and we'll see you next time. (upbeat music)

>>Okay. Okay. We're back at Caesar's Forum. The Snowflake summit 2022. The cubes. Continuous coverage this day to wall to wall coverage. We're so excited to have the analyst panel here, some of my colleagues that we've done a number. You've probably seen some power panels that we've done. David McGregor is here. He's the senior vice president and research director at Ventana Research. To his left is Tony Blair, principal at DB Inside and my in the co host seat. Sanjeev Mohan Sanremo. Guys, thanks so much for coming on. I'm glad we can. Thank you. You're very welcome. I wasn't able to attend the analyst action because I've been doing this all all day, every day. But let me start with you, Dave. What have you seen? That's kind of interested you. Pluses, minuses. Concerns. >>Well, how about if I focus on what I think valuable to the customers of snowflakes and our research shows that the majority of organisations, the majority of people, do not have access to analytics. And so a couple of things they've announced I think address those are helped to address those issues very directly. So Snow Park and support for Python and other languages is a way for organisations to embed analytics into different business processes. And so I think that will be really beneficial to try and get analytics into more people's hands. And I also think that the native applications as part of the marketplace is another way to get applications into people's hands rather than just analytical tools. Because most most people in the organisation or not, analysts, they're doing some line of business function. Their HR managers, their marketing people, their salespeople, their finance people right there, not sitting there mucking around in the data. They're doing a job and they need analytics in that job. So, >>Tony, I thank you. I've heard a lot of data mesh talk this week. It's kind of funny. Can't >>seem to get away from it. You >>can't see. It seems to be gathering momentum, but But what have you seen? That's been interesting. >>What I have noticed. Unfortunately, you know, because the rooms are too small, you just can't get into the data mesh sessions, so there's a lot of interest in it. Um, it's still very I don't think there's very much understanding of it, but I think the idea that you can put all the data in one place which, you know, to me, stuff like it seems to be kind of sort of in a way, it sounds like almost like the Enterprise Data warehouse, you know, Clouded Cloud Native Edition, you know, bring it all in one place again. Um, I think it's providing, sort of, You know, it's I think, for these folks that think this might be kind of like a a linchpin for that. I think there are several other things that actually that really have made a bigger impression on me. Actually, at this event, one is is basically is, um we watch their move with Eunice store. Um, and it's kind of interesting coming, you know, coming from mongo db last week. And I see it's like these two companies seem to be going converging towards the same place at different speeds. I think it's not like it's going to get there faster than Mongo for a number of different reasons, but I see like a number of common threads here. I mean, one is that Mongo was was was a company. It's always been towards developers. They need you know, start cultivating data, people, >>these guys going the other way. >>Exactly. Bingo. And the thing is that but they I think where they're converging is the idea of operational analytics and trying to serve all constituencies. The other thing, which which also in terms of serving, you know, multiple constituencies is how snowflake is laid out Snow Park and what I'm finding like. There's an interesting I economy. On one hand, you have this very ingrained integration of Anaconda, which I think is pretty ingenious. On the other hand, you speak, let's say, like, let's say the data robot folks and say, You know something our folks wanna work data signs us. We want to work in our environment and use snowflake in the background. So I see those kind of some interesting sort of cross cutting trends. >>So, Sandy, I mean, Frank Sullivan, we'll talk about there's definitely benefits into going into the walled garden. Yeah, I don't think we dispute that, but we see them making moves and adding more and more open source capabilities like Apache iceberg. Is that a Is that a move to sort of counteract the narrative that the data breaks is put out there. Is that customer driven? What's your take on that? >>Uh, primarily I think it is to contract this whole notion that once you move data into snowflake, it's a proprietary format. So I think that's how it started. But it's hugely beneficial to the customers to the users, because now, if you have large amounts of data in parquet files, you can leave it on s three. But then you using the the Apache iceberg table format. In a snowflake, you get all the benefits of snowflakes. Optimizer. So, for example, you get the, you know, the micro partitioning. You get the meta data. So, uh, in a single query, you can join. You can do select from a snowflake table union and select from iceberg table, and you can do store procedures, user defined functions. So I think they what they've done is extremely interesting. Uh, iceberg by itself still does not have multi table transactional capabilities. So if I'm running a workload, I might be touching 10 different tables. So if I use Apache iceberg in a raw format, they don't have it. But snowflake does, >>right? There's hence the delta. And maybe that maybe that closes over time. I want to ask you as you look around this I mean the ecosystems pretty vibrant. I mean, it reminds me of, like reinvent in 2013, you know? But then I'm struck by the complexity of the last big data era and a dupe and all the different tools. And is this different, or is it the sort of same wine new new bottle? You guys have any thoughts on that? >>I think it's different and I'll tell you why. I think it's different because it's based around sequel. So if back to Tony's point, these vendors are coming at this from different angles, right? You've got data warehouse vendors and you've got data lake vendors and they're all going to meet in the middle. So in your case, you're taught operational analytical. But the same thing is true with Data Lake and Data Warehouse and Snowflake no longer wants to be known as the Data Warehouse. There a data cloud and our research again. I like to base everything off of that. >>I love what our >>research shows that organisation Two thirds of organisations have sequel skills and one third have big data skills, so >>you >>know they're going to meet in the middle. But it sure is a lot easier to bring along those people who know sequel already to that midpoint than it is to bring big data people to remember. >>Mrr Odula, one of the founders of Cloudera, said to me one time, John Kerry and the Cube, that, uh, sequel is the killer app for a Yeah, >>the difference at this, you know, with with snowflake, is that you don't have to worry about taming the zoo. Animals really have thought out the ease of use, you know? I mean, they thought about I mean, from the get go, they thought of too thin to polls. One is ease of use, and the other is scale. And they've had. And that's basically, you know, I think very much differentiates it. I mean, who do have the scale, but it didn't have the ease of use. But don't I >>still need? Like, if I have, you know, governance from this vendor or, you know, data prep from, you know, don't I still have to have expertise? That's sort of distributed in those those worlds, right? I mean, go ahead. Yeah. >>So the way I see it is snowflake is adding more and more capabilities right into the database. So, for example, they've they've gone ahead and added security and privacy so you can now create policies and do even set level masking, dynamic masking. But most organisations have more than snowflake. So what we are starting to see all around here is that there's a whole series of data catalogue companies, a bunch of companies that are doing dynamic data masking security and governance data observe ability, which is not a space snowflake has gone into. So there's a whole ecosystem of companies that that is mushrooming, although, you know so they're using the native capabilities of snowflake, but they are at a level higher. So if you have a data lake and a cloud data warehouse and you have other, like relational databases, you can run these cross platform capabilities in that layer. So so that way, you know, snowflakes done a great job of enabling that ecosystem about >>the stream lit acquisition. Did you see anything here that indicated there making strong progress there? Are you excited about that? You're sceptical. Go ahead. >>And I think it's like the last mile. Essentially. In other words, it's like, Okay, you have folks that are basically that are very, very comfortable with tableau. But you do have developers who don't want to have to shell out to a separate tool. And so this is where Snowflake is essentially working to address that constituency, um, to San James Point. I think part of it, this kind of plays into it is what makes this different from the ado Pere is the fact that this all these capabilities, you know, a lot of vendors are taking it very seriously to make put this native obviously snowflake acquired stream. Let's so we can expect that's extremely capabilities are going to be native. >>And the other thing, too, about the Hadoop ecosystem is Claudia had to help fund all those different projects and got really, really spread thin. I want to ask you guys about this super cloud we use. Super Cloud is this sort of metaphor for the next wave of cloud. You've got infrastructure aws, azure, Google. It's not multi cloud, but you've got that infrastructure you're building a layer on top of it that hides the underlying complexities of the primitives and the a p I s. And you're adding new value in this case, the data cloud or super data cloud. And now we're seeing now is that snowflake putting forth the notion that they're adding a super path layer. You can now build applications that you can monetise, which to me is kind of exciting. It makes makes this platform even less discretionary. We had a lot of talk on Wall Street about discretionary spending, and that's not discretionary. If you're monetising it, um, what do you guys think about that? Is this something that's that's real? Is it just a figment of my imagination, or do you see a different way of coming any thoughts on that? >>So, in effect, they're trying to become a data operating system, right? And I think that's wonderful. It's ambitious. I think they'll experience some success with that. As I said, applications are important. That's a great way to deliver information. You can monetise them, so you know there's there's a good economic model around it. I think they will still struggle, however, with bringing everything together onto one platform. That's always the challenge. Can you become the platform that's hard, hard to predict? You know, I think this is This is pretty exciting, right? A lot of energy, a lot of large ecosystem. There is a network effect already. Can they succeed in being the only place where data exists? You know, I think that's going to be a challenge. >>I mean, the fact is, I mean, this is a classic best of breed versus the umbrella play. The thing is, this is nothing new. I mean, this is like the you know, the old days with enterprise applications were basically oracle and ASAP vacuumed up all these. You know, all these applications in their in their ecosystem, whereas with snowflake is. And if you look at the cloud, folks, the hyper scale is still building out their own portfolios as well. Some are, You know, some hyper skills are more partner friendly than others. What? What Snowflake is saying is that we're going to give all of you folks who basically are competing against the hyper skills in various areas like data catalogue and pipelines and all that sort of wonderful stuff will make you basically, you know, all equal citizens. You know the burden is on you to basically we will leave. We will lay out the A P. I s Well, we'll allow you to basically, you know, integrate natively to us so you can provide as good experience. But the but the onus is on your back. >>Should the ecosystem be concerned, as they were back to reinvent 2014 that Amazon was going to nibble away at them or or is it different? >>I find what they're doing is different. Uh, for example, data sharing. They were the first ones out the door were data sharing at a large scale. And then everybody has jumped in and said, Oh, we also do data sharing. All the hyper scholars came in. But now what snowflake has done is they've taken it to the next level. Now they're saying it's not just data sharing. It's up sharing and not only up sharing. You can stream the thing you can build, test deploy, and then monetise it. Make it discoverable through, you know, through your marketplace >>you can monetise it. >>Yes. Yeah, so So I I think what they're doing is they are taking it a step further than what hyper scale as they are doing. And because it's like what they said is becoming like the data operating system You log in and you have all of these different functionalities you can do in machine learning. Now you can do data quality. You can do data preparation and you can do Monetisation. Who do you >>think is snowflakes? Biggest competitor? What do you guys think? It's a hard question, isn't it? Because you're like because we all get the we separate computer from storage. We have a cloud data and you go, Okay, that's nice, >>but there's, like, a crack. I think >>there's uniqueness. I >>mean, put it this way. In the old days, it would have been you know, how you know the prime household names. I think today is the hyper scholars and the idea what I mean again, this comes down to the best of breed versus by, you know, get it all from one source. So where is your comfort level? Um, so I think they're kind. They're their co op a Titian the hyper scale. >>Okay, so it's not data bricks, because why they're smaller. >>Well, there is some okay now within the best of breed area. Yes, there is competition. The obvious is data bricks coming in from the data engineering angle. You know, basically the snowflake coming from, you know, from the from the data analyst angle. I think what? Another potential competitor. And I think Snowflake, basically, you know, admitted as such potentially is mongo >>DB. Yeah, >>Exactly. So I mean, yes, there are two different levels of sort >>of a on a longer term collision course. >>Exactly. Exactly. >>Sort of service now and in salesforce >>thing that was that we actually get when I say that a lot of people just laughed. I was like, No, you're kidding. There's no way. I said Excuse me, >>But then you see Mongo last week. We're adding some analytics capabilities and always been developers, as you say, and >>they trashed sequel. But yet they finally have started to write their first real sequel. >>We have M c M Q. Well, now we have a sequel. So what >>were those numbers, >>Dave? Two thirds. One third. >>So the hyper scale is but the hyper scale urz are you going to trust your hyper scale is to do your cross cloud. I mean, maybe Google may be I mean, Microsoft, perhaps aws not there yet. Right? I mean, how important is cross cloud, multi cloud Super cloud Whatever you want to call it What is your data? >>Shows? Cloud is important if I remember correctly. Our research shows that three quarters of organisations are operating in the cloud and 52% are operating across more than one cloud. So, uh, two thirds of the organisations are in the cloud are doing multi cloud, so that's pretty significant. And now they may be operating across clouds for different reasons. Maybe one application runs in one cloud provider. Another application runs another cloud provider. But I do think organisations want that leverage over the hyper scholars right they want they want to be able to tell the hyper scale. I'm gonna move my workloads over here if you don't give us a better rate. Uh, >>I mean, I I think you know, from a database standpoint, I think you're right. I mean, they are competing against some really well funded and you look at big Query barely, you know, solid platform Red shift, for all its faults, has really done an amazing job of moving forward. But to David's point, you know those to me in any way. Those hyper skills aren't going to solve that cross cloud cloud problem, right? >>Right. No, I'm certainly >>not as quickly. No. >>Or with as much zeal, >>right? Yeah, right across cloud. But we're gonna operate better on our >>Exactly. Yes. >>Yes. Even when we talk about multi cloud, the many, many definitions, like, you know, you can mean anything. So the way snowflake does multi cloud and the way mongo db two are very different. So a snowflake says we run on all the hyper scalar, but you have to replicate your data. What Mongo DB is claiming is that one cluster can have notes in multiple different clouds. That is right, you know, quite something. >>Yeah, right. I mean, again, you hit that. We got to go. But, uh, last question, um, snowflake undervalued, overvalued or just about right >>in the stock market or in customers. Yeah. Yeah, well, but, you know, I'm not sure that's the right question. >>That's the question I'm asking. You know, >>I'll say the question is undervalued or overvalued for customers, right? That's really what matters. Um, there's a different audience. Who cares about the investor side? Some of those are watching, but But I believe I believe that the from the customer's perspective, it's probably valued about right, because >>the reason I I ask it, is because it has so hyped. You had $100 billion value. It's the past service now is value, which is crazy for this student Now. It's obviously come back quite a bit below its IPO price. So But you guys are at the financial analyst meeting. Scarpelli laid out 2029 projections signed up for $10 billion.25 percent free time for 20% operating profit. I mean, they better be worth more than they are today. If they do >>that. If I If I see the momentum here this week, I think they are undervalued. But before this week, I probably would have thought there at the right evaluation, >>I would say they're probably more at the right valuation employed because the IPO valuation is just such a false valuation. So hyped >>guys, I could go on for another 45 minutes. Thanks so much. David. Tony Sanjeev. Always great to have you on. We'll have you back for sure. Having us. All right. Thank you. Keep it right there. Were wrapping up Day two and the Cube. Snowflake. Summit 2022. Right back. Mm. Mhm.