>> It's been great. >> Robert Herjavec. >> I mean, you guys are excited where you are, no? >> Dancing with the Stars, of course. >> His CUBE alumni. (techno music) Live from Seattle, Washington, it's theCUBE covering KubeCon and CloudNativeCon North America 2018 brought to you by Red Hat, the Cloud Native Computing Foundation, and its ecosystem partners. (crowd talking) >> And welcome back to our live coverage here in Seattle for KubeCon and CloudNativeCon 2018. I'm John Furrier, Stu Miniman, here for three days of wall to wall coverage, 8,000 people up from 4,000 last year. Growing Kubernetes and the Cloud Native ecosystem around KubeCon. Next two guests, John Morello, CTO of Twistlock, hot start-up to the news. And Nanda Kumar, who's a Fellow Systems engineer at Verizon's Global Technology Service. Guys, welcome to theCUBE. >> Thank you. Thanks for having us. >> Congratulations on your news and Kelsey wearing your shirt on theCUBE earlier. (they laugh) >> Thanks for having us. >> So take a minute to explain what you guys do, your story, you guys got to lot of hot things happening. Take a minute to talk about the company's value-- >> Yeah, sure, so we've been around for about four years now or going on four years. We're kind of the first company in this space that's really focused on cloud native cybersecurity. So, the idea is not just to take the existing capabilities that you've had on traditional systems and kind of retrofit them onto this new platform. But really to leverage the way that the cloud native space works, to be able to do security in a different and hopefully a more effective way. Cloud native has this notion of immutability and being able to take the same artifact from development to staging to production. And that enables us to do things in a security fashion that you really haven't been able to do in the past. Like actually be able to enforce security controls at the very beginning of the life cycle of the app. To be able to ensure consistency in your compliance posture all the way through production. And then as we learn things at runtime, to be able to signal that knowledge back to the developer, so they can actually improve the security application in the beginning. We basically have a platform that gives you those capabilities, vulnerability management, compliance, runtime defense, and firewalling across VMs, containers, and serverless across any clouds you have. We're not specific to any one cloud provider-- >> Is like telemetry coming back to the developer in real time? >> Yeah, basically as an example, when you have an application that's deployed, in the old world you as the developer would give the app to an operator, they would deploy it, and maybe weeks later, somebody would scan it, and they'd say you've got these vulnerabilities and then they have to go back and tell somebody to go and fix them. There's a lot of time where you're exposed, there's a lot of cost with that operation. The way that we're able to do it for the vulnerability case is as the developer builds the application, every build they do, Twistlock can scan that and see the vulnerabilities and actually enforce that as a quality gate and say if you've got critical vulnerabilities, you have to fix 'em before you progress. And then as you take that application and move that into test and staging and production, we create this dynamic runtime model that describes basically an implicit allow list of what's normal behaviors. So you don't have to tell us that my web server normally runs in Gen X and listens on port 80, we learn that automatically. We create this reference model where you can understand what's normal and then we automatically prevent anomalies. So unlike that traditional world of security where you had to have a whole bunch of manual rules that try to blacklist every thing that was bad, (John Furrier laughs) we just say, we learn what's good and only allow that. >> It's predictive and prescriptive in one. >> Yeah, exactly. >> What's the role here with Kubernetes, how do you fit into the Kubernetes standardization, momentum? >> For us, we've kind of pre-dated the rise of Kubernetes in some ways, and really supported Kubernetes from the very beginning when the project became popular. Our platform is designed to work as a native cloud native app itself, so when you deploy Twistlock, you run the Twistlock console, our management service and API controller. All that's run just as a cloud native app. You deploy as a replication controller. When you deploy Twistlock defender, our agent effective error, containerized agents to all the nodes where you're writing compute jobs, you run that as a Damon set. So for us, not only do we protect the platform, but we just are a part of the platform. There's nothing abnormal that you have to do. You deploy it and manage it like you would any other Kubernetes application. >> All right, Nanda, let's pull you into the conversation here. >> Sure. Verizon, obviously most people know, explain what your group does, how cloud native fits into what you're doing. >> I'm part of the Global Technology Services organization. Verizon, as you probably know, is a mixed bag of different types of businesses brought together, wireless being the most prominent one that most of you know about it. But we also have other solutions, like our file solutions. And recently with our acquisition of Yahoo, which is gold, and so forth. Verizon is actually on a major transformation journey. Our transformation journey spans around a five year program. We are in year number three of this transformation and cloud native and cloud technology is a very foundational aspect for us as part of this transformation. I was just chatting with John earlier. Opportunity like this doesn't come that often because we are in a perfect intersection of where automation and Verizon is doing a cloud migration and then you have these cloud native technologies that have been made available. Where it's Kubernetes, container, and so forth. So that mesh of the opportunity to migrate. And as you migrate, you're taking advantage of these technologies, and modernizing your application stack is a big win. >> Okay, can you connect for us the intersection of what you were just talking about and 5G, which is you know, really going to be a huge impact on everything happening in telecommunications. >> Yeah, the whole idea about 5G for us is it's not just the next generation of technology. It's all about the human element ability of it. Basically it means we want to make sure that the technology is used to solve real human problems and the technology is capable of doing that. Be it whether it's a life science or be it in transportation and so forth. We really want to make sure that the technology is being used to solve real human problems and to enable the consumption of this technology. We won't take advantage of cloud native services to support it. >> Help boil it down for us because, just in general, you say even domestically, I think it's like 40% of the U.S. population doesn't have access to broadband. Those of us at the conference here understand that wireless isn't always reliable. 5G silver bullet, everybody's going to have infinite bandwidth everywhere, right? >> Absolutely. (Stu laughs) And that's the valued proposition of the technology that it brings to the table. I know the spread of the technology is going to vary depending upon the commercialization of the product, the solution, and so forth. But the reality is in the new world that we live in, it is not just one piece of technology that's going to make it. It's going to be a mesh of the new technologies like 5G with a combination of WiFi and so forth. All of this coming together. It all comes down to fundamentally what are the use cases or what type of solutions are you going to go after and how it's going to make sense. >> How has cloud native in this transformation changed how you guys make investments? Obviously, the security equation's paramount. Central to the that, lot of data. How is the investments and how you guys are building out changed? Obviously you're looking at re-imagining operations, security, et cetera et cetera. How's that going to shape for you guys-- >> One of the things that Nanda and I were talking about earlier that not because of cloud native but it's enabled by cloud native. I think you look at almost all organizations today, and to reuse that phrase that Andreessen quoted about softwaring the world. It really is a true thing. Unlike in the past where IT had been this cost center that most organizations sought to strangle out and reduce as much as possible, I think most, at least modern companies that will be successful in the future, realize that that's part of their competitive advantage. It's not just about providing an app because your competitor has an app, it's about providing a better experience so that you're driving more revenue, having a better relationship, a longer term deeper relationship with that customer. Like we were talking about, in his case, if they build kind of a minimal application or minimal experience for their customers, their customers may choose to go to AT&T or whomever else if they can feel like hey, it's easier for me to work with them. I get better data, I can use my systems more easily. If you have that inflection point where people are having to really invest in building better software, better industry specific software, you need those tools of mass innovation to do that. And that's what cloud native really is. It's about being able to take and innovate and iterate on those innovations much more rapidly than you've been able to do in the past. And so it's really this confluence of those two trends that make this space as big as it is. That's why we have so many people here at KubeCon. >> Oh, you go faster too. The investment in apps, your applications, faster. And your talking about your security solution replaces the old way of hey, is there a problem, we'll patch it. >> It also has to get away from that approach where people took in the past where security was always this friction. It was this impediment, you know, you wanted to deploy something and you had to go through the security review and create all this rules and it was a hassle and slowed things down. If that's your approach to security, you're going to be at a fundamental conflict to this new approach. >> I think you'll be out of business personally, I think that ship has sailed, that's dead. We see the breaches every day, you see on all the dark webs who've been harvesting all that. IoT though is a different kind of animal. How are you guys looking at the IoT equation because that's a good use case for cloud? You can push now compute to the edge, you don't have to move data around. Certainly you guys are in the telecom business, you know what that means, so latency matters. How are you looking at the edge, IoT, and where does security fit into that? >> In terms of IoT, I think as you mentioned, there are going to be use cases where IoT's going to be very critical. There are two paradigms to the concept of the mobile edge compute. One is for the IoT use cases, the other could be even for like AR/VR is a good example. You want the compute to be so fast where you want responses immediately based on the location you are and so forth. So that's a very important foundation that we're working on and making that a reality for our organization to come use it. And of course any solution that we provide, security needs to be baked into it, because that's going to be foundation for how to-- >> Back to your 5G point, that's great back haul too for those devices. That one at least. If they want to send data back or interface with the edge, and power and compute, you need power and connectivity. >> Yep, exactly, very true. >> What's next, I guess? If you look forward, where's this journey going? How does this partnership help solve things? >> I think the key to any successful transformation is you got to take into consideration your current landscape. You certainly can have a broad vision of where the future is and so forth, but if you can't build the bridge between where we are and where we need to go, that's going to be a very challenging space so when you look at the cloud native technologies, we look at making it operational efficiency for us. In terms of how do we do our operations, like the earlier question we talked about, what is changing for us? Our operation's getting better. Our security portion is getting better because we're now shifting more of this to left. Which means as the workloads are being built and so forth. We're taking into consideration how it's going to run, where it's going to run and so forth. So that's going to create the savings and operational efficiency, which then allows us to take that and transform it into how do we focus on more modern technologies and modern solutions and so forth. >> Customer satisfaction. >> And customer satisfaction. >> Those are the top line business for every new model. >> So I got to ask, how is it going with Twistlock? Where's their role in your transformation? It's on the security side? >> Mm-hmm. >> Where do they play into your mix? >> So when we rolled out our solution for our Kubernetes platform, we certainly want to make sure that, to John's earlier point, where we can shift left and really look at security wholistically. And the only way you could do that is you need to capture the essence or integrate security as the project's being built. Because today we do have a security portion, but it's kind of where you have it during the development phase or during operations or doing it on time. You're not able to stitch it together. But with container and Kubernetes, you now have the advantage of really knowing what is end to end. And that is where our partnership with Twistlock has to be able to oversee that and provide that insight on what is running, where it's running, what levels exist, and how do we fix it. >> It kind of makes sense too. We've talked for years, the perimeter is dead. You guys are addressing security upfront at the application level where it's coding. This is working out for you guys well? >> Yep, and that's been a big shift in fact for why they've been successful with this transformation. Because we know have inside steward and everybody in the organization has a line off-site to what's going on, where things are running and so forth. It's been a great partnership. >> John, talk about this dynamic 'cause this is really kind of compelling because we've heard, "Oh, yeah, we're throwing everything "against the wall in security." And everyone always says, "Hey, the perimeter is dead "and you got to start with security in mind from day one." Well, I mean, what is day one? The minute you start coding, right? >> I get your overall point about the perimeter being dead. I would actually rephrase it a bit and say, "The perimeter being dissolved." And I think that's really a more probably accurate way to look at it. What used to be this very tightly defined like, we deploy things in this network or even VPC and it's got this control around it. Whereas a lot of customers today we see choosing an intentional multi-cloud strategy. They want to preserve the ability to have some leverage, not just with Amazon, but with Azure, or with Google, or whomever it may be on-premises. And when you have that model where you've got infrastructure and multiple regions, multiple different providers, you no longer have that very clean separation between what's yours and what's kind of out on the outside. And so one of the things that we really think is important is to be able to bring the perimeter to the application. So the way that we look at protecting the application is around the app itself, regardless of what the underlying compute platform is, the cloud, the region, it's really about protecting the app. You learn how those different microservices normally communicate with each other. You only allow that normal good communication unless you can really constrain a blast radius if you do have some kind of compromise in the future. And the minute you really try to mitigate that compromise is to again find those vulnerabilities as you develop the app, and prevent them in development before they ever get out to production. >> And that's a super smart approach, I love that. I think it's a winner, congratulations. Final question, what's the prediction for multi-cloud in 2019? Since you brought it up, multi-cloud seems to be the hot thing. What's your prediction 2019? It becomes a conversation? It becomes practice? >> I would say at this point, it already is practice in most organizations. And I would say that in 2019, you'll see that become something that's accepted not just as an option but as really the preferred, the better operational model. So you're able to choose technology platforms and operational approaches that are designed to work in a model in which you have multiple providers. Because you have a dependency layer that you can take now with Kubernetes and containers that's universal across those. Theoretically, you could have always taken a VM you put in ager and moved it to AWS, but it was really difficult and painful and hard to do that. If you do that well with Kubernetes, it's really pretty straightforward to deploy an application across multiple providers or multiple regions of the same provider even. And I think you'll see that become a more real thing in 2019 because it gives you as a company, or you as a customer, more leverage to be able to choose the services and negotiate the rates that you want with your provider. >> And if you move security to the app level like you guys are doing, you take away all that extra work around how to send policy and make it dynamic. >> Exactly. Our customers may have one Twistlock environment that manages things in Azure and AWS and GCP and on-premises and that's fine because we care about protecting the app not the interlying infrastructure. >> You agree? >> Absolutely, I think that's going to be the case even from our perspective. You're always going to look for where is the best place around these workloads and in a cost-effective way and secure manner. And as long as you're a single-controlled plane that you can manage it, I think the multi-cloud is going to be the ideal-- >> Make it easier to operate, standard language for developers, lock in security at the front end. >> That's right. >> Good stuff. Guys thanks for coming out. >> Sure. >> Appreciate the insight. Smart commentary here on security, cloud native, Kubernetes, I'll break it down here on theCUBE. I'm John Furrier, Stu Miniman, stay with us. More day one coverage of three days of live coverage here in Seattle for KubeCon and CloudNativeCon. We'll be right back. (upbeat music)

(upbeat music beginning) >> From the Cube Studios in Palo Alto and Boston, bringing you data-driven insights from the Cube and ETR, this is "Breaking Analysis" with Dave Vellante. >> Making predictions about the future of enterprise tech is more challenging if you strive to lay down forecasts that are measurable. In other words, if you make a prediction, you should be able to look back a year later and say, with some degree of certainty, whether the prediction came true or not, with evidence to back that up. Hello and welcome to this week's Wikibon Cube Insights, powered by ETR. In this breaking analysis, we aim to do just that, with predictions about the macro IT spending environment, cost optimization, security, lots to talk about there, generative AI, cloud, and of course supercloud, blockchain adoption, data platforms, including commentary on Databricks, snowflake, and other key players, automation, events, and we may even have some bonus predictions around quantum computing, and perhaps some other areas. To make all this happen, we welcome back, for the third year in a row, my colleague and friend Eric Bradley from ETR. Eric, thanks for all you do for the community, and thanks for being part of this program. Again. >> I wouldn't miss it for the world. I always enjoy this one. Dave, good to see you. >> Yeah, so let me bring up this next slide and show you, actually come back to me if you would. I got to show the audience this. These are the inbounds that we got from PR firms starting in October around predictions. They know we do prediction posts. And so they'll send literally thousands and thousands of predictions from hundreds of experts in the industry, technologists, consultants, et cetera. And if you bring up the slide I can show you sort of the pattern that developed here. 40% of these thousands of predictions were from cyber. You had AI and data. If you combine those, it's still not close to cyber. Cost optimization was a big thing. Of course, cloud, some on DevOps, and software. Digital... Digital transformation got, you know, some lip service and SaaS. And then there was other, it's kind of around 2%. So quite remarkable, when you think about the focus on cyber, Eric. >> Yeah, there's two reasons why I think it makes sense, though. One, the cybersecurity companies have a lot of cash, so therefore the PR firms might be working a little bit harder for them than some of their other clients. (laughs) And then secondly, as you know, for multiple years now, when we do our macro survey, we ask, "What's your number one spending priority?" And again, it's security. It just isn't going anywhere. It just stays at the top. So I'm actually not that surprised by that little pie chart there, but I was shocked that SaaS was only 5%. You know, going back 10 years ago, that would've been the only thing anyone was talking about. >> Yeah. So true. All right, let's get into it. First prediction, we always start with kind of tech spending. Number one is tech spending increases between four and 5%. ETR has currently got it at 4.6% coming into 2023. This has been a consistently downward trend all year. We started, you know, much, much higher as we've been reporting. Bottom line is the fed is still in control. They're going to ease up on tightening, is the expectation, they're going to shoot for a soft landing. But you know, my feeling is this slingshot economy is going to continue, and it's going to continue to confound, whether it's supply chains or spending. The, the interesting thing about the ETR data, Eric, and I want you to comment on this, the largest companies are the most aggressive to cut. They're laying off, smaller firms are spending faster. They're actually growing at a much larger, faster rate as are companies in EMEA. And that's a surprise. That's outpacing the US and APAC. Chime in on this, Eric. >> Yeah, I was surprised on all of that. First on the higher level spending, we are definitely seeing it coming down, but the interesting thing here is headlines are making it worse. The huge research shop recently said 0% growth. We're coming in at 4.6%. And just so everyone knows, this is not us guessing, we asked 1,525 IT decision-makers what their budget growth will be, and they came in at 4.6%. Now there's a huge disparity, as you mentioned. The Fortune 500, global 2000, barely at 2% growth, but small, it's at 7%. So we're at a situation right now where the smaller companies are still playing a little bit of catch up on digital transformation, and they're spending money. The largest companies that have the most to lose from a recession are being more trepidatious, obviously. So they're playing a "Wait and see." And I hope we don't talk ourselves into a recession. Certainly the headlines and some of their research shops are helping it along. But another interesting comment here is, you know, energy and utilities used to be called an orphan and widow stock group, right? They are spending more than anyone, more than financials insurance, more than retail consumer. So right now it's being driven by mid, small, and energy and utilities. They're all spending like gangbusters, like nothing's happening. And it's the rest of everyone else that's being very cautious. >> Yeah, so very unpredictable right now. All right, let's go to number two. Cost optimization remains a major theme in 2023. We've been reporting on this. You've, we've shown a chart here. What's the primary method that your organization plans to use? You asked this question of those individuals that cited that they were going to reduce their spend and- >> Mhm. >> consolidating redundant vendors, you know, still leads the way, you know, far behind, cloud optimization is second, but it, but cloud continues to outpace legacy on-prem spending, no doubt. Somebody, it was, the guy's name was Alexander Feiglstorfer from Storyblok, sent in a prediction, said "All in one becomes extinct." Now, generally I would say I disagree with that because, you know, as we know over the years, suites tend to win out over, you know, individual, you know, point products. But I think what's going to happen is all in one is going to remain the norm for these larger companies that are cutting back. They want to consolidate redundant vendors, and the smaller companies are going to stick with that best of breed and be more aggressive and try to compete more effectively. What's your take on that? >> Yeah, I'm seeing much more consolidation in vendors, but also consolidation in functionality. We're seeing people building out new functionality, whether it's, we're going to talk about this later, so I don't want to steal too much of our thunder right now, but data and security also, we're seeing a functionality creep. So I think there's further consolidation happening here. I think niche solutions are going to be less likely, and platform solutions are going to be more likely in a spending environment where you want to reduce your vendors. You want to have one bill to pay, not 10. Another thing on this slide, real quick if I can before I move on, is we had a bunch of people write in and some of the answer options that aren't on this graph but did get cited a lot, unfortunately, is the obvious reduction in staff, hiring freezes, and delaying hardware, were three of the top write-ins. And another one was offshore outsourcing. So in addition to what we're seeing here, there were a lot of write-in options, and I just thought it would be important to state that, but essentially the cost optimization is by and far the highest one, and it's growing. So it's actually increased in our citations over the last year. >> And yeah, specifically consolidating redundant vendors. And so I actually thank you for bringing that other up, 'cause I had asked you, Eric, is there any evidence that repatriation is going on and we don't see it in the numbers, we don't see it even in the other, there was, I think very little or no mention of cloud repatriation, even though it might be happening in this in a smattering. >> Not a single mention, not one single mention. I went through it for you. Yep. Not one write-in. >> All right, let's move on. Number three, security leads M&A in 2023. Now you might say, "Oh, well that's a layup," but let me set this up Eric, because I didn't really do a great job with the slide. I hid the, what you've done, because you basically took, this is from the emerging technology survey with 1,181 responses from November. And what we did is we took Palo Alto and looked at the overlap in Palo Alto Networks accounts with these vendors that were showing on this chart. And Eric, I'm going to ask you to explain why we put a circle around OneTrust, but let me just set it up, and then have you comment on the slide and take, give us more detail. We're seeing private company valuations are off, you know, 10 to 40%. We saw a sneak, do a down round, but pretty good actually only down 12%. We've seen much higher down rounds. Palo Alto Networks we think is going to get busy. Again, they're an inquisitive company, they've been sort of quiet lately, and we think CrowdStrike, Cisco, Microsoft, Zscaler, we're predicting all of those will make some acquisitions and we're thinking that the targets are somewhere in this mess of security taxonomy. Other thing we're predicting AI meets cyber big time in 2023, we're going to probably going to see some acquisitions of those companies that are leaning into AI. We've seen some of that with Palo Alto. And then, you know, your comment to me, Eric, was "The RSA conference is going to be insane, hopping mad, "crazy this April," (Eric laughing) but give us your take on this data, and why the red circle around OneTrust? Take us back to that slide if you would, Alex. >> Sure. There's a few things here. First, let me explain what we're looking at. So because we separate the public companies and the private companies into two separate surveys, this allows us the ability to cross-reference that data. So what we're doing here is in our public survey, the tesis, everyone who cited some spending with Palo Alto, meaning they're a Palo Alto customer, we then cross-reference that with the private tech companies. Who also are they spending with? So what you're seeing here is an overlap. These companies that we have circled are doing the best in Palo Alto's accounts. Now, Palo Alto went and bought Twistlock a few years ago, which this data slide predicted, to be quite honest. And so I don't know if they necessarily are going to go after Snyk. Snyk, sorry. They already have something in that space. What they do need, however, is more on the authentication space. So I'm looking at OneTrust, with a 45% overlap in their overall net sentiment. That is a company that's already existing in their accounts and could be very synergistic to them. BeyondTrust as well, authentication identity. This is something that Palo needs to do to move more down that zero trust path. Now why did I pick Palo first? Because usually they're very inquisitive. They've been a little quiet lately. Secondly, if you look at the backdrop in the markets, the IPO freeze isn't going to last forever. Sooner or later, the IPO markets are going to open up, and some of these private companies are going to tap into public equity. In the meantime, however, cash funding on the private side is drying up. If they need another round, they're not going to get it, and they're certainly not going to get it at the valuations they were getting. So we're seeing valuations maybe come down where they're a touch more attractive, and Palo knows this isn't going to last forever. Cisco knows that, CrowdStrike, Zscaler, all these companies that are trying to make a push to become that vendor that you're consolidating in, around, they have a chance now, they have a window where they need to go make some acquisitions. And that's why I believe leading up to RSA, we're going to see some movement. I think it's going to pretty, a really exciting time in security right now. >> Awesome. Thank you. Great explanation. All right, let's go on the next one. Number four is, it relates to security. Let's stay there. Zero trust moves from hype to reality in 2023. Now again, you might say, "Oh yeah, that's a layup." A lot of these inbounds that we got are very, you know, kind of self-serving, but we always try to put some meat in the bone. So first thing we do is we pull out some commentary from, Eric, your roundtable, your insights roundtable. And we have a CISO from a global hospitality firm says, "For me that's the highest priority." He's talking about zero trust because it's the best ROI, it's the most forward-looking, and it enables a lot of the business transformation activities that we want to do. CISOs tell me that they actually can drive forward transformation projects that have zero trust, and because they can accelerate them, because they don't have to go through the hurdle of, you know, getting, making sure that it's secure. Second comment, zero trust closes that last mile where once you're authenticated, they open up the resource to you in a zero trust way. That's a CISO of a, and a managing director of a cyber risk services enterprise. Your thoughts on this? >> I can be here all day, so I'm going to try to be quick on this one. This is not a fluff piece on this one. There's a couple of other reasons this is happening. One, the board finally gets it. Zero trust at first was just a marketing hype term. Now the board understands it, and that's why CISOs are able to push through it. And what they finally did was redefine what it means. Zero trust simply means moving away from hardware security, moving towards software-defined security, with authentication as its base. The board finally gets that, and now they understand that this is necessary and it's being moved forward. The other reason it's happening now is hybrid work is here to stay. We weren't really sure at first, large companies were still trying to push people back to the office, and it's going to happen. The pendulum will swing back, but hybrid work's not going anywhere. By basically on our own data, we're seeing that 69% of companies expect remote and hybrid to be permanent, with only 30% permanent in office. Zero trust works for a hybrid environment. So all of that is the reason why this is happening right now. And going back to our previous prediction, this is why we're picking Palo, this is why we're picking Zscaler to make these acquisitions. Palo Alto needs to be better on the authentication side, and so does Zscaler. They're both fantastic on zero trust network access, but they need the authentication software defined aspect, and that's why we think this is going to happen. One last thing, in that CISO round table, I also had somebody say, "Listen, Zscaler is incredible. "They're doing incredibly well pervading the enterprise, "but their pricing's getting a little high," and they actually think Palo Alto is well-suited to start taking some of that share, if Palo can make one move. >> Yeah, Palo Alto's consolidation story is very strong. Here's my question and challenge. Do you and me, so I'm always hardcore about, okay, you've got to have evidence. I want to look back at these things a year from now and say, "Did we get it right? Yes or no?" If we got it wrong, we'll tell you we got it wrong. So how are we going to measure this? I'd say a couple things, and you can chime in. One is just the number of vendors talking about it. That's, but the marketing always leads the reality. So the second part of that is we got to get evidence from the buying community. Can you help us with that? >> (laughs) Luckily, that's what I do. I have a data company that asks thousands of IT decision-makers what they're adopting and what they're increasing spend on, as well as what they're decreasing spend on and what they're replacing. So I have snapshots in time over the last 11 years where I can go ahead and compare and contrast whether this adoption is happening or not. So come back to me in 12 months and I'll let you know. >> Now, you know, I will. Okay, let's bring up the next one. Number five, generative AI hits where the Metaverse missed. Of course everybody's talking about ChatGPT, we just wrote last week in a breaking analysis with John Furrier and Sarjeet Joha our take on that. We think 2023 does mark a pivot point as natural language processing really infiltrates enterprise tech just as Amazon turned the data center into an API. We think going forward, you're going to be interacting with technology through natural language, through English commands or other, you know, foreign language commands, and investors are lining up, all the VCs are getting excited about creating something competitive to ChatGPT, according to (indistinct) a hundred million dollars gets you a seat at the table, gets you into the game. (laughing) That's before you have to start doing promotion. But he thinks that's what it takes to actually create a clone or something equivalent. We've seen stuff from, you know, the head of Facebook's, you know, AI saying, "Oh, it's really not that sophisticated, ChatGPT, "it's kind of like IBM Watson, it's great engineering, "but you know, we've got more advanced technology." We know Google's working on some really interesting stuff. But here's the thing. ETR just launched this survey for the February survey. It's in the field now. We circle open AI in this category. They weren't even in the survey, Eric, last quarter. So 52% of the ETR survey respondents indicated a positive sentiment toward open AI. I added up all the sort of different bars, we could double click on that. And then I got this inbound from Scott Stevenson of Deep Graham. He said "AI is recession-proof." I don't know if that's the case, but it's a good quote. So bring this back up and take us through this. Explain this chart for us, if you would. >> First of all, I like Scott's quote better than the Facebook one. I think that's some sour grapes. Meta just spent an insane amount of money on the Metaverse and that's a dud. Microsoft just spent money on open AI and it is hot, undoubtedly hot. We've only been in the field with our current ETS survey for a week. So my caveat is it's preliminary data, but I don't care if it's preliminary data. (laughing) We're getting a sneak peek here at what is the number one net sentiment and mindshare leader in the entire machine-learning AI sector within a week. It's beating Data- >> 600. 600 in. >> It's beating Databricks. And we all know Databricks is a huge established enterprise company, not only in machine-learning AI, but it's in the top 10 in the entire survey. We have over 400 vendors in this survey. It's number eight overall, already. In a week. This is not hype. This is real. And I could go on the NLP stuff for a while. Not only here are we seeing it in open AI and machine-learning and AI, but we're seeing NLP in security. It's huge in email security. It's completely transforming that area. It's one of the reasons I thought Palo might take Abnormal out. They're doing such a great job with NLP in this email side, and also in the data prep tools. NLP is going to take out data prep tools. If we have time, I'll discuss that later. But yeah, this is, to me this is a no-brainer, and we're already seeing it in the data. >> Yeah, John Furrier called, you know, the ChatGPT introduction. He said it reminded him of the Netscape moment, when we all first saw Netscape Navigator and went, "Wow, it really could be transformative." All right, number six, the cloud expands to supercloud as edge computing accelerates and CloudFlare is a big winner in 2023. We've reported obviously on cloud, multi-cloud, supercloud and CloudFlare, basically saying what multi-cloud should have been. We pulled this quote from Atif Kahn, who is the founder and CTO of Alkira, thanks, one of the inbounds, thank you. "In 2023, highly distributed IT environments "will become more the norm "as organizations increasingly deploy hybrid cloud, "multi-cloud and edge settings..." Eric, from one of your round tables, "If my sources from edge computing are coming "from the cloud, that means I have my workloads "running in the cloud. "There is no one better than CloudFlare," That's a senior director of IT architecture at a huge financial firm. And then your analysis shows CloudFlare really growing in pervasion, that sort of market presence in the dataset, dramatically, to near 20%, leading, I think you had told me that they're even ahead of Google Cloud in terms of momentum right now. >> That was probably the biggest shock to me in our January 2023 tesis, which covers the public companies in the cloud computing sector. CloudFlare has now overtaken GCP in overall spending, and I was shocked by that. It's already extremely pervasive in networking, of course, for the edge networking side, and also in security. This is the number one leader in SaaSi, web access firewall, DDoS, bot protection, by your definition of supercloud, which we just did a couple of weeks ago, and I really enjoyed that by the way Dave, I think CloudFlare is the one that fits your definition best, because it's bringing all of these aspects together, and most importantly, it's cloud agnostic. It does not need to rely on Azure or AWS to do this. It has its own cloud. So I just think it's, when we look at your definition of supercloud, CloudFlare is the poster child. >> You know, what's interesting about that too, is a lot of people are poo-pooing CloudFlare, "Ah, it's, you know, really kind of not that sophisticated." "You don't have as many tools," but to your point, you're can have those tools in the cloud, Cloudflare's doing serverless on steroids, trying to keep things really simple, doing a phenomenal job at, you know, various locations around the world. And they're definitely one to watch. Somebody put them on my radar (laughing) a while ago and said, "Dave, you got to do a breaking analysis on CloudFlare." And so I want to thank that person. I can't really name them, 'cause they work inside of a giant hyperscaler. But- (Eric laughing) (Dave chuckling) >> Real quickly, if I can from a competitive perspective too, who else is there? They've already taken share from Akamai, and Fastly is their really only other direct comp, and they're not there. And these guys are in poll position and they're the only game in town right now. I just, I don't see it slowing down. >> I thought one of your comments from your roundtable I was reading, one of the folks said, you know, CloudFlare, if my workloads are in the cloud, they are, you know, dominant, they said not as strong with on-prem. And so Akamai is doing better there. I'm like, "Okay, where would you want to be?" (laughing) >> Yeah, which one of those two would you rather be? >> Right? Anyway, all right, let's move on. Number seven, blockchain continues to look for a home in the enterprise, but devs will slowly begin to adopt in 2023. You know, blockchains have got a lot of buzz, obviously crypto is, you know, the killer app for blockchain. Senior IT architect in financial services from your, one of your insight roundtables said quote, "For enterprises to adopt a new technology, "there have to be proven turnkey solutions. "My experience in talking with my peers are, "blockchain is still an open-source component "where you have to build around it." Now I want to thank Ravi Mayuram, who's the CTO of Couchbase sent in, you know, one of the predictions, he said, "DevOps will adopt blockchain, specifically Ethereum." And he referenced actually in his email to me, Solidity, which is the programming language for Ethereum, "will be in every DevOps pro's playbook, "mirroring the boom in machine-learning. "Newer programming languages like Solidity "will enter the toolkits of devs." His point there, you know, Solidity for those of you don't know, you know, Bitcoin is not programmable. Solidity, you know, came out and that was their whole shtick, and they've been improving that, and so forth. But it, Eric, it's true, it really hasn't found its home despite, you know, the potential for smart contracts. IBM's pushing it, VMware has had announcements, and others, really hasn't found its way in the enterprise yet. >> Yeah, and I got to be honest, I don't think it's going to, either. So when we did our top trends series, this was basically chosen as an anti-prediction, I would guess, that it just continues to not gain hold. And the reason why was that first comment, right? It's very much a niche solution that requires a ton of custom work around it. You can't just plug and play it. And at the end of the day, let's be very real what this technology is, it's a database ledger, and we already have database ledgers in the enterprise. So why is this a priority to move to a different database ledger? It's going to be very niche cases. I like the CTO comment from Couchbase about it being adopted by DevOps. I agree with that, but it has to be a DevOps in a very specific use case, and a very sophisticated use case in financial services, most likely. And that's not across the entire enterprise. So I just think it's still going to struggle to get its foothold for a little bit longer, if ever. >> Great, thanks. Okay, let's move on. Number eight, AWS Databricks, Google Snowflake lead the data charge with Microsoft. Keeping it simple. So let's unpack this a little bit. This is the shared accounts peer position for, I pulled data platforms in for analytics, machine-learning and AI and database. So I could grab all these accounts or these vendors and see how they compare in those three sectors. Analytics, machine-learning and database. Snowflake and Databricks, you know, they're on a crash course, as you and I have talked about. They're battling to be the single source of truth in analytics. They're, there's going to be a big focus. They're already started. It's going to be accelerated in 2023 on open formats. Iceberg, Python, you know, they're all the rage. We heard about Iceberg at Snowflake Summit, last summer or last June. Not a lot of people had heard of it, but of course the Databricks crowd, who knows it well. A lot of other open source tooling. There's a company called DBT Labs, which you're going to talk about in a minute. George Gilbert put them on our radar. We just had Tristan Handy, the CEO of DBT labs, on at supercloud last week. They are a new disruptor in data that's, they're essentially making, they're API-ifying, if you will, KPIs inside the data warehouse and dramatically simplifying that whole data pipeline. So really, you know, the ETL guys should be shaking in their boots with them. Coming back to the slide. Google really remains focused on BigQuery adoption. Customers have complained to me that they would like to use Snowflake with Google's AI tools, but they're being forced to go to BigQuery. I got to ask Google about that. AWS continues to stitch together its bespoke data stores, that's gone down that "Right tool for the right job" path. David Foyer two years ago said, "AWS absolutely is going to have to solve that problem." We saw them start to do it in, at Reinvent, bringing together NoETL between Aurora and Redshift, and really trying to simplify those worlds. There's going to be more of that. And then Microsoft, they're just making it cheap and easy to use their stuff, you know, despite some of the complaints that we hear in the community, you know, about things like Cosmos, but Eric, your take? >> Yeah, my concern here is that Snowflake and Databricks are fighting each other, and it's allowing AWS and Microsoft to kind of catch up against them, and I don't know if that's the right move for either of those two companies individually, Azure and AWS are building out functionality. Are they as good? No they're not. The other thing to remember too is that AWS and Azure get paid anyway, because both Databricks and Snowflake run on top of 'em. So (laughing) they're basically collecting their toll, while these two fight it out with each other, and they build out functionality. I think they need to stop focusing on each other, a little bit, and think about the overall strategy. Now for Databricks, we know they came out first as a machine-learning AI tool. They were known better for that spot, and now they're really trying to play catch-up on that data storage compute spot, and inversely for Snowflake, they were killing it with the compute separation from storage, and now they're trying to get into the MLAI spot. I actually wouldn't be surprised to see them make some sort of acquisition. Frank Slootman has been a little bit quiet, in my opinion there. The other thing to mention is your comment about DBT Labs. If we look at our emerging technology survey, last survey when this came out, DBT labs, number one leader in that data integration space, I'm going to just pull it up real quickly. It looks like they had a 33% overall net sentiment to lead data analytics integration. So they are clearly growing, it's fourth straight survey consecutively that they've grown. The other name we're seeing there a little bit is Cribl, but DBT labs is by far the number one player in this space. >> All right. Okay, cool. Moving on, let's go to number nine. With Automation mixer resurgence in 2023, we're showing again data. The x axis is overlap or presence in the dataset, and the vertical axis is shared net score. Net score is a measure of spending momentum. As always, you've seen UI path and Microsoft Power Automate up until the right, that red line, that 40% line is generally considered elevated. UI path is really separating, creating some distance from Automation Anywhere, they, you know, previous quarters they were much closer. Microsoft Power Automate came on the scene in a big way, they loom large with this "Good enough" approach. I will say this, I, somebody sent me a results of a (indistinct) survey, which showed UiPath actually had more mentions than Power Automate, which was surprising, but I think that's not been the case in the ETR data set. We're definitely seeing a shift from back office to front soft office kind of workloads. Having said that, software testing is emerging as a mainstream use case, we're seeing ML and AI become embedded in end-to-end automations, and low-code is serving the line of business. And so this, we think, is going to increasingly have appeal to organizations in the coming year, who want to automate as much as possible and not necessarily, we've seen a lot of layoffs in tech, and people... You're going to have to fill the gaps with automation. That's a trend that's going to continue. >> Yep, agreed. At first that comment about Microsoft Power Automate having less citations than UiPath, that's shocking to me. I'm looking at my chart right here where Microsoft Power Automate was cited by over 60% of our entire survey takers, and UiPath at around 38%. Now don't get me wrong, 38% pervasion's fantastic, but you know you're not going to beat an entrenched Microsoft. So I don't really know where that comment came from. So UiPath, looking at it alone, it's doing incredibly well. It had a huge rebound in its net score this last survey. It had dropped going through the back half of 2022, but we saw a big spike in the last one. So it's got a net score of over 55%. A lot of people citing adoption and increasing. So that's really what you want to see for a name like this. The problem is that just Microsoft is doing its playbook. At the end of the day, I'm going to do a POC, why am I going to pay more for UiPath, or even take on another separate bill, when we know everyone's consolidating vendors, if my license already includes Microsoft Power Automate? It might not be perfect, it might not be as good, but what I'm hearing all the time is it's good enough, and I really don't want another invoice. >> Right. So how does UiPath, you know, and Automation Anywhere, how do they compete with that? Well, the way they compete with it is they got to have a better product. They got a product that's 10 times better. You know, they- >> Right. >> they're not going to compete based on where the lowest cost, Microsoft's got that locked up, or where the easiest to, you know, Microsoft basically give it away for free, and that's their playbook. So that's, you know, up to UiPath. UiPath brought on Rob Ensslin, I've interviewed him. Very, very capable individual, is now Co-CEO. So he's kind of bringing that adult supervision in, and really tightening up the go to market. So, you know, we know this company has been a rocket ship, and so getting some control on that and really getting focused like a laser, you know, could be good things ahead there for that company. Okay. >> One of the problems, if I could real quick Dave, is what the use cases are. When we first came out with RPA, everyone was super excited about like, "No, UiPath is going to be great for super powerful "projects, use cases." That's not what RPA is being used for. As you mentioned, it's being used for mundane tasks, so it's not automating complex things, which I think UiPath was built for. So if you were going to get UiPath, and choose that over Microsoft, it's going to be 'cause you're doing it for more powerful use case, where it is better. But the problem is that's not where the enterprise is using it. The enterprise are using this for base rote tasks, and simply, Microsoft Power Automate can do that. >> Yeah, it's interesting. I've had people on theCube that are both Microsoft Power Automate customers and UiPath customers, and I've asked them, "Well you know, "how do you differentiate between the two?" And they've said to me, "Look, our users and personal productivity users, "they like Power Automate, "they can use it themselves, and you know, "it doesn't take a lot of, you know, support on our end." The flip side is you could do that with UiPath, but like you said, there's more of a focus now on end-to-end enterprise automation and building out those capabilities. So it's increasingly a value play, and that's going to be obviously the challenge going forward. Okay, my last one, and then I think you've got some bonus ones. Number 10, hybrid events are the new category. Look it, if I can get a thousand inbounds that are largely self-serving, I can do my own here, 'cause we're in the events business. (Eric chuckling) Here's the prediction though, and this is a trend we're seeing, the number of physical events is going to dramatically increase. That might surprise people, but most of the big giant events are going to get smaller. The exception is AWS with Reinvent, I think Snowflake's going to continue to grow. So there are examples of physical events that are growing, but generally, most of the big ones are getting smaller, and there's going to be many more smaller intimate regional events and road shows. These micro-events, they're going to be stitched together. Digital is becoming a first class citizen, so people really got to get their digital acts together, and brands are prioritizing earned media, and they're beginning to build their own news networks, going direct to their customers. And so that's a trend we see, and I, you know, we're right in the middle of it, Eric, so you know we're going to, you mentioned RSA, I think that's perhaps going to be one of those crazy ones that continues to grow. It's shrunk, and then it, you know, 'cause last year- >> Yeah, it did shrink. >> right, it was the last one before the pandemic, and then they sort of made another run at it last year. It was smaller but it was very vibrant, and I think this year's going to be huge. Global World Congress is another one, we're going to be there end of Feb. That's obviously a big big show, but in general, the brands and the technology vendors, even Oracle is going to scale down. I don't know about Salesforce. We'll see. You had a couple of bonus predictions. Quantum and maybe some others? Bring us home. >> Yeah, sure. I got a few more. I think we touched upon one, but I definitely think the data prep tools are facing extinction, unfortunately, you know, the Talons Informatica is some of those names. The problem there is that the BI tools are kind of including data prep into it already. You know, an example of that is Tableau Prep Builder, and then in addition, Advanced NLP is being worked in as well. ThoughtSpot, Intelius, both often say that as their selling point, Tableau has Ask Data, Click has Insight Bot, so you don't have to really be intelligent on data prep anymore. A regular business user can just self-query, using either the search bar, or even just speaking into what it needs, and these tools are kind of doing the data prep for it. I don't think that's a, you know, an out in left field type of prediction, but it's the time is nigh. The other one I would also state is that I think knowledge graphs are going to break through this year. Neo4j in our survey is growing in pervasion in Mindshare. So more and more people are citing it, AWS Neptune's getting its act together, and we're seeing that spending intentions are growing there. Tiger Graph is also growing in our survey sample. I just think that the time is now for knowledge graphs to break through, and if I had to do one more, I'd say real-time streaming analytics moves from the very, very rich big enterprises to downstream, to more people are actually going to be moving towards real-time streaming, again, because the data prep tools and the data pipelines have gotten easier to use, and I think the ROI on real-time streaming is obviously there. So those are three that didn't make the cut, but I thought deserved an honorable mention. >> Yeah, I'm glad you did. Several weeks ago, we did an analyst prediction roundtable, if you will, a cube session power panel with a number of data analysts and that, you know, streaming, real-time streaming was top of mind. So glad you brought that up. Eric, as always, thank you very much. I appreciate the time you put in beforehand. I know it's been crazy, because you guys are wrapping up, you know, the last quarter survey in- >> Been a nuts three weeks for us. (laughing) >> job. I love the fact that you're doing, you know, the ETS survey now, I think it's quarterly now, right? Is that right? >> Yep. >> Yep. So that's phenomenal. >> Four times a year. I'll be happy to jump on with you when we get that done. I know you were really impressed with that last time. >> It's unbelievable. This is so much data at ETR. Okay. Hey, that's a wrap. Thanks again. >> Take care Dave. Good seeing you. >> All right, many thanks to our team here, Alex Myerson as production, he manages the podcast force. Ken Schiffman as well is a critical component of our East Coast studio. Kristen Martin and Cheryl Knight help get the word out on social media and in our newsletters. And Rob Hoof is our editor-in-chief. He's at siliconangle.com. He's just a great editing for us. Thank you all. Remember all these episodes that are available as podcasts, wherever you listen, podcast is doing great. Just search "Breaking analysis podcast." Really appreciate you guys listening. I publish each week on wikibon.com and siliconangle.com, or you can email me directly if you want to get in touch, david.vellante@siliconangle.com. That's how I got all these. I really appreciate it. I went through every single one with a yellow highlighter. It took some time, (laughing) but I appreciate it. You could DM me at dvellante, or comment on our LinkedIn post and please check out etr.ai. Its data is amazing. Best survey data in the enterprise tech business. This is Dave Vellante for theCube Insights, powered by ETR. Thanks for watching, and we'll see you next time on "Breaking Analysis." (upbeat music beginning) (upbeat music ending)

>> Narrator: From theCUBE Studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is theCUBE conversation. >> Hi everybody, this is Dave Vellante and welcome to this week's CUBE insights powered by ETR. In this breaking analysis, we're going to bring in Sagar Kadakia who's the Director of Research at ETR. He's been away for the last couple of weeks, he's really digging into the latest data set, ETR of course it was in it's quiet period. And today, what we want to do is give you three of the macro takeaways from that last two-week analysis and drill into to some of the sectors. So Sagar, that's for coming on, great to see you again. Let's get right into it. >> Let's do it, thanks for having me. >> You've been crazy busy, we started the year at a plus 4%, consensus IT spend. We reported for several weeks and ended up at minus 4%. We're now at minus 5%, after you've gone through and done some additional analysis. So bring us up to date the IT spend projection. >> Yeah no problem, and that's our first macro takeaway, is we're seeing declines in IT budget, a decline of 5%. And remember, coming into the year as you mentioned, consensus assessments were right around that 4% number. And so we've seen this kind of 900 basis point shift downward so that's kind of where we are today, if we kind of look at that chart that we've been tracking for the last few weeks. And then for those that have seen this chart before, you've kind of seen where we've been kind of going the last two, three weeks. And for those that haven't seen the chart, I'll kind of go through it now. So, as many of you know, kind of launched its COVID-19 drill down survey to measure the impact that the virus was going to have on total spend this year and so we kind of launched that drill down on March 11th and so if you kind of look at that blue line there, what you're looking at, is we asked individuals, estimate what percentage impact you think the virus is going to have on your budget versus your original expectations. And since we launched this on March 11th, on that blue line that you're looking at, we got a lot of positivity in the beginning. And so if you look at the blue line all the way through, you follow that, you get about zero percent growth. Now the issue is, as I just mentioned is, we launched on the 11th, and there wasn't a tremendous amount of information available as to how severe the virus was, and so we kind of did this in Venn analysis and we talked about this last time, on the last breaking analysis, where it's probably more appropriate to look at a start date closer to 3/17 or 3/23 when the market really understood the severity of COVID-19. NYC became the epicenter. And if we look at just those customers who indicated a spend impact after that date, you can see it's coming out to about four or 5% decline. And so that's kind of one of our big macro takeaways, and the other thing on this chart, kind of focus on is, and even though we're not looking at, some of the vendors here, is when you think about declines, it's not across the full IT stack, and I think that's really important for the audience to understand. We're seeing focused declines among on-prem legacy pure plays. You're still seeing CIO spend on cloud and SaaS. In fact, they're doubling down there. And so when you kind of think about how things are going to shape up the next three, six, nine months, there's going to be a lot of bifurcation. And we think cloud and SaaS are going to be well positioned with a lot of legacy and on-prem. That's where you're going to see a majority of those declines that you're seeing here kind of play out. >> I've made the case, statement many times that cloud is good, or downturns have been to cloud. You saw this in 2008, 2009 with the shift from CapEx to OpEx. We came out of 2009 into the decade of cloud. And very clearly we're seeing some similar things here as people shift to that work-from-home. We had one CIO on the recent Venns that I want to just delete my data centers. Unfortunately, he's not going to be able to do that overnight, but I think, as Eric Bradley pointed out last week, a lot of customers who weren't even thinking about cloud, or really were sort of reticent to go all in, really have flipped and changed their tune. Let's talk about some of the industries that are impacted by this COVID-19 and the stay-at-home. This slide really kind of underscores that. Why don't you take us through it? >> Yeah, no problem. So on the last slide, you were looking at kind of our COVID-19 drill-down study. On this slide, what we're now going to focus on is a study that we did in tandem, which is called our Technology Spending Intentions Survey. And specifically we conducted this in April. What we did is we asked CIOs to update their 2020 spending intentions versus how they spent in '19. So this survey was originally posed in January and then we're essentially asking for a three-month update now. So we're trying to get an understanding of how much has changed in the last three months because of COVID-19. And when we asked these CIOs, we give them essentially a list of 400 vendors. And they're able to then indicate which ones they're flattening on, decreasing on, maybe accelerating on. And so what you're looking at here is we've aggregated that data by industry. And if you look at the X-axis here, you're going to look at spend intensity versus three months ago. And the Y-axis will be spend intensity versus a year ago. And so what you're seeing here is over the last three months, look at how much verticals, like retail/consumer, airlines, delivery services, financials/insurance, IT/TelCo, services/consulting. Those have really seen some of the largest pullbacks in spend versus three months ago. And those are also some of the industries that have indicated the largest pullback in demand from consumers and businesses. And so this is where we think a lot of the declines that we showed you earlier really kind of focus on some of these verticals. And that's how, when you kind of think about which organization are going to be hurt, which ones might see the most impact, three, six months from now, this is a really good chart to view. >> Yeah, a couple of points I would make on this data. Retail and consumer, again, even that's bifurcated. Obviously the physical stores getting crushed. You see Amazon now trading at all-time highs. Target announced today, I think they said a 200% increase in online shopping, which, of course, is fulfilled. 85% of Target's demand is fulfilled by their stores. So that's kind of mixed. You're going to see an accelerated move toward digital transformation there. Airlines, it's really unclear what's going to happen there. IT/TelCo, on one of the last Venns we talked about MPLS, people trying to get off of MPLS, really moving toward a SD-WAN. Healthcare, pharma, healthcare doesn't have time to do anything right now. No time to take a breather. Financials is interesting. I mean, they're down right now, but they still have a lot of cash. Liquidity is good. And then energy, I mean oil, I've just never seen anything like it. We're concerned obviously about credit risk there and oil companies being able to pay off their debts. So it's really not a pretty picture, is it? >> Yeah, and if focus on energy, even though you're not seeing a huge pullback versus three months ago in energy, it's really important to understand when we did this survey in January, energy was all the way on the left side of that chart. And so it already looked really bad coming into the year. So it got worse. But because of the severity versus last year, like they're just not seeing that much more of a negative impact now. This was before, this survey closed before everything happened the last few days with oil prices. So it is very possible that that data is going to get worse. And we'll know if it gets really-- >> We're not laughing a lot these days, but if you haven't filled up your car in a while, I mean it's, Anyway, let's go into the security piece. We talked about, you guys were really the first to report this work-from-home pivot. Others have sort of more recently coming to that conclusion. And it wasn't just Zoom and WebEx and video collaboration, Teams, et cetera. It really was all kinds of infrastructure, including security. So we can bring up the next chart, guys. Let's sort of get into this. We're going to talk about the sector and some of the vendors in here. Let's go. >> Yeah, no problem, so if we kind of step away from the macro and really start getting into the sectors and vendors in here. If we start with security, what we're really saying is that, look, a remote workforce is really kind of revealing best-in-breed. And we think it's going to lead to the permanent changes. So what you're looking at here is these are the net scores for each individual vendor currently versus three months ago as well as a year ago levels. The yellow bars will be what's currently. And the way to think about net score is just kind of spend intensity. And so the higher your net score, the more spend intensity, the more spend velocity you're seeing from enterprise customers. And what we're really seeing here, if you kind of look at the vendors on the left, you're seeing a lot of acceleration among secure web gateway end point, mobile security, cloud SaaS application security, identity, and these make sense. As we mentioned earlier, as you really accelerate your cloud and SaaS spend, you're going to want to use vendors that best protect those areas. And so if you look to the left here, Okta and Zscaler, Cloudflare, CrowdStrike, some of these really look best positioned moving forward. Palo Alto looks good longer term. Splunk at this point also looked good longer term. And then the other thing to kind of hit on here is the other side in terms of, we talked about the bifurcation that we expect. We're seeing significant declines in net scores among a lot of these legacy vendors. Check points come down quite a bit. Juniper, Trend Micro, Broadcom, Barracuda Networks, SonicWALL, and so you can see the disparity here. It's pretty clear on the image. But we think there's some pretty clear winners and losers here. And I think we may see permanent changes moving forward. >> Yeah, so Twistlock, of course, is now owned by Palo Alto. CrowdStrike, they're a hot company in the sector. Okta, I have the Chief Product Officer coming on shortly here for part of my CXO series. We've talked about Palo Alto and how they sort of fell behind a little bit in the cloud. But you talk to customers, they really see Palo Alto as in the mix. Zscaler came up in the Venn as, to your point, securing gateways and doing a really good job in that space. And so I think the fragmentation, the fragmentation probably continues, but there's also bifurcation, as you pointed out. Let's talk about cloud. As you've said and I said, downturns have been good to cloud. People are obviously looking more toward cloud, whether it's SaaS or cloud type of consumption. Let's bring up the next slide, which looks at the big three, Azure, AWS, and GCP. First of all, all three have very strong net scores. Up in the 60% plus range. But you have Azure pulling away. I'd love to hear your thoughts on that. >> Yeah, that's right, and we've kind of been using this analogy of kind of a horse race. Just kind of as context, coming into January you see really GCP accelerating. And so one of the things we said in January was it's becoming more of a three-horse race. Even though GCP doesn't have the same type of market share as the other two, you are seeing the spend intensity increase. And now what you're seeing is Azure pulling away a little bit because of, we think, COVID-19. When you look at Azure's data set, it really looks robust and healthy across all verticals, across most regions. And that is what you're seeing here where it's continuing to kind of accelerate. It looks good. AWS, GCP, it also looks good here, but you're not seeing the same uniform strength. There's a couple verticals for AWS where we're seeing a little bit of a pullback in spend, like retail and industrials. For GCP we're seeing a pullback in mid-size and small enterprises. So that's causing a couple of cracks here and there. Even though they look overall healthy, but we did want to kind of indicate here on cloud where, look one vendor looks like they're pulling away when it comes to spend velocity. >> It's going to be interesting to see. I mean, we reported on the sort of deltas between Azure and AWS and the cloud, the quality of the cloud. I think we're going to carefully watch the quarterly reports. You always have to kind of squint through the Azure numbers to see what's in there. But there's no question that Microsoft, across the board, is really very, very strong. All right, let's talk about collaboration, productivity, video conferencing. I mean, we've certainly seen upticks. But as shown on this slide, you guys, if you could bring the next slide up. You know, it's not all rosy. Talk about this a little bit. >> Yeah, I think, look, there's been a lot of coverage around which vendors look best. And so I kind of want to take the opposite view on this chart for the audience, and say hey look, which vendors are not benefiting? And this is kind of like a hodgepodge sector of productivity and collaboration, video conferencing. What we're saying is it's now of never, so to speak. And you're looking at replacement rates. So if you look at, if you see something on this chart that says 20% replacement, that means one out of five customers indicated for that vendor in our survey, indicated a replacement for them, which is not good. And so you're seeing vendors here like Dropbox, Box and Slack having elevated or accelerating replacement levels. And these vendors, pitch themselves as collaboration tools. And if they're not doing well now and they're seeing elevated replacements, especially as everyone is working from home, that doesn't bode well for the future. >> I think people who know me know I'm not a huge fan of Box and Slack. They drive me crazy. And so this is interesting to see. I mean, we're a Zoom shop, so obviously you Zoom, you like Zoom. I had my first experience very recently with Microsoft teams. I was quite impressed. I thought it was easy to use. Skype, hell was just terrible. And so, much, much improved. Very interesting cut on that one. So again, it's a bifurcated story. Let's drill into teams a little bit. Guys, have you bring up the next slide, Movements reporting. And you guys are really again, first on this, how strong Microsoft is across the board. But really going after it and collaboration. >> On that previous slide you saw that, Dropbox and Slack, we're all seeing replacements. So again, a lot of customers like where was all that spend going? Well, it's going to Microsoft Teams. It's going to One Drive. This is a Slack drilled out, or sorry, a Slack and teams drill down. That we did, earlier this year. And what we're trying to do is measure, how these products were going to do in the next 12 months. And so what you're looking at here is Fortune 500 organizations. What we did is we asked them how much of your organization, is using Microsoft Teams today. What percentage of your organization is going to be using Microsoft Teams 12 months from now? That's going to be in the yellow bars. And you can see the big upticks in 12 months. And we took some mid point averages. Look at how much Microsoft Teams is going to grow, within Fortune 500 accounts in the next 12 months. And if we look at Slack on the next slide, you're really now seeing the exact opposite. Same question, how many folks in your Fortune 500 organization are using Slack today? And what does that look like in 12 months? And the mid point average is actually coming down. And so, it's like Slack is a seat-based model. And so when you have less users that's going to generate less revenue. And so again, this is amongst the existing Fortune 500 customers. This doesn't include new Fortune 500, but this spells problems for Slack, when you kind of think about the next six to 12 months ahead. >> Well it's one thing if you're competing with Microsoft and your AWS. I've not really not worried about AWS, Microsoft, take a note AWS. If you're one of these collaboration platforms, Microsoft, we've seen over the years, first of all, they got great developer affinity. They know how to bundle different products together. Now they got the cloud working so they got their flywheel effect in the cloud. There's just not a ton of room. The thing is they have such a huge software estate, such a giant customer install base and it's just makes it easy for them. The products are good enough or in some cases really good. So that's going to be something to watch, because there's a lot of high valuations going on right now in their collaboration space. >> That's right. And I think, it really hits on the previous slide, or the previous slides on collaboration that we saw, was when you think again about the declines, a lot of that is impacting some of these pure plays. So in security you saw a lot of the legacy names getting in. On the collaboration side, you saw a lot of these pure plays your getting in. And so this is kind of, again when you think about where budgets are going and which vendors are being impacted, it's really concentrated into some specific areas. >> So now, one of the hardest hit areas, and you guys reported on this earlier, was the IT consulting and outsourcing IT. You guys have you bring up that the chart, it's pretty ugly. Maybe you can explain what you're seeing here and why you think that is. >> Yeah, no problem. So again, this is from our technology spending intention survey. We're measuring spend velocity here. Spend intensity, and you can see across, these are just a handful of IT consulting firms. If you look at the blue bars to the yellow bar. So the blue bar is, 2020 spending intent that we captured in January and now we're asking for updated 2020 spending intentions. You can see the deceleration in just the last three months. If you look at our COVID-19 drill down side that we conducted, one of the questions in there we asked was, are you freezing new IT projects or deployments? Almost, 1/4 percentage of customers said they are. And so, that is going to spell problems for this space. When you think about, look, if you're going into uncertain times an easy way to reduce your budget is by, spending less with consulting vendors since you know, you can just less than the number of deliverables, these individuals get paid based on. How many deliverables they can complete. So this is another area that when you kind of think about where the declines are coming from, this is certainly an area to look at. >> A lot of the customers we've talked to have said, we've basically shut down spending on some of the large projects. We're still focusing on some digital transformation, but that's maybe a longer term priority. And then the IBM piece of this chart, guys, if you could bring it back is interesting to me because look, they paid 34 billion for Red Hat. I've always said a key to the Red Hat acquisition was being able to point it at the large consulting base and modernize those applications. IBM actually had a pretty good quarter in services. Although they did mention that respect especially in software that in the month of the quarter software spending shutdown. I don't think we got visibility that this piece of the business, but this could be, somewhat of a concern going forward. I think that's going to be one of the areas that gets slow rolled coming back, Sagar. I don't think it's going to come back tomorrow. So please your thoughts. >> Just to kind of quickly wrap up IBM. So yeah, one of the things we kind of saw in the data was not only eroding spending intention data on a lot of their SaaS portfolio but also eroding market share. And we saw big down takes on Red Hat products and IT services. Even in cloud. And I know they indicated pretty healthy numbers on Red Hat and cloud. But again, we're asking about 2020, forward-looking spending intentions. And of course they pulled their guidance. So we don't know how that's going to look. But in our data, things are really coming down versus three months ago. And so I think just overall, that is a data set that we're quite negative one. >> I think IBM has that sense. Like I said, March was not good for software. That's when the big deals come through. You're right. Red Hat, I think route 20% in the quarter and is now accredited from a cashflow basis, which is one of their targets. I think they beat their target there. Still good cashflow. But I think there's just so much uncertainty, And IBM have to be prepared for that and I'm sure will. That we're at minus 5% now. We're seeing cloud SaaS, we're seeing a bifurcation. We talked about some of the areas that are in trouble. That's kind of part one. Next week we'll be talking about part two. What can we expect? >> Yeah, we'll start going through networking, CDN, ITSM, IT workflows, database, data warehousing, and we'll kind of go through that as well. But again, you're going to see a lot of what we talked about today. Just the bifurcation span where, vendors that are more next gen, more work-from-home friendly like all of the SaaS guys, they're doing really well. And on the on-prem and the legacy, you're just seeing elevated replacements, elevated decreased rates. This is the most bifurcated, I've seen this data set and I've been doing this at ETR for, almost seven, probably going on eight years now. So I think that kind of says something about the environment that we're in and what to kind of expect in the next three to six months. >> And it's kind of like the stock market is right now. You're actually seeing, some great momentum in certain stocks and terrible in others. Those were great balance sheets and maybe COVID is a tailwind for them. Others, tons of uncertainty, a lot of concern. I know in poking around the data set, like you said, some of the analytics, the data warehouses, you see Snowflake, UiPath, Automation Anywhere. A lot of the automation, RPA, momentum is there. Security, we talked about that. There's some real bright spots there but a lot of the on-prem stuff. We'll see product cycles affect that, in the second half of of 2020. We'll continue to report on this Sagar. Thank you so much for we're coming on and we'll definitely see you next week. >> Thanks for having me again, Dave. Looking forward. >> All right, and thank you for watching, this CUBE insights powered by ETR. We will see you next time. Don't forget, all these episodes are available as podcasts, wherever you listen. Go to etr.plus, checkout what's happening there. Siliconangle.com has all the news I publish in there weekly. I also publish on wikibond.com. Thanks for watching this breaking analysis. This is Dave Vellante and Sagar Kadakia, we'll see you next time. (upbeat music)

>> From the SiliconANGLE Media office in Boston, Massachusetts, it's the cube. Now, here's your host, Dave Vellante. >> Hello everyone and welcome to this week's Wikibon cube insights powered by ETR. In this breaking analysis ahead of the RSA conference, we want to update you on the cyber security sector. This year's event is underlined by coronavirus fears, IBM has pulled out of the event and cited the epidemic as the reason and it's also brings to the front the sale of RSA by Dell to STG partners and private equity firm. Now in our last security drill down, we cited several mega trends in the security sector. These included the ever escalating sophistication of the attacker, the increased risk from the data economy, the expanded attack surface with the huge number of IP addresses that are that are exploding out there, and the lack of skills and the number of cyber tools that are coming to the market. Now, as you know, in these segments, we'd like to share insights from the cube. And I want you to listen to two American statesman and what they said, on The Cube. Here's general Keith Alexander, who's the former director of the NSA, along with Dr. Robert Gates, who's the former director of the CIA and former Secretary of Defense, play the clip. >> When you think about threats, you think about nation states, so you can go to Iran, Russia, China, North Korea, and then you think about criminal threats, and all the things like ransomware. Some of the nation state actors are also criminals at night, so they can use nation state tools and my concern about all the evolution of cyber threats is that the attacks are getting more destructive. >> I think cyber and the risks associated with cyber, and IT need to be a regular part of every board's agenda. >> So you hear General Alexander really underscore the danger, as well, Dr. Gates is articulating what we've said many times on the cube that cyber security is a board level agenda item. Now, the comments from both of these individuals represent what I would consider tailwinds for cyber technology companies. Now we're going to drill into some of those today. But it's not all frictionless. There are headwinds to in this market space, cloud migration, the shift from north south south to East West network traffic, its pressure traditional appliance based perimeter security solutions, increase complexity and lack of skills and other macro factors, including questions on ROI. CFO saying, hey, we spend all this cash, why aren't we more secure? Now, I want you to hear from two chief information security officers officers on both the challenges that they face and how they're dealing with them. Roll the clip. >> Lack of talent, I mean, we're starving for talent. Cybersecurity is the only field in the world with negative unemployment. We just don't have the actual bodies to actually fill the gaps that we have and in that lack of talent Cecil's are starving. >> I think that the public cloud offers us a really interesting opportunity to reinvent security right. So if you think about all of the technologies and processes and many of which are manual over the years, I think we have an opportunity to leverage automation to make our work easier in some ways. >> Now I featured Brian Lozada and Katie Jenkins before and breaking analysis segments, and you can hear it from the cyber leaders, we lack the talent, and cloud computing and automation are areas we're pursuing. So this challenges security companies to respond. But at the end of the day, companies have no no choice. In other words, organizations buying security solutions, the sophistication of the attacker is very high and the answer to my CFO and ROI is fear based. If you don't do this, you might lose billions in market cap. Now, I want you to take a listen to these cubilam talking about the attacker of sophistication and the importance of communication skills in order to fund cyber initiatives, really to keep up with the bad guys, please play the clip. >> The adversary is talented and they're patient, they're well funded okay, that's that's where it starts. And so, you know why why bring an interpreter to a host when there's already one there right? Why write all this complicated software distribution when I can just use yours. And so that's that's where the play the game starts. And and the most advanced threats aren't leaving footprints because the footprints already there, you know, they'll get on a machine and behaviorally they'll check the cash to see what's hot. And what's hot in the cash means that behaviorally, it's a fast they can go they're not cutting a new trail most of the time, right? So living off the land is not only the tools that they're using the automation, your automation they're using against you, but it's also behavioral. >> That's why the most the most important talent or skill that a security professional needs is communication skills. If you can't articulate technical risk into a business risk to fund your program, it's, you know, it's very hard for you to actually be successful in security. >> Now, the really insidious thing about what TK Keanini just said is the attackers are living off the land, meaning they're using your tools and your behaviors to sneak around your data unnoticed. And so as Brian Lozada said, as a security Pro, you need to be a great communicator in order to get the funding that you need to compete with the bad guys. Which brings me to the RSA conference. This is why you as a security practitioner attend, you want to learn more, you want to obtain new skills, you want to bring back ideas to the organization. Now one of the things I did to prepare for this segment is to read the RSA conference content agenda, which was co authored by Britta Glade and I read numerous blogs and articles about what to expect at the event and from all that I put together this word cloud, which conveys some of the key themes that I would expect you're going to hear at the shows. Look at skills jump right out, just like Brian was saying, the human element is going to be a big deal this year. IoT and the IT OT schism, everyone's talking about the Olympics, and seeing that as a watershed event for cyber, how to apply machine learning and AI is a big theme, as is cloud with containers and server less. phishing, zero trust and frameworks, framework for privacy, frameworks for governance and compliance, the 2020 election and weaponizing social media with deep fakes, and expect to hear a lot about the challenges of securing 5G networks, open source risks, supply chain risks, and of course, the need for automation. And it's no surprise there's going to be a lot of talk about cyber technology, the products and of course, the companies that sell them. So let's get into the market and unpack some of the ETR spending data and drill into some of these companies. The first chart I want to show you is spending on cyber relative to other initiatives. What this chart shows is the spending on cyber security highlighted in the green in relation to other sectors in the ETR taxonomy. Notice the blue dot. It shows the change in spending expected in 2020 versus 2019. Now, two points here. First, is that despite the top of my narrative that we always hear, the reality is that other initiatives compete for budget and you just can't keep throwing cash at the security problem. As I've said before, we spend like .014% percent of our global GDP on cyber, so we barely scratched the surface. The second point is there's there's there's a solid year on year growth quite high at 12% for a sector that's estimated at 100 to 150 billion dollars worldwide, according to many sources. Now let's take a look at some of the players in this space, who are going to be presenting at the RSA conference. You might remember to my 2020 predictions in that breaking analysis I focused on two ETR metrics, Net Score, which is a measure of spending velocity and Market Share, which measures pervasiveness in the data set. And I anointed nine security players as four star players. These were Microsoft, Cisco, Palo Alto Networks, Splunk, Proofpoint, Fortinet, Oka, Cyber Ark and CrowdStrike. What we're showing here is an update of that data with the January survey data. My four star companies were defined as those in the cyber security sector that demonstrate in both net scores or spending momentum, that's the left hand chart and market share or pervasiveness on the right hand chart. Within the top 22 companies, why did I pick 22? Well, seemed like a solid number and it fit nicely in the screen and allowed more folks. So a few takeaways here. One is that there are a lot of cyber security companies in the green from the standpoint of net score. Number two is that Fortinet and Cisco fell off the four star list because of their net scores. While still holding reasonably well, they dropped somewhat. Also, some other companies like Verona's and Vera code and Carbon Black jumped up on the net score rankings, but Cisco and Fortinet are still showing some strength in the market overall, I'ma talk about that. Cisco security businesses up 9% in the quarter, and Fortinet is breaking away from Palo Alto Networks from a valuation perspective, which I'm going to drill into a bit. So we're going to give Cisco and Fortinet two stars this survey period. But look at Zscaler. They made the cut this time their net score or spending momentum jumped from 38% last quarter to nearly 45% in the January survey, with a sizable shared in at 123. So we've added Zscaler to the four star list, they have momentum, and we're going to continue to watch that quarterly horse race. Now, I'd be remiss if I didn't point out that Microsoft continues to get stronger and stronger in many sectors including cyber. So that's something to really pay attention to. Okay, I want to talk about the valuations a bit. Valuations of cyber security space are really interesting and for reasons we've discussed before the market's hot right now, some people think it's overvalued, but I think the space is going to continue to perform quite well, relative to other areas and tech. Why do I say that? Because cyber continues to be a big priority for organizations, the software and annual recurring revenue contribution ARR continues to grow, M&A is going to continue to be robust in my view, which is going to fuel valuations. So Let's look at some of the public companies within cyber. What I've compiled in this chart is eight public companies that were cited as four star or two star firms, as I defined earlier, now ranked this by market value. In the columns, we show the market cap and trailing 12 month revenue in billions, the revenue multiple and the annual revenue growth. And I've highlighted Palo Alto Networks and Fortinet because I want to drill into those two firms, as there's a valuation divergence going on between those two names, and I'll come back to that in just a minute. But first, I want to make a few points about this data. Number one is there's definitely a proportional relationship between the growth rate and the revenue multiple or premium being paid for these companies. Generally growth ranges between one and a half to three times the revenue multiple being paid. CrowdStrike for example has a 39 x revenue multiple and is growing at 110%, so they're at the high end of that range with a growth at 2.8 times their revenue multiple today. Second, and related, as you can see a wide range of revenue multiples based on these growth rates with CrowdStrike, Okta and now Zscaler as the standouts in this regard. And I have to call at Splunk as well. They're both large, and they have high growth, although they are moving beyond, you know, security, they're going into adjacencies and big data analytics, but you you have to love the performance of Splunk. The third point is this is a lucrative market. You have several companies with valuations in the double digit billions, and many with multi billion dollar market values. Cyber chaos means cash for many of these companies, and, of course for their investors. Now, Palo Alto throw some of these ratios out of whack, ie, why the lower revenue multiple with that type of growth, and it's because they've had some execution issues lately. And this annual growth rate is really not the best reflection of the stock price today. That's really being driven by quarterly growth rates and less robust management guidance. So why don't we look into that a bit. What this chart shows is the one year relative stock prices of Palo Alto Networks in the blue and compared to Fortinet in the red. Look at the divergence in the two stocks, look at they traded in a range and then you saw the split when Palo Alto missed its quarter last year. So let me share what I think is happening. First, Palo Alto has been a very solid performance since an IPO in 2012. It's delivered more than four Rex returns to shareholders over that period. Now, what they're trying to do is cloud proof their business. They're trying to transition more to an AR model, and rely less on appliance centric firewalls, and firewalls are core part of the business and that has underperformed expectations lately. And you just take Legacy Tech and Cloud Wash and Cloud native competitors like Zscaler are taking advantage of this and setting the narrative there. Now Palo Alto Network has also had some very tough compares in 2019 relative to 2018, that should somewhat abate this year. Also, Palo Alto has said some execution issues during this transition, especially related to sales and sales incentives and aligning that with this new world of cloud. And finally, Palo Alto was in the process of digesting some acquisitions like Twistlock, PureSec and some others over the past year, and that could be a distraction. Fortinet on the other hand, is benefiting from a large portfolio refresh is capitalizing on the momentum that that's bringing, in fact, all the companies I listed you know, they may be undervalued despite, of all the company sorry that I listed Fortinet may be undervalued despite the drop off from the four star list that I mentioned earlier. Fortinet is one of those companies with a large solution set that can cover a lot of market space. And where Fortinet faces similar headwinds as Palo Alto, it seems to be executing better on the cloud transition. Now the last thing I want to share on this topic is some data from the ETR regression testing. What ETR does is their data scientists run regression models and fit a linear equation to determine whether Wall Street earnings consensus estimates are consistent with the ETR spending data, they started trying to line those up and see what the divergence is. What this chart shows is the results of that regression analysis for both Fortinet and Palo Alto. And you can see the ETR spending data suggests that both companies could outperform somewhat expectations. Now, I wouldn't run and buy the stock based on this data as there's a lot more to the story, but let's watch the earnings and see how this plays out. All right, I want to make a few comments about the sale of the RSA asset. EMC bought RSA for around the same number, roughly $2 billion that SDG is paying Dell. So I'm obviously not impressed with the return that RSA has delivered since 2006. The interesting takeaway is that Dell is choosing liquidity over the RSA cyber security asset. So it says to me that their ability to pay down debt is much more important to Dell and their go forward plan. Remember, for every $5 billion that Dell pays down in gross debt, it dropped 25 cents to EPS. This is important for Dell to get back to investment grade debt, which will further lower its cost. It's a lever that Dell can turn. Now and also in thinking about this, it's interesting that VMware, which the member is acquiring security assets like crazy and most recently purchased carbon black, and they're building out a Security Division, they obviously didn't paw on the table fighting to roll RSA into that division. You know maybe they did in the financial value of the cash to Dell was greater than the value of the RSA customers, the RSA product portfolio and of course, the RSA conference. But my guess is Gelsinger and VMware didn't want the legacy tech. Gelsinger said many times that security is broken, it's his mission to fix it or die trying. So I would bet that he and VMware didn't see RSA as a path to fixing security, it's more likely that they saw it as a non strategic shrinking asset that they didn't want any part of. Now for the record, and I'm even won't bother showing you the the data but RSA and the ETR data set is an unimpressive player in cyber security, their market share or pervasiveness is middle of the pack, so it's okay but their net score spending velocities in the red, and it's in the bottom 20th percentile of the data set. But it is a known brand, certainly within cyber. It's got a great conference and it's been it's probably better that a PE company owns them than being a misfit toy inside of Dell. All right, it's time to summarize, as we've been stressing in our breaking analysis segments and on the cube, the adversaries are very capable. And we should expect continued escalation. Venture capital is going to keep pouring into startups and that's going to lead to more fragmentation. But the market is going to remain right for M&A With valuations on the rise. The battle continues for best of breed tools from upstarts like CrowdStrike and Okta and Zscaler versus sweets from big players like Cisco, Palo Alto Networks and Fortinet. Growth is going to continue to drive valuations. And so let's keep our eyes on the cloud, remains disruptive and for some provides momentum for others provides friction. Security practitioners will continue to be well paid because there's a skill shortage and that's not going away despite the push toward automation. Got in talk about machine intelligence but AI and ML those tools, there are two edged sword as bad actors are leveraging installed infrastructure, both tools and behaviors to so called live off the land, upping the stakes in the arms race. Okay, this is Dave Vellante for Wikibon's CUBE Insights powered by ETR. Thanks for watching this breaking analysis. Remember, these episodes are all available as podcasted Spotfire or wherever you listen. Connect with me at david.vellante at siliconangle.com, or comment on my LinkedIn. I'm @dvellante on Twitter. Thanks for watching everybody. We'll see you next time. (upbeat music).

>> From the SiliconANGLE Media Office in Boston, Massachusetts, it's theCUBE. Now, here's your host, Dave Vellante. >> Hello everyone and welcome to this week's episode of theCUBE Insights, powered by ETR. In this Breaking Analysis I want to lay out my 2020 predictions using insights gleaned from theCUBE blended with ETR spending data. You know, 2019 marked our 10th year of doing theCUBE. Over that time we've had the pleasure of covering nearly 1000 events and milestones, including the exit from the great softness of 2008 and 2009. You know theCUBE has extensively tracked a 10 year bull market. We've covered the era of data. We saw the rise and profitless prosperity of the big data and opensource Hadoop movement, where we predicted the practitioners, not vendors, would benefit the most from big data. We've covered many dozens of acquisitions including the 60 billion dollar chess move made by Michael Dell acquiring EMC, and a launch of hundreds of startups in flash, hyper-converged, big data, AI, blockchain, crypto, security and SaaS. There'll be other days to talk about theCUBE and review that, today's all about predicting the future, using spending data and insights from the thousands of interviews we've done on theCUBE. So let's get right into the ETR data and start with the high-level spending. Remember in October, ETR released its survey results and stated that we're coming out of a multiyear investment cycle in digital transformation. Enterprise IT buyers have learned what works, and on which technologies they're going to double down. They're now narrowing their investments on emerging technologies, picking those winners for the next gen tech, and at the same time, they're cutting redundancies from legacy players that they were keeping on as a hedge. Buyers are picking bundled suites from a handful of mega vendors, and solidifying their investments. We're seeing a multi-generational dynamic repeat itself, where buyers are creating a balance between the convenience of packaged offerings, i.e. bundles, and leveraging best of breed technologies to drive innovation. So on balance, the ETR data shows that a contraction in spending and tepid CIO sentiment is impacting both emerging vendors as well as traditional players, and these trends are most pronounced in the very largest organizations, which have always been the best bellwether in ETR's data sets. Let me share with you what one IT executive said recently that I think really sums up the situation quite well. He said, "ETR's findings mirror what we're doing today, "in that we spend most of 2018 bringing in "a lot of the new, core technology. "I believe what you're seeing now is not a lull in spend, "but an operationalization of what we've already purchased. "We're not spending on what's next yet, "because we're still rolling out what we just bought." This is from a VP of global IT at a large public manufacturing company, I said he, it could be a she as well. I think that she's summing it up correctly, and it reflects many of what customers on theCUBE tell us. Now, let's take a look at the macroeconomy. GDP growth is going to come in at about 2.3% this year, give or take. It's not going to hit the Trump administration's goal of 3% plus, but consumers are clearly powering steady growth. At least for now. IT spending should grow at about a point or two above GDP, so let's put that at, say, 4%. We're right in the middle of a Santa Claus rally, and the S&P is above 3200 today. Tech has been a powerful tailwind for stocks, and I think stocks, tech stock's going to take a breath in early 2020, but I expect continued strong growth in the economy and tech spending after a Q1 pause. I could see the S&P flirting with 3700 or even higher in 2020, and I think the tech sector will be a benefactor of that momentum, providing an impetus for continued growth. Here's my thinking on that. So much of 2020 is going to be about the election, and to me the election is going to be really about the economy. And I predict the economy is going to remain steady. And as the IT leader I quoted earlier said, customers will be operationalizing what's been previously purchased. Here's what's different in 2020. Tech projects have historically been very risky investments, and have required higher internal rates of return, IRRs, to get approved by CFOs. But the cloud has altered two factors. One, is that it's allowed more experimentation for way less money. The second is cloud, by shifting CAPEX to OPEX, allows for much more incremental, lower risk investments. So I think you'll see continued steady growth, powered by the cloud, which allows experimentation, and importantly higher hit rates of success. These successful projects will throw off cash for companies, and CFOs are getting on board because they realize it's driving innovation. They also realize that IT does matter, maybe not in the form that Nick Carr envisioned, but a new generation of IT that creates competitive advantage. This brings me to my first main prediction, which is the growth of cloud computing is going to moderate, but the cloud will continue to steal significant share from on-prem spending. Now the narrative that the pendulum is swinging back in my view, is a false narrative. Rather, the pendulum has swung, and the cloud is the underpinning of innovation. Now having said that, I do think we're seeing a bit of an equilibrium in spending, where buyers have identified those workloads that are going to remain on-prem, which is why you see, for example, AWS, Azure, and Google making moves in hybrid. Hybrid slash on-prem offerings. What this chart here shows from ETR, so from 2010 through October '19 survey on cloud spending, I had to block out the 2020 survey as it's currently in the field, I'm not allowed to show that data. The yellow line is market share, which in ETR parlance, as you remember, is pervasiveness, or mentions in their survey. The blue line is spending momentum, measured as net score, which essentially subtracts the percent of customers spending less from those spending more. The long, steady march of cloud, as you can see, continues, and there's no indication that it's going to abate. That said, the penetration of cloud has become much more meaningful, so share gains will be more hard-fought for the cloud guys. Now, you may see this as a non-prediction, or a hedge. It's not, let me be clear. Cloud will continue to steal share from on-prem, but share gains for the cloud vendors will be more difficult. Which brings me to part B of this prediction. What I'm showing in this chart is market share from ETR's January 2016 survey through October '19. And I'm showing spending for three on-prem vendors within AWS, Azure, and Google Cloud accounts. And I'm picking on Oracle, IBM, and Dell EMC as three prominent on-prem proxies, and you can see the steady decline in market share for these companies. And even though there's a bit of an uptick in October, I don't see this as a reversal. What's going to happen is that traditional on-prem vendors are going to step up their cloud strategies. Specifically with multicloud management. This is going to be the case with Dell, who's going to leverage VMware, and in the case of IBM, they'll try to take advantage of Red Hat in that multicloud game. Now both IBM and Oracle, who each have public clouds are going to dig their heels in, they're going to get customers in a headlock, and provide big financial incentives for them to use their captive clouds. All right, so with the high-level spending comments that I made earlier, and that cloud discussion that we just had as a backdrop, the question is, which companies will do well in the coming year? I'm going to call out five companies, that I want to highlight where the ETR data intersects what we're seeing on theCUBE. The prediction is these five players will do well in 2020, they're going to power through any downturn in spending, and they're going to thrive in the face of the cloud share shift. So the chart here shows data from the ETR October 2019 survey, and it lays out net score or spending momentum for these companies, that I am predicting will be winners in 2020 and beyond. And the five companies are UIPath, Snowflake, Databricks, HashiCorp, and Rubrik. Let me start with UIPath. They are the leader in robotic process automation. I think RPA is going to do well even in a downturn, because more companies will be looking to automate and save money, even in a softer climate. Automation Anywhere is another player in this space, they're doing pretty well, and I predict that UIPath will come out on top of this space, but both UIPath and Automation Anywhere can thrive. Next company is Snowflake, they are changing the analytic database market, and I've covered them before in previous Breaking Analysis segments. They are going to continue to grow nicely in my view. They are 100% cloud-based, and they participate in all popular cloud platforms. Now ironically, they compete with AWS RedShift, who continues to copy some of the innovations that Snowflake has popularized. But AWS and Snowflake are strong partners, so there's room for both companies to thrive. Snowflake especially, as they play in clouds other than just AWS. Which brings me to Databricks. We're seeing a new type of workload emerge in the cloud for modern analytic databases, where organizations are taking all this data that they have, lots of it in the cloud, and they're structuring it within a Snowflake database, or RedShift, and they're bringing Databricks tooling to the equation to be able to query and visualize the data in near real time. Now of course, as I say, AWS plays here with RedShift, and they're selling a lot of EC2, so they love Snowflake. All major cloud players are seeing this type of workload enter the mix, and it's going to be a strong area of growth in 2020 and beyond. Next thing I want to talk about is HashiCorp. HashiCorp is capitalizing on this trend toward cloud-native computing. The company provides opensource tooling for developers, and is all about simplifying application deployment independent of the underlying platform, whether it's virtual, container, or cloud. Five years ago, the players in the space that got all the attention on theCUBE were Chef, Puppet, Ansible and Salt, and today, especially again on theCUBE, you hear the most about Hashi and Ansible, and in fact we were at AnsibleFest with theCUBE, and we heard lots about HashiCorp, so they both complement and compete with the older players. To me, this reminds me of Spark within the Hadoop ecosystem. Hashi has raised about 174 million in VC, and as you can see they have very strong spending momentum in the ETR dataset, with a net score, as shown, of 63%. Now finally, I want to talk about Rubrik, which has been a consistent performer in the ETR dataset. They're trying to transform backup into data management as a discipline. They compete with established players in the data protection space, guys like Veritas, Dell EMC, IBM and CommVault. Now Rubrik is not the only new or newish player here, that's doing very well, Cohesity, who's relatively new, Veeam, which has been around for a decade, both doing very well and showing up strong in ETR surveys, especially Veeam, but Rubrik has been a consistently strong performer and has been outpacing the others, so I want to call them out. Look for these five to do very well in 2020, and into the next decade. So that brings me to my next prediction, I want to talk about Kubernetes. This prediction is twofold. Kubernetes is going to continue its strong showing as this data from ETR shows. This is Kubernetes' market share in the October 2019 survey, so Kubernetes spend had a 76% net score. So very very strong. But the other part of the prediction is that Kubernetes will become embedded into virtually every platform, and people will stop thinking about it as a separate market. Already today, there's little discussion of the idea of a Kubernetes distro, I mean Anthos is an example of a Kubernetes stack, but it can be run in the cloud, it can be run on-prem, anywhere. VMware Tanzu, Microsoft Azure Arc are other examples, they're really not stacks, but they're management platforms that can manage anyone's Kubernetes instances. I like to think of this as kind of like flash. You remember when everyone looked at flash storage as a separate market, well today it's just embedded everywhere. And that's kind of what's happening with Kubernetes. So spending momentum is going to continue to be strong, but by 2023, Kubernetes will be ubiquitous, and not really thought of as a separate entity. All right, for my next prediction, I want to talk about cybersecurity. I did a Breaking Analysis earlier this year on security, and I showed this slide. And as you can see, I've added a little something in the red stars for my prediction. So what this chart shows is two views of net score, the left-hand side shows the ranking by net score, and you can see CrowdStrike, Okta, Shape Security, which was just, by the way, bought by F5, that was an announcement. Twistlock, which is now Palo Alto Networks, and you can see the others down that list. On the right-hand side is net score, but it's ranked by shared N, which is a measure of pervasiveness in the ETR dataset. What I've added is the four star companies, that is those companies that have both spending momentum and are pervasive in the ETR survey. So the prediction is 2020 we'll see the four star companies maintain their position and gain strength in 2020. These include established players with portfolios where they can bundle like Microsoft, Cisco, Palo Alto Networks, Splunk, Proofpoint, Fortinet, and CyberArk Software. And then the newer companies like Okta and CrowdStrike are going to continue to gain share faster than the larger players. Now you also may see companies like SailPoint, Illumio, and SentinelOne emerge as four star companies over the next 24 months. Now the one company that's not on this list that is a major player in security is AWS. AWS is the cloud security leader, and is in a category all by itself in many ways. As I said in my security segment earlier this year, the market is incredibly fragmented, and it's going to stay that way. Each year we look back and say "Did we spend more on security?" and "Are we more safe?" And every year the answer is yes, and no. And 2020 will be no different. Now if you look at the various data sources, we spend approximately 120 billion dollars annually on cybersecurity. The worldwide economy is about 85 trillion in dollar terms, so on balance, we spend about .14% on securing our economy, so we're barely scratching the surface. The market is going to remain highly fragmented, the rich will get richer if they have four stars, new players will continue to enter the space, and M&A will continue to be robust. Now if you exclude my long shot that the S&P will break through 3700 next year, that makes nine predictions. For my 10th and final prediction, I don't have hard data from ETR, but I have a strong opinion on this, and that is that the edge will be won by developers, you've heard me talk about this before. Specifically, platforms like Outposts, which are essentially programmable infrastructure which bring a cloud development platform to the edge, is how that space will evolve. It won't be won by shoving traditional servers and storage boxes out to the edge. Rather, it will grow by coders being able to build new applications and workloads on top of infrastructure as code. Okay, that wraps up my 2020 predictions. I'd very much like to hear your opinion, so you can leave your thoughts or your own predictions in the comments sections of this video, or go to my LinkedIn posts. You can reach me @DVellante on Twitter, love to hear your thoughts. And don't forget, this series is available on iTunes, Spotify, and other podcast platforms for your listening pleasure. I'd like to wish everyone a safe and restful holiday season and a prosperous, healthy 2020. Enjoy your families, enjoy this time, this is Dave Vellante, signing out from the latest episode of theCUBE Insights powered by ETR, thanks for watching, everybody. We'll see you next time. (techno music)

>> Announcer: Live from San Diego, California, it's theCUBE covering KubeCon and CloudNativeCon. Brought to you by RedHat, the CloudNative Computing Foundation, and its ecosystem partners. >> Stu: Welcome back to theCUBE, I'm Stu Miniman. My cohost for three days of coverage is John Troyer. We're here at KubeCon CloudNativeCon in San Diego, over 12,000 in attendance and happy to welcome back a CUBE alumni and veteran of generations of the stacks that we've seen come together and change over the time, Sheng Liang, who is the co-founder and CEO of Rancher Labs. Thanks so much, great to see you. >> Shang: Thank you Stuart, is very glad to be here. >> All right, so you know Kubernetes, flash to the pan nobody's all that excited about it. I mean, we've seen all these things come and go over the years, Sheng. No but seriously, the excitement is palpable. Every year, you know, so many more people, so many more projects, so much more going on. Help set the stage for you, as to what you see and the importance today of kind of CloudNative in general and you know, this ecosystem specifically. >> Yeah you're so right though, Stuart. Community as a whole and Kubernetes has really come a long way. In the early days, Kubernetes was a uh, you know, somewhat of a technical community, lot of Linux people. But not a whole lot of end users. Not a whole lot of Enterprise customers. I walk in today and just the kind of people I've met, I've probably talked to fifty people already who are just really at the beginning of the show and uh there's a very very large number Enterprise customers. And this does feel like Kubernetes has crossed the chasm and headed in to the mainstream Enterprise market. >> Yeah it's interesting you know I've talked to you know plenty of the people here probably if you brought up things like OpenStack and CloudStack they wouldn't even know what we were talking about. The wave of containerization really seemed to spread far and wide. At Rancher you've done some surveys, give us some of the insight. What are you seeing? You've talked to plenty of customers. Give us where we are with the maturity. >> Definitely, definitely. Enterprise Kubernetes adoption is ready for prime time. You know the So what we're really seeing is some of the early challenges a few years ago a lot of people were having problems with just installing Kubernetes. They were literally just making sure to get people educated about container as a concept. Those have been overcome. Now, uh, we're really facing next generation of growth. And people solve these days solve problems like how do I get my new applications onboarding to Kubernetes. How do I really integrate Kubernetes into my multicloud and hybrid-Cloud strategy? And as Enterprise's need to perform computing in places beyond just the data centers and the cloud, we're also seeing tremendous amount of interest in running Kubernetes on the Edge. So those are some of the major findings of our survey. >> John: That's great. So Sheng I'd love for you to kind of elaborate or elaborate for us where Rancher fits into this. Right. Rancher is, you've been around, you've a mature stack of technology and also some new announcements today so I'd kind of love for you to kind of tell us how you fit in to that landscape you just described. >> Absolutely. This is very exciting and very very fast changing industry. So one of the things that Rancher is able to play very well is we're really able to take work with the community, take the latest and greatest open source technology and actually develop open source products on top this and make that technology useful and consumable for Enterprise at large. So the way we see it, to make Kubernetes work we really need to solve problems at three levels. At the lowest level, the industry need at lot of compliant and compatible certified Kubernetes distros and services. So that's table stakes now. Rancher is a leader in providing CNCF certified Kubernetes distro. We actually provide two of them. One of them is called RKE - Rancher Kubernetes Engine. Something we've been doing it for years. It's really one of the easiest to use and most widely deployed Kubernetes distributions. But we don't force our customers to only use our Kubernetes distribution. Rancher customers can use whatever CNCF certified Kubernetes distribution or Kubernetes services they want. So a lot of our customers use RKE(Rancher Kubernetes Engine) but they also use, when they go to the cloud, they use cloud hosted Kubernetes Services like GKE and EKS. There are really a lot of advantages in using those because cloud providers will help you run these Kubernetes clusters for free. And in many cases they even throw in the infrastructure it takes to run the Kubernetes masters and etcd databases for free. If you're in the cloud, there's really no reason not to be using these Kubernetes services. Now there's one area that Rancher ended up innovating at the Kubernetes distros, despite having these data center focus and cloud focus Kubernetes distros and services. And that is one of our, one of the two big announcements today. And that's called K3S. K3S is a great open source project. It's probably one of the most exciting open source projects in the Kubernetes ecosystem today. And what we did with K3S is we took Kubernetes that's been proven in data center and cloud and we brought it everywhere. So with K3S you can run Kubernetes on a Raspberry Pi. You can run Kubernetes in a surveillance camera. You can run Kubernetes in an ATM machine. You know, we have customers trying to run now Kubernetes in a uh, factory floor. So it really helps us realize our vision of Kubernetes as a new Linux and you run it everywhere. >> Well that's great 'cause you talk about that simplicity that we need and if you start talking about Edge deployment, I don't have the people, I don't have the skillset, and a lot times I don't have the gear, uh, to run that. So you know, help connect the dots as to you know, what led Rancher to do the K3S piece of it and you know, what did we take out? Or what's the differences between K8S and the K3S? >> That's a great question, you know. Even the name "K3S" is actually somewhat a wordplay on K8S You know we kind of cut half of 8 away and you're left with 3. It really happened with some of our early traction we sawing some customers. I remember, in retrospect it wasn't really that long ago. It was like middle of last year, we saw a blog coming out of Chick-fil-A and a group of technical enthusiasts were experimenting with actually running uh, Kubernetes in very, in like Intel Nook servers. You know, they were talking about potentially running three of those servers in every one of their stores and at the time they were using RKE and Rancher Kubernetes Engine to do that. And they run into a lot of issues. I mean to be honest if you think about running Kubernetes in the cloud in the database center, uh these servers have a lot of resources and you also have a dedicated operations teams. You have an SRE to manage them, right? But when you really bring it out into branch offices and Edge computing locations, now all of the sudden, number one, these uh, the software now has to take a lot less resource but also you don't really have SREs monitoring them every day anymore. And you, since these, Kubernetes distro really has to be zero touch and it has to run just like a, you know like a embedded window or Linux server. And that's what K3S was able to accomplish, we were able to really take away lot of the baggage that came with having all the drivers that were necessary to run Kubernetes in the cloud and we were also able to dramatically simplify what it takes to actually start Kubernetes and operate it. >> So unsolicited, I was doing an event right before this one and I asked some people what they looking forward to here at KubeCon. And independently, two different people said, "The thing I'm most excited about is K3S." And I think it's because it's the right slice through Kubernetes. I can run it in my lab. I can run it on my laptop. I can on a stack of Raspberry Pis or Nooks, but I could also run it in production if I, you know I can scale it up >> Stu: Yeah. >> John: And in fact they both got a twinkle in their eye and said well what if this is the future of Kubernetes, like you could take this and you could run it, you know? They were very excited about it. >> Absolutely! I mean, you know, I really think, you know, as a company we survive by, and thrive by delivering the kind of innovation that pushes the market forward right? I mean, we, otherwise people are not going to look at Rancher and say you guys are the originators of Kubernetes technology. So we're very happy to be able to come up with technologies like K3S that effectively greatly broadened the addressable market for everyone. Imagine you were a security vendor and before like all you really got to do is solving security problems. Or if you were a monitoring vendor you were able to solve monitoring problems for a data center and in the cloud. Now with K3S you end up getting to solve the same problems on the Edge and in branch offices. So that's why so many people are so excited about it. >> All right so Sheng you said K3S is one of the announcements this week, what's the rest of the news? >> Yeah so K3S, RKE, and all the GKE, AKS, EKS, they're really the fundamental layer of Kubernetes everywhere. Then on top of that one of the biggest piece of innovation that Rancher labs created is the idea of multi-cluster management. A few years ago it was pretty much of a revolutionary concept. Now it's widely understood. Of course an organization is not going to have just one cluster, they're going to have many clusters. So Rancher is the industry leader for doing multi-cluster management. And these clusters could span clouds, could span data centers, now all the way out to branch offices and the Edge. So we're exhibiting Rancher on the show floor. Everyone, most people I've met here, they know Rancher because of that flash of product. Now our second announcement though is yet another level above Rancher, so what we've seen is in order to really Kubernetes to achieve the next level of adoption in the Enterprise we're seeing you know some of the development teams and especially the less skilled dev ops teams, they're kind of struggling with the learning curve of Kubernetes and also some of the associated technologies around service mesh around Knative, around, you know, CICD, so we created a project called Rio, as in Rio de Janeiro the city. And the nice thing about Rio is it packaged together all these Cloud Native technologies and then we created very easy to use, very simple to understand user experience for developers and dev ops teams. So they no longer have to start with the training course on Kubernetes, on Istio, on Knative, on Tekton, just to get productive. They can pretty much get productive on day one. So that Rio project has hit a very important milestone today, we shipped the beta release for it and we're exhibiting it at the booth as well. >> Well that's great. You know, the beta release of Rio, pulling together a lot of these projects. Can you talk about some folks that, early adopters that have been using them or some folks that have been working with the project? >> Sheng: Yeah absolutely. So I talk about some of the early adoption we're seeing for both K3S and Rio. Uh, what we see the, first of all just the market reception of K3S, as you said, has been tremendous. Couple of even mentioned to you guys today in your earlier interviews. And it is primarily coming from customers who want to run Kubernetes in places you probably haven't quite anticipated before, so I kind of give you two examples. One is actually appliance manufacture. So if you think they used to ship appliances, then you can imagine these appliances come with Linux and they would image their appliance with an OS image with their applications. But what's happening is these applications are becoming so sophisticated they're now talking about running the entire data analytics stack and AI software. So it actually takes Kubernetes not necessarily, because it's one server in a situation of appliance. Kubernetes is not really managing a cluster, but it's managing all the application components and microservices. So they ended up bundling up K3S into their appliance. This is one example. Another example is actually an ISV, that's a very interesting use case as well. So uh, they ship a micro service based application software stack and again their software involves a lot of different complicated components. And they decided to replatform their software on Kubernetes. We've all heard a lot of that! But in their case they have to also ship, they don't just run the software themselves, they have to ship the software to the end users. And most of their end users are not familiar with Kubernetes yet, right? And they don't really want to say, to install our software you go provision the Kubernetes cluster and then you operate it from now on. So what they did is they took K3S and bundled into their application as if it were an application server, almost like a modern day WebLogic and WebSphere, then they shipped the whole thing to their customers. So I thought both of these use cases are really interesting. It really elevates the reach of Kubernetes from just being almost like a cloud platform in the old days to now being an application server. And then I'll also quickly talk about Rio. A lot of interest inside Rio is around really dev ops teams who've had, I mean, we did a survey early on and we found out that a lot of our customers they deploy Kubernetes in services. But they end up building a custom experience on top of their Kubernetes deployment, just so that most of their internal users wouldn't have to take a course on Kubernetes to start using it. So they can just tell that this thing that, this is where my source code is and then every thing from that point on will be automated. So now with Rio they wouldn't have to do that anymore. Effectively Rio is the direct source to URL type of, one step process. And they are able to adopt Rio for that purpose. >> So Sheng, I want to go back to when we started this conversation. You said, you know, the ecosystem growing. That not only, you know, so many vendors here, 129 end users, members of the CNCF. The theme we've been talking about is to really, you know, it's ready for production and people are all embracing it. But to get the vast majority of people, simplicity really needs to come front and center, I think. K3S really punctuates that. What else do we need to do as an ecosystem, you know, Rancher is looking to take a leadership position and help drive this, but what else do you want to see from your peers, the community, overall to help drive this to the promise that it could deliver. >> We really see the adoption of Kubernetes is probably going to wing at three, I mean. We see most organizations go through this three step journey. The first step is you got to install and operate Kubernetes. You know, day one, day two. And I think we've got it down. With K3S it becomes so easy. With GKE it becomes one API call or one simple UI interaction. And CNCS has really stepped up and created a great, you know, compliance certification program, right? So we're not seeing the kind of fragmentation that we saw with some of the other technologies. This is fantastic. Then the second step we see is, which a lot of our customers are going through now, is now you have all the Kubernetes clusters coming from different clouds, different infrastructure, potentially on the Edge. You have a management problem. Now you all of the sudden because we made Kubernetes clusters so easy to obtain you can potentially have a sprawl. If you are not careful you might leave them misconfigured. That could expose a security issue. So really it takes Rancher, it takes our ecosystem partners, like Twistlock, like Aqua. CICD partners, like CloudBees, GitLab. Just everyone really needs to come together, make that, solve that management problem. So not only, uh, you build this Kubernetes infrastructure but then you actually going to get a lot of users and they can use the cluster securely and reliably. Then I think the third step, which I think a lot of work still remain is we really want to focus on growing the footprint of workload, of enterprise workload, in the enterprise. So there the work is honestly just getting started. Anywhere from uh, if you walk into any enterprise you know what percentage of their total workload is running on Kubernetes today? I mean outside of Google and Uber, that percentage is probably very small, right? They're probably in the minority, maybe even in single digit percentage. So, we really need to do a lot of work. You know, we need to uh, Rancher created this project called LongHorn and we also work with a lot of our ecosystem partners in persistence storage area like Portworx, StorageOS, OpenEBS. Lot of us really need to come together and solve this problem of running persistent workload. I mean there was also a lot of talk about it at the keynote this morning, I was very encouraged to hear that. That could easily double, triple the amount of workload that could bring, that could be onboarded into Kubernetes and even experiences like Rio, you know? Make it further simpler, more accessible. That is really in the DNA of Rancher. Rancher wouldn't be surviving and thriving without our insight into how to make our technology consumable and widely adopted. So a lot of work we're doing is really to drive the adoption of Kubernetes in the enterprise beyond, you know, the current state and into something I really don't see in the future, Kubernetes wouldn't be as actually widely used as say AWS or vSphere. That would be my bar for success. Hopefully in a few years we can be talking about that. >> All right, that is a high bar Sheng. We look forward to more conversations with you going forward. Congratulations on the announcement. Great buzz on K3S, and yeah, thanks so much for joining us. >> Thank you very much. >> For John Troyer, I'm Stu Miniman, back with lots more coverage here from KubeCon CloudNativeCon 2019 in San Diego, you're watching theCUBE. [Upbeat music]

>> From the SiliconANGLE Media office in Boston, Massachusetts, it's theCUBE. Now, here's your host, Dave Vellante. >> Hello, everyone, and welcome to this week's Cube Insights, powered by ETR. Today is November 8, 2019 and I'd like to address one of the most important topics in the minds of a lot of executives. I'm talking about CEOs, CIOs, Chief Information Security Officers, Boards of Directors, governments and virtually every business around the world. And that's the topic of cyber security. The state of cyber security has changed really dramatically over the last 10 years. I mean, as a cyber security observer I've always been obsessed with Stuxnet, which the broader community discovered the same year that theCUBE started in 2010. It was that milestone that opened my eyes. Think about this. It's estimated that Stuxnet cost a million dollars to create. That's it. Compare that to an F-35 fighter jet. It costs about $85-$100 million to build one. And that's on top of many billions of dollars in R&D. So Stuxnet, I mean, it hit me like a ton of bricks. That the future of war was all about cyber, not about tanks. And the barriers to entry were very, very low. Here's my point. We've gone from an era where thwarting hacktivists was our biggest cyber challenge to one where we're now fighting nation states and highly skilled organized criminals. And of course, cyber crime and monetary theft is the number one objective behind most of these security breaches that we see in the press everyday. It's estimated that by 2021 cyber crime is going to cost society $6 trillion in theft, lost productivity, recovery costs. I mean, that's just a staggeringly large number. It's even hard to fathom. Now, the other C-change is how organizations have had to respond to the bad guys. It used to be pretty simple. I got a castle and the queen is inside. We need to protect her, so what do we do? We built a mote, put it around the perimeter. Now, think of the queen as data. Well, what's happened? The queen has cloned herself a zillion times. She's left the castle. She's gone up to the sky with the clouds. She's gone to the edge of the kingdom and beyond. She's also making visits to machines and the factories and hanging out with the commoners. She's totally exposed. Listen, by 2020, there's going to be hundreds of billions of IP addresses. These are going to be endpoints and phones, TVs, cameras, tablets, automobiles, factory machines, and all these represent opportunities for the bad guys to infiltrate. This explosion of endpoints that I'm talking about is created massive exposures, and we're seeing it manifest itself in the form of phishing, malware, and of course the weaponization of social media. You know, if you think that 2016 was nuts, wait 'til you see how the 2020 presidential election plays out. And of course, there's always the threat of ransomware. It's on everybody's minds these days. So I want to try to put some of this in context and share with you some insights that we've learned from the experts on theCUBE. And then let's drill into some of the ETR data and assess the state of security, the spending patterns. We're going to try to identify some of those companies with momentum and maybe some of those that are a little bit exposed. Let me start with the macro and the challenged faced by organization and that's complexity. Here's Robert Herjavec on theCUBE. Now, you know him from the Shark Tank, but he's also a security industry executive. Herjavec told me in 2017 at the Splunk.com Conference that he thought the industry was overly complex. Let's take a look and listen. >> I think that the industry continues to be extremely complicated. There's a lot of vendors. There's a lot of products. The average Fortune 500 company has 72 security products. There's a stat that RSA this year, that there's 1500 new security start-ups every year. Every single year. How are they going to survive? And which ones do you have to buy because they're critical and provide valuable insights? And which ones are going to be around for a year or two and you're never going to hear about again? So it's a extremely challenging complex environment. >> So it's that complexity that had led people like Pat Gelsinger to say security is a do-over, and that cyber security is broken. He told me this years ago on theCUBE. And this past VM World we talked to Pat Gelsinger and remember, VMware bought Carbon Black, which is an endpoint security specialist, for $2.1 billion. And he said that he's basically creating a cloud security division to be run by Patrick Morley, who is the Carbon Black CEO. Now, many have sort of questioned and been skeptical about VMware's entrance into the space. But here's a clip that Pat Gelsinger shared with us on theCUBE this past VM World. Let's listen and we'll come back and talk about it. >> And this move in security, I am just passionate about this, and as I've said to my team, if this is the last I do in my career is I want to change security. We just not are satisfying our customers. They shouldn't put more stuff on our platforms. >> National defense issues, huge problems. >> It's just terrible. And I said, if it kills me, right, I'm going to get this done. And they says, "It might kill you, Pat." >> So this brings forth an interesting dynamic in the industry today. Specifically, Steven Smith, the CISO of AWS, at this year's Reinforce, which is their security conference, Amazon's big cloud security conference, said that this narrative that security is broken, it's just not true, he said. It's destructive and it's counterproductive. His and AWS's perspective is that the state of cloud security is actually strong. Kind of reminded me of a heavily messaged State of the Union address by the President of the United States. At the same time, in many ways, AWS is doing security over. It's coming at it from the standpoint of a clean slate called cloud and infrastructure as a surface. Here's my take. The state of security in this union is not good. Every year we spend more, we lose more, and we feel less safe. So why does AWS, the security czar, see if differently? Well, Amazon uses this notion of a shared responsibility security model. In other words, they secure the S3 buckets, maybe the EC2 infrastructure, not maybe, the EC2 infrastructure. But it's up to the customer to make sure that she is enforcing the policies and configuring systems that adhere to the EDIX of the corporation. So I think the shared security model is a bit misunderstood by a lot of people. What do I mean by that? I think sometimes people feel like well, my data's in the cloud, and AWS has better security than I do. Here I go, I'm good. Well, AWS probably does have better security than you do. Here's the problem with that. You still have all these endpoints and databases and file servers that you're managing, and that you have to make sure comply with your security policies. Even if you're all on the cloud, ultimately, you are responsible for securing your data. Let's take a listen to Katie Jenkins, the CISO of Liberty Mutual, on this topic and we'll come back. >> Yeah, so the shared responsibility model is, I think that's an important speaking point to this whole ecosystem. At the end of the day, Liberty Mutual, our duty is to protect policyholder data. It doesn't matter if it's in the cloud, if it's in our data centers, we have that duty to protect. >> It's on you. >> All right, so there you have it from a leading security practitioner. The cloud is not a silver bullet. Bad user behavior is going to trump good security every time. So unfortunately the battle goes on. And here's where it gets tricky. Security practitioners are drowning in a sea of incidents. They have to prioritize and respond to, and as you heard Robert Herjavec say, the average large company has 75 security products installed. Now, we recently talked to another CISO, Brian Lozada, and asked him what's the number one challenge for security pros. Here's what he said. >> Lack of talent. I mean, we're starving for talent. Cyber security's the only field in the world with negative unemployment. We just don't have the actual bodies to actually fill the gaps that we have. And in that lack of talent CISOs are starving. We're looking for the right things or tools to actually patch these holes and we just don't have it. Again, we have to force the industry to patch all of those resource gaps with innovation and automation. I think CISOs really need to start asking for more automation and innovation within their programs. >> So bottom line is we can't keep throwing humans at the problem. Can't keep throwing tools at the problem. Automation is the only way in which we're going to be able to keep up. All right, so let's pivot and dig in to some of the ETR data. First, I want to share with you what ETR is saying overall, what their narrative looks like around spending. So in the overall security space, it's pretty interesting what ETR says, and it dovetails into some of the macro trends that I've just shared with you. Let's talk about CIOs and CISOs. ETR is right on when they tell me that these executives no longer have a blank check to spend on security. They realize they can't keep throwing tools and people at the problem. They don't have the bodies, and as we heard from Brian Lozada. And so what you're seeing is a slowdown in the growth, somewhat of a slowdown, in security spending. It's still a priority. But there's less redundancy. In other words, less experimentation with new vendors and less running systems in parallel with legacy products. So there's a slowdown adoption of new tools and more replacement of legacy stuff is what we're seeing. As a result, ETR has identified this bifurcation between those vendors that are very well positioned and those that are losing wallet share. Let me just mention a few that have the momentum, and we're going to dig into this data in more detail. Palo Alto Networks, CrowdStrike, Okta, which does identity management, Cisco, who's coming at the problem from its networking strength. Microsoft, which recently announced Sentinel for Azure. These are the players, and some of them that are best positioned, I'll mention some others, from the standpoint spending momentum in the ETR dataset. Now, here's a few of those that are losing momentum. Checkpoint, SonicWall, ArcSight, Dell EMC, which is RSA, is kind of mixed. We'll talk about that a little bit. IBM, Symantec, even FireEye is seeing somewhat higher citations of decreased spending in the ETR surveys and dataset. So there's a little bit of a cause for concern. Now, let's remember the methodology here. Every quarter ETR asks are you green, meaning adopting this vendor as new or spending more? Are you neutral, which is gray, are you spending the same? Or are you red, meaning that you're spending less or retiring? You subtract the red from the green and you get what's called a net score. The higher the net score, the better. So here's a chart that shows a ranking of security players and their net scores. The bars show survey data from October '18, July '19, and October '19. In here, you see strength from CrowdStrike, Okta, Twistlock, which was acquired by Palo Alto Networks. You see Elastic, Microsoft, Illumio, the core, Palo Alto Classic, Splunk looking strong, Cisco, Fortinet, Zscaler is starting to show somewhat slowing net score momentum. Look at Carbon Black. Carbon Black is showing a meaningful drop in net score. So VMware has some work to do. But generally, the companies to the left are showing spending momentum in the ETR dataset. And I'll show another view on net score in a moment. But I want to show a chart here that shows replacement spending and decreased spending citations. Notice the yellow. That's the ETR October '19 survey of spending intentions. And the bigger the yellow bar, the more negative. So Sagar, the director of research at ETR, pointed this out to me, that, look at this. There are about a dozen companies where 20%, a fifth of the customer base is decreasing spend or ripping them out heading into the year end. So you can see SonicWall, CA, ArcSight, Symantec, Carbon Black, again, a big negative jump. IBM, same thing. Dell EMC, which is RSA, slight uptick. That's a bit of a concern. So you can see this bifurcation that ETR has been talking about for awhile. Now, here's a really interesting kind of net score. What I'm showing here is the ETR data sorted by net score, again, higher is better, and shared N, which is the number of shared accounts in the survey, essentially the number of mentions in that October survey with 1,336 IT buyers responded. So how many of that 1,300 identified these companies? So essentially it's a proxy for the size of the install base. So showing up on both charts is really good. So look, CrowdStrike has a 62% net score with a 133 shared account. So a fairly sizable install base and a very high net score. Okta, similar. Palo Alto Networks and Splunk, both large, continue to show strength. They got net scores of 44% and 313 shared N. Fortinet shows up in both. Proofpoint. Look at Microsoft and Cisco. With 521 and 385 respectively on the right hand side. So big install bases with very solid net scores. Now look at the flip side. Go down to the bottom right to IBM. 132 shared accounts with a 14.4% net score. That's very low. Check Point similarly. Same with Symantec. Again, bifurcation that ETR has been citing. Really stark in this chart. All right, so I want to wrap. In some respects from a practitioner perspective, the sky erectus is falling. You got increased attack surface. You've got exploding number of IP addresses. You got data distributed all over the place, tool creep. You got sloppy user behavior, overwork security op staff, and a scarcity of skills. And oh, by the way, we're all turning into a digital business, which is all about data. So it's a very, very dangerous time for companies. And it's somewhat chaotic. Now, chaos, of course, can mean cash for cyber security companies and investors. This is still a very vibrant space. So just by the way of comparison and looking at some of the ETR data, check this out. What I'm showing is companies in two sectors, security and storage, which I've said in previous episodes of breaking analysis, storage, and especially traditional storage disk arrays are on the back burner spending wise for many, many shops. This chart shows the number of companies in the ETR dataset with a net score greater than a specific target. So look, security has seven companies with a 49% net score or higher. Storage has one. Security has 18 above 39%. Storage has five. Security has 31 companies in the ETR dataset with a net score higher than 30%. Storage only has nine. And I like to think of 30% as kind of that the point at which you want to be above that 30%. So as you can see, relatively speaking, security is an extremely vibrant space. But in many ways it is broken. Pat Gelsinger called it a do-over and is affecting a strategy to fix it. Personally, I don't think one company can solve this problem. Certainly not VMware, or even AWS, or even Microsoft. It's too complicated, it's moving too fast. It's so lucrative for the bad guys with very low barriers to entry, as I mentioned, and as the saying goes, the good guys have to win every single day. The bad guys, they only have to win once. And those are just impossible odds. So in my view, Brian Lozada, the CISO that we interviewed, nailed it. The focus really has to be on automation. You know, we can't just keep using brute force and throwing tools at the problem. Machine intelligence and analytics are definitely going to be part of the answer. But the reality is AI is still really complicated too. How do you operationalize AI? Talk to companies trying to do that. It's very, very tricky. Talk about lack of skills, that's one area that is a real challenge. So I predict the more things change the more you're going to see this industry remain a game of perpetual whack a mole. There's certainly going to be continued consolidation, and unquestionably M&A is going to be robust in this space. So I would expect to see continued storage in the trade press of breaches. And you're going to hear scare tactics by the vendor community that want to take advantage of the train wrecks. Now, I wish I had better news for practitioners. But frankly, this is great news for investors if they can follow the trends and find the right opportunities. This is Dave Vellante for Cube Insights powered by ETR. Connect with me at David.Vellante@siliconangle.com, or @dvellante on Twitter, or please comment on what you're seeing in the marketplace in my LinkedIn post. Thanks for watching. Thank you for watching this breaking analysis. We'll see you next time. (energetic music)

>> Brought to your by Amazon Web Services and its ecosystem partners. (smooth music) >> Okay, welcome back everyone. This is theCUBE's live coverage in Boston, Massachusetts. I'm John Furrier with Dave Vellante at AWS, Amazon Web Services' inaugural conference called re:Inforce. This is the first conference that Amazon Web Services is putting on around security, and we've got a great guest, we've got CISO, Brian Lozata, CISO for Dataminr, also on the advisory board for Twistlock, which was recently purchased by, well, intent to purchase by Palo Alto Networks, really cracked the code on DevSecOps, scaling up. Great to have you on, thanks for coming on. >> No, thanks for the opportunity. >> Love getting down and dirty and talking to CISOs, because you know, besides the, you know, which regime controls security, which is always evolving, a lot of the state-of-the-art activity going on in the security sector. Clearly the path of catching up to the DevOps Agility has been the big focus. >> It absolutely has. As innovation has been, you know, really pushed forward with cloud I think security's had to catch up and really start pushing towards innovation, looking at ways that we could be disruptive in the space with solving these problems that, look, CISOs, we've been facing this for 20 years and we're putting old technology at the same problem trying to fix it. Now that there's new services, you know, new emerging technology with cloud, we should be taking advantage of that and innovating ourselves in the security-- >> Brian, what's the most important story that should be told, or is being told, or isn't being told that needs to be told and covered by the media when it comes to the security industry, what's your view on this? >> The lack of talent, I mean, we're starving for talent. Cyber security's the only field in the world with negative unemployment. We just don't have the actual bodies to actually fill the gaps that we have, and in that lack of talent CISOs are starving. We're looking for the right things that, or tools to actually patch these holes and we just don't have it. Again, we have to force the industry to patch all of those resource gaps with innovation and automation. I think CISOs really need to start asking for more automation and innovation within their programs. >> It's a multidimensional challenge. I want to just get your thoughts on it. I mean, what pops into my head when you say that, I think "Oh, entrepreneurial." I'm an entrepreneur, it's like, "Oh, I can start a company." So, one, build something. >> Yeah. >> Build a tool, or work for a company, be talent within an enterprise, and then three, you know, be part of that, you know, game changing ecosystem community and do something. >> Yeah, how about all three, right? You could do all three, right? Like, I think security can't be thought of as that arm to go check things anymore. I think security needs to be thought of that arm that pushes innovation forward and helps the business, you know, move forward. We need to be business enablers, and the only way we're going to do it is by building something, like by shortening up the time to actually get code out there or get products out there. >> So, I want to dig into some of the Dataminr stuff we were just chatting before we came on camera, but I do want to dig into Twistlock because I think, you know, you've been in advise, you've seen that journey from day one, from seed financing to now where they're, you know, exiting to a large company. The success has been, very short period of time, only a couple years, five years or so, magic happens, it's a good thing. What happened, what's the story there? (chuckles) I mean, what's-- >> They found. >> Why so successful? >> Well, they found the gap. They found the gap that everybody's facing is the lack of talent to actually solve all of these issues with automation, and they helped fill that gap and fill it pretty quickly, right? So, I think it went from selling to taking orders very quickly because they actually helped solve a lot of, give visibility and put more security into actual the, you know, cloud-based platforms, and it helps companies modernize their tech stack quickly, right? That's what we're all about is pushing things out quickly, and to do it with security in mind. >> If you look at a typical budget pie in IT it's usually about two-thirds people. You know, one-third, you know, hardware, software services. Is it the same in your world, or is it different? >> Depends on the industry and it depends on the company. Some companies don't put security as that much of a focus, so you sometimes you are trying to get those dollars to actually fund your program, others it just depends on the risk, right, how the company's-- >> Well, if it's financial services they'l throw it in, no problem. >> Oh, they'll throw, you know, financial services will totally, totally do it, but if it's an industry or a company that hasn't had security in there and you're evangelizing security, hey, the first six, eight months you're going to be struggling for that budget. You're going to have to, you know, have that articulation that you, you know, speak on technical risk into business risk so you can fund your program, right? That's why the most important talent or skill that a security professional needs is communication skills. If you can't articulate technical risk into a business risk to fund your program, it's, you know, it's very hard for you to actually be successful in security. >> So, you speak wallet and geek, is that what... >> You have to. (chuckles) I think, yeah, (laughs) I think wallet and geek is definitely, it's a required skill in this space, probably more and more than others, right? The other thing is security, you can actually see how it equates to dollars, too, right? >> So, to whom are you speaking wallet, line of business, CEO, C-suite, CFO? >> I think it's definitely going to be up to C-suite. I think in more mature organizations you're going to get to the product line. You're going to get, you know, security into that product aspect, so as products are starting to be developed, those product managers and that product line can start funding their own security within that product development, right, and you need to have that communication style so that you can push that initiative through that product line. So, maturity-wise you'll get there, but I think initially it has to start at that C-suite at the board level. >> And how does that conversation start and what's the flow like, what's the key message that you're getting across? >> You have to talk about risk to that product line. Where's the risk that you can articulate to them and say if this product is impacted in this way, this is the damage to the brand, you know, financial, or financial damage. Once they see that and they can absolutely put dollars next to it, it'll absolutely help them fund that program when it comes to security. >> And you spend time quantifying that >> You have to. >> Is that right? >> Yeah, you absolutely have to. Everything nowadays needs to be quantified so you can put the appropriate amount of resources towards it, both in human capital and financial, right? >> How do you make that argument credible? Is it based on experience, you pull in different data sources from lines of business? >> It's different data sources. You've definitely got to leverage your experience, but it's looking at data lifecycle, where that data's being stored, process transmitted, the risk to losing it, and then quantify that type of data. There's different levels of sensitivity to data, right? Certain data, like you take a hit on your website, just the brochure site versus transactional data, different risk levels, different, you know, different impact to the brand, to the company. >> So, you're taking a portfolio view-- >> Absolutely. >> Weighing different values. >> Totally, you have to. >> And helping people understand where to put their bill. >> Yep. >> So, the CISO, the CIO, they care about production, what's in production, also on the DevOps ethos you've got Agility, you've got hackathons, so you have the kind of the cultural shift, so how do they mitigate the risk, from your standpoint how do you view this, and what do other CISOs think, because you want to foster that creativity to get that incubating going for new ideas, hackathons for instance, great tactic in the DevOps community. We're seeing that now happen in security-- >> Totally. >> Where the people who are close to the action are getting involved in a very DevOps way, but they're kind of not getting sanctioned clearance from the boss, but that's the production side, so again, Ops, different. How is that migration or transition between I've got a hackathon, this feature that if we roll this out this could really help us with our visibility intro threats or better quality alerts. I'm just making that up, but you see where innovation's going to come from, at the same time dealing with all the other pillars of the compliance, and audit, and security, and blah, blah, blah, all that stuff that's in production. How do CISOs deal with this? >> So, it's taking a view, look, a risk-based approach to that entire lifecycle and seeing where is the biggest risk, and then to fix that risk where the gap is and to get into that innovation piece. At my previous company we developed what's called security as code. We had a big gap that we were finding a lot of issues out there with our environment that we were finding three and four days after they were actually rolled out, so we were able to take advantage of AWS services so that we could actually get visibility live, and then we did it we actually remediated the issues with Lambda functions, right? That was innovation, we were able to do it. Now, convincing DevOps to put it into production, that took some time as well, but it was that partnership and showing them we're not going to be bothering you. >> Ballpark timeframe-- >> Yep. >> Ballpark a timeframe to invention, innovation to selling it through to production, ballpark? >> Maybe a month. >> What's the difference between infrastructure as code and security as code? >> So, infrastructure as code is you're putting out the environment, you're creating that VPC, you're setting up the routes. Security as code, what we're calling security as code is that it finds an issue with that environment and it automatically fixes it with a Lambda function or something like that, right? So, it could find the vulnerability, it knows what the fix is, and it automatically goes and fixes it. That's the benefit of cloud, immutable technology. You can fix things pretty quickly. >> Yeah. >> Well, let's, now that we have that ability, let's innovate on security so that we do do those fixes instead of waiting days for it to come back. >> And the secret sauce for that comes from what? >> Developing-- >> Homegrown math, doing. >> Homegrown, homegrown. >> No problem >> You have, like the, I think cloud has allowed emerging technology and security to get back into being innovative and not just coming in to protect or to have visibility. Like security engineers are now saying, "Now we can create," right? AWS has that, the logo, what is their motto, "Build on," right, well that should apply to security practitioners as well. We should be building just as quickly as developers. >> And by the way, the old model was hire a firm to come in, buy a product. >> Totally, yes. >> Now you're saying is let's code up some security. >> Let's do it ourselves. >> Because the practitioners are close to the action-- >> Absolutely. >> They have the innovative device, doesn't take a lot of time to whip something up, find the discovery... >> And do it. And the other thing is we spent years buying tools, buying tools, buying tools. Tools were built to solve one use case. Who knows better their environment than CISOs that are working in it, right? So, let's build tools that our customers-- >> It's like a tool shed, open up the doors, like "I bought that 10 years ago. "We're still amortizing that." It's like there's too many tools. >> Too many tools, so let's build what's appropriate for the environment based on our knowledge, right, of being working in it. >> Describe a great day for a security practitioner. >> (chuckles) A great day is that I don't get called at two in the morning, right? I think every day is a great day in security, and I'm going to tell you why, because it's growing so quickly I think organizations are starting to realize the value of security, that security is a value prop to a customer or to a client. They like to see security being baked into the products, so I think it is good for security to see it grow. I love to see that AWS has now invested in re:Inforce. I think it was about time. I had been going to re:Invent for, I don't know, maybe four or five years now, and I saw that grow and it was absolutely time for this, so-- >> It's interesting-- >> It's good. >> You hear the chatter, you hear the chatter also around security not, not just being not being a call center and being strategic, which clearly it is, because one breach and you go out of business, that's a business model problem. But as a revenue generator, seeing a trend now-- >> Totally. >> Of people who are building in-house because they have their own problems are taking the Amazon playbook. Do it for yourself first and then expose that out as a service-- >> Totally. >> With Marketplace. Dave McCann's kicking butt over there. He's got services, so the idea is that if people have a good foundation you're just buying services. >> Totally. >> Not tools. >> Yep, and investing in and buying services, not tools, and then pushing those, your resources and your talent to actually be creative and innovative, and be just as hungry when they see new services come out. I love when developers come up to us and say, "There's this new service that's "going to launch tomorrow, AWS is." Can I mess around with it? Can I throw, like I like to see that because then we can get insight into it and say yes, right? Fear is a greater threat to progress than hardship. I don't want my developers to have fear. I want them to feel, "Security team's got my back." The platform has the-- >> Yeah. >> ability to visualize it, so let's move forward with that. >> So, let's talk about fear, uncertainty, and doubt, AKA known as FUD. >> FUD, yeah. >> All right. So, it used to be that the suppliers would put FUD onto the customer saying, "No, don't buy that other product." You could, you know, use that fear. It's now flipping around with CISOs, you know, the way we're hearing that one of the mandates is to get the supplier account from hundreds to single or double digits, and so the fear is being pushed back out, saying if you don't have this kind of stack integration, this kind of API support, you're not going to be a vendor. >> Yeah. >> This is shifting. >> You agree? >> 1000% agree. I think we needed to, like we should not have taken our tempo for so many years from vendors. They were dictating our programs at that particular point. Now we can take control of our program, saying we don't want to partner with you if you don't integrate with the way we've built our program, that we know our environment, right? So, I think we're taking a little bit more control of our destiny and our platforms versus just taking the tempo from vendors. >> And the key here is having that platform built-- >> Absolutely. >> To start thinking through the critical thinking around tech stack, purpose, and this is their shift, this is what, and some families aren't there yet. They, because they have to build it up. >> They have to build it up, and-- >> How long does it take to do that? >> The most important thing to build that up, talent. Look, you're only as good as the talent you have. If you don't have the talent to build that platform up you're going to be stuck in that vendor loop forever. I mean-- >> Had a CISO saying to me privately, "Love multi-cloud, love the vision, "but honestly I'm not investing in Diamond multi-cloud "until I get my team on one cloud, "and I'll use secondary clouds for, you know, "either rollover, backup, or some other point feature, "or inherited workload through an M&A or other project. "No big deals, shadow IT, but in terms of my talent "I don't want to have three different teams. "I want one team to build the stack "and continue to think about automation, "then we'll get to multi-cloud when it's ready." Your thoughts to that. >> I 1000% agree. I think that we need to get one cloud right first before we start thinking about putting our talent, our limited talent resources, again, everybody's starving for talent, into investigating and remediating other cloud issues. I think you definitely have to get one thing right first before moving over. I do think, though, that the time's going to come where there's going to be a lot of companies doing, you know, production workloads in multiple clouds. I, you know, I'm actually eager to see that day, and see it publicly and see how it's being managed, right? >> Well, the one who cracks that nut is going to win big lottery ticket. >> Oh, totally, totally. >> Metrics. I want to quickly defrost on metrics. Metrics is something that if you, if you, if you serve the metrics master too hard you could actually miss out on what your real purpose is. The joke I heard was that you could turn into Chernobyl, like that movie that's on Netflix, or Prime, I forget which show. Oh, it's on HBO actually, it's an HBO series where they were pressing buttons. They had no idea what was going on with the reactor, it blew up, and the rest is history. That's the metrics problem and challenge, isn't it? What's your thoughts on metrics? >> I agree, I'm not a fan of metrics. I don't think security programs should be either built or measured against metrics. I don't think metrics really provide too much detail behind any of that. Metrics are just there I think to provide a little bit of insight of where you could double-click and actually do a little bit more diligence, but they should not be measured, they should not be used to measure your program. I don't run my program on metrics. It's not like I'm escalating metrics, either, up to the board or anything like that. Providing relevant data and how that data impacts the business from a security perspective is how I like to escalate, not putting up, you know, charts or anything like that of what, you know, how many vulnerabilities were remediated. Guess what, you did your job. I don't want to put a metric up there that actually says, you know, something like that. I want to show some real value with some real data. >> So, what are you communicating to the board specifically? >> How we've integrated information security, the security program, into the workflow without slowing down the business. I think that's the key part, and how, security at the end of the day it's a culture change, right, and you are changing behavior, right? So, how you're able to do that without slowing down production, especially in technology companies, because you don't want to slow down that development pipeline, that's a key metric to put out there. >> Mm-hm. >> And we've been able to, you know, enable static and dynamic code analysis without slowing things down. Things are still getting to product at that time, or using container security for our infrastructure so that it takes that out of the developer's mind when they're actually building out a, you know, new environment, right? >> Digital transformation equations, people, process, technology. >> Totally. >> Heard that over and over, and it's cliche, but the people part, okay, you could get more people, totally agree, technology, plenty of tools and services, that's a huge opportunity, but the process is where the focus has been, and I heard a quote earlier on theCUBE today. It says, "Process is a reflection of your culture." >> True. >> And a lot of those cultures won't yield the process control to either CISOs or teams. Your thoughts to that comment and where that kind of goes. That's the key breakdown on digital transformation, isn't it? >> It is, it is. That is true, I think the one thing that CISOs need to remind themselves is when they introduce themselves to the organization they need to be a customer service organization. CISOs need to be available to the users and to the business, and offer their services as a partnership instead of as a mandate. I think that warms the waters a little bit for that behavioral change and that culture change so that process can change into the new, innovative way of actually pushing security as code and infrastructure as code as the new way of actually doing business. >> And success has got, is contagious. >> Totally. >> Like at Twistlock. You're advising that company. Boom. >> Yeah. Absolutely is contagious, and showing those type of examples actually throughout the business actually help, you know what I'm saying? Breaking down those old silos of security is viewed is important, right, so. >> You kind of implied before in the earlier days vendors sort of controlled the table. You were sort of beholden to their way of doing things. Steve Schmidt today made the statement that, you know, all the negative fear factor is not helping our industry. It really, the state of cloud security, anyway, is good, the union is strong. Do you agree with that and are there other things that vendors are doing that drive you crazy as a practitioner that they shouldn't be doing? >> So, two great questions. I think the first one, I think cloud security absolutely is, does exist, and it gives power back to the CISOs, so they can actually make more controlled decisions over their environment, you know, instead of being beholden to vendors. I think understanding the shared responsibility model between a company in the cloud is crucial for CISOs to make those decisions. >> Mm-hm. >> And I think for years that was misunderstood and that's why it took time, probably, to migrate to the cloud or to be born in the cloud initially, but I think once that's understood it empowers, you know, the CISOs and the technology organizations, I think that's one. On your second questions, I think everybody in the world has vendor fatigue. I think vendors, what drives me nuts about all of them is that they say they integrate with everything and that they're going to give me more visibility than before. Great, man, like that's what everybody's been doing for the past 20 years. They're giving me a lot of information. I want them to fix things, don't give me alerts. Don't give me alarms unless you're going to say, "Here's the alert, here's the alarm, "here's the automated script that you can "put into your environment to fix it." Knowing that every CISO in the world is starving for talent, we don't have the resource to double-click on that, due diligence, and write it, do it for me. I think vendors need to start innovating and stop doing the same thing that we've been doing for the past 20 years. >> So, you're seeing, furring from that is a lot of incrementalism, kind of taking safe bets, and really you're looking for a step function. >> Totally, I want vendors to take a more aggressive approach in their innovation, I don't want, so you're giving me more alerts that I've seen in different shapes, in different sizes from different vendors. Tell me how you're going to fix it, or fix it for me. That's what I really want, we need to push, we need to exceed that more from vendors, and look, since we're not getting it it's making us, or I'm happy to do it actually, is to start innovation. >> Do it. >> And doing it ourselves, right? >> Yeah. >> So, it, I'm investing more in resources, in talent, doing it that way-- >> Yeah. >> Instead of outsourcing and getting a vendor, so-- >> And that's a trend that's happening more and more. >> Totally. >> And that's an indictment on the community itself and the vendors. >> Yeah. >> Brian-- >> We need to exceed more from the vendors. >> Thanks so much for coming on. Great insights, profound commentary. Great to have CISOs on theCUBE, thanks for sharing. It's theCUBE's live coverage, Boston. I'm John Furrier with Dave Vellante. Day one of two days of CUBE coverage of the inaugural AWS re:Inforce conference, we'll be right back. (smooth music) People want to work for a mission--

>> Live from Seattle, Washington, it's theCUBE, covering KubeCon and CloudNativeCon North America 2018, brought to you by Red Hat, the Cloud Native Computing Foundation, and its ecosystem partners. >> Hello everyone, welcome back to the live Cube coverage here, three days at Seattle's KubeCon and CloudNativeCon. It's a conference put on by the Linux Foundation. Cube's been there from the beginning, breaking down all the action. 8,000 people, doubling attendance from the last one, now global, on a global scale, seen great traction in China and other areas around the world. It's about the cloud global. I'm John Furrier with Stu Miniman, our next guest, Kelsey Hightower with Google. Former code program share, now out in the wild on his own, super dope, playing with all kinds of new technology, it's great to see you, thanks for coming on. >> Proper you said the word dope, by the way, so congratulations there. I'm an attendee, I still have a keynote on Thursday but I do get to enjoy the floor like everyone else. >> So what's new, so you're now, again, there's a lot of pressure now every year. It's more and more people here, so it's a lot of pressure to kind of get all the action packed, but the growth has been pretty phenomenal. You've been looking at serverless, we saw some tweets, again you mention it's super dope, serverless is. You've got serverless, you've got a lot of stuff going on within the CNC app, you've got Kubernetes at the core. A lot of people like calling it the Kubernetes stack or the CNCF stack. Is it really a stack, is it really more of an operating model because there's stacks involved but how do you describe it, because this is a point of clarification. I mean, Kubernetes isn't necessarily a stack. Is it, how do people use it, what's the current state? >> I think when people say stack, you think about the LAMP stack, right? Linux, Apache, MySQL, it's a way of pre-packaging these ideas. This is something that worked for me, it may work for you, you say that enough times and then you say things like the Kubernetes stack. It's a quick, shorthand for Kubernetes and building on top of it. I think from the engineering perspective, when you look at Kubernetes and all the gaps that the CNC app is trying to fill these days, it's all this stuff you're probably building yourself, someone else is building it, and now we kind of have an outlet now. If you're working on a service mesh like list was, you have an outlet to give it to the rest of the world, open governance, and get some contributors. I think what we're seeing now is that hey, CNCF is kind of the place people go to figure out is someone building the thing that I've already started building and can I stop and just download that and go off? >> It's been very successful open source community, obviously, it's been end user leverage, it's been great and it's been open source, community led. Not so much vendor led, but vendors have been participating, so it's been great, but now as Kubernetes is going mainstream, the rise of Kubernetes is undeniable. No one can really deny that. Other end users are now coming in either to participate or to consume Kubernetes. How is that going in your mind? What's going on in the landscape, because people want multicloud, they want hybrid, they want choice. How are end users coming into the ecosystem to consume Kubernetes and the variety of goodness around it and what's going on there? Can you give some color around that option? >> I think regardless of the industry buzzwords like multicloud and hybrid and all that, Kubernetes is good on its own. It solves a lot of problems that your previous tools didn't solve, so people are gravitating towards it regardless in that direction. When you start to talk about portability, yes, it's nice to have two different environments and have the same tools work in a similar way between those environments, that's working well. The people that started three years ago that were doing it themselves, they're finding value and treating that as a service. We saw this happen to DNS, e-mail, so people are saying maybe the value isn't running it myself, so now you kind of see the vendor ecosystem understand what the value is. For a lot of the cloud providers, it's running Kubernetes, patching it, updating it, upgrading it, so that you can go focus on the other parts on top. That's where I think we are as an industry, and then there's gaps to fill, so that's where you see things like native, people building CI-CD tools on top, that's just where the new opportunities are so I think we've kind of matured. People kind of know what Kubernetes is, they know where their value line is for Kubernetes, now they're looking for their partners or vendors or community to just layer the new stuff on top. >> Kelsey, you bring up a great point there because understanding that line of what I should do myself and what I have to do versus what I can buy, consume as a service, is really tough for people, you know. I always say, ask IT departments, what do you really suck at? Because there's somebody else that probably does it better. A year ago, when I talked to users at this show, they were really downloading stuff, putting their things together, and when you asked them why, it was well, the Azure stuff hasn't matured. It just released, Amazon, I'm not sure where they're going with it. It feels like a lot has changed in the last year. You did Amazon the hard way a little over a year ago. What has changed over the last year, you know. >> We saw this with Linux, right? >> Are we ready for that, yeah. >> In Linux everyone use to build their own Linux distro, you took pride in it, using Gentoo and Slackware, and then you're like, I'm tired of that so you go get Red Hat or Ubuntu and call it good, and then you go focus on the other things. Naturally, Kubernetes is early project, has lots of gaps, you can fill those gaps by gluing together open source yourself, but now most of the managed services fill in the gaps by default. You click a button in GKE and a thing comes up, it's secure, has most of the pieces you need, it's integrated, you're like alright, I'm done with that part. >> The other thing, we talked a year ago. There's lots of companies here that are involved in Kubernetes. We've got over 70 that are compliant, and then you've got the service providers. From what I hear, it's people aren't trying to differentiate with Kubernetes and that's probably a good thing. It's something that's going to be baked into the platform, it's something you're going to consume with the other services that I offer, what do you say? >> If you make it different, then it won't work. >> Right. >> It'll be a different thing, so if you make it too different then you lose most of the benefits that we're all talking about here. The ability to learn a set of abstractions once, kind of like we did on Linux, if you start changing the system calls on Linux, then it's not Linux anymore, it's a different thing. >> Just to clarify though, if I'm running in one cloud that has their Kubernetes and I want to go to another, is it similar enough? Can I make that move? Do I need a vendor-independent version? >> So I think up to this value line I've run this container, ship the log somewhere, give me a way to secure access, that's pretty standard. Give me a load balancer. What isn't standard is how do I do CI-DC on top of that, that's not standard. There's different opinions on how to do that. If I'm in Google Cloud, we have IEM one way, Azure has IEM a different way, and same thing for Amazon. There's things around networking, security, that are going to be different based on the environment you're in. Same for on-prem, and that's where you start to look for help. If I go to Google, I'm going to use GKE maybe instead of running it myself on just a bunch of VMs, so that's where you kind of see that little divide. >> Is that going to be custom work, that's a great point, security for instance, we'll just pull that out there. Is that going to automate and be seamless or is that going to be a work area that's always going to have to be differentiated or coded or? >> So for example, we have the big vulnerability recently in Kubernetes world, right? >> It's a big CVE, it affected everyone running Kubernetes. That's a thing, as a vendor, for us GKE people, we upgraded automatically for them and said hey, there's a CVE, it's going to be really scary when you read about it but hey, you're patched. We've taken care of you, so I think people will still look for that relationship. Will it always be custom? At the app level, that is a different story. When you run your container and you want to access the things in your environment, so if you're in Google Cloud you may want to talk to Spanner, you're going to need an IEM set of credentials. That's a little out of scope of Kubernetes, so that's going to be integration work that the provider will do. >> So the holy trinity of computing industry has always been storage, network, and compute, and it changes certainly with cloud and all the goodness that comes out from serverless and whatnot, so containers is interesting. We always love containers but I've heard conversations recently where it's like hey, I want to treat containers not as a first class citizen because it doesn't meet my security boundary. I'm going to put a VM around that and run that under the covers with say, Lambda. Is that feasible, is than an option? I've heard talk about it, is anyone doing that? Is that an alternative, is this going to introduce new elements? >> Let's put it right, in Kubernetes by defaults we chose to build on top of Docker. Industry momentum, great developer workflow, but you're right, it made a security trade off. We know VMs are a much tighter security boundary that people are comfortable with. In that world, at that time, they were too slow for what we needed to happen. Thanks to Intel and others who pulled the thread of let's make VMs faster. Recently you heard the announcement of Firecracker, right, it's part of a derivative from the Chrome VM and that thing is optimized for these kinds of workloads, containers and serverless workloads. Now we go from 10, 20 seconds to hundred milliseconds. Now it makes sense to probably have this become an underlying thing. Now that we have the speed, maybe people say hey, we can maybe take the security without sacrificing the performance. >> That's the trade off. >> Pulled on the thread, you mentioned Firecracker. There's still this tension between what's happening in Kubernetes and serverless. We saw Knative is a hot topic point. It's probably natural that there's some tension there because it's like oh wait, why do you need to learn any of this stuff because if serverless will just make it as a service and make it easy and you don't need to learn all that container stuff and everything, what do you say? >> If you're a Kubernetes user, if you really think about the very broad definition of serverless, meaning I'm not managing the database, I'm using a managed database, serverless database. Storage, I'm using S3 or Google Cloud storage, serverless. Your load balancer, also serverless. So most people in the Kubernetes ecosystem, networking, serverless, storage, serverless, their database, serverless. The only thing that you can say isn't serverless is this compute component, everything else is. Now people are looking at serverless as this spectrum. How serverless are you? If you're on-prem and you buy a server and you rack it and install Kubernetes, you're less serverless, you're probably not serverless at all, no matter what you do. Now, if you put a lot of work in, you can probably put a serverless interface on top. This is what native is designed to do for people. Maybe you have an organization that supports multiple businesses inside of your org. They may not know anything about Kubernetes. You just tell them hey, put your code here, it will run, oh, that feels serverless. You can provide a serverless experience. The delta then becomes what can we do between a container and a function, so the foundation of my keynote is exactly that. What does it mean to take a container and put it into Lambda? What do you have to change? In my presentation, I don't even read write the code. There's a small shim between the two worlds because you're already using managed services around it. We're not talking about throwing away Kubernetes and then starting over our entire architecture. We're swapping out the compute layer. One is a subset of the other. Lambda is about events and functions, Kubernetes is about container and run it however you want. You want to run it when an event comes in, that's native. You want to run it as a batch job, run it as a job. You want to run it as a long running service, run it as a deployment, so that's all we're really talking about here. When we break it down, you're just talking about compute. >> You talk a lot about automation in the CI-CD areas, that differentiation where the value is. In a world as automation goes faster, what does Kubernetes look like when it becomes automated away? Because I don't want to manage anything, why even have managed Kubernetes? It should just automatically, you mentioned the patching. In an automated world, is Kubernetes just running under the covers, how does Kubernetes look down the road in your mind, in terms of when automation comes in? >> I've been in this game maybe over 15 years and one thing holds true: most developers want to focus on the business logic. We hire them because that's their skillset. When they check in code, it would be really nice if you can take it from there and get it where it needs to be. That's been the holy grail. We see it in mobile, you build an app, you put it on the App Store, Apple gets it to every device on the planet, done. Now it's the server side turn to do this. Whether you're doing serverless functions, Kubernetes, VMWare, or Linux, if you have CI-CD in front of any of that, the developer can still have the same experience. I check in code and you're picking a different deploy target. If you did that five years ago, and you understood it, and you were using, let's say maybe Mesos or just VMs, you bring in Kubernetes, you don't even have to change this part of the equation. This is why I tell most people, just focus on this endgame. My keynote last year was about this is the endgame because this is your coacher, this is your change management process, this is your discipline, and this is just a target where that compute goes. >> Alright, we've got two minutes left. I want to get your thoughts and share with the audience who's not here, a big waiting list, I know there's some lobby con going on all around Seattle, people flew in. Great place too to actually have some good lobby con meetings around the lobby area. So what's happening here, in your mind's eye, now you're not in the throes of all the events, you're kind of in the wild here with us, everyone else. What's the top story, what's going on, what's the vibe, what are you extracting out of all this activity as a top story, top level stories here? >> I think everyone's finding their place. If you're a security vendor, you kind of know where your line is, right? I've got this Twistlock shirt on. They want to plan a world where they need to integrate closer to the developer workflow, not just on the infrastructure side. If you're selling load balancers, service mesh is a thing, where do you fit in? The lines are getting a lot clearer. Kubernetes is starting to say maybe we should stop here. Maybe service measures should take it from here and that's where Istio comes in. Traditional vendors can now play in this well-defined space. On the storage side, what are you integrating? Now we have the storage interface, like the container storage interface. Now, if you're a net app, you know where you fit into the puzzle. You don't need to have your own Kubernetes distro. Two years ago, everyone was trying to come out with their own Kubernetes distro so they can actually have an anchor. Now you're like, ah, now I know where to play and now we also know what's missing. After years of doing this, people look back and say there's a lot of stuff missing. It's OK now to go create something new. >> It's a clear visibility into the landscape. What about the impact to end users? What is notable in your mind in terms of highlights, impact to end user organizations really going through this quote digital transformation, which is very cloud-based of course, but they're certainly changing and impacting, what's your thoughts on the end user? >> We're using some of the same words now. Forget the technology piece, now we can all start to talk about the same things, so when we say container, we kind of now are talking about the same thing. When we start to talk about sidecars, whether that's a service mesh, Envoy sidecar, or something that adapts your existing code to the new world, now that we're using the same language, we can actually talk. Traditional enterprise can talk to the startups and have a meaningful conversation. >> That's awesome, any other observations here in terms of the size of the show? Got a lot more activity, feels a little bit like re:Invent, I'm bumping into people, swimming through the crowds, the swag's hot. >> It's 8,000 people here and it feels like there's more users that know nothing about Kubernetes so even though we're about five years in, it reminds me of when we were just getting started. >> Lot more work to do but great, congratulations on all the work you've done Kelsey. Really appreciate you taking the time every year to come on theCUBE. We love having you on, great commentary, great keynotes, very entertaining. Thanks for coming on, appreciate it. >> Awesome, thank you. >> I'm John Furrier, Cube here with Kelsey Hightower telling us about all the breakdown of KubeCon, CloudNativeCon, the beginning of the cloud tsunami is happening, certainly changing businesses, changing open source, it's changing, it's on a global scale. We're here with coverage for three days. We'll be right back with more after this short break.