>>Well, hello everybody. I'm John Walls here with the cube, and we're very happy to continue our coverage here of a splunk.com 21. And today we're going to talk about cyber security. Uh, obviously everybody is well aware of a number of, uh, breaches that have happened around the globe, but you might say there's been a surge in trying to prevent those from happening down the road. And I'm going to let our guests explain that Ryan Covar, who is the security strategist at Splunk. Ryan. Good to see you with, uh, with us here on the cube. Glad you could join us today. >>Thank you very much. I've wished we could have been doing this in person, but such as the time of life we live. >>Yeah. We have learned to live on zoom that's for sure. And, uh, it's the next best thing to being there. So, uh, again, thanks for that. Um, well, let's talk about surge, if you will. Um, uh, I know obviously Splunk and data security go hand in hand that is a high priority with the, with the company, but now you have a new initiative that you're just now rolling out to take that to an even higher level. Tell us about that. >>Yeah, something I'm extremely excited to announce. Uh, it's the first time we're really talking about it is that.com 21, which is wonderful. And it's kind of the culmination of my seven years here at Splunk. Uh, before I came to Splunk, I did about 20 years of cyber security research and defense and nation state hunting and threat intelligence and policy and compliance, and just about everything, uh, public sector in the U S and the UK private sector, a couple of different places. So I've kind of been around the block. And one of the things I've found that I'm really passionate about is just being a network defender or a blue teamer. And a lot of my time here at Splunk has been around that. It's been speaking at conferences, doing research, um, coming up with ways to basically defend organizations, but the tools they have at hand and something that we say Alon is, uh, we, we work on the problems of today and tomorrow, not the distant future, right? >>The really practical things. And we had an, you know, there was a little bit of a thing called solar winds. You might've heard of it. Um, that happened earlier in December and we were able to stand up kind of on an ad hoc ragtag group of Splunkers around the world, uh, in a matter of hours. And we worked about 24 hours for panning over to Australia, into a Mia, and then back over to America and able to publish really helpful work to, for our customers to detect or defend or mitigate against what we knew at the time around solar winds, the attack. And then as time went on, we were continuing to write and create material, but we didn't have a group that was focused on it. We were all kind of chipping in after hours or, you know, deep deprecating, other bits of work. >>And I said, you know, we really need to focus on this. This is a big deal. And how can we actually surge up to meet these needs if you will, uh, the play on the punter. So we created an idea of a small team, a dedicated to current events and also doing security research around the problems that are facing around the world insecurity who use Splunk and maybe even those who don't. And that's where the idea of this team was formed. And we've been working all summer. We're releasing our first research project, excuse me, uh, at.com, which is around supply chain, compromise using jaw three Zeke and Splunk, uh, author by myself and primarily Marcus law era. And we have other research projects coming out every quarter, along with doing this work around, just helping people with any sort of immediate cybersecurity threat that we're able to assist with. >>So what are you hoping that security teams can get out of this work? Obviously you're investing a lot of resources and doing the research, I assume, diversifying, you know, the areas and to which you're, um, exploring, um, ultimately what would be the takeaway if I was on the other end, if I was on the client and what would you hope that I would be, uh, extracting from this work? >>Sure. We want to get you promoted. I mean, that's kind of the, the joke of it, but we, we talk a lot. I want to make everyone in the world who use a Splunk or cybersecurity, looked into their bosses and defend their company as fast and quickly as possible. So one of the big, mandates for my team is creating consumable, actionable work and research. So we, you know, we joke a lot that, you know, I have a pretty thick beard here. One might even call it a neck beard and a lot of people in our community, we create things for what I would call wizards, cybersecurity wizards, and we go to conferences and we talk from wizard to wizard, and we kind of sit on our ivory tower on stage and kind of proclaim out how to do things. And I've sat on the other side and sometimes those sound great, but they're not actually helping people with their job today. And so the takeaway for me, what I hope people are able to take away is we're here for you. We're here for the little guys, the network defenders, we're creating things that we're hoping you can immediately take home and implement and do and make better detections and really find the things that are immediate threats to your network and not necessarily having to, you know, create a whole new environment or apply magic. So >>Is there a difference then in terms of say enterprise threats, as opposed to, if I'm a small business or of a medium sized business, maybe I have four or 500 employees as opposed to four or 5,000 or 40,000. Um, what about, you know, finding that ground where you can address both of those levels of, of business and of concern, >>You know, 20 years ago or 10 years ago? I would've answered that question very differently and I fully acknowledge I have a bias in nation state threats. That's what I'm primarily trained in, however, in the last five years, uh, thanks or not. Thanks to ransomware. What we're seeing is the same threats that are affecting and impacting fortune 100 fortune 10 companies. The entire federal government of the United States are the exact same threats that are actually impacting and causing havoc on smaller organizations and businesses. So the reality is in today's threat landscape. I do believe actually the threat is the same to each, but it is not the same level of capabilities for a 100% or 500 person company to a company, the size of Splunk or a fortune 100 company. Um, and that's something that we are actually focusing on is how do we create things to help every size of that business, >>Giving me the tools, right, exactly. >>Which is giving you the power to fight that battle yourself as much as possible, because you may never be able to have the head count of a fortune 100 company, but thanks to the power of software and tools and things like the cloud, you might have some force multipliers that we're hoping to create for you in a much more package consumable method. >>Yeah. Let's go back to the research that you mentioned. Um, how did you pick the first topic? I mean, because this is your, your splash and, and I'm sure there was a lot of thought put into where do we want to dive in >>First? You know, I'd love to say there was a lot of thought put into it because it would make me sound smarter, but it was something we all just immediately knew was a gap. Um, you know, solar winds, which was a supply chain, compromise attack really revealed to many of us something that, um, you know, reporters had been talking about for years, but we never really saw come to fruition was a real actionable threat. And when we started looking at our library of offerings and what we could actually help customers with, I talked over 175 federal and private sector companies around the world in a month and a half after solar winds. And a lot of times the answer was, yeah, we can't really help you with this specific part of the problem. We can help you around all sorts of other places, but like, gosh, how do you actually detect this? >>And there's not a great answer. And that really bothered me. And to be perfectly honest, that was part of the reason that we founded the team. So it was a very obvious next step was, well, this is why we're creating the team. Then our first product should probably be around this problem. And then you say, okay, supply chain, that's really big. That's a huge chunk of work. So the first question is like, well, what can we actually affect change on without talking about things like quantum computing, right? Which are all things that are, you know, blockchain, quantum computing, these are all solutions that are actually possible to solve or mitigate supply chain compromise, but it's not happening today. And it sure as heck isn't even happening tomorrow. So how do we create something that's digestible today? And so what Marcus did, and one of his true skillsets is really refining the problem down, down, down, down. >>And where can we get to the point of, Hey, this is data that we think most organizations have a chance of collecting. These are methodologies that we think people can do and how can they actually implement them with success in their network. And then we test that and then we kind of keep doing a huge fan of the concept of OODA loop, orient, orient, observe, decide, and act. And we do that through our hypothesizing. We kind of keep looking at that and iterating over and over and over again, until we're able to come up with a solution that seems to be applicable for the personas that we're trying to help. And that's where we got out with this research of, Hey, collect network data, use a tool like Splunk and some of our built-in statistical analysis functions and come out the other side. And I'll be honest, we're not solving the problem. >>We're helping you with the problem. And I think that's a key differentiator of what we're saying is there is no silver bullet and frankly, anyone that tells you they can solve supply chain, uh, let me know, cause I want to join that hot new startup. Um, the reality is we can help you go from a field of haystacks to a single haystack and inside that single haystack, there's a needle, right? And there's actually a lot of value in that because before the PR problem was unapproachable, and now we've gotten it down to saying like, Hey, use your traditional tools, use your traditional analytic craft on a much smaller set of data where we've pretty much verified that there's something here, but look right here. And that's where we kind of focused. >>You talked about, you know, and we all know about the importance and really the emphasis that's put on data protection, right? Um, at the same time, can you use data to help you protect? I mean, is there information or insight that could be gleaned from, from data that whether it's behavior or whatever the case might be, that, that not only, uh, is something that you can operationalize and it's a good thing for your business, but you could also put it into practice in terms of your security practices to >>A hundred percent. The, the undervalued aspect of cybersecurity in my opinion, is elbow grease. Um, you can buy a lot of tools, uh, but the reality is to get value immediately. Usually the easiest place to start is just doing the hard detail oriented work. And so when you ask, is there data that can help you immediately data analytics? Actually, I go to, um, knowing what you have in your network, knowing what you have, that you're actually trying to protect asset and inventory, CMDB, things like this, which is not attractive. It's not something people want to talk about, but it's actually the basis of all good security. How do you possibly defend something if you don't know what you're defending and where it is. And something that we found in our research was in order to detect and find anomalous behavior of systems communicating outbound, um, it's too much. >>So what you have to do is limit the scope down to those critical assets that you're most concerned about and a perfect example of critical asset. And there's no, no shame or victim blaming here, put on solar winds. Uh, it's just that, that is an example of an appliance server that has massive impact on the organization as we saw in 2020. And how can you actually find that if you don't know where it is? So really that first step is taking the data that you already have and saying, let's find all the systems that we're trying to protect. And what's often known as a crown jewels approach, and then applying these advanced analytics on top of those crown jewel approaches to limit the data scope and really get it to just what you're trying to protect. And once you're positive that you have that fairly well defended, then you go out to the next tier and the next tier in next year. And that's a great approach, take things you're already doing today and applying them and getting better results tomorrow. >>No, before I let you go, um, I I'd like to just have you put a, uh, a bow on surge, if you will, on that package, why is this a big deal to you? It's been a long time in the making. I know you're very happy about the rollout of this week. Um, you know, what's the impact you want to have? Why is it important? >>We did a lot of literature review. I have a very analytical background. My time working at DARPA taught me a lot about doing research and development and on laying out the value of failure, um, and how much sometimes even failing as long as you talk about it and talk about your approach and methodology and share that is important. And the other part of this is I see a lot of work done by many other wonderful organizations, uh, but they're really solving for a problem further down the road or they're creating solutions that not everyone can implement. And so what I think is so important and what's different about our team is we're not only thinking differently, we're hiring differently. You know, we have people who have a threat intelligence background from the white house. We have another researcher who did 10 years at DARPA insecurity, research and development. >>Uh, we've recently hired a, a former journalist who she's made a career pivot into cybersecurity, and she's helping us really review the data and what people are facing and come up with a real connection to make sure we are tackling the right problems. And so to me, what I'm most excited about is we're not only trying to solve different problems. And I think what most of the world is looking at for cybersecurity research, we've staffed it to be different, think different and come up with things that are probably a little less, um, normal than everyone's seen before. And I'm excited about that. >>Well, and, and rightly so, uh, Ryan, thanks for the time, a pleasure to have you here on the cube and, uh, the information again, the initiative is Serge, check it out, uh, spunk very much active in the cyber security protection business. And so we have certainly appreciate that effort. Thank you, Ryan. >>Well, thank you very much, John. You bet Ryan, >>Covar joining us here on our cube coverage. We continue our coverage of.com for 21.

>>Yeah. Hello and welcome back to the cubes coverage of AWS public sector summit here in Washington D. C. We're live on the ground for two days. Face to face conference and expo hall and everything here but keith brooks who is the director and head of technical business development for a dress government Govcloud selling brains 10th birthday. Congratulations. Welcome to the cube. Thank you john happy to be E. C. 2 15 S three is 9.5 or no, that maybe they're 10 because that's the same day as sqs So Govcloud. 10 years, 20 years. What time >>flies? 10 years? >>Big milestone. Congratulations. A lot of history involved in Govcloud. Yes. Take us through what's the current situation? >>Yeah. So um let's start with what it is just for the viewers that may not be familiar. So AWS Govcloud is isolated. AWS cloud infrastructure and services that were purposely built for our U. S. Government customers that had highly sensitive data or highly regulated data or applications and workloads that they wanted to move to the cloud. So we gave customers the ability to do that with AWS Govcloud. It is subject to the fed ramp I and D O D S R G I L four L five baselines. It gives customers the ability to address ITAR requirements as well as Seaga's N'est ce MMC and Phipps requirements and gives customers a multi region architecture that allows them to also designed for disaster recovery and high availability in terms of why we built it. It starts with our customers. It was pretty clear from the government that they needed a highly secure and highly compliant cloud infrastructure to innovate ahead of demand and that's what we delivered. So back in august of 2011 we launched AWS GovCloud which gave customers the best of breed in terms of high technology, high security, high compliance in the cloud to allow them to innovate for their mission critical workloads. Who >>was some of the early customers when you guys launched after the C. I. A deal intelligence community is a big one but some of the early customers. >>So the Department of Health and Human Services, the Department of Veterans Affairs, the Department of Justice and the Department of Defense were all early users of AWS GovCloud. But one of our earliest lighthouse customers was the Nasa jet propulsion laboratory and Nasa Jpl used AWS GovCloud to procure Procure resources ahead of demand which allowed them to save money and also take advantage of being efficient and only paying for what they needed. But they went beyond just I. T. Operations. They also looked at how do they use the cloud and specifically GovCloud for their mission programs. So if you think back to all the way to 2012 with the mars curiosity rover, Nasa Jpl actually streamed and processed and stored that data from the curiosity rover on AWS Govcloud They actually streamed over 150 terabytes of data responded to over 80,000 requests per second and took it beyond just imagery. They actually did high performance compute and data analytics on the data as well. That led to additional efficiencies for future. Over there >>were entire kicking they were actually >>hard core missing into it. Mission critical workloads that also adhere to itar compliance which is why they used AWS GovCloud. >>All these compliance. So there's also these levels. I remember when I was working on the jetty uh stories that were out there was always like level for those different classifications. What does all that mean like? And then this highly available data and highly high availability all these words mean something in these top secret clouds. Can you take us through kind of meetings >>of those? Yeah absolutely. So it starts with the federal compliance program and the two most popular programs are Fed ramp and Dodi srg fed ramp is more general for federal government agencies. There are three levels low moderate and high in the short and skinny of those levels is how they align to the fisma requirements of the government. So there's fisma low fisma moderate fisma high depending on the sensitivity of the government data you will have to align to those levels of Fed ramp to use workloads and store data in the cloud. Similar story for D. O. D. With srg impact levels to 45 and six uh impacts levels to four and five are all for unclassified data. Level two is for less sensitive public defense data levels. Four and five cover more sensitive defense data to include mission critical national security systems and impact level six is for classified information. So those form the basis of security and compliance, luckily with AWS GovCloud celebrating our 10th anniversary, we address Fed ramp high for our customers that require that and D. O. D impact levels to four and five for a sensitive defense guy. >>And that was a real nuanced point and a lot of the competition can't do that. That's real people don't understand, you know, this company, which is that company and all the lobbying and all the mudslinging that goes on. We've seen that in the industry. It's unfortunate, but it happens. Um, I do want to ask you about the Fed ramp because what I'm seeing on the commercial side in the cloud ecosystem, a lot of companies that aren't quote targeting public sector are coming in on the Fed ramp. So there's some good traction there. You guys have done a lot of work to accelerate that. Any new, any new information to share their. >>Yes. So we've been committed to supporting the federal government compliance requirements effectively since the launch of GovCloud. And we've demonstrated our commitment to Fed ramp over the last number of years and GovCloud specifically, we've taken dozens of services through Fed ramp high and we're 100% committed to it because we have great relationships with the Fed ramp, Jabor the joint authorization board. We work with individual government agencies to secure agency A. T. O. S. And in fact we actually have more agency A. T. O. S. With AWS GovCloud than any other cloud provider. And the short and skinny is that represents the baseline for cloud security to address sensitive government workloads and sensitive government data. And what we're seeing from industry and specifically highly regulated industries is the standard that the U. S. Government set means that they have the assurance to run control and classified information or other levels of highly sensitive data on the cloud as well. So Fed ramp set that standard. It's interesting >>that the cloud, this is the ecosystem within an ecosystem again within crossover section. So for instance um the impact of not getting Fed ramp certified is basically money. Right. If you're a supplier vendor uh software developer or whatever used to being a miracle, no one no one would know right bed ramp. I'm gonna have to hire a whole department right now. You guys have a really easy, this is a key value proposition, isn't it? >>Correct. And you see it with a number of I. S. V. S. And software as the service providers. If you visit the federal marketplace website, you'll see dozens of providers that have Fed ramp authorized third party SAAS products running on GovCloud industry leading SAAS companies like Salesforce dot com driven technology Splunk essay PNS to effectively they're bringing their best of breed capabilities, building on top of AWS GovCloud and offering those highly compliant fed ramp, moderate fed ramp high capabilities to customers both in government and private industry that need that level of compliance. >>Just as an aside, I saw they've got a nice tweet from Teresa Carlson now it's plunk Govcloud yesterday. That was a nice little positive gesture uh, for you guys at GovCloud, what other areas are you guys moving the needle on because architecturally this is a big deal. What are some areas that you're moving the needle on for the GovCloud? >>Well, when I look back across the last 10 years, there were some pretty important developments that stand out. The first is us launching the second Govcloud infrastructure region in 2018 And that gave customers that use GovCloud specifically customers that have highly sensitive data and high levels of compliance. The ability to build fault tolerant, highly available and mission critical workloads in the cloud in a region that also gives them an additional three availability zones. So the launch of GovCloud East, which is named AWS GovCloud Us East gave customers to regions a total of six availability zones that allowed them accelerate and build more scalable solutions in the cloud. More recently, there is an emergence of another D O D program called the cybersecurity maturity model, C M M C and C M M C is something where we looked around the corner and said we need to Innovate to help our customers, particularly defense customers and the defense industrial based customers address see MMC requirements in the cloud. So with Govcloud back in December of 2020, we actually launched the AWS compliant framework for federal defense workloads, which gives customers a turnkey capability and tooling and resources to spin up environments that are configured to meet see MMC controls and D. O. D. Srg control. So those things represent some of the >>evolution keith. I'm interested also in your thoughts on how you see the progression of Govcloud outside the United States. Tactical Edge get wavelength coming on board. How does how do you guys look at that? Obviously us is global, it's not just the jet, I think it's more of in general. Edge deployments, sovereignty is also going to be world's flat, Right? I mean, so how does that >>work? So it starts back with customer requirements and I tie it back to the first question effectively we built Govcloud to respond to our U. S. Government customers and are highly regulated industry customers that had highly sensitive data and a high bar to meet in terms of regulatory compliance and that's the foundation of it. So as we look to other customers to include those outside of the US. It starts with those requirements. You mentioned things like edge and hybrid and a good example of how we marry the two is when we launched a W. S. Outpost in Govcloud last year. So outpost brings the power of the AWS cloud to on premises environments of our customers, whether it's their data centers or Coehlo environments by bringing AWS services, a. P. I. S and service and points to the customer's on premises facilities >>even outside the United States. >>Well, for Govcloud is focused on us right now. Outside of the U. S. Customers also have availability to use outpost. It's just for us customers, it's focused on outpost availability, geography >>right now us. Right. But other governments gonna want their Govcloud too. Right, Right, that's what you're getting at, >>Right? And it starts with the data. Right? So we we we spent a lot of time working with government agencies across the globe to understand their regulations and their requirements and we use that to drive our decisions. And again, just like we started with govcloud 10 years ago, it starts with our customer requirements and we innovate from there. Well, >>I've been, I love the D. O. D. S vision on this. I know jet I didn't come through and kind of went scuttled, got thrown under the bus or whatever however you want to call it. But that whole idea of a tactical edge, it was pretty brilliant idea. Um so I'm looking forward to seeing more of that. That's where I was supposed to come in, get snowball, snowmobile, little snow snow products as well, how are they doing? And because they're all part of the family to, >>they are and they're available in Govcloud and they're also authorized that fed ramp and Gov srg levels and it's really, it's really fascinating to see D. O. D innovate with the cloud. Right. So you mentioned tactical edge. So whether it's snowball devices or using outposts in the future, I think the D. O. D. And our defense customers are going to continue to innovate. And quite frankly for us, it represents our commitment to the space we want to make sure our defense customers and the defense industrial base defense contractors have access to the best debris capabilities like those edge devices and edge capable. I >>think about the impact of certification, which is good because I just thought of a clean crows. We've got aerospace coming in now you've got D O. D, a little bit of a cross colonization if you will. So nice to have that flexibility. I got to ask you about just how you view just in general, the intelligence community a lot of uptake since the CIA deal with amazon Just overall good health for eight of his gum cloud. >>Absolutely. And again, it starts with our commitment to our customers. We want to make sure that our national security customers are defense customers and all of the customers and the federal government that have a responsibility for securing the country have access to the best of breed capability. So whether it's the intelligence community, the Department of Defense are the federal agencies and quite frankly we see them innovating and driving things forward to include with their sensitive workloads that run in Govcloud, >>what's your strategy for partnerships as you work on the ecosystem? You do a lot with strategy. Go to market partnerships. Um, it's got its public sector pretty much people all know each other. Our new firms popping up new brands. What's the, what's the ecosystem looks like? >>Yeah, it's pretty diverse. So for Govcloud specifically, if you look at partners in the defense community, we work with aerospace companies like Lockheed martin and Raytheon Technologies to help them build I tar compliant E. R. P. Application, software development environments etcetera. We work with software companies I mentioned salesforce dot com. Splunk and S. A. P. And S. To uh and then even at the state and local government level, there's a company called Pay It that actually worked with the state of Kansas to develop the Icann app, which is pretty fascinating. It's a app that is the official app of the state of Kansas that allow citizens to interact with citizens services. That's all through a partner. So we continue to work with our partner uh broad the AWS partner network to bring those type of people >>You got a lot of MST is that are doing good work here. I saw someone out here uh 10 years. Congratulations. What's the coolest thing uh you've done or seen. >>Oh wow, it's hard to name anything in particular. I just think for us it's just seeing the customers and the federal government innovate right? And, and tie that innovation to mission critical workloads that are highly important. Again, it reflects our commitment to give these government customers and the government contractors the best of breed capabilities and some of the innovation we just see coming from the federal government leveraging the count now. It's just super cool. So hard to pinpoint one specific thing. But I love the innovation and it's hard to pick a favorite >>Child that we always say. It's kind of a trick question I do have to ask you about just in general, the just in 10 years. Just look at the agility. Yeah, I mean if you told me 10 years ago the government would be moving at any, any agile anything. They were a glacier in terms of change, right? Procure Man, you name it. It's just like, it's a racket. It's a racket. So, so, but they weren't, they were slow and money now. Pandemic hits this year. Last year, everything's up for grabs. The script has been flipped >>exactly. And you know what, what's interesting is there were actually a few federal government agencies that really paved the way for what you're seeing today. I'll give you some examples. So the Department of Veterans Affairs, they were an early Govcloud user and way back in 2015 they launched vets dot gov on gov cloud, which is an online platform that gave veterans the ability to apply for manage and track their benefits. Those type of initiatives paved the way for what you're seeing today, even as soon as last year with the U. S. Census, right? They brought the decennial count online for the first time in history last year, during 2020 during the pandemic and the Census Bureau was able to use Govcloud to launch and run 2020 census dot gov in the cloud at scale to secure that data. So those are examples of federal agencies that really kind of paved the way and leading to what you're saying is it's kind >>of an awakening. It is and I think one of the things that no one's reporting is kind of a cultural revolution is the talent underneath that way, the younger people like finally like and so it's cooler. It is when you go fast and you can make things change, skeptics turned into naysayers turned into like out of a job or they don't transform so like that whole blocker mentality gets exposed just like shelf where software you don't know what it does until the cloud is not performing, its not good. Right, right. >>Right. Into that point. That's why we spend a lot of time focused on education programs and up skilling the workforce to, because we want to ensure that as our customers mature and as they innovate, we're providing the right training and resources to help them along their journey, >>keith brooks great conversation, great insight and historian to taking us to the early days of Govcloud. Thanks for coming on the cube. Thanks thanks for having me cubes coverage here and address public sector summit. We'll be back with more coverage after this short break. Mhm. Mhm mm.

>> live from Washington, D. C. It's the Cube covering a ws public sector summit. She wrote to you by Amazon Web services. >> Welcome back to the cubes. Live coverage of the ES W s Public Sector summit here in Washington D. C. At the 10th annual eight of the U. S. Public sector summit. I'm your host Rebecca Night, along with my co host, John Farrier. We're joined by Adelaide O'Brien. She is research director. Government digital transformation strategies at I. D. C. Government incites Thanks so much for coming on the show. Adelaide. >> Rebecca for having me. It's I'm pleased to be here today, >> so I want to just start really with just picking your brain about about the topic of this conference, which is about modernization of government. What is the state of play? How Where do you Where do you see things from where you sit? >> Well, as you know, the federal government right now has been under about a 10 year directive to go cloud first. And what we've seen is, you know, a lot of agencies not all but some of them have a struggled with that, Uh, and it hasn't really had the momentum of the velocity that as an analyst, I I'd like to see and s o last year. The current federal seo says that can put out a policy, and it was about actually moving to Cloud Smart. So it wasn't just to do cloud to be more efficient to save some of that money. That about 75,000,000 that's spent on maintaining legacy equipment. But it was actually thinking about using cloud to be very, very agile to help deliver better citizen services. And what's interesting is this. This whole concept of cloud smart is also very supportive. The Modernization Technology Act as well as the report to the president on it. Modernization. So last year we saw both executive and legislative support for agencies to move to cloud. >> So, as you said, it doesn't. But it's still from where you sit. Doesn't analyst. It still doesn't quite have the momentum and the velocity that you'd like to see. What do you see as the biggest obstacles? >> Well, and this was actually identified in Cloud Smart and yesterday and today I heard a lot of agencies talking about thes three aspects, and I think you know, 10 a W s is a great place to help them. So one of the first is security. And we know when agencies, you know, were first Ask Goto the cloud security was, you know, the biggest barrier in their organization to cloud. And and so I think it was the 3rd 8 of US Conference. It was actually in this building, and I know there's been but I wasn't the first to and I could remember is an analyst. I was so pleased that Teresa had Roger Baker, the CEO of Health and Human Services on stage, and they were talking about getting fed Reum certification, and I think it was one of the first. And it was it was thrilling that such a large agency had invested so much time and money about working with eight of us to get February certification. So to me that that was like, you know, an initial pushing a start, so security is just so so important. And now you've got, you know, so many different software providers working with Amazon. Eight of us on security on DH. Even today, at one of the breakout sessions, the senses really talked about because the CIA moved to eight of us, and they put their most sensitive information in the cloud they felt comfortable with putting the personally identifiable information in the cloud. I'II our census data information. >> If it's good enough for that for that kind of information, I can I can put my business >> exactly there, Tio. Exactly >> the question I want to get on the comm on the research side is competition of opportunities. Is Old Wick about old gore Amazon? Always the old guard, The old way of doing things. They're pretty much in the new class. Dev Ops. We've seen that on the enterprise side Certainly start ups, any jazz, these examples like Airbnb. You see those at conferences over the years that we have the example of these cloud Native Cos. How does government now look at suppliers as partners? Because the big debate is you picked the right cloud for the right workload. Work lotion to find cloud architecture. You can't just split clouds up amongst Microsoft, Google, Amazon and oracles of the world. The whole multi vendor equation shifts in this new paradigm. How do you see that playing out? >> Yes, it does. But I also see and what I've heard today over the last two days is, you know, agencies are actually looking for a partner who can grow with them and learn with them. And I heard that over and over again. You know, they want a cloud provider that you know, has skin in the game, and that actually helps them. And we've seen that they also want a cloud provider that's innovative. And, you know, one of my concerns is I learned about how you know, scale. Everything's about scale today, right? And how Amazon now has eight of us has scaled up so fast over the last couple of years and all the innovations that they're able to provide. And so the question is, how can you keep that culture alive? And, you know, it's kind of like that start up culture at eight of us, right? How can you keep that alive? And, you know, I think the answer did today and, you know, I wish I would have thought about the question in the way he talked about it. You know, when you get big, you get conservative right, because you have too much to lose and too much is at stake. and, you know, as an analyst, I'm seeing eight of us. Not only is a growing fantastically, but it's innovating, and I think that's what gives you than this innovation. The you know, you don't have to be a a Silicon Valley software company to innovate, and I think part of it comes from I think Theresa's said that 95% of A W S's roadmap is based upon what they hear from their customers. So you know that that ear to the ground knowing the government business, federal, state, local, is so, so >> important. This trend that's helping them to also is the move to sass with capabilities on digital using suffers a service business model. So again, it's all kind of timed up beautifully for these agencies that were slow to move in the past. This is an analyst, er, >> yeah, so So security is one of the things on Cloud Smart, and I think that was one of the biggest, biggest barriers to momentum. But the others acquisition. So there's three things about clouds smart that agencies are to pay attention to, and I think you know what's really helped in the acquisition is, you know, the standardization and not only the federal up certification. And, you know, eight of us is healthy cloud providers. Software's the service providers get Fed Ram certification. And so, in the end, this is announced at the conference last year of a TIO on a W s. Right, because it's an arduous process. If you don't know what you're doing, it can cost you a lot of money and take a lot of time. So, you know, eight of us is working with his partners, and that's all good for the government sector, right? Because the more vendors that go through certification, the more they trust them and the more they can trust, you know, the integrity of their data in the cloud. So the acquisition is the 2nd 1 But the 3rd 1 is the workforce, and I think you know, And he mentioned it today. You know, a lot of the resistance, and a lot of the inertia of cloud is not just the technology, it's training the workforce, and I, you know, I thought, it's so so important because it's not just an conversation any longer. Going to cloud is part of digital transformation. Is the foundation of it. And so that has to be a conversation with all levels of agency executives. And they have to agree Otherwise, you know, if you're innovating, you've got, you know, islands of innovation and you on the cloud you can start to Yes, you can pilot, but you can start to really get scale there and transform your whole business. And it's all about serving citizens better and innovating to serve them better and automating your processes. You know that's so important as well. >> So how would you describe the work force? I mean, when you think about the private sector, workforce, women, when in terms of cloud computing versus the government, you tend to think one is more bureaucratic. There is obviously more red tape may be slower moving. How What are you seeing? What are you hearing? >> Well, you know, at all levels of the workforce and especially in government, there's a big push now to automate everything. He and you know, the government at all levels. Federal state local realizes they're actually competing with the private sector for work source. And so, you know, historically, government would say, Well, what's the next skill and we better start preparing for that, right? What's what What's coming down the pike and we we need. And now it's like, How do we prepare for people who enter government and move in various different jobs and move in and out of government? And so when you think about that, that's a skill development and technology can help with that. But it's also a mindset of accepting the fact that people join government to serve, and they might leave and come back. And so that's very important, but also the in terms of cloud smart. The workforce has to be able to understand cloud and howto work with vendors, you know, and it's not necessarily, you know, owning your own equipment. But it's it's it's trusting your vendors and trusting them with your business and and how do you, you know, provide these solutions to the line of business folks? And in a way, I actually seen you the IT department become much more responsive to the line of business folks. And my advice, Teo government executives, especially the folks, is always think of yourself as a service right. Think of yourself as a service. You know that as a service to the line of business folks and, you know, help them understand what what they need, how they accomplished their mission. Maybe give them a short list of solutions to help them out, but really start tracking them. You know what they're accomplishing, and that will help fuel. Then you reinvestments help. You know where to spend your money next And really, you know, just fuel this whole mission accomplishment. >> One of the things that we've been talking a lot about on the Cube for for years is the new role of the chief data officer in any organizations. A lot of federal agencies air now, also putting in their own chief date officers. Can you talk a little bit about what you've seen and what and how they're being used? >> Yeah, so they're our chief data officers in the organization's it again. That's one of those skills were you know, government's going to compete with the private sector for them, and there's probably not enough to go around Andi. And so it's a very precious commodity. And, you know, it is especially like in your research organizations. You've got chief data officers there, but in a lot of the other areas. And, you know, especially in the civilian government, you may not be able to have your old, you know, chief Data officer. Right? You certainly have all the data, but you may not have someone like that. And that's where you know some of the things that that I that that I'm advising agencies to look for us who can help you, then give you some of these big data and you know, a I and ML solutions that your line of business folks Khun, start to interface and work with. And maybe you have Chief data officers set up the data fields initially, but that's where you've got to start to democracy eyes, you know, a I and m l. And because you're never gonna have enough Chief data officers in anyone organization to possibly calm through all of that data on DSO, that's again where technology can help. >> Great. Well, Adelaide, thank you so much for coming on the Cube. It's been a pleasure. Having you >> was great being here. Thank you so much. >> I'm Rebecca Knight for John Furrier. Stay tuned. We will have more of the cubes. Live coverage of a ws public sector summit