>> Announcer: TheCUBE presents Ignite22, brought to you by Palo Alto Networks. >> Hey, welcome back to Vegas. Great to have you. We're pleased that you're watching theCUBE. Lisa Martin and Dave Vellante. Day two of theCUBE's coverage of Palo Alto Ignite22 from the MGM Grand. Dave, we're going to be talking about data. >> You know I love data. >> I do know you love data. >> Survey data- >> There is a great new survey that Palo Alto Networks just published yesterday, "What's next in cyber?" We're going to be digging through it with their CMO. Who better to talk about data with than a CMO that has a PhD in machine learning? We're very pleased to welcome to the program, Zeynep Ozdemir, CMO of Palo Alto Networks. Great to have you. Thank you for joining us. >> It's a pleasure to be here. >> First, I got to ask you about your PhD. Your background as a CMO is so interesting and unique. Give me a little bit of a history on that. >> Oh, absolutely, yes. Yes, I admit that I'm a little bit of an untraditional marketing leader. I spent probably the first half of my career as a software engineer and a research scientist in the area of machine learning and speech signal processing, which is very uncommon, I admit that. Honestly, it has actually helped me immensely in my current role. I mean, you know, you've spoken to Lee Klarich, I think a little while ago. We have a very tight and close partnership with product and engineering teams at Palo Alto Networks. And, you know, cybersecurity is a very complex topic. And we're at a critical juncture right now where all of these new technologies, AI, machine learning, cloud computing, are going to really transform the industry. And I think that I'm very lucky, as somebody who's very technically competent in all of those areas, to partner with the best people and the leading company right now. So, I'm very happy that my technical background is actually helping in this journey. >> Dave: Oh, wait, aren't you like a molecular biologist, or something? >> A reformed molecular...yes. >> Yes. >> Okay. Whoa, okay. (group laughs) >> But >> Math guy over here. >> Yeah. You guys just, the story that I tease is... the amount of data in there is unbelievable. This has just started in August, so a few months ago. >> Zeynep: Yeah. >> Fresh data. You surveyed 1300 CXOs globally. >> Zeynep: That's right. >> Across industries and organizations are saying, you know, hybrid work and remote work became status quo like that. >> Yes. >> Couple years ago everyone shifted to multicloud and of course the cyber criminals are sophisticated, and they're motivated, and they're well funded. >> Zeynep: That's right. >> What are some of the things that you think that the survey really demonstrated that validate the direction that Palo Alto Networks is going in? >> That's right. That's right. So we do these surveys because first and foremost, we have to make sure we're aligned with our customers in terms of our product strategy and the direction. And we have to confirm and validate our very strong opinions about the future of the cybersecurity industry. So, but this time when we did this survey, we just saw some great insights, and we decided we want to share it with the broader industry because we obviously want to drive thought leadership and make sure everybody is in the same level field. Some interesting and significant results with this one. So, as you said, this was 1300 C level cybersecurity decision makers and executives across the world. So we had participants from Europe, from Japan, from Asia Pacific, Latin America, in addition to North America. So one of the most significant stats or data points that we've seen was the fact that out of everybody interviewed, 96% of participants had experienced one or more cybersecurity breaches in the past 12 months. That was more than what we expected, to be honest with you. And then 57% of them actually experienced three or more. So those stats are really worth sharing in terms of where the state of cybersecurity is. What also was personally interesting to me was 33% of them actually experienced an operational disruption as a result of a breach, which is a big number. It's one third of participants. So all of these were very interesting. We asked them more detailed questions around you know, how many...like obviously all of them are trying to respond to this situation. They're trying different technologies, different tools and it seems like they're in a point where they're almost have too many tools and technologies because, you know, when you have too many tools and technologies, there's the operational overhead of integrating them. It creates blind spots between them because those tools aren't really communicating with each other. So what we heard from the responders was that on average they were on like 32 tools, 22% was on 50 or more tools, which is crazy. But what the question we asked them was, you know, are you, are you looking to consolidate? Are you looking to go more tools or less tools? Like what are your thoughts on that? And a significant majority of them, like about 77% said they are actively trying to reduce the number of technologies that they're trying to use because they want to actually achieve better security outcomes. >> I wonder if you could comment on this. So early on in the pandemic, we have a partner, survey partner ETR, Enterprise Technology Research. And we saw a real shift of course, 'cause of hybrid work toward endpoint security, cloud security, they were rearchitecting their networks, a new focus on, you know, different thinking about network security and identity. >> Yeah. >> You play in all of those in partner for identity. >> Zeynep: Yeah. >> I almost, my question is, is was there kind of a knee jerk reaction to get point tools to plug some of those holes? >> Zeynep: Yes. >> And now they're...'cause we said at the time, this is a permanent shift in thinking. What we didn't think through it's coming to focus here at this conference is, okay, we did that, but now we created another problem. >> Zeynep: Yeah. Yeah. >> Now we're- >> Yes, yes. You're very right. I think, and it's very natural to do this, right? >> Sure. >> Every time a problem pops up, you want to fix it as quickly as possible. And you look... you survey who can help you with that. And then you kind of get going because cybersecurity is one of those areas where you can't really wait and do, you know, take time to fix those problems. So that happened a lot and it is happening. But what happened as a result of that. For example, I'll give you a data point from the actual survey that answers this very question. When we asked these executives what keeps them like up at night, like what's their biggest concern? A significant majority of them said, oh we're having difficulty with data management. And what that means is that all these tools that they've deployed, they're generating a lot of insights and data, but they're disconnected, right? So there is no one place where you can say, look at it holistically and come to conclusions very fast about how threat actors are moving in an organization. So that's a direct result of this proliferation of tools, if you will. And you're right. And it will...it's a natural thing to deploy products very quickly. But then you have to take a step back and say, how do I make this more effective? How do I bring things together, bring all my data together to be able to get to threats detect threats much faster? >> An unintended consequence of that quick fix. >> And become cyber resilient. We've been hearing a lot about cyber resiliency. >> Yes, yes. >> Recently and something that I was noting in the survey is only 25% of execs said, yeah, our cyber resilience and readiness is high. And you found that there was a lack of alignment between the boards and the executive levels. And we actually spoke with I think BJ yesterday on how are you guys and even some of your partners >> Yeah. >> How are you helping facilitate that alignment? We know security's always a board level- >> Zeynep: Yes. >> Conversation, but the lack of alignment was kind of surprising to me. >> Yeah. Well I think the good news is that I think we... cybersecurity is taking its place in board discussions more and more. Whether there's alignment or not, at least it's a topic, right? >> Yeah. That was also out of the survey that we saw. I think yes, we have a lot of, a big role to play in helping security executives communicate better with boards and c-level executives in their organizations. Because as we said, it's a very complex topic, and it has to be taken from two angles. When there's...it's a board level discussion. One, how are you reducing risk and making sure that you're resilient. Two, how do you think about return on investment and you know, what's the right level of investment and is that investment going to get us the return that we need? >> What do you think of this? So there's another interesting stat here. What keeps executives up at night? >> Mmhm. >> You mentioned difficulty of data management. Normally, the CISO response to what's your number one problem is lack of talent. >> Zeynep: Number three there, yes. Yeah. >> And it is maybe somewhat related to difficulty of data management, but maybe people have realized, you know what? I'm never going to solve this problem by throwing bodies at it. >> Yeah. >> I got to think of a better way to consolidate my data. Maybe partner with a company that can help me do that. And then the second one was scared of being left behind changes in the tech stack. So we're moving so fast to digitize. >> Zeynep: Yes. >> And security's still an afterthought. And so it's almost as though they're kind of rethinking the problems 'cause they know that they can't just solve the issue by throwing, you know, more hires at it 'cause they can't find the people. >> That is...you're absolutely spot on. The thing about cybersecurity skills gap, it's a reality. It's very real. It's a hard place to be. It's hard to ramp up sometimes. Also, there's a lot of turnover. But you're right in the sense that a lot of the manual work that is needed for cybersecurity, it's actually more sort of much easier to tackle with machines- >> Yeah. >> Than humans. It's a funny double click on the stat you just gave. In North America, the responders when we asked them like how they're coping with the skills shortage, they said we're automating more. So we're using more AI, we're using more process automation to make sure we do the heavy lifting with machines and then only present to the people what they're very good at, is making judgements, right? Very sort of like last minute judgment calls. In the other parts of the world, the top answer to that question is how you're tackling cybersecurity skill shortage was, we're actually trying to provide higher wages and better benefits to the existing p... so there's a little bit of a gap between the two. But I think, I think the world is moving towards the former, which is let's do as much as we can with AI and machines and automation in general and then let's make sure we're more in an automation assisted world versus a human first world. >> We also saw on the survey that ransomware was, you know, the big concern in the United States. Not as much, not that it's not a concern >> Lisa: Yeah. >> In other parts of the world. >> Zeynep: Yeah. >> But it wasn't number one. Why do you think that is? Is it 'cause maybe the US has more to lose? Is it, you know, more high profile or- >> Yeah. Look, I mean, yes you're right? So most responders said number one is ransomware. That's my biggest concern going into 2023. And it was for JAPAC and I think EMEA, Europe, it was supply chain attacks. >> Dave: Right. >> So I think US has been hit hard by ransomware in the past year. I think it's like fresh memory and that's why it rose to the top in various verticals. So I'm not surprised with that outcome. I think supply chain is more of a... we've, you know, we've been hit hard globally by that, and it's very new. >> Lisa: Yeah. >> So I think a lot of the European and JAPAC responders are responding to it from a perspective of, this is a problem I still don't know how to solve. You know, like, and it's like I need the right infrastructure to...and I need the right visibility into my software supply chain. It's very top of mind. So those were some of the differences, but you're right. That was a very interesting regional distinction as well. >> How do you take this data and then bring it back to your customers to kind of close the loop? Do you do that? Do you say, okay, hey, we're going to share this data with you, get realtime feedback- >> Zeynep: Yes. >> Dave: We often like to do that with data- >> Zeynep: Absolutely. >> Say okay...'cause you know, when you do a survey like this, you're like, oh, I wish we asked A, B and C. But it gives you, informs you as to where to double click. Is there a system to do that? Or process to do that? >> Yes. Our hope and goal is to do this every year and see how things are changing and then do some historical analysis as to how things are changing as well. But as I said in the very beginning, I think we take this and we say, okay, there's a lot of alignment in these areas, especially for us for our products to see if where our products are deployed to see if some of those numbers vary, you know, per product. Because we address as a company, we address a lot of these concerns. So then it's very encouraging to say, okay, with certain customers, we're going to go, we're going to have develop certain metrics and we're going to measure how much of a difference we're making with these stats. >> Well, I mean, if you can show that you're consolidating- >> Yeah. >> You know, the number of tools and show the business impact- >> Right. >> Exactly. >> Home run. >> Exactly. Yes- >> Speaking of business outcomes, you know, we have so many conversations around everything needs to be outcome-based. Can security become an enabler of business outcomes for organizations? >> Absolutely. Security has to be an enabler. So it's, you know, back to the security lagging behind the evolution of the digital transformation, I don't think it's possible to move fast without having security move fast with digital transformation. I don't think anybody would raise their hands and say, I'm just going to have the most creative, most interesting digital transformation journey. But, you know, security is say, so I think we're past that point where I think generally people do agree that security has to run as fast as digital transformation and really enable those business outcomes that everybody's proud of. So Yes. Yes it is. >> So...sorry. So chicken and egg, digital transformation, cyber transformation. >> Zeynep: Yes. >> Lisa: How are they related? Is one digital leading? >> They are two halves of the perfect solution. They have to coexist because otherwise if you're taking a lot of risk with your digital transformation, is it really worth going through a digital transformation? >> Yeah. >> Yeah. >> So there's a board over here. I'm looking at it and it started out blank. >> Yes. >> And it's what's next in cyber and basically- >> That's this. Yes. >> People can come through and they can write down, and there's some great stuff in there: 5G, cloud native, some technical stuff, automated meantime to repair or to remediation. >> Yeah. >> Somebody wrote AWS. The AWS guys left their mark, which is kind of cool. >> Zeynep: That's great. >> And so I'm wondering, so we always talk about... we just talked about earlier that cyber is a board...has become a board level you know, issue. I think even go back mid last decade, it was really starting to gain strength. What I'm looking for, and I dunno if there's anything in here that suggests this is going beyond the board. So it becomes this top down thing, not just the the SOC, not just the, you know, IT, not just the board. Now it's top down maybe it's bottom up, middle out. The awareness across the organization. >> Zeynep: Absolutely. >> And that's something that I think is that is a next big thing in cyber. I believe it's coming. >> Cybersecurity awareness is a topic. And you know, there are companies who do that, who actually educate just all of us who work for corporations on the best way to tackle, especially when the human is the source and the reason knowingly or unknowing, mostly unknowingly of cyber attacks. Their education and awareness is critical in preventing a lot of this...before our, you know tools even get in. So I agree with you that there is a cybersecurity awareness as a topic is going to be very, very popular in the future. >> Lena Smart is the CISO of MongoDB does... I forget what she calls it, but she basically takes the top security people in the company like the super geeks and puts 'em with those that know nothing about security, and they start having conversations. >> Zeynep: Yeah. >> And then so they can sort of be empathic to each other's point of view. >> Zeynep: Absolutely. >> And that's how she gets the organization to become cyber aware. >> Yes. >> It's brilliant. >> It is. >> So simple. >> Exactly. Well that's the beauty in it is the simplicity. >> Yeah. And there are programs just to put a plug. There are programs where you can simulate, for example, phishing attacks with your, you know employee base and your workforce. And then teach them at that moment when they fall for it, you know, what they should have done. >> I think I can make a family game night. >> Yeah. Yeah. (group laughs) >> I'm serious. That's a good little exercise For everybody. >> Yes. Yeah, exactly. >> It really is. Especially as the sophistication and smishing gets more and more common these days. Where can folks go to get their hands on this juicy survey that we just unpacked? >> We have it online, so if you go to the Palo Alto Networks website, there's a big link to the survey from there. So for sure there's a summary version that you can come in and you can have access to all the stats. >> Excellent. Zeynep, it's been such a pleasure having you on the program dissecting what's keeping CXOs up at night, what Palo Alto Networks is doing to really help organizations digitally transform cyber transformation and achieve that nirvana of cyber resilience. We appreciate so much your insights. >> Thanks very much. It's been the pleasure. >> Dave: Good to have you. >> Thank you >> Zeynep Ozdemir and Dave Vellante. I'm Lisa Martin. You're watching theCUBE, the leader in live and emerging tech coverage. (upbeat music)

(upbeat music) >> Hello, friends. Welcome back to The Cube's live coverage of AWS re:Invent 2022. We're in Vegas. Lovely Las Vegas. Beautiful outside, although I have only seen outside today once, but very excited to be at re:Invent. We're hearing between 50,000 and 70,000 attendees and it's insane, but people are ready to be back. This morning's keynote by CEO Adam Selipsky was full of great messages, big focus on data, customers, partners, the ecosystem. So excited. And I'm very pleased to welcome back one of our alumni to the program, David Shacochis, VP Enterprise Portfolio Strategy Product Management at Lumen. David, welcome back. >> Lisa, good to be here. The Five Timers Club. >> You are in the Five Timers Club. This is David's fifth appearance on the show. And we were talking before we went live- >> Do we do the jacket now and do we do the jacket later? >> Yeah, the jacket will come later. >> Okay. >> The Five Timers Club, like on SNL. We're going to have that for The Cube. We'll get you measured up and get that all fitted for you. >> That'd be better. >> So talk a little bit about Lumen. 'Cause last time you hear it wasn't Lumen. >> We weren't Lumen last time. So this is the first time... last time we were here on The Cube at re:Invent. This was probably 2019 or so. We were a different company. The company was called CenturyLink back then. We rebranded in 2020 to really represent our identity as a delivery of...as a solutions provider over our fiber network. So Lumen is the corporate brand, the company name. It represents basically a lot of the fiber that's been laid throughout the world and in North America and in enterprise metropolitan areas over the past 10 to 15 years. You know, companies like CenturyLink and Quest and Level 3, all those companies have really rolled up into building that core asset of the network. So Lumen is really the brand for the 21st century for the company, really focused on delivering services for the enterprise and then delivering a lot of value added services around that core network asset. >> So rebranding during the pandemic, what's been the customer feedback and sentiment? >> Yeah, I think customers have really actually appreciated it as certainly a more technology oriented brand, right? Sort of shifting away a little bit from some of the communications and telecom background of the company and the heritage. And while those assets that were built up during that period of time have been substantial, and we still build off of those assets going forward, really what a lot of the customer feedback has been is that it puts us in a posture to be a little bit more of a business solutions provider for customers, right? So there's a lot of things that we can do with that core network asset, the fiber networking a lot of the services that we launch on that in terms of public IP, you know, public internet capacity, private networking, private VPNs, VoIP and voice services. These are services that you'd expect from a company like that. But there's a lot of services inside the Lumen brand that you might surprise you, right? There's an edge computing capability that can deliver five milliseconds of latency within 95% of North American enterprise. >> Wow. >> There's a threat detection lab that goes and takes all of the traffic flowing over the public side of our network and analyzes it in a data lake and turns it into threat intelligence that we then offer off to our customers on a subscription basis. There's a production house that goes and, you know, does production networking for major sports arenas and sports events. There's a wide range of services inside of Lumen that really what the Lumen brand allows us to do is start talking about what those services can do and what networking can do for our customers in the enterprise in a more comprehensive way. >> So good changes, big brand changes for Lumen in the last couple of years. Also, I mean, during a time of such turmoil in the world, we've seen work change dramatically. You know, everybody...companies had to pivot massively quickly a couple years ago. >> Yep. >> Almost approaching three years ago, which is crazy amazing to be digital because they had to be able to survive. >> They did >> Now they're looking at being able to thrive, but now we're also in this hybrid work environment. The future of work has changed. >> Totally. >> Almost permanently. >> Yep. >> How is Lumen positioned to address some of the permanent changes to the work environments? Like the last time we were at re:Invented- >> Yeah. >> In person. This didn't exist. >> That's right. So really, it's one of the things we talk to our customers almost the most about is this idea of the future of work. And, you know, we really think about the future of work as about, you know, workers and workloads and the networks that connect them. You think about how much all of those demands are shifting and changing, right? What we were talking about, and it's very easy for all of us to conceptualize what the changing face of the worker looks like, whether those are knowledge workers or frontline workers the venues in which people are working the environments and that connectivity, predictability of those work desk environments changes so significantly. But workloads are changing and, you know we're sitting here at a trade show that does nothing but celebrate the transformation of workloads. Workloads running in ways in business logic and capturing of data and analysis of data. The changing methodologies and the changing formats of workloads, and then the changing venues for workloads. So workloads are running in places that never used to be data centers before. Workloads are running in interesting places and in different and challenging locations for what didn't used to be the data center. And so, you know, the workloads and the workloads are in a very dynamic situation. And the networks that connect them have to be dynamic, and they have to be flexible. And that's really why a lot of what Lumen invests in is working on the networks that connect workers and workloads both from a visibility and a managed services perspective to make sure that we're removing blind spots and then removing potential choke points and capacity issues, but then also being adaptable and dynamic enough to be able to go and reconfigure that network to reach all of the different places that, you know, workers and workloads are going to evolve into. What you'll find in a lot of cases, you know, the workers...a common scenario in the enterprise. A 500 person company with, you know, five offices and maybe one major facility. You know, that's now a 505 office company. >> Right. >> Right? The challenge of the network and the challenge of connecting workers and workloads is really one of the main conversations we have with our customers heading into this 21st century. >> What are some of the things that they're looking forward to in terms of embracing the future of work knowing this is probably how it's going to remain? >> Yeah, I think companies are really starting to experiment carefully and start to think about what they can do and certainly think about what they can do in the cloud with things like what the AWS platform allows them to do with some of the AWS abstractions and the AWS services allow them to start writing software for, and they're starting to really carefully, but very creatively and reach out into their you know, their base of enterprise data, their base of enterprise value to start running some experiments. We actually had a really interesting example of that in a session that Lumen shared here at re:Invent yesterday. You know, for the few hundred people that were there. You know, I think we got a lot of great feedback. It was really interesting session about the...really gets at this issue of the future of work and the changing ways that people are working. It actually was a really cool use case we worked on with Major League Baseball, Fox Sports, and AWS with the... using the Lumen network to essentially virtualize the production truck. Right? So you've all heard that, you know, the sports metaphor of, you know, the folks in the booth were sitting there started looking down and they're saying, oh great job by the guys or the gals in the truck. >> Yep. >> Right? That are, you know, that bring in that replay or great camera angle. They're always talking about the team and their production truck. Well, that production truck is literally a truck sitting outside the stadium. >> Yep. >> Full of electronics and software and gear. We were able to go and for a Major League Baseball game in...back in August, we were able to go and work with AWS, using the Lumen network, working with our partners and our customers at Fox Sports and virtualize all of that gear inside the truck. >> Wow. That's outstanding. >> Yep. So it was a live game. You know, they simulcast it, right? So, you know, we did our part of the broadcast and many hundreds of people, you know, saw that live broadcast was the first time they tried doing it. But, you know, to your point, what are enterprises doing? They're really starting to experiment, sort to push the envelope, right? They're kind of running things in new ways, you know, obviously hedging their bets, right? And sort of moving their way and sort of blue-green testing their way into the future by trying things out. But, you know, this is a massive revenue opportunity for a Major League Baseball game. You know, a premier, you know, Sunday night baseball contest between the Yankees and the Cardinals. We were able to go and take the entire truck, virtualize it down to a small rack of connectivity gear. Basically have that production network run over redundant fiber paths on the Lumen network up into AWS. And AWS is where all that software worked. The technical director of the show sitting in his office in North Carolina. >> Wow. >> The sound engineer is sitting in, you know, on his porch in Connecticut. Right? They were able to go and do the work of production anywhere while connected to AWS and then using the Lumen network, right? You know, the high powered capabilities of Lumens network underlay to be able to, you know, go and design a network topology and a worked topology that really wasn't possible before. >> Right. It's nice to hear, to your point, that customers are really embracing experimentation. >> Right. >> That's challenging to, obviously there was a big massive forcing function a couple of years ago where they didn't have a choice if they wanted to survive and eventually succeed and grow. >> Yeah. >> But the mindset of experimentation requires cultural change and that's a hard thing to do especially for I would think legacy organizations like Major League Baseball, but it sounds like they have the appetite. >> Yeah. They have the interest. >> They've been a fairly innovative organization for some time. But, you know, you're right. That idea of experimenting and that idea of trying out new things. Many people have observed, right? It's that forcing function of the pandemic that really drove a lot of organizations to go and make a lot of moves really quickly. And then they realized, oh, wait a minute. You know... I guess there's some sort of storytelling metaphor in there at some point of people realizing, oh wait, I can swim in these waters, right? I can do this. And so now they're starting to experiment and push the envelope even more using platforms like AWS, but then using a lot of the folks in the AWS partner network like Lumen, who are designing and sort of similarly inspired to deliver, you know, on demand and virtualized and dynamic capabilities within the core of our network and then within the services that our network can and the ways that our network connects to AWS. All of that experimentation now is possible because a lot of the things you need to do to try out the experiment are things you can get on demand and you can kind of pat, you can move back, you can learn. You can try new things and you can evolve. >> Right. >> Yep. >> Right. Absolutely. What are some of the things that you're excited about as, you know, here was this forcing function a couple years ago, we're coming out of that now, but the world has changed. The future of work as you are so brilliantly articulated has changed permanently. What are you excited about in terms of Lumen and AWS going forward? As we saw a lot of announcements this morning, big focus on data, vision of AWS is really that flywheel with Adams Selipsky is really, really going. What are you excited about going forward into 2023? >> Yeah, I mean we've been working with AWS for so long and have been critical partners for so long that, you know, I think a lot of it is continuation of a lot of the great work we've been doing. We've been investing in our own capabilities around the AWS partner network. You know, we're actually in a fairly unique position, you know, and we like to think that we're that unique position around the future of work where between workers, workloads and the networks that connect them. Our fingers are on a lot of those pulse points, right? Our fingers are on at really at the nexus of a lot of those dynamics. And our investment with AWS even puts us even more so in a position to go where a lot of the workloads are being transformed, right? So that's why, you know, we've invested in being one of the few network operators that is in the AWS partner network at the advanced tier that have the managed services competency, that have the migration competency and the network competency. You can count on one hand the number of network operators that have actually invested at that level with AWS. And there's an even smaller number that is, you know, based here in the United States. So, you know, I think that investment with AWS, investment in their partner programs and then investment co-innovation with AWS on things like that MLB use case really puts us in a position to keep on doing these kinds of things within the AWS partner network. And that's one of the biggest things we could possibly be excited about. >> So what does the go to market look like? Is it Lumen goes in, brings in AWS, vice versa? Both? >> Yeah, so a lot of being a member of the AWS partner network you have a lot of flexibility. You know, we have a lot of customers that are, you know, directly working with AWS. We have a lot of customers that would basically look to us to deliver the solution and, you know, and buy it all as a complete turnkey capability. So we have customers that do both. We have customers that, you know, just look to Lumen for the Lumen adjacent services and then pay, you know, pay a separate bill with AWS. So there's a lot of flexibility in the partner network in terms of what Lumen can deliver as a service, Lumen can deliver as a complete solution and then what parts of its with AWS and their platform factors into on an on-demand usage basis. >> And that would all be determined I imagine by what the customer really needs in their environment? >> Yeah, and sort of their own cloud strategy. There's a lot of customers who are all in on AWS and are really trying to driving and innovating and using some of the higher level services inside the AWS platform. And then there are customers who kind of looked at AWS as one of a few cloud platforms that they want to work with. The Lumen network is compatible and connected to all of them and our services teams are, you know, have the ability to go and let customers sort of take on whatever cloud posture they need. But if they are all in on AWS, there's, you know. Not many networks better to be on than Lumen in order to enable that. >> With that said, last question for you is if you had a bumper sticker or a billboard. Lumen's rebranded since we last saw you. What would that tagline or that phrase of impact be on that bumper sticker? >> Yeah, I'd get in a lot of trouble with our marketing team if I didn't give the actual bumper sticker for the company. But we really think of ourselves as the platform for amazing things. The fourth industrial revolution, everything going on in terms of the future of work, in terms of the future of industrial innovation, in terms of all the data that's being gathered. You know, Adam in the keynote this morning really went into a lot of detail on, you know, the depth of data and the mystery of data and how to harness it all and wrangle it all. It requires a lot of networking and a lot of connectivity. You know, for us to acquire, analyze and act on all that data and Lumen's platform for amazing things really helps forge that path forward to that fourth industrial revolution along with great partners like AWS. >> Outstanding. David, it's been such a pleasure having you back on The Cube. We'll get you fitted for that five timers club jacket. >> It sounds good. (Lisa laughs) >> I'll be back. >> Thanks so much for your insights and your time and well done with what you guys are doing at Lumen and AWS. >> Thanks Lisa. >> For David Shacochis, I'm Lisa Martin. You've been watching The Cube hopefully all day. This is our first full day of coverage at AWS re:Invent '22. Stick around. We'll be back tomorrow, and we know we're going to see you then. Have a great night. (upbeat music)

>>We're back at Supercomputing 22 in Dallas, winding down day four of this conference. I'm Paul Gillan, my co-host Dave Nicholson. We are talking, we've been talking super computing all week and you hear a lot about what's going on in the United States, what's going on in China, Japan. What we haven't talked a lot about is what's going on in Europe and did you know that two of the top five supercomputers in the world are actually from European countries? Well, our guest has a lot to do with that. Florian, bearish, I hope I pronounce that correctly. My German is, German is not. My strength is the operations director for price, ais, S B L. And let's start with that. What is price? >>So, hello and thank you for the invitation. I'm Flon and Price is a partnership for Advanced Computing in Europe. It's a non-profit association with the seat in Brussels in Belgium. And we have 24 members. These are representatives from different European countries dealing with high performance computing in at their place. And we, so far, we provided the resources for our European research communities. But this changed in the last year, this oral HPC joint undertaking who put a lot of funding in high performance computing and co-funded five PET scale and three preis scale systems. And two of the preis scale systems. You mentioned already, this is Lumi and Finland and Leonardo in Bologna in Italy were in the place for and three and four at the top 500 at least. >>So why is it important that Europe be in the top list of supercomputer makers? >>I think Europe needs to keep pace with the rest of the world. And simulation science is a key technology for the society. And we saw this very recently with a pandemic, with a covid. We were able to help the research communities to find very quickly vaccines and to understand how the virus spread around the world. And all this knowledge is important to serve the society. Or another example is climate change. Yeah. With these new systems, we will be able to predict more precise the changes in the future. So the more compute power you have, the better the smaller the grid and there is resolution you can choose and the lower the error will be for the future. So these are, I think with these systems, the big or challenges we face can be addressed. This is the climate change, energy, food supply, security. >>Who are your members? Do they come from businesses? Do they come from research, from government? All of the >>Above. Yeah. Our, our members are public organization, universities, research centers, compute sites as a data centers, but But public institutions. Yeah. And we provide this services for free via peer review process with excellence as the most important criteria to the research community for free. >>So 40 years ago when, when the idea of an eu, and maybe I'm getting the dates a little bit wrong, when it was just an idea and the idea of a common currency. Yes. Reducing friction between, between borders to create a trading zone. Yes. There was a lot of focus there. Fast forward to today, would you say that these efforts in supercomputing, would they be possible if there were not an EU super structure? >>No, I would say this would not be possible in this extent. I think when though, but though European initiatives are, are needed and the European Commission is supporting these initiatives very well. And before praise, for instance 2008, there were research centers and data centers operating high performance computing systems, but they were not talking to each other. So it was isolated praise created community of operation sites and it facilitated the exchange between them and also enabled to align investments and to, to get the most out of the available funding. And also at this time, and still today for one single country in Europe, it's very hard to provide all the different architectures needed for all the different kind of research communities and applications. If you want to, to offer always the latest technologies, though this is really hardly possible. So with this joint action and opening the resources for other research groups from other countries, you, we, we were able to, yeah, get access to the latest technology for different communities at any given time though. And >>So, so the fact that the two systems that you mentioned are physically located in Finland and in Italy, if you were to walk into one of those facilities and meet the people that are there, they're not just fins in Finland and Italians in Italy. Yeah. This is, this is very much a European effort. So this, this is true. So, so in this, in that sense, the geography is sort of abstracted. Yeah. And the issues of sovereignty that make might take place in in the private sector don't exist or are there, are there issues with, can any, what are the requirements for a researcher to have access to a system in Finland versus a system in Italy? If you've got a EU passport, Hmm. Are you good to go? >>I think you are good to go though. But EU passport, it's now it becomes complicated and political. It's, it's very much, if we talk about the recent systems, well first, let me start a praise. Praise was inclusive and there was no any constraints as even we had users from US, Australia, we wanted just to support excellence in science. And we did not look at the nationality of the organization, of the PI and and so on. There were quotas, but these quotas were very generously interpreted. So, and if so, now with our HPC joint undertaking, it's a question from what European funds, these systems were procured and if a country or being country are associated to this funding, the researchers also have access to these systems. And this addresses basically UK and and Switzerland, which are not in the European Union, but they were as created to the Horizon 2020 research framework. And though they could can access the systems now available, Lumi and Leono and the Petascale system as well. How this will develop in the future, I don't know. It depends to which research framework they will be associated or not. >>What are the outputs of your work at price? Are they reference designs? Is it actual semiconductor hardware? Is it the research? What do you produce? >>So the, the application we run or the simulation we run cover all different scientific domains. So it's, it's science, it's, but also we have industrial let projects with more application oriented targets. Aerodynamics for instance, for cars or planes or something like this. But also fundamental science like the physical elementary physics particles for instance or climate change, biology, drug design, protein costa, all these >>Things. Can businesses be involved in what you do? Can they purchase your, your research? Do they contribute to their, I'm sure, I'm sure there are many technology firms in Europe that would like to be involved. >>So this involving industry though our calls are open and is, if they want to do open r and d, they are invited to submit also proposals. They will be evaluated and if this is qualifying, they will get the access and they can do their jobs and simulations. It's a little bit more tricky if it's in production, if they use these resources for their business and do not publish the results. They are some, well, probably more sites who, who are able to deal with these requests. Some are more dominant than others, but this is on a smaller scale, definitely. Yeah. >>What does the future hold? Are you planning to, are there other countries who will be joining the effort, other institutions? Do you plan to expand your, your scope >>Well, or I think or HPC joint undertaking with 36 member states is quite, covers already even more than Europe. And yeah, clearly if, if there are other states interest interested to join that there is no limitation. Although the focus lies on European area and on union. >>When, when you interact with colleagues from North America, do you, do you feel that there is a sort of European flavor to supercomputing that is different or are we so globally entwined? No. >>So research is not national, it's not European, it's international. This is also clearly very clear and I can, so we have a longstanding collaboration with our US colleagues and also with Chap and South Africa and Canada. And when Covid hit the world, we were able within two weeks to establish regular seminars inviting US and European colleagues to talk to to other, to each other and exchange the results and find new collaboration and to boost the research activities. So, and I have other examples as well. So when we, we already did the joint calls US exceed and in Europe praise and it was a very interesting experience. So we received applications from different communities and we decided that we will review this on our side, on European, with European experts and US did it in US with their experts. And you can guess what the result was at the meeting when we compared our results, it was matching one by one. It was exactly the same. Recite >>That it, it's, it's refreshing to hear a story of global collaboration. Yeah. Where people are getting along and making meaningful progress. >>I have to mention you, I have to to point out, you did not mention China as a country you were collaborating with. Is that by, is that intentional? >>Well, with China, definitely we have less links and collaborations also. It's also existing. There, there was initiative to look at the development of the technologies and the group meet on a regular basis. And there, there also Chinese colleagues involved. It's on a lower level, >>Yes, but is is the con conversations are occurring. We're out of time. Florian be operations director of price, European Super Computing collaborative. Thank you so much for being with us. I'm always impressed when people come on the cube and submit to an interview in a language that is not their first language. Yeah, >>Absolutely. >>Brave to do that. Yeah. Thank you. You're welcome. Thank you. We'll be right back after this break from Supercomputing 22 in Dallas.

>>Welcome back to The Cube's coverage of Supercomputing Conference 2022, otherwise known as SC 22 here in Dallas, Texas. This is day three of our coverage, the final day of coverage here on the exhibition floor. I'm Dave Nicholson, and I'm here with my co-host, tech journalist extraordinaire, Paul Gillum. How's it going, >>Paul? Hi, Dave. It's going good. >>And we have a wonderful guest with us this morning, Dr. Panda from the Ohio State University. Welcome Dr. Panda to the Cube. >>Thanks a lot. Thanks a lot to >>Paul. I know you're, you're chopping at >>The bit, you have incredible credentials, over 500 papers published. The, the impact that you've had on HPC is truly remarkable. But I wanted to talk to you specifically about a product project you've been working on for over 20 years now called mva, high Performance Computing platform that's used by more than 32 organ, 3,200 organizations across 90 countries. You've shepherded this from, its, its infancy. What is the vision for what MVA will be and and how is it a proof of concept that others can learn from? >>Yeah, Paul, that's a great question to start with. I mean, I, I started with this conference in 2001. That was the first time I came. It's very coincidental. If you remember the Finman Networking Technology, it was introduced in October of 2000. Okay. So in my group, we were working on NPI for Marinette Quadrics. Those are the old technology, if you can recollect when Finman was there, we were the very first one in the world to really jump in. Nobody knew how to use Infin van in an HPC system. So that's how the Happy Project was born. And in fact, in super computing 2002 on this exhibition floor in Baltimore, we had the first demonstration, the open source happy, actually is running on an eight node infinite van clusters, eight no zeros. And that was a big challenge. But now over the years, I means we have continuously worked with all infinite van vendors, MPI Forum. >>We are a member of the MPI Forum and also all other network interconnect. So we have steadily evolved this project over the last 21 years. I'm very proud of my team members working nonstop, continuously bringing not only performance, but scalability. If you see now INFIN event are being deployed in 8,000, 10,000 node clusters, and many of these clusters actually use our software, stack them rapid. So, so we have done a lot of, like our focuses, like we first do research because we are in academia. We come up with good designs, we publish, and in six to nine months, we actually bring it to the open source version and people can just download and then use it. And that's how currently it's been used by more than 3000 orange in 90 countries. And, but the interesting thing is happening, your second part of the question. Now, as you know, the field is moving into not just hvc, but ai, big data, and we have those support. This is where like we look at the vision for the next 20 years, we want to design this MPI library so that not only HPC but also all other workloads can take advantage of it. >>Oh, we have seen libraries that become a critical develop platform supporting ai, TensorFlow, and, and the pie torch and, and the emergence of, of, of some sort of default languages that are, that are driving the community. How, how important are these frameworks to the, the development of the progress making progress in the HPC world? >>Yeah, no, those are great. I mean, spite our stencil flow, I mean, those are the, the now the bread and butter of deep learning machine learning. Am I right? But the challenge is that people use these frameworks, but continuously models are becoming larger. You need very first turnaround time. So how do you train faster? How do you do influencing faster? So this is where HPC comes in and what exactly what we have done is actually we have linked floor fighters to our happy page because now you see the MPI library is running on a million core system. Now your fighters and tenor four clan also be scaled to to, to those number of, large number of course and gps. So we have actually done that kind of a tight coupling and that helps the research to really take advantage of hpc. >>So if, if a high school student is thinking in terms of interesting computer science, looking for a place, looking for a university, Ohio State University, bruns, world renowned, widely known, but talk about what that looks like from a day on a day to day basis in terms of the opportunity for undergrad and graduate students to participate in, in the kind of work that you do. What is, what does that look like? And is, and is that, and is that a good pitch to for, for people to consider the university? >>Yes. I mean, we continuously, from a university perspective, by the way, the Ohio State University is one of the largest single campus in, in us, one of the top three, top four. We have 65,000 students. Wow. It's one of the very largest campus. And especially within computer science where I am located, high performance computing is a very big focus. And we are one of the, again, the top schools all over the world for high performance computing. And we also have very strength in ai. So we always encourage, like the new students who like to really work on top of the art solutions, get exposed to the concepts, principles, and also practice. Okay. So, so we encourage those people that wish you can really bring you those kind of experience. And many of my past students, staff, they're all in top companies now, have become all big managers. >>How, how long, how long did you say you've been >>At 31 >>Years? 31 years. 31 years. So, so you, you've had people who weren't alive when you were already doing this stuff? That's correct. They then were born. Yes. They then grew up, yes. Went to university graduate school, and now they're on, >>Now they're in many top companies, national labs, all over the universities, all over the world. So they have been trained very well. Well, >>You've, you've touched a lot of lives, sir. >>Yes, thank you. Thank >>You. We've seen really a, a burgeoning of AI specific hardware emerge over the last five years or so. And, and architectures going beyond just CPUs and GPUs, but to Asics and f PGAs and, and accelerators, does this excite you? I mean, are there innovations that you're seeing in this area that you think have, have great promise? >>Yeah, there is a lot of promise. I think every time you see now supercomputing technology, you see there is sometime a big barrier comes barrier jump. Rather I'll say, new technology comes some disruptive technology, then you move to the next level. So that's what we are seeing now. A lot of these AI chips and AI systems are coming up, which takes you to the next level. But the bigger challenge is whether it is cost effective or not, can that be sustained longer? And this is where commodity technology comes in, which commodity technology tries to take you far longer. So we might see like all these likes, Gaudi, a lot of new chips are coming up, can they really bring down the cost? If that cost can be reduced, you will see a much more bigger push for AI solutions, which are cost effective. >>What, what about on the interconnect side of things, obvi, you, you, your, your start sort of coincided with the initial standards for Infin band, you know, Intel was very, very, was really big in that, in that architecture originally. Do you see interconnects like RDMA over converged ethernet playing a part in that sort of democratization or commoditization of things? Yes. Yes. What, what are your thoughts >>There for internet? No, this is a great thing. So, so we saw the infinite man coming. Of course, infinite Man is, commod is available. But then over the years people have been trying to see how those RDMA mechanisms can be used for ethernet. And then Rocky has been born. So Rocky has been also being deployed. But besides these, I mean now you talk about Slingshot, the gray slingshot, it is also an ethernet based systems. And a lot of those RMA principles are actually being used under the hood. Okay. So any modern networks you see, whether it is a Infin and Rocky Links art network, rock board network, you name any of these networks, they are using all the very latest principles. And of course everybody wants to make it commodity. And this is what you see on the, on the slow floor. Everybody's trying to compete against each other to give you the best performance with the lowest cost, and we'll see whoever wins over the years. >>Sort of a macroeconomic question, Japan, the US and China have been leapfrogging each other for a number of years in terms of the fastest supercomputer performance. How important do you think it is for the US to maintain leadership in this area? >>Big, big thing, significantly, right? We are saying that I think for the last five to seven years, I think we lost that lead. But now with the frontier being the number one, starting from the June ranking, I think we are getting that leadership back. And I think it is very critical not only for fundamental research, but for national security trying to really move the US to the leading edge. So I hope us will continue to lead the trend for the next few years until another new system comes out. >>And one of the gating factors, there is a shortage of people with data science skills. Obviously you're doing what you can at the university level. What do you think can change at the secondary school level to prepare students better to, for data science careers? >>Yeah, I mean that is also very important. I mean, we, we always call like a pipeline, you know, that means when PhD levels we are expecting like this even we want to students to get exposed to, to, to many of these concerts from the high school level. And, and things are actually changing. I mean, these days I see a lot of high school students, they, they know Python, how to program in Python, how to program in sea object oriented things. Even they're being exposed to AI at that level. So I think that is a very healthy sign. And in fact we, even from Ohio State side, we are always engaged with all this K to 12 in many different programs and then gradually trying to take them to the next level. And I think we need to accelerate also that in a very significant manner because we need those kind of a workforce. It is not just like a building a system number one, but how do we really utilize it? How do we utilize that science? How do we propagate that to the community? Then we need all these trained personal. So in fact in my group, we are also involved in a lot of cyber training activities for HPC professionals. So in fact, today there is a bar at 1 1 15 I, yeah, I think 1215 to one 15. We'll be talking more about that. >>About education. >>Yeah. Cyber training, how do we do for professionals? So we had a funding together with my co-pi, Dr. Karen Tom Cook from Ohio Super Center. We have a grant from NASA Science Foundation to really educate HPT professionals about cyber infrastructure and ai. Even though they work on some of these things, they don't have the complete knowledge. They don't get the time to, to learn. And the field is moving so fast. So this is how it has been. We got the initial funding, and in fact, the first time we advertised in 24 hours, we got 120 application, 24 hours. We couldn't even take all of them. So, so we are trying to offer that in multiple phases. So, so there is a big need for those kind of training sessions to take place. I also offer a lot of tutorials at all. Different conference. We had a high performance networking tutorial. Here we have a high performance deep learning tutorial, high performance, big data tutorial. So I've been offering tutorials at, even at this conference since 2001. Good. So, >>So in the last 31 years, the Ohio State University, as my friends remind me, it is properly >>Called, >>You've seen the world get a lot smaller. Yes. Because 31 years ago, Ohio, in this, you know, of roughly in the, in the middle of North America and the United States was not as connected as it was to everywhere else in the globe. So that's, that's pro that's, I i it kind of boggles the mind when you think of that progression over 31 years, but globally, and we talk about the world getting smaller, we're sort of in the thick of, of the celebratory seasons where, where many, many groups of people exchange gifts for varieties of reasons. If I were to offer you a holiday gift, that is the result of what AI can deliver the world. Yes. What would that be? What would, what would, what would the first thing be? This is, this is, this is like, it's, it's like the genie, but you only get one wish. >>I know, I know. >>So what would the first one be? >>Yeah, it's very hard to answer one way, but let me bring a little bit different context and I can answer this. I, I talked about the happy project and all, but recently last year actually we got awarded an S f I institute award. It's a 20 million award. I am the overall pi, but there are 14 universities involved. >>And who is that in that institute? >>What does that Oh, the I ici. C e. Okay. I cycle. You can just do I cycle.ai. Okay. And that lies with what exactly what you are trying to do, how to bring lot of AI for masses, democratizing ai. That's what is the overall goal of this, this institute, think of like a, we have three verticals we are working think of like one is digital agriculture. So I'll be, that will be my like the first ways. How do you take HPC and AI to agriculture the world as though we just crossed 8 billion people. Yeah, that's right. We need continuous food and food security. How do we grow food with the lowest cost and with the highest yield? >>Water >>Consumption. Water consumption. Can we minimize or minimize the water consumption or the fertilization? Don't do blindly. Technologies are out there. Like, let's say there is a weak field, A traditional farmer see that, yeah, there is some disease, they will just go and spray pesticides. It is not good for the environment. Now I can fly it drone, get images of the field in the real time, check it against the models, and then it'll tell that, okay, this part of the field has disease. One, this part of the field has disease. Two, I indicate to the, to the tractor or the sprayer saying, okay, spray only pesticide one, you have pesticide two here. That has a big impact. So this is what we are developing in that NSF A I institute I cycle ai. We also have, we have chosen two additional verticals. One is animal ecology, because that is very much related to wildlife conservation, climate change, how do you understand how the animals move? Can we learn from them? And then see how human beings need to act in future. And the third one is the food insecurity and logistics. Smart food distribution. So these are our three broad goals in that institute. How do we develop cyber infrastructure from below? Combining HP c AI security? We have, we have a large team, like as I said, there are 40 PIs there, 60 students. We are a hundred members team. We are working together. So, so that will be my wish. How do we really democratize ai? >>Fantastic. I think that's a great place to wrap the conversation here On day three at Supercomputing conference 2022 on the cube, it was an honor, Dr. Panda working tirelessly at the Ohio State University with his team for 31 years toiling in the field of computer science and the end result, improving the lives of everyone on Earth. That's not a stretch. If you're in high school thinking about a career in computer science, keep that in mind. It isn't just about the bits and the bobs and the speeds and the feeds. It's about serving humanity. Maybe, maybe a little, little, little too profound a statement, I would argue not even close. I'm Dave Nicholson with the Queue, with my cohost Paul Gillin. Thank you again, Dr. Panda. Stay tuned for more coverage from the Cube at Super Compute 2022 coming up shortly. >>Thanks a lot.

>>Collibra is a company that was founded in 2008 right before the so-called modern big data era kicked into high gear. The company was one of the first to focus its business on data governance. Now, historically, data governance and data quality initiatives, they were back office functions and they were largely confined to regulatory regulated industries that had to comply with public policy mandates. But as the cloud went mainstream, the tech giants showed us how valuable data could become and the value proposition for data quality and trust. It evolved from primarily a compliance driven issue to becoming a lynchpin of competitive advantage. But data in the decade of the 2010s was largely about getting the technology to work. You had these highly centralized technical teams that were formed and they had hyper specialized skills to develop data architectures and processes to serve the myriad data needs of organizations. >>And it resulted in a lot of frustration with data initiatives for most organizations that didn't have the resources of the cloud guys and the social media giants to really attack their data problems and turn data into gold. This is why today for example, this quite a bit of momentum to rethinking monolithic data architectures. You see, you hear about initiatives like data mesh and the idea of data as a product. They're gaining traction as a way to better serve the the data needs of decentralized business Uni users, you hear a lot about data democratization. So these decentralization efforts around data, they're great, but they create a new set of problems. Specifically, how do you deliver like a self-service infrastructure to business users and domain experts? Now the cloud is definitely helping with that, but also how do you automate governance? This becomes especially tricky as protecting data privacy has become more and more important. >>In other words, while it's enticing to experiment and run fast and loose with data initiatives kinda like the Wild West, to find new veins of gold, it has to be done responsibly. As such, the idea of data governance has had to evolve to become more automated. And intelligence governance and data lineage is still fundamental to ensuring trust as data. It moves like water through an organization. No one is gonna use data that isn't trusted. Metadata has become increasingly important for data discovery and data classification. As data flows through an organization, the continuously ability to check for data flaws and automating that data quality, they become a functional requirement of any modern data management platform. And finally, data privacy has become a critical adjacency to cyber security. So you can see how data governance has evolved into a much richer set of capabilities than it was 10 or 15 years ago. >>Hello and welcome to the Cube's coverage of Data Citizens made possible by Calibra, a leader in so-called Data intelligence and the host of Data Citizens 2022, which is taking place in San Diego. My name is Dave Ante and I'm one of the hosts of our program, which is running in parallel to data citizens. Now at the Cube we like to say we extract the signal from the noise, and over the, the next couple of days, we're gonna feature some of the themes from the keynote speakers at Data Citizens and we'll hear from several of the executives. Felix Von Dala, who is the co-founder and CEO of Collibra, will join us along with one of the other founders of Collibra, Stan Christians, who's gonna join my colleague Lisa Martin. I'm gonna also sit down with Laura Sellers, she's the Chief Product Officer at Collibra. We'll talk about some of the, the announcements and innovations they're making at the event, and then we'll dig in further to data quality with Kirk Hasselbeck. >>He's the vice president of Data quality at Collibra. He's an amazingly smart dude who founded Owl dq, a company that he sold to Col to Collibra last year. Now many companies, they didn't make it through the Hado era, you know, they missed the industry waves and they became Driftwood. Collibra, on the other hand, has evolved its business. They've leveraged the cloud, expanded its product portfolio, and leaned in heavily to some major partnerships with cloud providers, as well as receiving a strategic investment from Snowflake earlier this year. So it's a really interesting story that we're thrilled to be sharing with you. Thanks for watching and I hope you enjoy the program. >>Last year, the Cube Covered Data Citizens Collibra's customer event. And the premise that we put forth prior to that event was that despite all the innovation that's gone on over the last decade or more with data, you know, starting with the Hado movement, we had data lakes, we'd spark the ascendancy of programming languages like Python, the introduction of frameworks like TensorFlow, the rise of ai, low code, no code, et cetera. Businesses still find it's too difficult to get more value from their data initiatives. And we said at the time, you know, maybe it's time to rethink data innovation. While a lot of the effort has been focused on, you know, more efficiently storing and processing data, perhaps more energy needs to go into thinking about the people and the process side of the equation, meaning making it easier for domain experts to both gain insights for data, trust the data, and begin to use that data in new ways, fueling data, products, monetization and insights data citizens 2022 is back and we're pleased to have Felix Van Dema, who is the founder and CEO of Collibra. He's on the cube or excited to have you, Felix. Good to see you again. >>Likewise Dave. Thanks for having me again. >>You bet. All right, we're gonna get the update from Felix on the current data landscape, how he sees it, why data intelligence is more important now than ever and get current on what Collibra has been up to over the past year and what's changed since Data Citizens 2021. And we may even touch on some of the product news. So Felix, we're living in a very different world today with businesses and consumers. They're struggling with things like supply chains, uncertain economic trends, and we're not just snapping back to the 2010s. That's clear, and that's really true as well in the world of data. So what's different in your mind, in the data landscape of the 2020s from the previous decade, and what challenges does that bring for your customers? >>Yeah, absolutely. And, and I think you said it well, Dave, and and the intro that that rising complexity and fragmentation in the broader data landscape, that hasn't gotten any better over the last couple of years. When when we talk to our customers, that level of fragmentation, the complexity, how do we find data that we can trust, that we know we can use has only gotten kinda more, more difficult. So that trend that's continuing, I think what is changing is that trend has become much more acute. Well, the other thing we've seen over the last couple of years is that the level of scrutiny that organizations are under respect to data, as data becomes more mission critical, as data becomes more impactful than important, the level of scrutiny with respect to privacy, security, regulatory compliance, as only increasing as well, which again, is really difficult in this environment of continuous innovation, continuous change, continuous growing complexity and fragmentation. >>So it's become much more acute. And, and to your earlier point, we do live in a different world and and the the past couple of years we could probably just kind of brute for it, right? We could focus on, on the top line. There was enough kind of investments to be, to be had. I think nowadays organizations are focused or are, are, are, are, are, are in a very different environment where there's much more focus on cost control, productivity, efficiency, How do we truly get value from that data? So again, I think it just another incentive for organization to now truly look at data and to scale it data, not just from a a technology and infrastructure perspective, but how do you actually scale data from an organizational perspective, right? You said at the the people and process, how do we do that at scale? And that's only, only only becoming much more important. And we do believe that the, the economic environment that we find ourselves in today is gonna be catalyst for organizations to really dig out more seriously if, if, if, if you will, than they maybe have in the have in the best. >>You know, I don't know when you guys founded Collibra, if, if you had a sense as to how complicated it was gonna get, but you've been on a mission to really address these problems from the beginning. How would you describe your, your, your mission and what are you doing to address these challenges? >>Yeah, absolutely. We, we started Colli in 2008. So in some sense and the, the last kind of financial crisis, and that was really the, the start of Colli where we found product market fit, working with large finance institutions to help them cope with the increasing compliance requirements that they were faced with because of the, of the financial crisis and kind of here we are again in a very different environment, of course 15 years, almost 15 years later. But data only becoming more important. But our mission to deliver trusted data for every user, every use case and across every source, frankly, has only become more important. So what has been an incredible journey over the last 14, 15 years, I think we're still relatively early in our mission to again, be able to provide everyone, and that's why we call it data citizens. We truly believe that everyone in the organization should be able to use trusted data in an easy, easy matter. That mission is is only becoming more important, more relevant. We definitely have a lot more work ahead of us because we are still relatively early in that, in that journey. >>Well, that's interesting because, you know, in my observation it takes seven to 10 years to actually build a company and then the fact that you're still in the early days is kind of interesting. I mean, you, Collibra's had a good 12 months or so since we last spoke at Data Citizens. Give us the latest update on your business. What do people need to know about your, your current momentum? >>Yeah, absolutely. Again, there's, there's a lot of tail organizations that are only maturing the data practices and we've seen it kind of transform or, or, or influence a lot of our business growth that we've seen, broader adoption of the platform. We work at some of the largest organizations in the world where it's Adobe, Heineken, Bank of America, and many more. We have now over 600 enterprise customers, all industry leaders and every single vertical. So it's, it's really exciting to see that and continue to partner with those organizations. On the partnership side, again, a lot of momentum in the org in, in the, in the markets with some of the cloud partners like Google, Amazon, Snowflake, data bricks and, and others, right? As those kind of new modern data infrastructures, modern data architectures that are definitely all moving to the cloud, a great opportunity for us, our partners and of course our customers to help them kind of transition to the cloud even faster. >>And so we see a lot of excitement and momentum there within an acquisition about 18 months ago around data quality, data observability, which we believe is an enormous opportunity. Of course, data quality isn't new, but I think there's a lot of reasons why we're so excited about quality and observability now. One is around leveraging ai, machine learning, again to drive more automation. And the second is that those data pipelines that are now being created in the cloud, in these modern data architecture arch architectures, they've become mission critical. They've become real time. And so monitoring, observing those data pipelines continuously has become absolutely critical so that they're really excited about about that as well. And on the organizational side, I'm sure you've heard a term around kind of data mesh, something that's gaining a lot of momentum, rightfully so. It's really the type of governance that we always believe. Then federated focused on domains, giving a lot of ownership to different teams. I think that's the way to scale data organizations. And so that aligns really well with our vision and, and from a product perspective, we've seen a lot of momentum with our customers there as well. >>Yeah, you know, a couple things there. I mean, the acquisition of i l dq, you know, Kirk Hasselbeck and, and their team, it's interesting, you know, the whole data quality used to be this back office function and, and really confined to highly regulated industries. It's come to the front office, it's top of mind for chief data officers, data mesh. You mentioned you guys are a connective tissue for all these different nodes on the data mesh. That's key. And of course we see you at all the shows. You're, you're a critical part of many ecosystems and you're developing your own ecosystem. So let's chat a little bit about the, the products. We're gonna go deeper in into products later on at, at Data Citizens 22, but we know you're debuting some, some new innovations, you know, whether it's, you know, the, the the under the covers in security, sort of making data more accessible for people just dealing with workflows and processes as you talked about earlier. Tell us a little bit about what you're introducing. >>Yeah, absolutely. We're super excited, a ton of innovation. And if we think about the big theme and like, like I said, we're still relatively early in this, in this journey towards kind of that mission of data intelligence that really bolts and compelling mission, either customers are still start, are just starting on that, on that journey. We wanna make it as easy as possible for the, for our organization to actually get started because we know that's important that they do. And for our organization and customers that have been with us for some time, there's still a tremendous amount of opportunity to kind of expand the platform further. And again, to make it easier for really to, to accomplish that mission and vision around that data citizen that everyone has access to trustworthy data in a very easy, easy way. So that's really the theme of a lot of the innovation that we're driving. >>A lot of kind of ease of adoption, ease of use, but also then how do we make sure that lio becomes this kind of mission critical enterprise platform from a security performance architecture scale supportability that we're truly able to deliver that kind of an enterprise mission critical platform. And so that's the big theme from an innovation perspective, From a product perspective, a lot of new innovation that we're really excited about. A couple of highlights. One is around data marketplace. Again, a lot of our customers have plans in that direction, how to make it easy. How do we make, how do we make available to true kind of shopping experience that anybody in your organization can, in a very easy search first way, find the right data product, find the right dataset, that data can then consume usage analytics. How do you, how do we help organizations drive adoption, tell them where they're working really well and where they have opportunities homepages again to, to make things easy for, for people, for anyone in your organization to kind of get started with ppia, you mentioned workflow designer, again, we have a very powerful enterprise platform. >>One of our key differentiators is the ability to really drive a lot of automation through workflows. And now we provided a new low code, no code kind of workflow designer experience. So, so really customers can take it to the next level. There's a lot more new product around K Bear Protect, which in partnership with Snowflake, which has been a strategic investor in kib, focused on how do we make access governance easier? How do we, how do we, how are we able to make sure that as you move to the cloud, things like access management, masking around sensitive data, PII data is managed as much more effective, effective rate, really excited about that product. There's more around data quality. Again, how do we, how do we get that deployed as easily and quickly and widely as we can? Moving that to the cloud has been a big part of our strategy. >>So we launch more data quality cloud product as well as making use of those, those native compute capabilities in platforms like Snowflake, Data, Bricks, Google, Amazon, and others. And so we are bettering a capability, a capability that we call push down. So actually pushing down the computer and data quality, the monitoring into the underlying platform, which again, from a scale performance and ease of use perspective is gonna make a massive difference. And then more broadly, we, we talked a little bit about the ecosystem. Again, integrations, we talk about being able to connect to every source. Integrations are absolutely critical and we're really excited to deliver new integrations with Snowflake, Azure and Google Cloud storage as well. So there's a lot coming out. The, the team has been work at work really hard and we are really, really excited about what we are coming, what we're bringing to markets. >>Yeah, a lot going on there. I wonder if you could give us your, your closing thoughts. I mean, you, you talked about, you know, the marketplace, you know, you think about data mesh, you think of data as product, one of the key principles you think about monetization. This is really different than what we've been used to in data, which is just getting the technology to work has been been so hard. So how do you see sort of the future and, you know, give us the, your closing thoughts please? >>Yeah, absolutely. And I, and I think we we're really at this pivotal moment, and I think you said it well. We, we all know the constraint and the challenges with data, how to actually do data at scale. And while we've seen a ton of innovation on the infrastructure side, we fundamentally believe that just getting a faster database is important, but it's not gonna fully solve the challenges and truly kind of deliver on the opportunity. And that's why now is really the time to deliver this data intelligence vision, this data intelligence platform. We are still early, making it as easy as we can. It's kind of, of our, it's our mission. And so I'm really, really excited to see what we, what we are gonna, how the marks gonna evolve over the next, next few quarters and years. I think the trend is clearly there when we talk about data mesh, this kind of federated approach folks on data products is just another signal that we believe that a lot of our organization are now at the time. >>The understanding need to go beyond just the technology. I really, really think about how do we actually scale data as a business function, just like we've done with it, with, with hr, with, with sales and marketing, with finance. That's how we need to think about data. I think now is the time given the economic environment that we are in much more focus on control, much more focused on productivity efficiency and now's the time. We need to look beyond just the technology and infrastructure to think of how to scale data, how to manage data at scale. >>Yeah, it's a new era. The next 10 years of data won't be like the last, as I always say. Felix, thanks so much and good luck in, in San Diego. I know you're gonna crush it out there. >>Thank you Dave. >>Yeah, it's a great spot for an in-person event and, and of course the content post event is gonna be available@collibra.com and you can of course catch the cube coverage@thecube.net and all the news@siliconangle.com. This is Dave Valante for the cube, your leader in enterprise and emerging tech coverage. >>Hi, I'm Jay from Collibra's Data Office. Today I want to talk to you about Collibra's data intelligence cloud. We often say Collibra is a single system of engagement for all of your data. Now, when I say data, I mean data in the broadest sense of the word, including reference and metadata. Think of metrics, reports, APIs, systems, policies, and even business processes that produce or consume data. Now, the beauty of this platform is that it ensures all of your users have an easy way to find, understand, trust, and access data. But how do you get started? Well, here are seven steps to help you get going. One, start with the data. What's data intelligence? Without data leverage the Collibra data catalog to automatically profile and classify your enterprise data wherever that data lives, databases, data lakes or data warehouses, whether on the cloud or on premise. >>Two, you'll then wanna organize the data and you'll do that with data communities. This can be by department, find a business or functional team, however your organization organizes work and accountability. And for that you'll establish community owners, communities, make it easy for people to navigate through the platform, find the data and will help create a sense of belonging for users. An important and related side note here, we find it's typical in many organizations that data is thought of is just an asset and IT and data offices are viewed as the owners of it and who are really the central teams performing analytics as a service provider to the enterprise. We believe data is more than an asset, it's a true product that can be converted to value. And that also means establishing business ownership of data where that strategy and ROI come together with subject matter expertise. >>Okay, three. Next, back to those communities there, the data owners should explain and define their data, not just the tables and columns, but also the related business terms, metrics and KPIs. These objects we call these assets are typically organized into business glossaries and data dictionaries. I definitely recommend starting with the topics that are most important to the business. Four, those steps that enable you and your users to have some fun with it. Linking everything together builds your knowledge graph and also known as a metadata graph by linking or relating these assets together. For example, a data set to a KPI to a report now enables your users to see what we call the lineage diagram that visualizes where the data in your dashboards actually came from and what the data means and who's responsible for it. Speaking of which, here's five. Leverage the calibra trusted business reporting solution on the marketplace, which comes with workflows for those owners to certify their reports, KPIs, and data sets. >>This helps them force their trust in their data. Six, easy to navigate dashboards or landing pages right in your platform for your company's business processes are the most effective way for everyone to better understand and take action on data. Here's a pro tip, use the dashboard design kit on the marketplace to help you build compelling dashboards. Finally, seven, promote the value of this to your users and be sure to schedule enablement office hours and new employee onboarding sessions to get folks excited about what you've built and implemented. Better yet, invite all of those community and data owners to these sessions so that they can show off the value that they've created. Those are my seven tips to get going with Collibra. I hope these have been useful. For more information, be sure to visit collibra.com. >>Welcome to the Cube's coverage of Data Citizens 2022 Collibra's customer event. My name is Dave Valante. With us is Kirk Hasselbeck, who's the vice president of Data Quality of Collibra Kirk, good to see you. Welcome. >>Thanks for having me, Dave. Excited to be here. >>You bet. Okay, we're gonna discuss data quality observability. It's a hot trend right now. You founded a data quality company, OWL dq, and it was acquired by Collibra last year. Congratulations. And now you lead data quality at Collibra. So we're hearing a lot about data quality right now. Why is it such a priority? Take us through your thoughts on that. >>Yeah, absolutely. It's, it's definitely exciting times for data quality, which you're right, has been around for a long time. So why now and why is it so much more exciting than it used to be? I think it's a bit stale, but we all know that companies use more data than ever before and the variety has changed and the volume has grown. And, and while I think that remains true, there are a couple other hidden factors at play that everyone's so interested in as, as to why this is becoming so important now. And, and I guess you could kind of break this down simply and think about if Dave, you and I were gonna build, you know, a new healthcare application and monitor the heartbeat of individuals, imagine if we get that wrong, you know, what the ramifications could be, what, what those incidents would look like, or maybe better yet, we try to build a, a new trading algorithm with a crossover strategy where the 50 day crosses the, the 10 day average. >>And imagine if the data underlying the inputs to that is incorrect. We will probably have major financial ramifications in that sense. So, you know, it kind of starts there where everybody's realizing that we're all data companies and if we are using bad data, we're likely making incorrect business decisions. But I think there's kind of two other things at play. You know, I, I bought a car not too long ago and my dad called and said, How many cylinders does it have? And I realized in that moment, you know, I might have failed him because, cause I didn't know. And, and I used to ask those types of questions about any lock brakes and cylinders and, and you know, if it's manual or, or automatic and, and I realized I now just buy a car that I hope works. And it's so complicated with all the computer chips, I, I really don't know that much about it. >>And, and that's what's happening with data. We're just loading so much of it. And it's so complex that the way companies consume them in the IT function is that they bring in a lot of data and then they syndicate it out to the business. And it turns out that the, the individuals loading and consuming all of this data for the company actually may not know that much about the data itself, and that's not even their job anymore. So we'll talk more about that in a minute, but that's really what's setting the foreground for this observability play and why everybody's so interested. It, it's because we're becoming less close to the intricacies of the data and we just expect it to always be there and be correct. >>You know, the other thing too about data quality, and for years we did the MIT CDO IQ event, we didn't do it last year, Covid messed everything up. But the observation I would make there thoughts is, is it data quality? Used to be information quality used to be this back office function, and then it became sort of front office with financial services and government and healthcare, these highly regulated industries. And then the whole chief data officer thing happened and people were realizing, well, they sort of flipped the bit from sort of a data as a, a risk to data as a, as an asset. And now as we say, we're gonna talk about observability. And so it's really become front and center just the whole quality issue because data's so fundamental, hasn't it? >>Yeah, absolutely. I mean, let's imagine we pull up our phones right now and I go to my, my favorite stock ticker app and I check out the NASDAQ market cap. I really have no idea if that's the correct number. I know it's a number, it looks large, it's in a numeric field. And, and that's kind of what's going on. There's, there's so many numbers and they're coming from all of these different sources and data providers and they're getting consumed and passed along. But there isn't really a way to tactically put controls on every number and metric across every field we plan to monitor, but with the scale that we've achieved in early days, even before calibra. And what's been so exciting is we have these types of observation techniques, these data monitors that can actually track past performance of every field at scale. And why that's so interesting and why I think the CDO is, is listening right intently nowadays to this topic is, so maybe we could surface all of these problems with the right solution of data observability and with the right scale and then just be alerted on breaking trends. So we're sort of shifting away from this world of must write a condition and then when that condition breaks, that was always known as a break record. But what about breaking trends and root cause analysis? And is it possible to do that, you know, with less human intervention? And so I think most people are seeing now that it's going to have to be a software tool and a computer system. It's, it's not ever going to be based on one or two domain experts anymore. >>So, So how does data observability relate to data quality? Are they sort of two sides of the same coin? Are they, are they cousins? What's your perspective on that? >>Yeah, it's, it's super interesting. It's an emerging market. So the language is changing a lot of the topic and areas changing the way that I like to say it or break it down because the, the lingo is constantly moving is, you know, as a target on this space is really breaking records versus breaking trends. And I could write a condition when this thing happens, it's wrong and when it doesn't it's correct. Or I could look for a trend and I'll give you a good example. You know, everybody's talking about fresh data and stale data and, and why would that matter? Well, if your data never arrived or only part of it arrived or didn't arrive on time, it's likely stale and there will not be a condition that you could write that would show you all the good in the bads. That was kind of your, your traditional approach of data quality break records. But your modern day approach is you lost a significant portion of your data, or it did not arrive on time to make that decision accurately on time. And that's a hidden concern. Some people call this freshness, we call it stale data, but it all points to the same idea of the thing that you're observing may not be a data quality condition anymore. It may be a breakdown in the data pipeline. And with thousands of data pipelines in play for every company out there there, there's more than a couple of these happening every day. >>So what's the Collibra angle on all this stuff made the acquisition, you got data quality observability coming together, you guys have a lot of expertise in, in this area, but you hear providence of data, you just talked about, you know, stale data, you know, the, the whole trend toward real time. How is Calibra approaching the problem and what's unique about your approach? >>Well, I think where we're fortunate is with our background, myself and team, we sort of lived this problem for a long time, you know, in, in the Wall Street days about a decade ago. And we saw it from many different angles. And what we came up with before it was called data observability or reliability was basically the, the underpinnings of that. So we're a little bit ahead of the curve there when most people evaluate our solution, it's more advanced than some of the observation techniques that that currently exist. But we've also always covered data quality and we believe that people want to know more, they need more insights, and they want to see break records and breaking trends together so they can correlate the root cause. And we hear that all the time. I have so many things going wrong, just show me the big picture, help me find the thing that if I were to fix it today would make the most impact. So we're really focused on root cause analysis, business impact, connecting it with lineage and catalog metadata. And as that grows, you can actually achieve total data governance at this point with the acquisition of what was a Lineage company years ago, and then my company Ldq now Collibra, Data quality Collibra may be the best positioned for total data governance and intelligence in the space. >>Well, you mentioned financial services a couple of times and some examples, remember the flash crash in 2010. Nobody had any idea what that was, you know, they just said, Oh, it's a glitch, you know, so they didn't understand the root cause of it. So this is a really interesting topic to me. So we know at Data Citizens 22 that you're announcing, you gotta announce new products, right? You're yearly event what's, what's new. Give us a sense as to what products are coming out, but specifically around data quality and observability. >>Absolutely. There's this, you know, there's always a next thing on the forefront. And the one right now is these hyperscalers in the cloud. So you have databases like Snowflake and Big Query and Data Bricks is Delta Lake and SQL Pushdown. And ultimately what that means is a lot of people are storing in loading data even faster in a SaaS like model. And we've started to hook in to these databases. And while we've always worked with the the same databases in the past, they're supported today we're doing something called Native Database pushdown, where the entire compute and data activity happens in the database. And why that is so interesting and powerful now is everyone's concerned with something called Egress. Did your, my data that I've spent all this time and money with my security team securing ever leave my hands, did it ever leave my secure VPC as they call it? >>And with these native integrations that we're building and about to unveil, here's kind of a sneak peek for, for next week at Data Citizens. We're now doing all compute and data operations in databases like Snowflake. And what that means is with no install and no configuration, you could log into the Collibra data quality app and have all of your data quality running inside the database that you've probably already picked as your your go forward team selection secured database of choice. So we're really excited about that. And I think if you look at the whole landscape of network cost, egress, cost, data storage and compute, what people are realizing is it's extremely efficient to do it in the way that we're about to release here next week. >>So this is interesting because what you just described, you know, you mentioned Snowflake, you mentioned Google, Oh actually you mentioned yeah, data bricks. You know, Snowflake has the data cloud. If you put everything in the data cloud, okay, you're cool, but then Google's got the open data cloud. If you heard, you know, Google next and now data bricks doesn't call it the data cloud, but they have like the open source data cloud. So you have all these different approaches and there's really no way up until now I'm, I'm hearing to, to really understand the relationships between all those and have confidence across, you know, it's like Jak Dani, you should just be a note on the mesh. And I don't care if it's a data warehouse or a data lake or where it comes from, but it's a point on that mesh and I need tooling to be able to have confidence that my data is governed and has the proper lineage, providence. And, and, and that's what you're bringing to the table, Is that right? Did I get that right? >>Yeah, that's right. And it's, for us, it's, it's not that we haven't been working with those great cloud databases, but it's the fact that we can send them the instructions now, we can send them the, the operating ability to crunch all of the calculations, the governance, the quality, and get the answers. And what that's doing, it's basically zero network costs, zero egress cost, zero latency of time. And so when you were to log into Big Query tomorrow using our tool or like, or say Snowflake for example, you have instant data quality metrics, instant profiling, instant lineage and access privacy controls, things of that nature that just become less onerous. What we're seeing is there's so much technology out there, just like all of the major brands that you mentioned, but how do we make it easier? The future is about less clicks, faster time to value, faster scale, and eventually lower cost. And, and we think that this positions us to be the leader there. >>I love this example because, you know, Barry talks about, wow, the cloud guys are gonna own the world and, and of course now we're seeing that the ecosystem is finding so much white space to add value, connect across cloud. Sometimes we call it super cloud and so, or inter clouding. All right, Kirk, give us your, your final thoughts and on on the trends that we've talked about and Data Citizens 22. >>Absolutely. Well, I think, you know, one big trend is discovery and classification. Seeing that across the board, people used to know it was a zip code and nowadays with the amount of data that's out there, they wanna know where everything is, where their sensitive data is. If it's redundant, tell me everything inside of three to five seconds. And with that comes, they want to know in all of these hyperscale databases how fast they can get controls and insights out of their tools. So I think we're gonna see more one click solutions, more SAS based solutions and solutions that hopefully prove faster time to value on, on all of these modern cloud platforms. >>Excellent. All right, Kurt Hasselbeck, thanks so much for coming on the Cube and previewing Data Citizens 22. Appreciate it. >>Thanks for having me, Dave. >>You're welcome. Right, and thank you for watching. Keep it right there for more coverage from the Cube. Welcome to the Cube's virtual Coverage of Data Citizens 2022. My name is Dave Valante and I'm here with Laura Sellers, who's the Chief Product Officer at Collibra, the host of Data Citizens. Laura, welcome. Good to see you. >>Thank you. Nice to be here. >>Yeah, your keynote at Data Citizens this year focused on, you know, your mission to drive ease of use and scale. Now when I think about historically fast access to the right data at the right time in a form that's really easily consumable, it's been kind of challenging, especially for business users. Can can you explain to our audience why this matters so much and what's actually different today in the data ecosystem to make this a reality? >>Yeah, definitely. So I think what we really need and what I hear from customers every single day is that we need a new approach to data management and our product teams. What inspired me to come to Calibra a little bit a over a year ago was really the fact that they're very focused on bringing trusted data to more users across more sources for more use cases. And so as we look at what we're announcing with these innovations of ease of use and scale, it's really about making teams more productive in getting started with and the ability to manage data across the entire organization. So we've been very focused on richer experiences, a broader ecosystem of partners, as well as a platform that delivers performance, scale and security that our users and teams need and demand. So as we look at, Oh, go ahead. >>I was gonna say, you know, when I look back at like the last 10 years, it was all about getting the technology to work and it was just so complicated. But, but please carry on. I'd love to hear more about this. >>Yeah, I, I really, you know, Collibra is a system of engagement for data and we really are working on bringing that entire system of engagement to life for everyone to leverage here and now. So what we're announcing from our ease of use side of the world is first our data marketplace. This is the ability for all users to discover and access data quickly and easily shop for it, if you will. The next thing that we're also introducing is the new homepage. It's really about the ability to drive adoption and have users find data more quickly. And then the two more areas of the ease of use side of the world is our world of usage analytics. And one of the big pushes and passions we have at Collibra is to help with this data driven culture that all companies are trying to create. And also helping with data literacy, with something like usage analytics, it's really about driving adoption of the CLE platform, understanding what's working, who's accessing it, what's not. And then finally we're also introducing what's called workflow designer. And we love our workflows at Libra, it's a big differentiator to be able to automate business processes. The designer is really about a way for more people to be able to create those workflows, collaborate on those workflow flows, as well as people to be able to easily interact with them. So a lot of exciting things when it comes to ease of use to make it easier for all users to find data. >>Y yes, there's definitely a lot to unpack there. I I, you know, you mentioned this idea of, of of, of shopping for the data. That's interesting to me. Why this analogy, metaphor or analogy, I always get those confused. I let's go with analogy. Why is it so important to data consumers? >>I think when you look at the world of data, and I talked about this system of engagement, it's really about making it more accessible to the masses. And what users are used to is a shopping experience like your Amazon, if you will. And so having a consumer grade experience where users can quickly go in and find the data, trust that data, understand where the data's coming from, and then be able to quickly access it, is the idea of being able to shop for it, just making it as simple as possible and really speeding the time to value for any of the business analysts, data analysts out there. >>Yeah, I think when you, you, you see a lot of discussion about rethinking data architectures, putting data in the hands of the users and business people, decentralized data and of course that's awesome. I love that. But of course then you have to have self-service infrastructure and you have to have governance. And those are really challenging. And I think so many organizations, they're facing adoption challenges, you know, when it comes to enabling teams generally, especially domain experts to adopt new data technologies, you know, like the, the tech comes fast and furious. You got all these open source projects and get really confusing. Of course it risks security, governance and all that good stuff. You got all this jargon. So where do you see, you know, the friction in adopting new data technologies? What's your point of view and how can organizations overcome these challenges? >>You're, you're dead on. There's so much technology and there's so much to stay on top of, which is part of the friction, right? It's just being able to stay ahead of, of and understand all the technologies that are coming. You also look at as there's so many more sources of data and people are migrating data to the cloud and they're migrating to new sources. Where the friction comes is really that ability to understand where the data came from, where it's moving to, and then also to be able to put the access controls on top of it. So people are only getting access to the data that they should be getting access to. So one of the other things we're announcing with, with all of the innovations that are coming is what we're doing around performance and scale. So with all of the data movement, with all of the data that's out there, the first thing we're launching in the world of performance and scale is our world of data quality. >>It's something that Collibra has been working on for the past year and a half, but we're launching the ability to have data quality in the cloud. So it's currently an on-premise offering, but we'll now be able to carry that over into the cloud for us to manage that way. We're also introducing the ability to push down data quality into Snowflake. So this is, again, one of those challenges is making sure that that data that you have is d is is high quality as you move forward. And so really another, we're just reducing friction. You already have Snowflake stood up. It's not another machine for you to manage, it's just push down capabilities into Snowflake to be able to track that quality. Another thing that we're launching with that is what we call Collibra Protect. And this is that ability for users to be able to ingest metadata, understand where the PII data is, and then set policies up on top of it. So very quickly be able to set policies and have them enforced at the data level. So anybody in the organization is only getting access to the data they should have access to. >>Here's Topica data quality is interesting. It's something that I've followed for a number of years. It used to be a back office function, you know, and really confined only to highly regulated industries like financial services and healthcare and government. You know, you look back over a decade ago, you didn't have this worry about personal information, g gdpr, and, you know, California Consumer Privacy Act all becomes, becomes so much important. The cloud is really changed things in terms of performance and scale and of course partnering for, for, with Snowflake it's all about sharing data and monetization, anything but a back office function. So it was kind of smart that you guys were early on and of course attracting them and as a, as an investor as well was very strong validation. What can you tell us about the nature of the relationship with Snowflake and specifically inter interested in sort of joint engineering or, and product innovation efforts, you know, beyond the standard go to market stuff? >>Definitely. So you mentioned there were a strategic investor in Calibra about a year ago. A little less than that I guess. We've been working with them though for over a year really tightly with their product and engineering teams to make sure that Collibra is adding real value. Our unified platform is touching pieces of our unified platform or touching all pieces of Snowflake. And when I say that, what I mean is we're first, you know, able to ingest data with Snowflake, which, which has always existed. We're able to profile and classify that data we're announcing with Calibra Protect this week that you're now able to create those policies on top of Snowflake and have them enforce. So again, people can get more value out of their snowflake more quickly as far as time to value with, with our policies for all business users to be able to create. >>We're also announcing Snowflake Lineage 2.0. So this is the ability to take stored procedures in Snowflake and understand the lineage of where did the data come from, how was it transformed with within Snowflake as well as the data quality. Pushdown, as I mentioned, data quality, you brought it up. It is a new, it is a, a big industry push and you know, one of the things I think Gartner mentioned is people are losing up to $15 million without having great data quality. So this push down capability for Snowflake really is again, a big ease of use push for us at Collibra of that ability to, to push it into snowflake, take advantage of the data, the data source, and the engine that already lives there and get the right and make sure you have the right quality. >>I mean, the nice thing about Snowflake, if you play in the Snowflake sandbox, you, you, you, you can get sort of a, you know, high degree of confidence that the data sharing can be done in a safe way. Bringing, you know, Collibra into the, into the story allows me to have that data quality and, and that governance that I, that I need. You know, we've said many times on the cube that one of the notable differences in cloud this decade versus last decade, I mean ob there are obvious differences just in terms of scale and scope, but it's shaping up to be about the strength of the ecosystems. That's really a hallmark of these big cloud players. I mean they're, it's a key factor for innovating, accelerating product delivery, filling gaps in, in the hyperscale offerings cuz you got more stack, you know, mature stack capabilities and you know, it creates this flywheel momentum as we often say. But, so my question is, how do you work with the hyperscalers? Like whether it's AWS or Google, whomever, and what do you see as your role and what's the Collibra sweet spot? >>Yeah, definitely. So, you know, one of the things I mentioned early on is the broader ecosystem of partners is what it's all about. And so we have that strong partnership with Snowflake. We also are doing more with Google around, you know, GCP and kbra protect there, but also tighter data plex integration. So similar to what you've seen with our strategic moves around Snowflake and, and really covering the broad ecosystem of what Collibra can do on top of that data source. We're extending that to the world of Google as well and the world of data plex. We also have great partners in SI's Infosys is somebody we spoke with at the conference who's done a lot of great work with Levi's as they're really important to help people with their whole data strategy and driving that data driven culture and, and Collibra being the core of it. >>Hi Laura, we're gonna, we're gonna end it there, but I wonder if you could kind of put a bow on, you know, this year, the event your, your perspectives. So just give us your closing thoughts. >>Yeah, definitely. So I, I wanna say this is one of the biggest releases Collibra's ever had. Definitely the biggest one since I've been with the company a little over a year. We have all these great new product innovations coming to really drive the ease of use to make data more valuable for users everywhere and, and companies everywhere. And so it's all about everybody being able to easily find, understand, and trust and get access to that data going forward. >>Well congratulations on all the pro progress. It was great to have you on the cube first time I believe, and really appreciate you, you taking the time with us. >>Yes, thank you for your time. >>You're very welcome. Okay, you're watching the coverage of Data Citizens 2022 on the cube, your leader in enterprise and emerging tech coverage. >>So data modernization oftentimes means moving some of your storage and computer to the cloud where you get the benefit of scale and security and so on. But ultimately it doesn't take away the silos that you have. We have more locations, more tools and more processes with which we try to get value from this data. To do that at scale in an organization, people involved in this process, they have to understand each other. So you need to unite those people across those tools, processes, and systems with a shared language. When I say customer, do you understand the same thing as you hearing customer? Are we counting them in the same way so that shared language unites us and that gives the opportunity for the organization as a whole to get the maximum value out of their data assets and then they can democratize data so everyone can properly use that shared language to find, understand, and trust the data asset that's available. >>And that's where Collibra comes in. We provide a centralized system of engagement that works across all of those locations and combines all of those different user types across the whole business. At Collibra, we say United by data and that also means that we're united by data with our customers. So here is some data about some of our customers. There was the case of an online do it yourself platform who grew their revenue almost three times from a marketing campaign that provided the right product in the right hands of the right people. In other case that comes to mind is from a financial services organization who saved over 800 K every year because they were able to reuse the same data in different kinds of reports and before there was spread out over different tools and processes and silos, and now the platform brought them together so they realized, oh, we're actually using the same data, let's find a way to make this more efficient. And the last example that comes to mind is that of a large home loan, home mortgage, mortgage loan provider where they have a very complex landscape, a very complex architecture legacy in the cloud, et cetera. And they're using our software, they're using our platform to unite all the people and those processes and tools to get a common view of data to manage their compliance at scale. >>Hey everyone, I'm Lisa Martin covering Data Citizens 22, brought to you by Collibra. This next conversation is gonna focus on the importance of data culture. One of our Cube alumni is back, Stan Christians is Collibra's co-founder and it's Chief Data citizens. Stan, it's great to have you back on the cube. >>Hey Lisa, nice to be. >>So we're gonna be talking about the importance of data culture, data intelligence, maturity, all those great things. When we think about the data revolution that every business is going through, you know, it's so much more than technology innovation. It also really re requires cultural transformation, community transformation. Those are challenging for customers to undertake. Talk to us about what you mean by data citizenship and the role that creating a data culture plays in that journey. >>Right. So as you know, our event is called Data Citizens because we believe that in the end, a data citizen is anyone who uses data to do their job. And we believe that today's organizations, you have a lot of people, most of the employees in an organization are somehow gonna to be a data citizen, right? So you need to make sure that these people are aware of it. You need that. People have skills and competencies to do with data what necessary and that's on, all right? So what does it mean to have a good data culture? It means that if you're building a beautiful dashboard to try and convince your boss, we need to make this decision that your boss is also open to and able to interpret, you know, the data presented in dashboard to actually make that decision and take that action. Right? >>And once you have that why to the organization, that's when you have a good data culture. Now that's continuous effort for most organizations because they're always moving, somehow they're hiring new people and it has to be continuous effort because we've seen that on the hand. Organizations continue challenged their data sources and where all the data is flowing, right? Which in itself creates a lot of risk. But also on the other set hand of the equation, you have the benefit. You know, you might look at regulatory drivers like, we have to do this, right? But it's, it's much better right now to consider the competitive drivers, for example, and we did an IDC study earlier this year, quite interesting. I can recommend anyone to it. And one of the conclusions they found as they surveyed over a thousand people across organizations worldwide is that the ones who are higher in maturity. >>So the, the organizations that really look at data as an asset, look at data as a product and actively try to be better at it, don't have three times as good a business outcome as the ones who are lower on the maturity scale, right? So you can say, ok, I'm doing this, you know, data culture for everyone, awakening them up as data citizens. I'm doing this for competitive reasons, I'm doing this re reasons you're trying to bring both of those together and the ones that get data intelligence right, are successful and competitive. That's, and that's what we're seeing out there in the market. >>Absolutely. We know that just generally stand right, the organizations that are, are really creating a, a data culture and enabling everybody within the organization to become data citizens are, We know that in theory they're more competitive, they're more successful. But the IDC study that you just mentioned demonstrates they're three times more successful and competitive than their peers. Talk about how Collibra advises customers to create that community, that culture of data when it might be challenging for an organization to adapt culturally. >>Of course, of course it's difficult for an organization to adapt but it's also necessary, as you just said, imagine that, you know, you're a modern day organization, laptops, what have you, you're not using those, right? Or you know, you're delivering them throughout organization, but not enabling your colleagues to actually do something with that asset. Same thing as through with data today, right? If you're not properly using the data asset and competitors are, they're gonna to get more advantage. So as to how you get this done, establish this. There's angles to look at, Lisa. So one angle is obviously the leadership whereby whoever is the boss of data in the organization, you typically have multiple bosses there, like achieve data officers. Sometimes there's, there's multiple, but they may have a different title, right? So I'm just gonna summarize it as a data leader for a second. >>So whoever that is, they need to make sure that there's a clear vision, a clear strategy for data. And that strategy needs to include the monetization aspect. How are you going to get value from data? Yes. Now that's one part because then you can leadership in the organization and also the business value. And that's important. Cause those people, their job in essence really is to make everyone in the organization think about data as an asset. And I think that's the second part of the equation of getting that right, is it's not enough to just have that leadership out there, but you also have to get the hearts and minds of the data champions across the organization. You, I really have to win them over. And if you have those two combined and obviously a good technology to, you know, connect those people and have them execute on their responsibilities such as a data intelligence platform like s then the in place to really start upgrading that culture inch by inch if you'll, >>Yes, I like that. The recipe for success. So you are the co-founder of Collibra. You've worn many different hats along this journey. Now you're building Collibra's own data office. I like how before we went live, we were talking about Calibra is drinking its own champagne. I always loved to hear stories about that. You're speaking at Data Citizens 2022. Talk to us about how you are building a data culture within Collibra and what maybe some of the specific projects are that Collibra's data office is working on. >>Yes, and it is indeed data citizens. There are a ton of speaks here, are very excited. You know, we have Barb from m MIT speaking about data monetization. We have Dilla at the last minute. So really exciting agen agenda. Can't wait to get back out there essentially. So over the years at, we've doing this since two and eight, so a good years and I think we have another decade of work ahead in the market, just to be very clear. Data is here to stick around as are we. And myself, you know, when you start a company, we were for people in a, if you, so everybody's wearing all sorts of hat at time. But over the years I've run, you know, presales that sales partnerships, product cetera. And as our company got a little bit biggish, we're now thousand two. Something like people in the company. >>I believe systems and processes become a lot important. So we said you CBRA isn't the size our customers we're getting there in of organization structure, process systems, et cetera. So we said it's really time for us to put our money where is and to our own data office, which is what we were seeing customers', organizations worldwide. And they organizations have HR units, they have a finance unit and over time they'll all have a department if you'll, that is responsible somehow for the data. So we said, ok, let's try to set an examples that other people can take away with it, right? Can take away from it. So we set up a data strategy, we started building data products, took care of the data infrastructure. That's sort of good stuff. And in doing all of that, ISA exactly as you said, we said, okay, we need to also use our product and our own practices and from that use, learn how we can make the product better, learn how we make, can make the practice better and share that learning with all the, and on, on the Monday mornings, we sometimes refer to eating our dog foods on Friday evenings. >>We referred to that drinking our own champagne. I like it. So we, we had a, we had the driver to do this. You know, there's a clear business reason. So we involved, we included that in the data strategy and that's a little bit of our origin. Now how, how do we organize this? We have three pillars, and by no means is this a template that everyone should, this is just the organization that works at our company, but it can serve as an inspiration. So we have a pillar, which is data science. The data product builders, if you'll or the people who help the business build data products. We have the data engineers who help keep the lights on for that data platform to make sure that the products, the data products can run, the data can flow and you know, the quality can be checked. >>And then we have a data intelligence or data governance builders where we have those data governance, data intelligence stakeholders who help the business as a sort of data partner to the business stakeholders. So that's how we've organized it. And then we started following the CBRA approach, which is, well, what are the challenges that our business stakeholders have in hr, finance, sales, marketing all over? And how can data help overcome those challenges? And from those use cases, we then just started to build a map and started execution use of the use case. And a important ones are very simple. We them with our, our customers as well, people talking about the cata, right? The catalog for the data scientists to know what's in their data lake, for example, and for the people in and privacy. So they have their process registry and they can see how the data flows. >>So that's a starting place and that turns into a marketplace so that if new analysts and data citizens join kbra, they immediately have a place to go to, to look at, see, ok, what data is out there for me as an analyst or a data scientist or whatever to do my job, right? So they can immediately get access data. And another one that we is around trusted business. We're seeing that since, you know, self-service BI allowed everyone to make beautiful dashboards, you know, pie, pie charts. I always, my pet pee is the pie chart because I love buy and you shouldn't always be using pie charts. But essentially there's become proliferation of those reports. And now executives don't really know, okay, should I trust this report or that report the reporting on the same thing. But the numbers seem different, right? So that's why we have trusted this reporting. So we know if a, the dashboard, a data product essentially is built, we not that all the right steps are being followed and that whoever is consuming that can be quite confident in the result either, Right. And that silver browser, right? Absolutely >>Decay. >>Exactly. Yes, >>Absolutely. Talk a little bit about some of the, the key performance indicators that you're using to measure the success of the data office. What are some of those KPIs? >>KPIs and measuring is a big topic in the, in the data chief data officer profession, I would say, and again, it always varies with to your organization, but there's a few that we use that might be of interest. Use those pillars, right? And we have metrics across those pillars. So for example, a pillar on the data engineering side is gonna be more related to that uptime, right? Are the, is the data platform up and running? Are the data products up and running? Is the quality in them good enough? Is it going up? Is it going down? What's the usage? But also, and especially if you're in the cloud and if consumption's a big thing, you have metrics around cost, for example, right? So that's one set of examples. Another one is around the data sciences and products. Are people using them? Are they getting value from it? >>Can we calculate that value in ay perspective, right? Yeah. So that we can to the rest of the business continue to say we're tracking all those numbers and those numbers indicate that value is generated and how much value estimated in that region. And then you have some data intelligence, data governance metrics, which is, for example, you have a number of domains in a data mesh. People talk about being the owner of a data domain, for example, like product or, or customer. So how many of those domains do you have covered? How many of them are already part of the program? How many of them have owners assigned? How well are these owners organized, executing on their responsibilities? How many tickets are open closed? How many data products are built according to process? And so and so forth. So these are an set of examples of, of KPIs. There's a, there's a lot more, but hopefully those can already inspire the audience. >>Absolutely. So we've, we've talked about the rise cheap data offices, it's only accelerating. You mentioned this is like a 10 year journey. So if you were to look into a crystal ball, what do you see in terms of the maturation of data offices over the next decade? >>So we, we've seen indeed the, the role sort of grow up, I think in, in thousand 10 there may have been like 10 achieve data officers or something. Gartner has exact numbers on them, but then they grew, you know, industries and the number is estimated to be about 20,000 right now. Wow. And they evolved in a sort of stack of competencies, defensive data strategy, because the first chief data officers were more regulatory driven, offensive data strategy support for the digital program. And now all about data products, right? So as a data leader, you now need all of those competences and need to include them in, in your strategy. >>How is that going to evolve for the next couple of years? I wish I had one of those balls, right? But essentially I think for the next couple of years there's gonna be a lot of people, you know, still moving along with those four levels of the stack. A lot of people I see are still in version one and version two of the chief data. So you'll see over the years that's gonna evolve more digital and more data products. So for next years, my, my prediction is it's all products because it's an immediate link between data and, and the essentially, right? Right. So that's gonna be important and quite likely a new, some new things will be added on, which nobody can predict yet. But we'll see those pop up in a few years. I think there's gonna be a continued challenge for the chief officer role to become a real executive role as opposed to, you know, somebody who claims that they're executive, but then they're not, right? >>So the real reporting level into the board, into the CEO for example, will continue to be a challenging point. But the ones who do get that done will be the ones that are successful and the ones who get that will the ones that do it on the basis of data monetization, right? Connecting value to the data and making that value clear to all the data citizens in the organization, right? And in that sense, they'll need to have both, you know, technical audiences and non-technical audiences aligned of course. And they'll need to focus on adoption. Again, it's not enough to just have your data office be involved in this. It's really important that you're waking up data citizens across the organization and you make everyone in the organization think about data as an asset. >>Absolutely. Because there's so much value that can be extracted. Organizations really strategically build that data office and democratize access across all those data citizens. Stan, this is an exciting arena. We're definitely gonna keep our eyes on this. Sounds like a lot of evolution and maturation coming from the data office perspective. From the data citizen perspective. And as the data show that you mentioned in that IDC study, you mentioned Gartner as well, organizations have so much more likelihood of being successful and being competitive. So we're gonna watch this space. Stan, thank you so much for joining me on the cube at Data Citizens 22. We appreciate it. >>Thanks for having me over >>From Data Citizens 22, I'm Lisa Martin, you're watching The Cube, the leader in live tech coverage. >>Okay, this concludes our coverage of Data Citizens 2022, brought to you by Collibra. Remember, all these videos are available on demand@thecube.net. And don't forget to check out silicon angle.com for all the news and wiki bod.com for our weekly breaking analysis series where we cover many data topics and share survey research from our partner ETR Enterprise Technology Research. If you want more information on the products announced at Data Citizens, go to collibra.com. There are tons of resources there. You'll find analyst reports, product demos. It's really worthwhile to check those out. Thanks for watching our program and digging into Data Citizens 2022 on the Cube, your leader in enterprise and emerging tech coverage. We'll see you soon.

(bright upbeat music) >> Welcome back to Detroit guys and girls. Lisa Martin here with John Furrier. We've been on the floor at KubeCon + CloudNativeCon North America for about two days now. We've been breaking news, we would have a great conversations, John. We love talking with CUBE alumni whose companies are just taking off. And we get to do that next again. >> Well, this next segment's awesome. We have former CUBE host, Brian Gracely, here who's an executive in this company. And then the entrepreneur who we're going to talk with. She was on theCUBE when it just started now they're extremely successful. It's going to be a great conversation. >> It is, Idit Levine is here, the founder and CEO of solo.io. And as John mentioned, Brian Gracely. You know Brian. He's the VP of Product Marketing and Product Strategy now at solo.io. Guys, welcome to theCUBE, great to have you here. >> Thanks for having us. >> Idit: Thank so much for having us. >> Talk about what's going on. This is a rocket ship that you're riding. I was looking at your webpage, you have some amazing customers. T-Mobile, BMW, Amex, for a marketing guy it must be like, this is just- >> Brian: Yeah, you can't beat it. >> Kid in a candy store. >> Brian: Can't beat it. >> You can't beat it. >> For giant companies like that, giant brands, global, to trust a company of our size it's trust, it's great engineering, it's trust, it's fantastic. >> Idit, talk about the fast trajectory of this company and how you've been able to garner trust with such mass organizations in such a short time period. >> Yes, I think that mainly is just being the best. Honestly, that's the best approach I can say. The team that we build, honestly, and this is a great example of one of them, right? And we're basically getting the best people in the industry. So that's helpful a lot. We are very, very active on the open source community. So basically it building it, anyway, and by doing this they see us everywhere. They see our success. You're starting with a few customers, they're extremely successful and then you're just creating this amazing partnership with them. So we have a very, very unique way we're working with them. >> So hard work, good code. >> Yes. >> Smart people, experience. >> That's all you need. >> It's simple, why doesn't everyone do it? >> It's really easy. (all laughing) >> All good, congratulations. It's been fun to watch you guys grow. Brian, great to see you kicking butt in this great company. I got to ask about the landscape because I love the ServiceMeshCon you guys had on a co-located event on day zero here as part of that program, pretty packed house. >> Brian: Yep. >> A lot of great feedback. This whole ServiceMesh and where it fits in. You got Kubernetes. What's the update? Because everything's kind of coming together- >> Brian: Right. >> It's like jello in the refrigerator it kind of comes together at the same time. Where are we? >> I think the easiest way to think about it is, and it kind of mirrors this event perfectly. So the last four or five years, all about Kubernetes, built Kubernetes. So every one of our customers are the ones who have said, look, for the last two or three years, we've been building Kubernetes, we've had a certain amount of success with it, they're building applications faster, they're deploying and then that success leads to new challenges, right? So we sort of call that first Kubernetes part sort of CloudNative 1.0, this and this show is really CloudNative 2.0. What happens after Kubernetes service mesh? Is that what happens after Kubernetes? And for us, Istio now being part of the CNCF, huge, standardized, people are excited about it. And then we think we are the best at doing Istio from a service mesh perspective. So it's kind of perfect, perfect equation. >> Well, I'll turn it on, listen to your great Cloud cast podcast, plug there for you. You always say what is it and what isn't it? >> Brian: Yeah. >> What is your product and what isn't it? >> Yeah, so our product is, from a purely product perspective it's service mesh and API gateway. We integrate them in a way that nobody else does. So we make it easier to deploy, easier to manage, easier to secure. I mean, those two things ultimately are, if it's an internal API or it's an external API, we secure it, we route it, we can observe it. So if anybody's, you're building modern applications, you need this stuff in order to be able to go to market, deploy at scale all those sort of things. >> Idit, talk about some of your customer conversations. What are the big barriers that they've had, or the challenges, that solo.io comes in and just wipes off the table? >> Yeah, so I think that a lot of them, as Brian described it, very, rarely they had a success with Kubernetes, maybe a few clusters, but then they basically started to on-ramp more application on those clusters. They need more cluster maybe they want multi-class, multi-cloud. And they mainly wanted to enable the team, right? This is why we all here, right? What we wanted to eventually is to take a piece of the infrastructure and delegate it to our customers which is basically the application team. So I think that that's where they started to see the problem because it's one thing to take some open source project and deploy it very little bit but the scale, it's all about the scale. How do you enable all those millions of developers basically working on your platform? How do you scale multi-cloud? What's going on if one of them is down, how do you fill over? So that's exactly the problem that they have >> Lisa: Which is critical for- >> As bad as COVID was as a global thing, it was an amazing enabler for us because so many companies had to say... If you're a retail company, your front door was closed, but you still wanted to do business. So you had to figure out, how do I do mobile? How do I be agile? If you were a company that was dealing with like used cars your number of hits were through the roof because regular cars weren't available. So we have all these examples of companies who literally overnight, COVID was their digital transformation enabler. >> Lisa: Yes. Yes. >> And the scale that they had to deal with, the agility they had to deal with, and we sort of fit perfectly in that. They re-looked at what's our infrastructure look like? What's our security look like? We just happened to be right place in the right time. >> And they had skillset issues- >> Skillsets. >> Yeah. >> And the remote work- >> Right, right. >> Combined with- >> Exactly. >> Modern upgrade gun-to-the-head, almost, kind of mentality. >> And we're really an interesting company. Most of the interactions we do with customers is through Slack, obviously it was remote. We would probably be a great Slack case study in terms of how to do business because our customers engage with us, with engineers all over the world, they look like one team. But we can get them up and running in a POC, in a demo, get them through their things really, really fast. It's almost like going to the public cloud, but at whatever complexity they want. >> John: Nice workflow. >> So a lot of momentum for you guys silver linings during COVID, which is awesome we do hear a lot of those stories of positive things, the acceleration of digital transformation, and how much, as consumers, we've all benefited from that. Do you have one example, Brian, as the VP of product marketing, of a customer that you really think in the last two years just is solo.io's value proposition on a platter? >> I'll give you one that I think everybody can understand. So most people, at least in the United States, you've heard of Chick-fil-A, retail, everybody likes the chicken. 2,600 stores in the US, they all shut down and their business model, it's good food but great personal customer experience. That customer experience went away literally overnight. So they went from barely anybody using the mobile application, and hence APIs in the backend, half their business now goes through that to the point where, A, they shifted their business, they shifted their customer experience, and they physically rebuilt 2,600 stores. They have two drive-throughs now that instead of one, because now they have an entire one dedicated to that mobile experience. So something like that happening overnight, you could never do the ROI for it, but it's changed who they are. >> Lisa: Absolutely transformative. >> So, things like that, that's an example I think everybody can kind of relate to. Stuff like that happened. >> Yeah. >> And I think that's also what's special is, honestly, you're probably using a product every day. You just don't know that, right? When you're swiping your credit card or when you are ordering food, or when you using your phone, honestly the amount of customer they were having, the space, it's like so, every industry- >> John: How many customers do you have? >> I think close to 200 right now. >> Brian: Yeah. >> Yeah. >> How many employees, can you gimme some stats? Funding, employees? What's the latest statistics? >> We recently found a year ago $135 million for a billion dollar valuation. >> Nice. >> So we are a unicorn. I think when you took it we were around like 50 ish people. Right now we probably around 180, and we are growing, we probably be 200 really, really quick. And I think that what's really, really special as I said the interaction that we're doing with our customers, we're basically extending their team. So for each customer is basically a Slack channel. And then there is a lot of people, we are totally global. So we have people in APAC, in Australia, New Zealand, in Singapore we have in AMEA, in UK and in Spain and Paris, and other places, and of course all over US. >> So your use case on how to run a startup, scale up, during the pandemic, complete clean sheet of paper. >> Idit: We had to. >> And what happens, you got Slack channels as your customer service collaboration slash productivity. What else did you guys do differently that you could point to that's, I would call, a modern technique for an entrepreneurial scale? >> So I think that there's a few things that we are doing different. So first of all, in Solo, honestly, there is a few things that differentiated from, in my opinion, most of the companies here. Number one is look, you see this, this is a lot, a lot of new technology and one of the things that the customer is nervous the most is choosing the wrong one because we saw what happened, right? I don't know the orchestration world, right? >> John: So choosing and also integrating multiple things at the same time. >> Idit: Exactly. >> It's hard. >> And this is, I think, where Solo is expeditious coming to place. So I mean we have one team that is dedicated like open source contribution and working with all the open source community and I think we're really good at picking the right product and basically we're usually right, which is great. So if you're looking at Kubernetes, we went there for the beginning. If you're looking at something like service mesh Istio, we were all envoy proxy and out of process. So I think that by choosing these things, and now Cilium is something that we're also focusing on. I think that by using the right technology, first of all you know that it's very expensive to migrate from one to the other if you get it wrong. So I think that's one thing that is always really good at. But then once we actually getting those portal we basically very good at going and leading those community. So we are basically bringing the customers to the community itself. So we are leading this by being in the TOC members, right? The Technical Oversight Committee. And we are leading by actually contributing a lot. So if the customer needs something immediately, we will patch it for him and walk upstream. So that's kind of like the second thing. And the third one is innovation. And that's really important to us. So we pushing the boundaries. Ambient, that we announced a month ago with Google- >> And STO, the book that's out. >> Yes, the Ambient, it's basically a modern STO which is the future of SDL. We worked on it with Google and their NDA and we were listed last month. This is exactly an example of us basically saying we can do it better. We learn from our customers, which is huge. And now we know that we can do better. So this is the third thing, and the last one is the partnership. I mean honestly we are the extension team of the customer. We are there on Slack if they need something. Honestly, there is a reason why our renewal rate is 98.9 and our net extension is 135%. I mean customers are very, very happy. >> You deploy it, you make it right. >> Idit: Exactly, exactly. >> The other thing we did, and again this was during COVID, we didn't want to be a shell-for company. We didn't want to drop stuff off and you didn't know what to do with it. We trained nearly 10,000 people. We have something called Solo Academy, which is free, online workshops, they run all the time, people can come and get hands on training. So we're building an army of people that are those specialists that have that skill set. So we don't have to walk into shops and go like, well okay, I hope six months from now you guys can figure this stuff out. They're like, they've been doing that. >> And if their friends sees their friend, sees their friend. >> The other thing, and I got to figure out as a marketing person how to do this, we have more than a few handfuls of people that they've got promoted, they got promoted, they got promoted. We keep seeing people who deploy our technologies, who, because of this stuff they're doing- >> John: That's a good sign. They're doing it at at scale, >> John: That promoter score. >> They keep getting promoted. >> Yeah, that's amazing. >> That's a powerful sort of side benefit. >> Absolutely, that's a great thing to have for marketing. Last question before we ran out of time. You and I, Idit, were talking before we went live, your sessions here are overflowing. What's your overall sentiment of KubeCon 2022 and what feedback have you gotten from all the customers bursting at the seam to come talk to you guys? >> I think first of all, there was the pre-event which we had and it was a lot of fun. We talked to a lot of customer, most of them is 500, global successful company. So I think that people definitely... I will say that much. We definitely have the market feed, people interested in this. Brian described very well what we see here which is people try to figure out the CloudNative 2.0. So that's number one. The second thing is that there is a consolidation, which I like, I mean STO becoming right now a CNCF project I think it's a huge, huge thing for all the community. I mean, we're talking about all the big tweak cloud, we partner with them. I mean I think this is a big sign of we agree which I think is extremely important in this community. >> Congratulations on all your success. >> Thank you so much. >> And where can customers go to get their hands on this, solo.io? >> Solo.io? Yeah, absolutely. >> Awesome guys, this has been great. Congratulations on the momentum. >> Thank you. >> The rocket ship that you're riding. We know you got to get to the airport we're going to let you go. But we appreciate your insights and your time so much, thank you. >> Thank you so much. >> Thanks guys, we appreciate it. >> A pleasure. >> Thanks. >> For our guests and John Furrier, This is Lisa Martin live in Detroit, had to think about that for a second, at KubeCon 2022 CloudNativeCon. We'll be right back with our final guests of the day and then the show wraps, so stick around. (gentle music)

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

(upbeat music) >> Sustainability has become one of the hottest topics, not just in enterprise tech, but across all industries. The relentless pace of technology improvement over the decades and orders of magnitude increases in density have created heat, power and cooling problems that are increasingly challenging to remediate. Intense efforts have been implemented over the years around data center design techniques to dissipate heat, use ambient air, liquid cooling and many other approaches that have been brought to bear to get power usage effectiveness, PUE, as close to one as possible. Welcome to Better Together Sustainability, presented by the CUBE and brought to you by Hewlett Packard Enterprise and AMD. In this program we'll lay out today's challenges and how leading companies are engineering solutions to the problems just introduced, along with some recommendations, best practices and resources as to how you can initiate or enhance your sustainability journey. First up to help us better understand this important topic are John Fry, senior technologist IT efficiency and sustainability at Hewlett Packard Enterprise and Terry Richardson, North America channel chief for AMD. Gents, welcome. >> Great to be here. >> (indistinct). >> John, let's start at the high level here. Why is sustainability such an important topic today? Why now? Why is it such a challenge for customers and, and how are you guys approaching the solutions? >> The topic has been an important topic for a number of years, but what we're seeing across the world is more and more corporations are putting in place climate targets and sustainability goals. And at the same time, boards and CEOs are starting to be asked about the topic as well, making this topic much more important for technology leaders across the globe. At the same time, technology leaders are fighting with space, power and cooling constraints that caused them to rethink their approach to IT. To get a better sense of how wide this challenge is, we did a survey last year and we asked 500 technology leaders across the globe if they were implementing sustainable IT goals and metrics and programs within their infrastructure. Personally, I thought the answer would be about 40% of them had these programs. Actually it turned out to be 96% of them. And so when we asked them why they were implementing these programs and what was the primary driver, what we heard from them was three things. Those of them that were the early adopters and the ones that move were moving the fastest told us they were putting these programs in place to attract and retain institutional investors. If they're a publicly traded company, their investors were already asking their boards, their CEOs, wanting to know what their company was doing to drive efficiency within their technology operations. Those companies in the middle, the ones that were just moving along at the same pace as many other companies around the world, told us they were putting these programs in place to attract and retain their customers. Customers are increasingly asking the companies they do business with about their sustainability aspirations specifically how technology contributes to their carbon emissions and their sustainability goals. And so these customers want to make sure that they can keep their own customers. And finally, a third group, the digital followers, that group of companies that's a little slower adopting programs, more conservative in nature. They said they were implementing these programs to attract and retain employees. In fact, over the last year or so, every customer we've talked to when they describe their pain points and their challenges that we can try to help them meet, has had a difficulty in finding employees. And so what we know is these younger employees coming into the workforce, if you can show them how what they are going to be doing connects to the purpose of their company and connects to making the world a better place, you can attract them easier and you can retain them longer. So a variety of business reasons why companies are looking at these programs, but what we know is when they implement these programs they often reduce over-provisioning. They save money, they have a lower environmental footprint, and again they have an easier time attracting and retaining employees. So for all of these reasons, driving sustainability into your IT operations is a great thing to do. >> Yeah, I never would've expected 96%. And of course, investors, customers and employees. I mean, this is the big three. Terry what's AMD's perspective on this topic? In other words, what do you bring to the table and the partnership? I mean, I know processors, but what's unique about AMD's contribution? >> Yeah. Thanks Dave. And, and John, great to be with you. Appreciate the opportunity and the partnership. You know, we too are very focused on sustainability and enjoy our partnership with HPE very much in this area. You know, since 2017, when AMD introduced its epic processor family, there's been a couple of core design elements in that technology. One has to do with performance. And the second has to do with efficiency. Both are critically important to today's topic of sustainability because increasingly, customers are understanding and measuring performance per watt and fortunately, AMD really excels in this area. So whether we're talking about the larger super computers in the world, or even general purpose servers, customers can fundamentally do more with fewer AMD servers than competitive alternatives. And so, so we, we really bring a technology element on the processor side, CPU and GPU, to play a role in delivering real ability for customers to meet some of their core sustainability goals. And of course, in partnership with HPE, together we have really a compelling story. >> Great. Thank you, Terry. And, and John, wonder if you could talk to the differentiation that you bring from HPE's perspective, the total package. >> Yeah, of course. The first thing as partnership. As Terry mentioned, AMD and HPE have been working together since HPE was founded actually, to drive power efficiency up to meet the demands of our customers. At the same time, as our customers have asked more and more questions around technology sustainability, we've realized that we needed to not only develop a point of view on that from an HPE perspective, but actually write the white papers that give the customer guidance for sustainable IT strategies, for tech refresh cycles, give them some guidance on what are the right questions to ask technology vendors when they're buying technology equipment. So a series of white papers and you might not appreciate why, but this is a topic that you can't go get a college degree in and frankly can't even buy a book on. So for customers to get that knowledge, they want to get it from experienced professionals around the globe. And in fact, in the survey that I mentioned earlier, we asked customers, where's the number one place that you expect to get your sustainable IT information from? And they said, our technology vendors. So for us, it's really about driving that point of view, sharing it with customers, helping customers get better and even pointing out some of the unintended consequences. So a great example, Dave, you mentioned PUE earlier. Many customers have been driving PUE down for a number of years, but often the way that they did that was optimizing the data center building infrastructure. They got PUE pretty low. Now, one of the things that happens and customers need to be aware of this, particularly if they're focused on PUE as their primary metric, is when they optimize their IT stack and make that smaller, PUE actually goes up. And at first they think, well, wait a minute, that metric is going in the wrong direction. But when you remember it's a ratio, if you get that IT stack component smaller, then you're driving efficiency even if PUE goes the wrong direction. So part of the conversation then is you might want to look at PUE internally, but perhaps you've outgrown PUE and now have an opportunity to look at other metrics like carbon emissions per workload, or or power consumption per piece of equipment or rack. So all of this drives back to that upward trajectory that Terry was talking about where customers are really interested in power performance. So as we share those stories with customers, share the expertise how to move along this journey, that really provides great differentiation for HPE and AMD together. >> So that's interesting. So PUE is not necessarily the holy grail metric. There are other metrics that you, you should look at. Number one, and number two the way you interpret PUE is changing for the better. So thank you for that context. I wonder Terry, do, do you have any like proof points or examples that you can share? >> Yeah, so one that immediately comes to mind that was a manifestation of some terrific collaboration between AMD and HPE was their recently announced implementation of the Frontier supercomputer. That was a project that we collaborated on for a long time. And, and where we ended up was turning over to the government a supercomputer that is currently the highest performing in the world, broke the exaFLOP barrier. And probably even more importantly is number one on the Green500 list of the top super computers. And, and together we enjoy favorable rankings in other systems, but that's the one that, that really stands out in terms of at scale implementation to shine really a spotlight on what we can do together. Certainly for other customers doesn't have to be the world's largest super computer. It's not uncommon that we see customers just kind of in general purpose business applications in their data centers to be able to do more with less, you know, meaning, you know, you know a third of the servers oftentimes delivering not only a very strong TCO but the environmental benefit that gets associated with significantly reduced energy that can be expressed in reduction in, in overall CO2 emissions and other, other ways to express the benefit, whether it's, you know the equivalent of, of planting you know, acres of forest or whatever. So we're really proud of the proof points that we have and and look forward to the opportunity to together explain this more fully to customers and partners. >> Right? So John, Terry sort of alluded to this being more broad based. I know HPE has a very strong focus on HPC. Sorry for all the acronyms, but high performance computing. But the, so this is more broad based than just the super computing business, right John? >> Yeah, absolutely. We see these performance benefits for customers and industry standard servers as well. In fact, many customers, that's the primary type of equipment they use and they want better power performance. They either want to as Terry alluded to, use less equipment to do the same amount of work, or if they've run into a space or power or cooling constraint in their data centers, they want to be able to increase workloads in the same footprint. So it allows them to take better use of their data centers. And for some customers even the data center enclosure that they started with they can actually use a much smaller amount of space. In fact, we have some that even move over to co-location facilities as they improve that performance per watt, and can do more work in the smaller space. So it starts an industry standard server, but increasingly we're seeing customers considering liquid cooling solutions and that generally moves them into the high performance compute space as well right now. So those performance improvements exist across that entire spectrum. >> So since you brought up liquid cooling John, I mean can you share any best practices? I mean, like what do you do with all that heated liquid? >> Yeah, it's a great, great question. And we have seen a lot more interest from customers in liquid cooling and there's a variety of things that you can do, but if you're considering liquid cooling the opportunities to think broader than just the IT stack. So if you're going to use a cooling loop anyhow and you're going to generate warm liquid coming off the it equipment as waste, think about what you can do with that. We have a, a government customer here in the United States that designed their high performance computer while they were designing the building it went in. So they're able to use that hot air, hot water, excuse me coming off the IT equipment to heat the entire building. And that provides a great use of that warm water. In many parts of the world, that warm water can either be used on a hot water utility grid or it can even be used on a steam grid if you can get it warm enough. Other places we're aware of customers (indistinct) and greenhouses next to data centers and using both the warm air and the warm water from the data center to heat the greenhouse as well. So we're encouraging customers to take a step back, look at the entire system, look at anything coming out of that system that once was waste and start to think about how can we use that what was waste now as an input to another process. >> Right, that's system thinking and some, some pragmatic examples there. Can, can you each summarize, maybe start Terry, with you AMD's and HPE's respective climate goals that may, Terry then John chime in please. >> Yeah, I'll go first. We actually have four publicly stated goals. The first one is I think very aggressive but we've got a track record of doing something similar in our client business. And, and so kind of goal number one is a 30 X increase in energy efficiency for AMD processors and accelerators powering servers for AI and HPC by 2025. The second is broad based across the corporation is a 50% absolute reduction in greenhouse gas emissions from AMD operations by 2030. And then the third is 100% of AMD manufacturing suppliers will have published greenhouse gas emissions reduction goals by 2025. And we've declared that 80% or greater of our manufacturing suppliers will source renewable energy by 2025. Those are the, those are the four big publicly stated goals and objectives that we have in this area. >> You know what I like about those Terry? A lot of, a lot of these sustainability goals these moonshot goals is like by 2050, it's like, okay. But I, I like the focus on '25 and then of course there's one in there at the end of the decade. All right, John, maybe you could share with us HPE's approach. >> Yeah, absolutely. And we've had almost two decades of emissions reduction goals and our current goals, which we accelerated by 10 years last year, are to be carbon new or excuse me, net zero by 2040. And that's a science based target-approved goal. In fact, one of the first in the world. And we're doing that because we believe that 2050 is too long to wait. And so how we reach that net zero goal by 2040, is by 2030, an interim step is to reduce our scopes one and two, our direct and energy related emissions by 70% from 2020. And that includes sourcing 100% renewable energy across all of our operations. At the same time, the bigger part of our footprint is in our supply chain and when our customers use our products, so we're going to leverage our as a service strategy HPE GreenLake and our energy efficient portfolio of products to reduce our scope three carbon emissions 42% over that 2020 baseline by 2030, and as with AMD as well, we have a goal to have 80% of our suppliers by spend have their own science based targets so that we know that their commitments are scientifically validated. And then the longer step, how we reach net zero by 2040 is by reducing our entire footprint scopes one, two and three by 90% and then balance the rest. >> Yeah. So again, I mean, you know 2030 is only eight years away, a little more. And so if, if, if you have a, a target of 2030 you have to figure out, okay, how are you going to get there? The, if you say, you know, longer, you know in the century you got this balloon payment, you know that you're thinking about. So, so great job, both, both companies and and really making more specific goals that we can quantify you know, year by year. All right, last question, John. Are there any resources that you can share to help customers, you know, get started maybe if they want to get started on their own sustainability strategy or maybe they're part way through and they just want to see how they're doing. >> Yeah, absolutely much of what Terry and I have talked about are available in an executive workbook that we wrote called "Six Steps For Implementing a Sustainable IT Strategy" and that workbook's freely available online and we'll post the URL so that you can get a copy of it. And we really developed that workbook because what we found is, although we had white papers on a variety of these topics, executives said we really need a little bit more specific steps to work through this and implement that sustainable IT strategy. And the reason for that, by the way is that so many of our customers when they start this sustainable IT journey, they take a a variety of tactical steps, but they don't have an overarching strategy that they're really trying to drive. And often they don't do things like bring all the stakeholders they need together. Often they make improvements without measuring their baseline first. So in this workbook, we lead them step by step how to gather the right resources internally, how to make the progress, talk about the progress in a credible way, and then make decisions on where they go next to drive efficiencies. >> Yeah, really that system thinking is, is, is critical. Guys. Thanks so much for your time. Really appreciate it. >> Thank you. >> Okay guys, thanks for your time today. I really appreciate it. In a moment, We're going to toss it over to Lisa Martin out of our Palo Alto studio and bring in Dave Faffel, chief technology officer at WEI, along with John and Terry, to talk about what WEI is doing in this space to address sustainability challenges. You're watching Better Together Sustainability brought to you by HPE and AMD in collaboration with the CUBE, your leader in enterprise and emerging tech coverage. (lilting music)

>>Hey everyone. Welcome back to the cubes day two coverage of VMware Explorer, 22 from San Francisco. Lisa Martin, back here with you with Dave Nicholson, we have a couple of guests from VMware. Joining us, please. Welcome Jay Workman, senior director, cloud partner, and alliances marketing, and Jeff Thompson, VP cloud provider sales at VMware guys. It's great to have you on the program. >>Ah, good to be here. Thanks for having us on. >>We're gonna be talking about a really interesting topic. Sovereign cloud. What is sovereign cloud? Jeff? Why is it important, but fundamentally, what is >>It? Yeah, well, we were just talking a second ago. Aren't we? And it's not about royalty. So yeah, data sovereignty is really becoming super important. It's about the regulation and control of data. So lots of countries now are being very careful and advising companies around where to place data and the jurisdictional controls mandate that personal data or otherwise has to be secured. We ask, we have to have access controls around it and privacy controls around it. So data sovereign clouds are clouds that have been built by our cloud providers in, in, in VMware that specifically satisfy the requirements of those jurisdictions and regulated industries. So we've built a, a little program around that. We launched it about a year ago and continuing to add cloud providers to that. >>Yeah, and I, I think it's also important just to build on what Jeff said is, is who can access that data is becoming increasingly important data is, is almost in it's. It is becoming a bit of a currency. There's a lot of value in data and securing that data is, is becoming over the years increasingly important. So it's, it's not like we built a problem or we created a solution for problem that didn't exist. It's gotten it's, it's been a problem for a while. It's getting exponentially bigger data is expanding and growing exponentially, and it's becoming increasingly important for organizations and companies to realize where my data sits, who can access it, what types of data needs to go and what type of clouds. And it's very, very aligned with multi-cloud because some data can sit in a, in a public cloud, which is fine, but some data needs to be secure. It needs to be resident within country. And so this is, this is what we're addressing through our partners. >>Yeah, I, yeah, I was just gonna add to that. I think there's a classification there there's data residency, and then there's data sovereignty. So residency is just about where is the data, which country is it in sovereignty is around who can access that data. And that's the critical aspect of, of data sovereignty who's got control and access to that data. And how do we make sure that all the controls are in place to make sure that only the right people can get access to that data? Yeah. >>So let's, let's sort of build from the ground up an example, and let's use Western Europe as an example, just because state to state in the United States, although California is about to adopt European standards for privacy in a, in a unique, in a unique, unique way, pick a country in, in Europe, I'm a service provider. I have an offering and that offering includes a stack of hardware and I'm running what we frequently refer to as the STDC or software defined data center stack. So I've got NEX and I've got vs N and I've got vSphere and I'm running and I have a cloud and you have all of the operational tools around that, and you can spin up VMs and render under applications there. And here we are within the borders of this country, what makes it a sovereign cloud at that? So at that point, is that a sovereign cloud or? >>No, not yet. Not it's close. I mean, you nailed, >>What's >>A secret sauce. You nailed the technology underpinning. So we've got 4,500 plus cloud provider partners around the world. Less than 10% of those partners are running the full STDC stack, which we've branded as VMware cloud verified. So the technology underpinning from our perspective is the starting point. Okay. For sovereignty. So they, they, they need that right. Technology. Okay. >>Verified is required for sovereign. Yes. >>Okay. Cloud verified is the required technology stack for sovereign. So they've got vSphere vs. A NSX in there. Okay. A lot of these partners are also offering a multitenant cloud with VMware cloud director on top of that, which is great. That's the starting point. But then we've, we've set a list of standards above and beyond that, in addition to the technology, they've gotta meet certain jurisdiction requirements, certain local compliance requirements and certifications. They've gotta be able to address the data re data residency requirements of their particular jurisdiction. So it's going above and beyond. But to your point, it does vary by country. >>Okay. So, so in this hypothetical example, this is this country. You a stand, I love it. When people talk about Stan, people talk about EMIA and you know, I, I love AMEA food. Isn't AIAN food. One. There's no such thing as a European until you have an Italian, a Britain, a German yep. In Florida arguing about how our beer and our coffee is terrible. Right. Right. Then they're all European. They go home and they don't like each other. Yeah. So, but let's just pretend that there's a thing called Europe. So this, so there's this, so we've got a border, we know residency, right. Because it physically is here. Yep. But what are the things in terms of sovereignty? So you're talking about a lot of kind of certification and validation, making sure that, that everything maps to those existing rules. So is, this is, this is a lot of this administrative and I mean, administrative in the, in the sort of state administrative terminology, >>I I'm let's build on your example. Yeah. So we were talking about food and obviously we know the best food in the world comes from England. >>Of course it does. Yeah. I, no doubt. I agree. I Don not get that. I do. I do do agree. Yeah. >>So UK cloud, fantastic partner for us. Okay. Whether they're one of our first sovereign cloud providers in the program. So UK cloud, they satisfied the requirements with the local UK government. They built out their cloud verified. They built out a stack specifically that enables them to satisfy the requirements of being a sovereign cloud provider. They have local data centers inside the UK. The data from the local government is placed into those data centers. And it's managed by UK people on UK soil so that they know the privacy, they know the security aspects, the compliance, all of that wrapped up on top of a secure SDDC platform. Okay. Satisfies the requirements of the UK government, that they are managing that data in a sovereign way that, that, that aligns to the jurisdictional control that they expect from a company like UK cloud. Well, >>I think to build on that, a UK cloud is an example of certain employees at UK, UK cloud will have certain levels of clearance from the UK government who can access and work on certain databases that are stored within UK cloud. So they're, they're addressing it from multiple fronts, not just with their hardware, software data center framework, but actually at the individual compliance level and individual security clearance level as to who can go in and work on that data. And it's not just a governmental, it's not a public sector thing. I mean, any highly regulated industry, healthcare, financial services, they're all gonna need this type of data protection and data sovereignty. >>Can this work in a hyperscaler? So you've got you, have, you have VMC AVS, right? GC V C >>O >>CVAs O CVS. Thank you. Can it be, can, can a sovereign cloud be created on top of physical infrastructure that is in one of those hyperscalers, >>From our perspective, it's not truly sovereign. If, if it's a United States based company operating in Germany, operating in the UK and a local customer or organization in Germany, or the UK wants to deploy workloads in that cloud, we wouldn't classify that as totally sovereign. Okay. Because by virtue of the cloud act in the United States, that gives the us government rights to request or potentially view some of that data. Yeah. Because it's, it's coming out of a us based operator data center sitting on foreign soil so that the us government has some overreach into that. And some of that data may actually be stored. Some of the metadata may reside back in the us and the customer may not know. So certain workloads would be ideally suited for that. But for something that needs to be truly sovereign and local data residency, that it wouldn't be a good fit. I think that >>Perspectives key thing, going back to residency versus sovereignty. Yeah. It can be, let's go to our UK example. It can be on a hyperscaler in the UK now it's resident in the UK, but some of the metadata, the profiling information could be accessible by the entity in the United States. For example, there now it's not sovereign anymore. So that's the key difference between a, what we view as a pro you know, a pure sovereign cloud play and then maybe a hyperscaler that's got more residency than sovereignty. >>Yeah. We talk a lot about partnerships. This seems to be a unique opportunity for a certain segment of partners yeah. To give that really is an opportunity for them to have a line of business established. That's unique from some of the hyperscale cloud providers. Yeah. Where, where sort of the, the modesty of your size might be an advantage if you're in a local. Yes. You're in Italy and you are a service provider. There sounds like a great fit, >>That's it? Yeah. You've always had the, the beauty of our program. We have 4,500 cloud providers and obviously not, all of them are able to provide a data, a sovereign cloud. We have 20 in the program today in, in the country. You you'd expect them to be in, you know, the UK, Italy, Italy, France, Germany, over in Asia Pacific. We have in Australia and New Zealand, Japan, and, and we have Canada and Latin America to, to dovetail, you know, the United States. But those are the people that have had these long term relationships with the local governments, with these regulated industries and providing those services for many, many years. It's just that now data sovereignty has become more important. And they're able to go that extra mile and say, Hey, we've been doing this pretty much, you know, for decades, but now we're gonna put a wrap and some branding around it and do these extra checks because we absolutely know that we can provide the sovereignty that's required. >>And that's been one of the beautiful things about the entire initiative is we're actually, we're learning a lot from our partners in these countries to Jeff's point have been doing this. They've been long time, VMware partners they've been doing sovereignty. And so collectively together, we're able to really establish a pretty robust framework from, from our perspective, what does data sovereignty mean? Why does it matter? And then that's gonna help us work with the customers, help them decide which workloads need to go and which type of cloud. And it dovetails very, very nicely into a multi-cloud that's a reality. So some of those workloads can sit in the public sector and the hyperscalers and some of 'em need to be sovereign. Yeah. So it's, it's a great solution for our customers >>When you're in customer conversations, especially as, you know, data sovereign to be is becomes a global problem. Where, who are you talking to? Are you talking to CIOs? Are you talking to chief data officers? I imagine this is a pretty senior level conversation. >>Yeah. I it's, I think it's all of the above. Really. It depends. Who's managing the data. What type of customer is it? What vertical market are they in? What compliance regulations are they are they beholden to as a, as an enterprise, depending on which country they're in and do they have a need for a public cloud, they may already be all localized, you know? So it really depends, but it, it could be any of those. It's generally I think a fair, fairly senior level conversation. And it's, it's, it's, it's consultancy, it's us understanding what their needs are working with our partners and figuring out what's the best solution for them. >>And I think going back to, they've probably having those conversations for a long time already. Yeah. Because they probably have had workloads in there for years, maybe even decades. It's just that now sovereignty has become, you know, a more popular, you know, requirements to satisfy. And so they've gone going back to, they've gone the extra mile with those as the trusted advisor with those people. They've all been working with for many, many years to do that work. >>And what sort of any examples you mentioned some of the highly regulated industries, healthcare, financial services, any customer come to mind that you think really articulates the value of what VMware's delivering through its service through its cloud provider program. That makes the obvious why VMware an obvious answer? >>Wow. I, I, I get there's, there's so many it's, it's actually, it's each of our different cloud providers. They bring their win wise to us. And we just have, we have a great library now of assets that are on our sovereign cloud website of those win wires. So it's many industries, many, many countries. So you can really pick, pick your, your choice. There. That's >>A good problem >>To have, >>To the example of UK cloud they're, they're really focused on the UK government. So some of them aren't gonna be referenced. Well, we may have indication of a major financial services company in Australia has deployed with AU cloud, one of our partners. So we we've also got some semi blind references like that. And, and to some degree, a lot of these are maintained as fairly private wins and whatnot for obvious security reasons, but, and we're building it and building that library up, >>You mentioned the number 4,500, a couple of times, you, you referencing VMware cloud provider partners or correct program partners. So VCP P yes. So 45, 4500 is the, kind of, is the, is the number, you know, >>That's the number >>Globally of our okay. >>Partners that are offering a commercial cloud service based at a minimum with vSphere and they're. And many of 'em have many more of our technologies. And we've got little under 10% of those that have the cloud verified designation that are running that full STDC, stack >>Somebody, somebody Talli up, all of that. And the argument has been made that, that rep that, that would mean that VMware cloud. And although some of it's on IAS from hyperscale cloud providers. Sure. But that, that rep, that means that VMware has the third or fourth largest cloud on the planet already right now. >>Right. Yep. >>Which is kind of interesting because yeah. If you go back to when, what 2016 or so when VMC was at least baned about yeah. Is that right? A lot of people were skeptical. I was skeptical very long history with VMware at the time. And I was skeptical. I I'm thinking, nah, it's not gonna work. Yeah. This is desperation. Sorry, pat. I love you. But it's desperation. Right. AWS, their attitude is in this transaction. Sure. Send us some customers we'll them. Yeah. Right. I very, very cynical about it. Completely proved me wrong. Obviously. Where did it go? Went from AWS to Azure to right. Yeah. To GCP, to Oracle, >>Oracle, Alibaba, >>Alibaba. Yep. Globally. >>We've got IBM. Yep. Right. >>Yeah. So along the way, it would be easy to look at that trajectory and say, okay, wow, hyperscale cloud. Yeah. Everything's consolidating great. There's gonna be five or six or 10 of these players. And that's it. And everybody else is out in the cold. Yeah. But it turns out that long tail, if you look at the chart of who the largest VCP P partners are, that long tail of the smaller ones seem to be carving out specialized yes. Niches where you can imagine now, at some point in the future, you sum up this long tail and it becomes larger than maybe one of the hyperscale cloud providers. Right. I don't think a lot of people predicted that. I think, I think people predicted the demise of VMware and frankly, a lot of people in the VMware ecosystem, just like they predicted the demise of the mainframe. Sure. The storage area network fill in the blank. I >>Mean, Jeff and I we've oh yeah. We've been on the, Jeff's been a little longer than I have, but we've been working together for 10 plus years on this. And we've, we've heard that many times. Yeah. Yeah. Our, our ecosystem has grown over the years. We've seen some consolidation, some M and a activity, but we're, we're not even actively recruiting partners and it's growing, we're focused on helping our partners gain more, share internally, gain, more share at wallet, but we're still getting organic growth in the program. Really. So it, it shows, I think that there is value in what we can offer them as a platform to build a cloud on. >>Yeah. What's been interesting is there's there's growth and there's some transition as well. Right? So there's been traditional cloud providers. Who've built a cloud in their data center, some sovereign, some not. And then there's other partners that are adopting VCP P because of our SA. So we've either converted some technology from product into SA or we've built net new SA or we've acquired companies that have been SA only. And now we have a bigger portfolio that service providers, cloud providers, managed service providers are all interested in. So you get resellers channel partners. Who've historically been doing ELAs and reselling to end customers. They're transitioning their business into doing recurring revenue and the only game in town where you really wanna do recurring revenues, VCP P. So our ecosystem is both growing because our cloud providers with their data center are doing more with our customers. And then we're adding more managed service providers because of our SA portfolio. And that, that, that combo, that one, two punch is creating a much bigger VCP P ecosystem overall. >>Yeah. >>Impressive. >>Do you think we have a better idea of what sovereign cloud means? Yes. I think we do. >>It's not Royal. >>It's all about royalty, >>All royalty. What are some of the things Jeff, as we look on the horizon, obviously seven to 10,000 people here at, at VMwares where people really excited to be back. They want to hear it from VMware. They wanna hear from its partner ecosystem, the community. What are some of the things that you think are on the horizon where sovereign cloud is concerned that are really opportunities yeah. For businesses to get it right. >>Yeah. We're in the early days of this, I think there's still a whole bunch of rules, regulatory laws that have not been defined yet. So I think there's gonna be some more learning. There's gonna be some top down guidance like Gaia X in Europe. That's the way that they're defining who gets access and control over what data and what's in. And what's out of that. So we're gonna get more of these Gaia X type things happening around the world, and they're all gonna be slightly different. Everyone's gonna have to understand what they are, how to interpret and then build something around them. So we need to stay on top of that, myself and Jay, to make sure that we've got the right cloud providers in the right space to capitalize on that, build out the sovereign cloud program over time and make sure that what they're building to support aligns with these different requirements that are out there across different countries. So it's an evolving landscape. That's >>Yeah. And one of the things too, we're also doing from a product perspective to better enable partners to, to address these sovereign cloud workloads is where we have, we have gaps maybe in our portfolio is we're partner partnering with some of our ISVs, like a, Konic like a Forex vem. So we can give our partners object storage or ransomware protection to add on to their sovereign cloud service, all accessible through our cloud director consult. So we're, we're enhancing the program that way. And to Jeff's point earlier, we've got 20 partners today. We're hoping to double that by the end of our fiscal year and, and just take a very methodical approach to growth of the program. >>Sounds great guys, early innings though. Thank you so much for joining Dave and me talking about what software and cloud is describing it to us, and also talking about the difference between that data residency and all the, all of the challenges and the, in the landscape that customers are facing. They can go turn to VMware and its ecosystem for that help. We appreciate your insights and your time. Guys. Thank >>You >>For >>Having us. Our >>Pleasure. Appreciate it >>For our guests and Dave Nicholson. I'm Lisa Martin. You've been watching the cube. This is the end of day, two coverage of VMware Explorer, 2022. Have a great rest of your day. We'll see you tomorrow.

>>Hey everyone. Welcome back to the Cube's coverage of snowflake summit. 22 live from Las Vegas. We're at Caesar's forum, Lisa Martin, with Dave ante. We've been having some great conversations over the last day and a half. This guy just came from main stage interviewing the CEO, Franks Lubin himself, who joins us after our next guest here, we're gonna be talking customers and successes with snowflake Rosemary Hua joins us the global head of retail at snowflake and Patrick Kelly, the VP of product management at their customer 84 51. Welcome to the program guys. >>Thank you. It's nice to be here. So >>Patrick, 84 51. Talk to us about the business, give the audience an overview of what you guys are doing. And then we'll talk about how you're working with snowflake. >>Yeah, absolutely. Thank you both for, uh, the opportunity to be here. So 84 51 is a retail data science insights and media company. And really what that means is that we, we partner with our, uh, parent company Kroger, as well as consumer packaged goods or brands and brokers and agencies, really to understand shoppers and create relevant, personalized, and valuable experiences for shoppers in source and grocery stores. >>That relevance is key. We all expect that these days, I think the last couple of years as everyone's patience has been wearing. Yeah, very thin. I'm not, I'm not convinced it's gonna come back either, but we expect that brands are gonna interact with us and offer us the next best offer. That's actually relevant and personalized to us. How does AB 4 51 achieve that? >>Yeah, it's a great question. And you're right. That expectation is only growing. Um, and it takes data analytics, data science and all of these capabilities in order to deliver it on that promise, uh, you know, big, a big part of the relationship that retailers and brands have with consumers is about a value exchange. And it's, again, it's about that expectation that brands and retailers need to be able to meet the ever-changing needs of consumers. Uh, whether that be introducing new brands or offering the right price points or promotions or ensuring you meet them where they are, whether it be online, which has obviously been catalyzed by, um, the pandemic over the last two years or in store. So a deep understanding of, of the customer, which is founded in data and the appropriate analytics and science, and then the collaboration back with the retailers and, and the brands so that you can bring that experience to life. Again, that could be a price point on the, on the shelf, um, or it could be a personalized email or, um, website interaction that delivers the right experience for the co for the consumer. So they can see that value and really build loyalty >>In the right time in real time. That's >>One of the most Marrit I'm in real time. That's right. One goes, Mary, I love the concept of the, the actual platform of the retail data cloud. Yes. It's so unique for a technology company. Snowflake's a technology company, you see services companies do it all the time, but yeah, but to actually transform what was considered a data warehouse in the cloud to a platform for data, I call it super cloud. Yeah. Tell us how this came about, um, how you were able to actually develop this and where you are in that journey. >>Yeah, absolutely. It's been a big focus on data sharing. We saw that that's how our customers are interacting with each other is using our data sharing functionality to really bring that ecosystem to life. So that's retailers sharing with their consumer products companies selling through those retailers. And then of course the data service companies that are kind of helping both sides and that data sharing functionality is the kind of under fabric for the data cloud, where we bring in partners. We bring in customers and we bring in tech solutions to the table. Um, and customers can use the data cloud, not only with the powered by partners that we have, but also the data marketplace, getting that data in real time and making some business value out of that data. So that's really the big focus of snowflake is investing in industry to realize the business value >>And talk about ecosystem and how important that is, where, where you leave off and the ecosystem picks up and how that's evolving. >>Absolutely. And I'm sure you can join in on this, but, um, definitely that collaboration between retailers and CPGs, right? I mean, retailers have that rich first party customer data. They see all those transactions, they see when people are shopping and then the brands really need that first party data to figure out what their, how their customers are interacting with their brand. And so that collaborative nature that makes up the ecosystem. And of course, you've got the tech partners in the middle that are kind of providing enrich data assets as well. You guys at 84 51 are a huge part of that ecosystem being, you know, one of the key retailers in, in the United States. Um, have you been seeing that as well with your brands? Yeah, >>Absolutely. I mean data and data science has always been core to the identity of 84 51. Um, and historically a lot of the interaction that we have with brands were through report web based applications, right. And it's a really great seamless way to, to deliver insights to non-technical users. But as the entire market has really started to invest in data and data science and technology and capabilities, you know, we, we launched a collaborative cloud last year and it was really an opportunity for us to reimagine what that experience would look like and to ensure that we are meeting the evolving needs of the industry. And as Rosemary pointed out, you know, data sharing is, is table stakes, right? It's a capability that you don't wanna have to think about. You wanna be thinking about the strategic initiatives, the science that you're gonna create in order to drive action and personalize experiences. So what we've found at 84 51 is really investing in our collaborative cloud, um, and working with leading technology providers like snowflake to make that seamless has been, you know, the, the, the UN unlock to ensure that data and data science can be a competitive advantage for our clients and partners, not just, you know, the retailer in 84 51 >>Is the collaborative cloud built on snowflake. >>Yeah. So the collaborative cloud is really about, um, ensuring that data sharing through snowflake is done seamlessly. So we've really, we've invited our clients and partners to build their own science on 84 51 S first party data asset through Kroger. And our, our data is represents 60 million households, half of the United States, 2 billion transactions annually, the robustness of that data asset. And it's it's it's analysis ready is so impactful to the investment that brands can make in their own data science efforts, because brands wanna invest in data science, not to do data work, not to do cleaning and Muning and, and merging and, and standardizing. They wanna do analysis. That's gonna impact the strategies and ultimately the shopper's lives. So again, we're able to leverage the capabilities of snowflake to ensure data sharing is not part of our day to day conversation. Data sharing is something we can take for granted so that we can talk about the shopper and our strategies. >>So this is why I call it super cloud. So Jerry Chen wrote an article of castles in the cloud. And in there he said, he called it sub clouds. And I'm like, no, it's, uh, by the way, great article. Jerry's brilliant. But so you got AWS, you built on top of AWS. That's right. You got the snowflake data called you're building on top of that. And I was sitting at the table and my kid goes, this is super, I'm like, ah, super clouds. So I didn't really even coin it, but, and then I realized somebody else had use it before, but that is different. It's new, it's around data. It's around vertical industries. Yes. Um, I, I get a lot of heat for that term, but I feel like this look around this industry, everybody's doing that that's that is digital transformation. That's don't you see that with your customers? >>Absolutely. I mean, there's a lot of different industry trends where you can't use your own historical first party data to figure out what customers are doing. I mean, with COVID customers are behaving totally differently than they used to. And you can't use your historical data to predict out of stocks or how the customer's gonna be interacting with your brand anymore. And you need that third party macroeconomic data. You need that third party COVID data or foot traffic data to enrich what your businesses are doing. And so, yes, it, it is a super cloud. And I think the big differentiator is that we are cloud agnostic, meaning that, like you said, you can take the technology for granted. You don't have to worry about where the other person has their tech stack. It's all the same experience on the snowflake super cloud as he put it. So, >>So Patrick, talk about the, the, the impact that you have been able to have during COVID. I mean, everybody had supply chain issues, but, you know, if you took, if you took away the machine learning and the data science that you are initiating, would life have been harder? Do you have data on that? You know, the, the, what if we didn't have this capability during the >>Challenges? No, it's, it's a fantastic question. And I'll actually build on the example that Rosemary, um, offered around COVID and better understanding COVID. So, um, in the past, you know, when we talk about data sharing data collaboration, it's basically wasn't possible, right? What's your tech stack, what's mine. How do we share data? I don't wanna send you my data without go releasing governance. It was a non-starter and, you know, through technology like snowflake, as we launched the collaborative cloud, we actually had a pilot client start right at the beginning of 2020. Um, we, we had, you know, speced out it onto use cases that really impactful for their, for their organization. But of course, what happened is, uh, a pandemic hit us and it became the biggest question, CEO executive team, all the way down is what is happening, what is happening in our stores? >>How are shoppers behaving and what, what that client of ours came to realize is while we, we actually, we have access to the E 4 51 collaborative cloud. We can see half of America's behavior last week down to the basket transaction UPC level. Let's get going. So again, the conversation wasn't about, you know, what data sources, how do we scramble? How do we get it together? What technologies, how do we collaborate? It was immediately focused on building the analysis to better understand that. And, and the outcomes that drove actually were all the way from manufacturing impact to marketing, to merchandising, because that brand was able to figure out, Hey, our top selling products, they're, they're not on the shelves. What are shoppers doing? Are they going to a, another brand? Are they not buying it all together? Are they going to a different size? Are they staying within our product portfolio? Are they going to a competitor? And those insights drove everything again from what do we need to manufacture more to, how do we need to communicate and incent our, our, our shoppers, our, our loyal shoppers also what's happening to our non loyals. Are they looking for an, you know, an alternative that a need that we can serve that level of, of shopper and customer understanding going all the way up to a strategic initiatives is something that is enabled through the Supercloud >><laugh>. How do you facilitate privacy as we're seeing this proliferation of privacy legislation? Yeah. I think there's now 22 states that have individual, and California's changing to CPR a at the beginning of yes, January 23. How do you balance that need that ability to share data? Yeah. Equitably fast, quickly, but also balance consumer privacy requirements. >>I mean, I could take a stab first. I mean, at snowflake, right, there is no better place to share your data that in a governed way than with snowflake data sharing, because then you can see and understand how the other side is using your data. Whereas in traditional methods, using an API or using an FTP server, you wouldn't be able to actually see how the other side is using your data. But in addition to that, we have the clean room where you can actually join on that underlying PII data without exposing it, because you can share functions securely on, on both sides. So I think there is no better place to do it than here at snowflake. Um, and because we deeply understand those policies, I think we are kind of keeping up with the times trying to get in front of things so that our data sharing capabilities stay up to date. When you have to expunge records, identify records with CCPA and, and GDPR and, and all the rest that are coming. Um, and so, so, I mean, I think especially with 84 50 ones, um, you know, collaborative cloud also building on top of the clean room, um, in, in further road in the further roadmap, I think, uh, you're gonna see some of that privacy compliant, data sharing, coming to play as well. You >>Know, what's interesting, Patrick is we were just in that session with the Frank Q and a, and he was very candid about when he was talking about, uh, Apache, uh, I'm sorry. Apache iceberg. Yeah. Yes. And he, he basically flat out said, look, you know, you gotta put it into the snowflake data cloud. It's, it's better there, but people might, you know, want to put it outside, not get locked in, et cetera. But what I'm, I'm listening to you saying it's so much easier for you today that could evolve something open source. And, and how do you think about that in terms of placing your bets? >>Yeah, it, it's a great question and really to go back to privacy, um, as a total topic, I mean, you're right. It's extremely relevant topic. It's, it's, you know, very ever changing right now at 84 51. Privacy is, is first it's the foundation. Um, it it's table stakes and that's from a policy that's from a governance, it's from a technology capability standpoint. And it's part of our, our culture because, um, it, it, because it has to be, uh, and, and so when we, when we think about, you know, the products that we're gonna build, how we want to implement, it's, it's a requirement that we leverage technologies that enable us to secure the governance and ensure that we're privacy compliant. Um, the customer data asset that we have is, is, you know, is extremely valuable as we've talked about in this interview, it's also responsibility. And we take that very, very seriously. And so, you know, Dave, back to your question about, you know, decisions to go, you know, open source or leverage for technologies. So there's always a balance. You know, we, we love to push the, the bounds of innovation and, and we wanna be on the forefront of data, sharing data, science, collaboration for this industry. But at the same time, we balance that with making sure that our technology partners are the right ones, because we are not willing to compromise our governance and our fir and our, our privacy, uh, priorities. >>That's gonna be interesting to see how that evolves. And I, I loved that. Frank was so candid about it. I think the key for any cloud player, including a super cloud is you gotta have an ecosystem without an ecosystem. Forget it. And you see a lot of companies. I mean, we were at Dell tech world. They're kind of, they're at the beginnings of that, but the ecosystems, nothing like this, right. Which is amazing, nothing against, against Dell, they're just kind of getting started and you have to be open. You have to have optionality. Yep. You know, so I, I don't know if we'll see the day where they're including data, bricks, data lakes inside of the snowflake cloud. That will be amazing. <laugh> but you know, you never say never in the world of cloud, >>Do you stranger things, Rosemary and Patrick, thank you so much for joining us talking about what 84 51 is doing powered by snowflake and also the rise of the snowflake retail cloud and what that's doing. We'll have to have you back on to hear what's going on as I'm sure the adoption will continue to increase. Absolutely. Thank you so much to both for having us, our pleasure. You appreciate this for our guests. I'm Lisa Martin. He's Dave ante stick around Dave will be back with Frankman CEO of snowflake. Next. You won't wanna miss it.

(digital music) >> Welcome back to VeeamON 2022. We're in the home stretch, actually, Dave Nicholson and Dave Vellante here. Daniel Fried is the general manager and senior vice president for EMEA and Worldwide Channel. Daniel, welcome to theCUBE. You got a big job. >> No, I don't have a big job. I have a job that I love. (chuckles) >> Yeah, a job you love. But seriously Veeam, all channel. I mean it has been. >> Yeah, I mean, it's something which just, just a few seconds on, on that piece here, the channel piece, it's something that I love because the ecosystem of partners, an ecosystem of partners, is something which is spending its time moving and developing and changing. You've got a lot of partners changing their roles, their missions, the type of services, type of product that they offer. They all adapt to what the market needs and all the markets around the world are very different because of all these different cultures, languages, and everything. So it's very interesting. In the middle of all that, you know, these tens of thousands of partners and you try to create and try to understand how you can organize, how you can make them happy. So this is fantastic. >> So you're a native of the continent in Europe, obviously. We heard Anton, today, who couldn't be here or chose not to be here, cause he's supporting family and friends in Ukraine. What's the climate like now? Can you share with us what's it like Europe? Just the overall climate and obviously the business climate. >> So the overall climate, the way I see it or I feel it, and obviously there may be some different opinions, that I will always appreciate as also very good opinions. My view is that it seems in Europe that there are a distinction between what people do for businesses, Their thinking for the business, which may be impacted by the situations that we know in Europe between, because of obviously the issues between Ukraine, because of Russia, let's put it this way. And then there is the personal view, which is okay. That happens from time to time, but life continues and we just continue pushing things and enjoying life, and getting the families together and so on and so forth. So, this is in most of the countries in Europe. Obviously, there are a number of countries, which are a little bit more sensitive, a little bit more impacted. All the ones who are next to Russia, or Belarus, so on and so forth. From an emotional standpoint, which is totally understandable. But overall, I'm pretty impressed by how the economy, how people, how the businesses are, you know, continue to thrive in Europe. >> Has Brexit had any...? What impact, if any, has it had? >> So for us Veeam, the impact is... So first there is an impact which is on the currencies. So all the European currencies are no, have slowed down and, and the US dollar is becoming much stronger. >> Despite its debt. >> Right. >> Shouldn't be, but yeah. >> But that doesn't impact on the business. I just... >> Yeah. Right. >> So everything which is economical, macroeconomical is impacted. We have the inflation also, which has an impact, which also has increased because of the oil, because of the gas of everything that they have been stuck, to be stuck. But people get used to it. As Veeam from a business standpoint, one of the big things is we stopped sales, selling into Russia and into Belarus and we are giving our technology, our product, our solutions for free to Ukraine. And that was a piece of the business that we were doing, within EMEA, which was non-neglectable. So it's, I would say a business hole, now that we need to try to fill with accelerating the business service in the other countries of Europe. >> I mean, okay. So thank you for that but we really didn't see it in last quarter's numbers that you guys shared with I mean, IBM. Similarly IBM said, it's noticeable, but it's not really a big impact on our business, but given the cultural ties that you had to Russia and the affinity, I mean you knew how to do business in Russia. It's quite remarkable that you're able to sort of power through that. How about privacy in, around data, in Europe, particularly versus the US? it seems like Europe is setting the trend on things like privacy, certainly on things like acquisitions, we saw the arm acquisition fail. >> Yeah. So there is a big difference. Effectively, there is a big difference between, I would say North America and the rest of the world. And I would say that EMEA, and within EMEA would say the EU is leading very much on what we call server sovereign cloud. So data privacy, which in other words, data is to as much as possible is to remain within either the EU or better within each of the countries, which means that there is again... It's I would say for in EMEA it's good, I would say for the business, for the partners, because then they have to develop around the cloud a number of functions to ensure that because of this data privacy, because of this GDPR or rules and things, all the data remains and resides in a given geographical environment. So it's, which is good because it creates a number of opportunities for the partners. It makes obviously the life of customers and their self a bit more difficult. But again, I think it's good. It's good. It's part of all the way we structure and we organize. And I think that it's going to expand because data is becoming so key, a key limit, a key asset of companies that we absolutely need to take care of it. And it is where Veeam plays a big role in that because we help paying companies managing their data and secure the data in sort of way. >> Yeah. Ransomware has been a big topic of conversation this week. Do you sense that the perception of that as a threat is universal? Are there, are there differences between North America and the EU and other parts of the world? Universal? >> Yeah, it is universal. We see that everywhere. And I think this is a good point, a good question too, is that it's very interesting because we need to get acquainted to the fact that we are going to ever. And so we are going to be attacked. No way out, no. There... Anybody the morning, is waking up, is going on emails and click clicking on an email. Too late. Was a run somewhere. What can you do against that? You know, all humans make mistakes. You can't so it'll happen, but where, where it's absolutely very important and where Veeam plays a big role and where our partners are going to play an even bigger role with our technology is that they can educate the customers to understand that, to have run somewhere is not an issue. What has, what happened is not a problem. What they have to do is to organize so that if they have run somewhere, their letter is safe. And this is where our place a big place. A couple hours back, I was, I was doing a kind of bar with something else. It's totally crazy, but that's okay. I'm going to say it. It's about the COVID. What, no, what do we do? Do we have, do we have something against COVID? No. People were going to get COVID, certainly many people still doing it, but what is important is to be capable of not being too sick. So it is the prevention, which is important. It's the same thing here. So there is this mindset we have psychologically with the partners and they have, they have to provide that services to their customers on how to organize their data using the technology of Veeam in order to be safe, if anything happens. >> So another related question, if I may. When Snowden blew the whistle on the NSA and divulged that the NSA was listening to all the phone calls, there was seemed to be at the time, as I recall, a backlash sentiment in Europe, particularly toward big tech and cloud providers and skepticism toward the cloud. Has the pandemic and the reliance on cloud and the rise of ransomware changed that sentiment? Had the sentiment changed before then? Obviously plenty of Cloud going on in Europe. But can you describe that dynamic? >> Yeah, no, I think that's... Yeah. I think that people were too... You know, as usual. It absolutely reminds me when I was at VMware, when we went from the physical boxes to the virtual machines. I remember the IT people in the company said, "No, I want to be capable of touching." Something here. When you talk about cloud, you talk about something which is virtual, but virtual outside, even outside somewhere. So there is a resistance, psychological resistance to where is my data? How do I control my data? And that is, I think that is very human. Then you need to, you know, it takes time. And again, depending on the cultures, you need to get acquainted to it. So that's what happened be before the pandemic, but then the pandemic took place. And then there was a big problem. There was nobody anymore in the data centers because they couldn't work there and then people were starting to, to work remotely. So the IT needed to be organized to compensate for all these different changes. And cloud was one of them where the data could be stored, where the data could reside, where things could happen. And that's how actually it has accelerated at least in a number of countries where people are a bit leg out to accept the adoption of cloud, cloud-based data. >> So is there a difference in terms of the level of domination by a small group of hyperscale clouds versus smaller service providers? You know, in theory, you have EU behaving in a unified way in sort of the same way that the United States behaves in sort of a federated way. Do you have that same level of domination or is there more, is there more market share available for smaller players in cloud? Any regional differences? >> Yeah. There are big differences. There are big differences again, because of this sovereignty, which is absolutely approved very much in Europe. I'm tell you, I'm going... I'm giving you an example that it was in, I think in October last year, somewhere. The French, the French administration said, "We don't want anymore. Any administration investing in Microsoft 365, because the data is in Azure. The data is out in the cloud." That's what they said. So now these last days, this last week that has changed because Microsoft, you know, introduced a number of technologies, data centers in France, and so on and so forth. So things are going to get better. But the sovereignty, the fact that the data, the privacy of data, everything has to remain in the countries is doing something like the technology of the hyperscalers is used locally wrapped by local companies like systematic writers, local systematic writers, to ensure that the sovereign is set and that the privacy of the data is for real and according to GDPR. So again, it's a value add. It makes things more complex. It doesn't mean that the Google, the Google cloud, the Azure, or the AWS are not going to exist in Europe, but there are going to be a number of layers between them and the customers in order to make sure that everything is totally brought up and that it complies with the EU regulations. >> Help us understand the numbers, Daniel. So the number of customers is mind-boggling it's over 400,000 now, is that right? >> Yeah. Correct. >> Yes. Comparable to VMware, which is again, pretty astounding and the partner ecosystem. Can you help us understand the scope of that? Part one. part two is how do you service and provide that partnership love to all those companies? >> The partners. So yeah, we have about 35,000 around the world, 35,000 partners, but again, it's 10 times less than Microsoft, by the way. So, and this is very interesting. I often have the questions, how do we manage? So first of all, we do tiering, like anybody does. >> Sure. >> We have an organization for that. And we have a two chair sales motion. That means that we use the distributors to take care of the mass, the volume of the smaller, smaller partners. We help the distributors, we help. So it's a leverage system. And we take care obviously more directly, of the large partners or the more complex partners or the ones of interest. But we don't want to forget any of those because even the small one is very important to us because he has these customers maybe in the middle of nowhere, but he's got a few of them. And again, to have a few of these customers, when you adapt, you know, it makes.. At the end, it makes a big business. You know, one plus one plus 1 million times makes, you know, makes huge things. And plus we are in the recurring business now, now that we've introduced three, four years ago, our subscription licenses, which means that it's only incremental. So it's just like the know the telephony, know the telephony business, where the number, the cell phone plans, you know, it's always grabbing as many as possible consumers in this case. So it was the same thing or I have the same, the same kind of, I do a parallel with the French, the French bakery, the French Boulangerie where I say they do their business with the baguette. And then from time to time, they sell the patisserie or they sell the cake, cookie or something, but the same of small things makes a big things. So it is important to have all these small partners everywhere that, that have their small customers or big customers, and that can serve them. So that's that's way. We segment by geography and what we do now is, it is something which is new. We segment by competencies. So it's what I call the soft segmentation. Because if not, we will have a lot of these partners competing to each other, just to sell Veeam. Veeam being number one in many countries, that is what is taking place. And we want them to be happy. We want, we don't want them to fight against each other. So what we do is we do soft segmentation and soft segmentation is this partner is competent in this field with that kind of use case doing this or this or this or this. It's just like you, when you go to the restaurant, you want the restaurant next to your place. So you click for the geography and then you want to, to go for Indian food. So you click restaurant Indian food, and then you want something. So we want to give that possibility to the customers to say, "Yeah, I think I know what I want." And then you can just click and get the partners or the list of partners, which are the most suited for, for his needs. So it's what I call the soft segmentation. The other thing which is important is the network. It's very interesting because when we look at a lot of companies, it's not the network. You've got VARs, you've got cloud and service providers. You've got SARs, you've got all the things. But if you take each of those individually, they don't have the competencies to answer all the request of the customer. So the networking is partnering with partner. That means to have the, the connection so that the partner A who has his customer, but these customer's are requests that this partner cannot fulfill because it's not its competency. That it's going to find the partners or the other partners that can feel this competency and work together. And then it's between them to have the model that they want so that together they can please the customer with their requests. >> Do you ever want to have VeeamON... I mean, I'm happy it's in the US and I like going to Europe, but you, have you ever want to have VeeamON in Europe? >> Yeah, we have VeeamON. We have many VeeamONs in Europe. >> Yeah. The mini ones. Okay. >> VeeamON tours. >> Globally. So where do you have them? >> Europe in APJ, that's what we do. Yes. >> Where do you do it in a APJ? In Japan, obviously in... >> Yeah. I don't know all the locations, tens and tens of them. >> A lot of them. Okay. >> The small ones. What we do, replicate what is done here on one day and then it goes. >> And you'll do that in UK. France, Germany. >> Yeah. Yeah. >> Local. >> And also small countries in Saudi, in South Africa, in Israel, in Bulgaria, in all these countries. Because, you know, we can be virtual. That's nice. >> Oh, right. >> But I love to be having a breakfast or a lunch or drink next to a partner or a customer because you learn so much more. The informal information is so important to understand how the business and how the market develops and what the needs are of customers and so on and so forth. >> How was the European attendance this year? It must have been down. It's hard to get into US. It's actually easier to go back to Europe. >> Virtually I, don't have the numbers, but I- >> No. Virtual. I'm sure it was huge. Yeah. But physical. >> Physical here, we've got about 300, 300 Europeans. >> Yeah. Okay. Out of, do we know? What are the numbers here? Do we know? Have we heard numbers? >> I know 45 was supposed to be around 45K combined. >> That's hybrid. >> So, yeah. >> It's hard to get into the US. We're still figuring that out. So I'm not surprised, but now you... >> But it's complimentary. Yeah. >> Do you go to 'em all? >> No >> You can't. >> No. That's not possible. I cannot. I actually, I would love... >> But some, yes. >> I would love to be capable of duplicate myself, but- >> You go to the one. >> I'm unique. >> You go to the one in France, obviously. Yeah? >> Yeah. Usually in France. Well... >> Depends if you're home. >> Yeah. You know, that is interesting is, the way we organize, the way we organize in Europe is I really want the local leaders to be the ones managing the countries. I'm there to support. I'm not there to be, you know? Yeah. The big boss is coming, he showing. No. It is not that. Again, if they request me to come, if they want me to pass a message to certain type of customer partners, I'll do that. But I don't want to run the show. It's not the way I manage that. >> Yeah. I get that. You want to respect that as if you show up in France and that's your home country, it's like rat man showing up here. It's like taking over the stage. You'll be like, you know, it's our turn. >> But it's just like, you know, I give you another example. So obviously we have... It's even the headquarters, the EMEA headquarters is in France. Right? But it is the French office. And I don't go there. I try not to be there because it is the place for the French people taking care of the French market. And for the French manager, if I go there, everybody's going to come and ask me questions and ask me to make decisions and things. No, they have to run their business. >> So where do you spend, where and how do you spend your time? >> In airports and in planes. (indistinct) What are you asking? >> Of course. >> Do you have another question? >> Actually, if we have time really quickly on just on that subject of sovereignty, we are here in Nevada just across the border, California. People in California have no problem at all, replicating things here for disaster recovery, because it's in the US. Now, is there sort of a cultural sense that tearing down those borders from a sovereignty perspective within Europe would fundamentally change the business climate and maybe tilt things in favor of the AWS and GCPs of the world instead of local regional business? The joke that I heard recently from someone, I thought it was funny. I don't know if it would offend either Germans or French, but it was that it was that AWS was confused and they were planning on putting a data center in Strasbourg, because they thought it was in Germany and it was- >> A joke. >> But the point is, the point is it's like, it's a gum bear. >> Is it true? >> No. But it was a dumb American joke. This was told by a French person basically saying... >> But this person was certainly not from- >> Yes. Right. >> Tell you, because I would've been a very bad way. >> But the point is this idea that you have these mega hyper clouds coming in and saying, "Okay, boom, we're putting one here and you're going to use us regardless of the country you're in." How does that, you know... Is there a push within the EU to tear those barriers down? Or are those sovereignty walls enjoyed by the majority because of the way that it changes the business climate? Any thoughts from that perspective? >> Oh yeah. Yeah. To me, it's very simple. It is a hybrid thing. That means that these big hyperscalers are there, not going to be used but what they do is they're going to partition themselves and work with these local people. So that their big thing appears as being independent, smaller data centers. That's the only thing, you know. You build a house and then you put walls between the different, between the different rooms. That's the only thing that happens. So it's not at all, no. At all to Azures or Google cloud. No, it's not that. It just means that there is a structure and organization that has to be put in place in order that the data resides in given geographical locations using their infrastructures, their technologies. That make, does it make sense? >> Yeah. Except that it puts them in the position of having to have a physical presence in each place, which is advantageous in one way and maybe less efficient in another. >> Yeah. But there are some big markets. >> Yeah. And they eventually got to get there. Right. I mean... >> Yeah. >> They started it. One patient in the world where they restarted was in ANZ. And that's what they did. You know, what, 5, 6, 7 years ago. They put their data centers over there because they wanted to gain the Australian market and the New Zealand market. >> So build it and they will come. Daniel, thanks so much for coming to the theCUBE. Very interesting conversation. >> Pleasure. >> Appreciate it. >> Thank you very much. >> All right, we're wrapping up. Day two at VeeamON 2022. Keep it right there. Dave and I will be back right after this break. (vibrant music)

(light music playing) >> Welcome back to VEEAMON 2022 in Las Vegas. We're at the Aria. This is theCUBE and we're covering two days of VEEAMON. We've done a number of VEEAMONs before, we did Miami, we did New Orleans, we did Chicago and we're, we're happy to be back live after two years of virtual VEEAMONs. I'm Dave Vellante. My co-host is David Nicholson. Eric Herzog is here. You think he's, Eric's been on theCUBE, I think more than any other guest, including Pat Gelsinger, who at one point was the number one guest. Eric Herzog, CMO of INFINIDAT great to see you again. >> Great, Dave, thank you. Love to be on theCUBE. And of course notice my Hawaiian shirt, except I now am supporting an INFINIDAT badge on it. (Dave laughs) Look at that. >> Is that part of the shirt or is that a clip-on? >> Ah, you know, one of those clip-ons but you know, it looks good. Looks good. >> Hey man, what are you doing at VEEAMON? I mean, you guys started this journey into data protection several years ago. I remember we were actually at one of their competitors' events when you first released it, but tell us what's going on with Veeam. >> So we do a ton of stuff with Veeam. We do custom integration. We got some integration on the snapshotting side, but we do everything and we have a purpose built backup appliance known as InfiniGuard. It works with Veeam. We also actually have some customers who use our regular primary storage device as a backup target. The InfiniGuard product will do the data reduction, the dedupe compression, et cetera. The standard product does not, it's just a standard high performance array. We will compress the data, but we have customers that do it either way. We have a couple customers that started with the InfiniBox and then transitioned to the InfiniGuard, realizing that why would you put it on regular storage? Why not go to something that's customized for it? So we do that. We do stuff in the field with them. We've been at all the VEEAMONs since the, since like, I think the second one was the first one we came to. We're doing the virtual one as well as the live one. So we've got a little booth inside, but we're also doing the virtual one today as well. So really strong work with Veeam, particularly at the field level with the sales guys and in the channel. >> So when INFINIDAT does something, you guys go hardcore, high end, fast recovery, you just, you know, reliable, that's kind of your brand. Do you see this movement into data protection as kind of an adjacency to your existing markets? Is it a land and expand strategy? Can you kind of explain the strategy there. >> Ah, so it's actually for us a little bit of a hybrid. So we have several accounts that started with InfiniBox and now have gone with the InfiniGuard. So they start with primary storage and go with secondary storage/modern data protection. But we also have, in fact, we just got a large PO from a Fortune 50, who was buying the InfiniGuard first and now is buying our InfiniBox. >> Both ways. Okay. >> All flash array. And, but they started with backup first and then moved to, so we've got them moving both directions. And of course, now that we have a full portfolio, our original product, the InfiniBox, which was a hybrid array, outperformed probably 80 to 85% of the all flash arrays, 'cause the way we use DRAM. And what's so known as our mural cash technology. So we could do very well, but there is about, you know, 15, 20% of the workloads we could not outperform the competition. So then we had an all flash array and purpose built backup. So we can do, you know, what I'll say is standard enterprise storage, high performance enterprise storage. And then of course, modern data protection with our partnerships such as what we do with Veeam and we've incorporated across the entire portfolio, intense cyber resilience technology. >> Why does the world, Eric, need another purpose built backup appliance? What do you guys bring that is filling a gap in the marketplace? >> Well, the first thing we brought was much higher performance. So when you look at the other purpose built backup appliances, it's been about our ability to have incredibly high performance. The second area has been CapEx and OpEx reduction. So for example, we have a cloud service provider who happens to be in South Africa. They had 14 purpose built backup appliances from someone else, seven in one data center and seven in another. Now they have two InfiniGuards, one in each data center handling all of their backup. You know, they're selling backup as a service. They happen to be using Veeam as well as one other backup company. So if you're the cloud provider from their perspective, they just dramatically reduce their CapEx and OpEx. And of course they've made it easier for them. So that's been a good story for us, that ability to consolidation, whether it be on primary storage or secondary storage. We have a very strong play with cloud providers, particularly those meeting them in small that have to compete with the hyperscalers right. They don't have the engineering of Amazon or Google, right? They can't compete with what the Azure guys have got, but because the way both the InfiniGuard and the InfiniBox work, they could dramatically consolidate workloads. We probably got 30 or 40 midsize and actually several members of the top 10 telcos use us. And when they do their clouds, both their internal cloud, but actually the clouds that are actually running the transmissions and the traffic, it actually runs on InfiniBox. One of them has close to 200 petabytes of InfiniBox and InfiniBox, all flash technology running one of the largest telcos on the planet in a cloud configuration. So all that's been very powerful for us in driving revenue. >> So phrases of the week have been air gap, logical air gap, immutable. Where does InfiniGuard fit into that universe? And what's the profile of the customer that's going to choose InfiniGuard as the target where they're immutable, Write Once Read Many, data is going to live. >> So we did, we announced our InfiniSafe technology first on the InfiniGuard, which actually earlier this year. So we have what I call the four legs of the stool of cyber resilience. One is immutable snapshots, but that's only part of it. Second is logical air gapping, and we can do both local and remote and we can provide and combine local with remote. So for example, what that air gap does is separate the management plane from the actual data plane. Okay. So in this case, the Veeam data backup sets. So the management cannot touch that immutable, can't change it, can't delete it. can't edit it. So management is separated once you start and say, I want to do an immutable snap of two petabytes of Veeam backup dataset. Then we just do that. And the air gap does it, but then you could take the local air gap because as you know, from inception to the end of an attack can be close to 300 days, which means there could be a fire. There could be a tornado, there could be a hurricane, there could be an earthquake. And in the primary data center, So you might as well have that air gap just as you would do- do a remote for disaster recovery and business continuity. Then we have the ability to create a fenced forensic environment to evaluate those backup data sets. And we can do that actually on the same device. That is the purpose built backup appliance. So when you look at the architectural, these are public from our competitors, including the guys that are in sort of Hopkinton/Austin, Texas. You can see that they show a minimum of two physical devices. And in many cases, a third, we can do that with one. So not only do we get the fence forensic environment, just like they do, but we do it with reduction, both CapEx and OpEx. Purpose built backup is very high performance. And then the last thing is our ability to recover. So some people talk about rapid recovery, I would say, they dunno what they're talking about. So when we launched the InfiniGuard with InfiniSafe, we did a live demo, 1.5 petabytes, a Veeam backup dataset. We recovered it in 12 minutes. So once you've identified and that's on the InfiniGuard. On the InfiniBox, once you've identified a good copy of data to do the recovery where you're free of malware ransomware, we can do the recovery in three to five seconds. >> Okay. >> So really, really quick. Actually want to double click on something because people talk about immutable copies, immutable snapshots in particular, what have the actual advances been? I mean, is this simply a setting that maybe we didn't set for retention at some time in the past, or if you had to engineer something net new into a system so to provide that logical air gap. >> So what's net new is the air gapping part. Immutable snapshots have been around, you know, before we were on screen, you talked about WORM, Write Once Read Many. Well, since I'm almost 70 years old, I actually know what that means. When you're 30 or 40 or 50, you probably don't even know what a WORM is. Okay. And the real use of immutable snapshots, it was to replace WORM which was an optical technology. And what was the primary usage? Regulatory and compliance, healthcare, finance and publicly traded companies that were worried about. The SEC or the EU or the Japanese finance ministry coming down on them because they're out of compliance and regulatory. That was the original use of immutable snap. Then people were, well, wait a second. Malware ransomware could attack me. And if I got something that's not changeable, that makes it tougher. So the real magic of immutability was now creating the air gap part. Immutability has been around, I'd say 25 years. I mean, WORMs sort of died back when I was at Mac store the first time. So that was 1990-ish is when WORMs sort of fell away. And there have been immutable snapshots from most of the major storage vendors, as well as a lot of the small vendors ever since they came out, it's kind of like a checkbox item because again, regulatory and compliance, you're going to sell to healthcare, finance, public trade. If you don't have the immutable snapshot, then they don't have their compliance and regulatory for SEC or tax purposes, right? With they ever end up in an audit, you got to produce data. And no one's using a WORM drive anymore to my knowledge. >> I remember the first storage conference I ever went to was in Monterey. It had me in the early 1980s, 84 maybe. And it was a optical disc drive conference. The Jim Porter of optical. >> Yep. (laughs) >> I forget what the guy's name was. And I remember somebody coming up to me, I think it was like Bob Payton rest his soul, super smart strategy guy said, this is never going to happen because of the cost and that's what it was. And now you've got that capability on flash, you know, hard disk, et cetera. >> Right. >> So the four pillars, immutability, the air gap, both local and remote, the fence forensics and the recovery speed. Right? >> Right. Pick up is one thing. Recovery is everything. Those are the four pillars, right? >> Those are the four things. >> And your contention is that those four things together differentiate you from the competition. You mentioned, you know, the big competition, but how unique is this in the marketplace, those capabilities and how difficult is it to replicate? >> So first of all, if someone really puts their engineering hat to it, it's not that hard to replicate. It takes a while. Particularly if you're doing an enterprise, for example, our solutions all have a hundred percent availability guarantee. That's hard to do. Most guys have seven nines. >> That's hard. >> We really will guarantee a hundred percent availability. We offer an SLA that's included when you buy. We don't charge extra for it. It's like if you want it, like you just get it. Second thing is really making sure on the recovery side is the hardest part, particularly on a purpose built backup appliance. So when you look at other people and you delve into their public material, press releases, white paper, support documentation. No one's talking about. Yeah, we can take a 1.5 petabyte Veeam backup data set and make it available in 12 minutes and 12 seconds, which was the exact time that we did on our live demo when we launched the product in February of 2022. No one's talking that. On primary storage, you're hearing some of the vendors such as my old employer that also who, also starts with an "I", talk about a recovery time of two to three hours once you have a known good copy. On primary storage, once we have a known good copy, we're talking three to five seconds for that copy to be available. So that's just sort of the power of the snapshot technology, how we manage our metadata and what we've done, which previous to cyber resiliency, we were known for our replication capability and our snapshot capability from an enterprise class data store. That's what people said. INFINIDAT really knows how to do the replication snapshot. I remember our founder was one of the technical founders of EMC for a product known as the Symmetric, which then became the DMAX, the VMAX and is now is the PowerMax. That was invented by the guy who founded INFINIDAT. So that team has the real chops at enterprise high-end storage to the global fortune 2000. And what are the key feature checkbox items they need that's in both the InfiniBox and also in the InfiniGuard. >> So the business case for cyber resiliency is changing. As Dave said, we've had a big dose last several months, you know, couple years actually, of the importance of cyber resiliency, given all the ransomware tax, et cetera. But it sounds like the business case is shifting really focused on avoiding that risk, avoiding that downtime time versus the cost. The cost is always important. I mean, you got a consolidation play here, right? >> Yeah, yeah. >> Dedupe, does dedupe come into play? >> So on the InfiniGuard we do both dedupe and compression. On the InfiniBox we only do compression. So we do have data reduction. It depends on which product you're using from a Veeam perspective. Most of that now is with the InfiniGuard. So you get the block level dedupe and you get compression. And if you can do both, depending on the data set, we do both. >> How does that affect recovery time? >> Yeah, good question. >> So it doesn't affect recovery times. >> Explain why. >> So first of all, when you're doing a backup data set, the final final recovery, you recovered the backup data set, whether it's Veeam or one of their competitors, you actually make it available to the backup administrator to do a full restore of a backup data set. Okay. So in that case, we get it ready and expose it to the Veeam admin or some other backup admin. And then they launch the Veeam software or the other software and do a restore. Okay. So it's really a two step process on the secondary storage model and actually three. First identifying a known good backup copy. Second then we recover, which is again 12, 13 minutes. And then the backup admin's got to do a, you know, a restore of the backup 'cause it's backup data set in the format of backup, which is different from every backup vendor. So we support that. We get it ready to go. And then whether it's a Veeam backup administrator and quite honestly, from our perspective, most of our customers in the global fortune 2000, 25% of the fortune 50 use INIFINIDAT products. 25% and we're a tiny company. So we must have some magic fairy dust that appeals to the biggest companies on the planet. But most of our customers in that area and actually say probably in the fortune 500 actually use two to three different backup packages. So we can support all those on a single InfiniGuard or multiples depending on how big their backup data sets. Our biggest InfiniGuard is 50 petabytes counting the data reduction technology. So we get that ready. On the InfiniBox, the recovery really is, you know, a couple of seconds and in that case, it's primary data in block format. So we just make that available. So on the InfiniBox, the recovery is once, well two. Identifying a known good copy, first step, then just doing recovery and it's available 'cause it's blocked data. >> And that recovery doesn't include movement of a whole bunch of data. It's essentially realignment of pointers to where the good data is. >> Right. >> Now in the InfiniBox as well as in InfiniGuard. >> No, it would be, So in the case of that, in the case of the InfiniGuard, it's a full recovery of a backup data set. >> Okay. >> So the backup software just launches and it sees, >> Okay. >> your backup one of Veeam and just starts doing a restore with the Veeam restoration technology. Okay? >> Okay. >> In the case of the block, as long as the physical InfiniBox, if that was the primary storage and then filter box is not damaged when you make it available, it's available right away to the apps. Now, if you had an issue with the app side or the physical server side, and now you're pointing new apps and you had to reload stuff on that side, you have to point it at that InfiniBox which has the data. And then you got to wait for the servers and the SAP or Oracle or Mongo, Cassandra to recognize, oh, this is my primary storage. So it depends on the physical configuration on the server side and the application perspective, how bad were the apps damaged? So let's take malware. Malware is even worse because you either destroying data or messing, playing with the app so that the app is now corrupted as well as the data is corrupted. So then it's going to take longer the block data's ready, the SAP workload. And if the SAP somehow was compromised, which is a malware thing, not a ransomware thing, they got to reload a good copy of SAP before it can see the data 'cause the malware attacked the application as well as the data. Ransomware doesn't do that. It just holds it for ransom and it encrypts. >> So this is exactly what we're talking about. When we talk about operational recovery and automation, Eric is addressing the reality that it doesn't just end at the line above some arbitrary storage box, you know, reaching up real recovery, reaches up into the application space and it's complicated. >> That's when you're actually recovered. >> Right. >> When the application- >> Well, think of it like a disaster. >> Okay. >> Yes, right. >> I'll knock on woods since I was born and still live in California. Dave too. Let's assume there's a massive earthquake in the bay area in LA. >> Let's not. >> Okay. Let's yes, but hypothetically and the data center's cat five. It doesn't matter what they're, they're all toast. Okay. Couple weeks later it's modern. You know, people figure out what to do and certain buildings don't fall down 'cause of the way earthquake standards are in California now. So there's data available. They move into temporary space. Okay. Data's sitting there in the Colorado data center and they could do a restore. Well, they can't do a restore. How many service did they need? Had they reloaded all of the application software to do a restoration. What happened to the people? If no one got injured, like in the 1989 earthquake in California, very few people got injured yet cost billions of dollars. But everyone was watching this San Francisco giants played in Oakland, >> I remember >> so no one was on the road. >> Al Michael's. >> Epic moment. >> Imagine it's in the middle of commute time in LA and San Francisco, hundreds of thousands of people. What if it's your data center team? Right? So there's a whole bunch around disaster recovery and business country that have nothing to do with the storage, the people, what your process. So I would argue that malware ransomware is a disaster and it's exactly the same thing. You know, you got the known good copy. You've got okay. You're sure that the SAP and Oracle, especially on the malware side, weren't compromised. On the ransomware side, you don't have to worry about that. And those things, you got to take a look at just as if it, I would argue malware and ransomware is a disaster and you need to have a process just like you would. If there was an earthquake, a fire or a flood in the data center, you need a similar process. That's slightly different, but the same thing, servers, people, software, the data itself. And when you have that all mapped out, that's how you do successful malware ransomeware recovery. It's a different type of disaster. >> It's absolutely a disaster. It comes down to business continuity and be able to transact business with as little disruption as possible. We heard today from the keynotes and then Jason Buffington came on about the preponderance of ransomware. Okay. We know that. But then the interesting stat was the percentage of customers that paid the ransom about a third weren't able to recover. And so 'cause you kind of had this feeling of all right, well, you know, see it on, you know, CNBC, should you pay the ransom or not? You know, pay the ransom. Okay. You'll get back. But no, it's not the case. You won't necessarily get back. So, you know, Veeam stated, Hey, our goal is to sort of eliminate that problem. Are you- You feel like you guys in a partnership can actually achieve that. >> Yes. >> So, and you have customers that have actually avoided, you know, been hit and were able to- >> We have people who won't publicly say they've been hit, but the way they talk about what they did, like in a meeting, they were hit and they were very thankful. >> (laughs) Yeah. >> And so that's been very good. I- >> So we got proof. >> Yes, we absolutely have proof. And quite honestly, with the recent legislation in the United States, malware and ransomware actually now is also regulatory and compliance. >> Yeah. >> Because the new law states mid-March that whether it's Herzog's bar and grill to bank of America or any large foreign company doing business in the US, you have to report to the United States federal government, any attack, same with the county school district with any local government, any agency, the federal government, as well as every company from the tiniest to the largest in the world that does, they're supposed to report it 'cause the government is trying to figure out how to fight it. Just the way if you don't report burglary, how they catch the burglars. >> Does your solution simplify testing in any way or reduce the risk of testing? >> Well, because the recovery is so rapid, we recommend that people do this on a regular basis. So for example, because the recovery is so quick, you can recover in 12 minutes while we do not practice, let's say once a month or once every couple weeks. And guess what? It also allows you to build a repository of known good copies. Remember when you get ransomeware, no one's going to come say, Hey, I'm Mr. Rans. I'm going to steal your stuff. It's all done surreptitiously. They're all James Bond on the sly who doesn't say "By the way, I'm James Bond". They are truly underneath the radar. And they're very slowly encrypting that data set. So guess what? Your primary data and your backup data that you don't want to be attacked can be attacked. So it's really about finding a known good copy. So if you're doing this on a regular basis, you can get an index of known good copies. >> Right. >> And then, you know, oh, I can go back to last Tuesday and you know that that's good. Otherwise you're literally testing Wednesday, Thursday, Friday, Saturday to try to find a known good copy, which delays the recovery process 'cause you really do have to test. They make sure it's good. >> If you increase that frequency, You're going to protect yourself. That's why I got to go. Thanks so much for coming on theCUBEs. Great to see you. >> Great. Thank you very much. I'll be wearing a different Hawaiian shirt next to. >> All right. That sounds good. >> All right, Eric Herzog, Eric Herzog on theCUBE, Dave Vallante for David Nicholson. We'll be right back at VEEAMON 2022. Right after this short break. (light music playing)

>> From "theCUBE" studios in Palo Alto, in Boston, bringing you data driven insights from "theCUBE" and ETR. This is "Breaking Analysis" with Dave Vellante. >> There are very few political issues that get bipartisan support these days, nevermind consensus spanning geopolitical boundaries. But whether we're talking across the aisle or over the pond, there seems to be common agreement that the power of big tech firms should be regulated. But the government's track record when it comes to antitrust aimed at big tech is actually really mixed, mixed at best. History has shown that market forces rather than public policy have been much more effective at curbing monopoly power in the technology industry. Hello, and welcome to this week's "Wikibon CUBE" insights powered by ETR. In this "Breaking Analysis" we welcome in frequent "CUBE" contributor Dave Moschella, author and senior fellow at the Information Technology and Innovation Foundation. Dave, welcome, good to see you again. >> Hey, thanks Dave, good to be here. >> So you just recently published an article, we're going to bring it up here and I'll read the title, "Theory Aside, Antitrust Advocates Should Keep Their "Big Tech" Ambitions Narrow". And in this post you argue that big sweeping changes like breaking apart companies to moderate monopoly power in the tech industry have been ineffective compared to market forces, but you're not saying government shouldn't be involved rather you're suggesting that more targeted measures combined with market forces are the right answer. Can you maybe explain a little bit more the premise behind your research and some of your conclusions? >> Sure, and first let's go back to that title, when I said, theory aside, that is referring to a huge debate that's going on in global antitrust circles these days about whether antitrust should follow the traditional path of being invoked when there's real harm, demonstrable harm to consumers or a new theory that says that any sort of vast monopoly power inevitably will be bad for competition and consumers at some point, so your best to intervene now to avoid harms later. And that school, which was a very minor part of the antitrust world for many, many years is now quite ascendant and the debate goes on doesn't matter which side of that you're on the questions sort of there well, all right, well, if you're going to do something to take on big tech and clearly many politicians, regulators are sort of issuing to do something, what would you actually do? And what are the odds that that'll do more good than harm? And that was really the origins of the piece and trying to take a historical view of that. >> Yeah, I learned a new word, thank you. Neo-brandzian had to look it up, but basically you're saying that traditionally it was proving consumer harm versus being proactive about the possibility or likelihood of consumer harm. >> Correct, and that's a really big shift that a lot of traditional antitrust people strongly object to, but is now sort of the trendy and more send and view. >> Got it, okay, let's look a little deeper into the history of tech monopolies and government action and see what we can learn from that. We put together this slide that we can reference. It shows the three historical targets in the tech business and now the new ones. In 1969, the DOJ went after IBM, Big Blue and it's 13 years later, dropped its suit. And then in 1984 the government broke Ma Bell apart and in the late 1990s, went after Microsoft, I think it was 1998 in the Wintel monopoly. And recently in an interview with tech journalist, Kara Swisher, the FTC chair Lena Khan claimed that the government played a major role in moderating the power of tech giants historically. And I think she even specifically referenced Microsoft or maybe Kara did and basically said the industry and consumers from the dominance of companies like Microsoft. So Dave, let's briefly talk about and Kara by the way, didn't really challenge that, she kind of let it slide. But let's talk about each of these and test this concept a bit. Were the government actions in these instances necessary? What were the outcomes and the consequences? Maybe you could start with IBM and AT&T. >> Yeah, it's a big topic and there's a lot there and a lot of history, but I might just sort of introduce by saying for whatever reasons antitrust has been part of the entire information technology industry history from mainframe to the current period and that slide sort of gives you that. And the reasons for that are I think once that we sort of know the economies of scale, network effects, lock in safe choices, lot of things that explain it, but the good bit about that is we actually have so much history of this and we can at least see what's happened in the past and when you look at IBM and AT&T they both were massive antitrust cases. The one against IBM was dropped and it was dropped in as you say, in 1980. Well, what was going on in at that time, IBM was sort of considered invincible and unbeatable, but it was 1981 that the personal computer came around and within just a couple of years the world could see that the computing paradigm had change from main frames and minis to PCs lines client server and what have you. So IBM in just a couple of years went from being unbeatable, you can't compete with them, we have to break up with them to being incredibly vulnerable and in trouble and never fully recovered and is sort of a shell of what it once was. And so the market took care of that and no action was really necessary just by everybody thinking there was. The case of AT&T, they did act and they broke up the company and I would say, first question is, was that necessary? Well, lots of countries didn't do that and the reality is 1980 breaking it up into long distance and regional may have made some sense, but by the 1990 it was pretty clear that the telecom world was going to change dramatically from long distance and fixed wires services to internet services, data services, wireless services and all of these things that we're going to restructure the industry anyways. But AT& T one to me is very interesting because of the unintended consequences. And I would say that the main unintended consequence of that was America's competitiveness in telecommunications took a huge hit. And today, to this day telecommunications is dominated by European, Chinese and other firms. And the big American sort of players of the time AT&T which Western Electric became Lucent, Lucent is now owned by Nokia and is really out of it completely and most notably and compellingly Bell Labs, the Bell Labs once the world's most prominent research institution now also a shell of itself and as it was part of Lucent is also now owned by the Finnish company Nokia. So that restructuring greatly damaged America's core strength in telecommunications hardware and research and one can argue we've never recovered right through this 5IG today. So it's a very good example of the market taking care of, the big problem, but meddling leading to some unintended consequences that have hurt the American competitiveness and as we'll talk about, probably later, you can see some of that going on again today and in the past with Microsoft and Intel. >> Right, yeah, Bell Labs was an American gem, kind of like Xerox PARC and basically gone now. You mentioned Intel and Microsoft, Microsoft and Intel. As many people know, some young people don't, IBM unwillingly handed its monopoly to Intel and Microsoft by outsourcing the micro processor and operating system, respectively. Those two companies ended up with IBM ironically, agreeing to take OS2 which was its proprietary operating system and giving Intel, Microsoft Windows not realizing that its ability to dominate a new disruptive market like PCs and operating systems had been vaporized to your earlier point by the new Wintel ecosystem. Now Dave, the government wanted to break Microsoft apart and split its OS business from its application software, in the case of Intel, Intel only had one business. You pointed out microprocessors so it couldn't bust it up, but take us through the history here and the consequences of each. >> Well, the Microsoft one is sort of a classic because the antitrust case which was raging in the sort of mid nineties and 1998 when it finally ended, those were the very, once again, everybody said, Bill Gates was unstoppable, no one could compete with Microsoft they'd buy them, destroy them, predatory pricing, whatever they were accusing of the attacks on Netscape all these sort of things. But those the very years where it was becoming clear first that Microsoft basically missed the early big years of the internet and then again, later missed all the early years of the mobile phone business going back to BlackBerrys and pilots and all those sorts of things. So here we are the government making the case that this company is unstoppable and you can't compete with them the very moment they're entirely on the defensive. And therefore wasn't surprising that that suit eventually was dropped with some minor concessions about Microsoft making it a little bit easier for third parties to work with them and treating people a little bit more, even handling perfectly good things that they did. But again, the more market took care of the problem far more than the antitrust activities did. The Intel one is also interesting cause it's sort of like the AT& T one. On the one hand antitrust actions made Intel much more likely and in fact, required to work with AMD enough to keep that company in business and having AMD lowered prices for consumers certainly probably sped up innovation in the personal computer business and appeared to have a lot of benefits for those early years. But when you look at it from a longer point of view and particularly when look at it again from a global point of view you see that, wow, they not so clear because that very presence of AMD meant that there's a lot more pressure on Intel in terms of its pricing, its profitability, its flexibility and its volumes. All the things that have made it harder for them to A, compete with chips made in Taiwan, let alone build them in the United States and therefore that long term effect of essentially requiring Intel to allow AMD to exist has undermined Intel's position globally and arguably has undermined America's position in the long run. And certainly Intel today is far more vulnerable to an ARM and Invidia to other specialized chips to China, to Taiwan all of these things are going on out there, they're less capable of resisting that than they would've been otherwise. So, you thought we had some real benefits with AMD and lower prices for consumers, but the long term unintended consequences are arguably pretty bad. >> Yeah, that's why we recently wrote in Intel two "Strategic To Fail", we'll see, Okay. now we come to 2022 and there are five companies with anti-trust targets on their backs. Although Microsoft seems to be the least susceptible to US government ironically intervention at this this point, but maybe not and we show "The Cincos Comas Club" in a homage to Russ Hanneman of the show "Silicon Valley" Apple, Microsoft, Google, and Amazon all with trillion dollar plus valuations. But meta briefly crossed that threshold like Mr. Hanneman lost a comma and is now well under that market cap probably around five or 600 million, sorry, billion. But under serious fire nonetheless Dave, people often don't realize the immense monopoly power that IBM had which relatively speaking when measured its percent of industry revenue or profit dwarf that of any company in tech ever, but the industry is much smaller then, no internet, no cloud. Does it call for a different approach this time around? How should we think about these five companies their market power, the implications of government action and maybe what you suggested more narrow action versus broad sweeping changes. >> Yeah, and there's a lot there. I mean, if you go back to the old days IBM had what, 70% of the computer business globally and AT&T had 90% or so of the American telecom market. So market shares that today's players can only dream of. Intel and Microsoft had 90% of the personal computer market. And then you look at today the big five and as wealthy and as incredibly successful as they've been, you sort of have almost the argument that's wrong on the face of it. How can five companies all of which compete with each other to at least some degree, how can they all be monopolies? And the reality is they're not monopolies, they're all oligopolies that are very powerful firms, but none of them have an outright monopoly on anything. There are competitors in all the spaces that they're in and increasing and probably increasingly so. And so, yeah, I think people conflate the extraordinary success of the companies with this belief that therefore they are monopolist and I think they're far less so than those in the past. >> Great, all right, I want to do a quick drill down to cloud computing, it's a key component of digital business infrastructure in his book, "Seeing Digital", Dave Moschella coined a term the matrix or the key which is really referred to the key technology platforms on which people are going to build digital businesses. Dave, we joke you should have called it the metaverse you were way ahead of your time. But I want to look at this ETR chart, we show spending momentum or net score on the vertical access market share or pervasiveness in the dataset on the horizontal axis. We show this view a lot, we put a dotted line at the 40% mark which indicates highly elevated spending. And you can sort of see Microsoft in the upper right, it's so far up to the right it's hidden behind the January 22 and AWS is right there. Those two dominate the cloud far ahead of the pack including Google Cloud. Microsoft and to a lesser extent AWS they dominate in a lot of other businesses, productivity, collaboration, database, security, video conferencing. MarTech with LinkedIn PC software et cetera, et cetera, Googles or alphabets of business of course is ads and we don't have similar spending data on Apple and Facebook, but we know these companies dominate their respective business. But just to give you a sense of the magnitude of these companies, here's some financial data that's worth looking at briefly. The table ranks companies by market cap in trillions that's the second column and everyone in the club, but meta and each has revenue well over a hundred billion dollars, Amazon approaching half a trillion dollars in revenue. The operating income and cash positions are just mind boggling and the cash equivalents are comparable or well above the revenues of highly successful tech companies like Cisco, Dell, HPE, Oracle, and Salesforce. They're extremely profitable from an operating income standpoint with the clear exception of Amazon and we'll come back to that in a moment and we show the revenue multiples in the last column, Apple, Microsoft, and Google, just insane. Dave, there are other equally important metrics, CapX is one which kind of sets the stage for future scale and there are other measures. >> Yeah, including our research and development where those companies are spending hundreds of billions of dollars over the years. And I think it's easy to look at those numbers and just say, this doesn't seem right, how can any companies have so much and spend so much? But if you think of what they're actually doing, those companies are building out the digital infrastructure of essentially the entire world. And I remember once meeting some folks at Google, and they said, beyond AI, beyond Search, beyond Android, beyond all the specific things we do, the biggest thing we're actually doing is building a physical infrastructure that can deliver search results on any topic in microseconds and the physical capacity they built costs those sorts of money. And when people start saying, well, we should have lots and lots of smaller companies well, that sounds good, yeah, it's all right, but where are those companies going to get the money to build out what needs to be built out? And every country in the world is trying to build out its digital infrastructure and some are going to do it much better than others. >> I want to just come back to that chart on Amazon for a bit, notice their comparatively tiny operating profit as a percentage of revenue, Amazon is like Bezos giant lifestyle business, it's really never been that profitable like most retail. However, there's one other financial data point around Amazon's business that we want to share and this chart here shows Amazon's operating profit in the blue bars and AWS's in the orange. And the gray line is the percentage of Amazon's overall operating profit that comes from AWS. That's the right most access, so last quarter we were well over a hundred percent underscoring the power of AWS and the horrendous margins in retail. But AWS is essentially funding Amazon's entrance into new markets, whether it's grocery or movies, Bezos moves into space. Dave, a while back you collaborated with us and we asked our audience, what could disrupt Amazon? And we came up with your detailed help, a number of scenarios as shown here. And we asked the audience to rate the likelihood of each scenario in terms of its likelihood of disrupting Amazon with a 10 being highly likely on average the score was six with complacency, arrogance, blindness, you know, self-inflicted wounds really taking the top spot with 6.5. So Dave is breaking up Amazon the right formula in your view, why or why not? >> Yeah, there's a couple of things there. The first is sort of the irony that when people in the sort of regulatory world talk about the power of Amazon, they almost always talk about their power in consumer markets, whether it's books or retail or impact on malls or main street shops or whatever and as you say that they make very little money doing that. The interest people almost never look at the big cloud battle between Amazon, Microsoft and lesser extent Google, Alibaba others, even though that's where they're by far highest market share and pricing power and all those things are. So the regulatory focus is sort of weird, but you know, the consumer stuff obviously gets more appeal to the general public. But that survey you referred to me was interesting because one of the challenges I sort of sent myself I was like okay, well, if I'm going to say that IBM case, AT&T case, Microsoft's case in all those situations the market was the one that actually minimized the power of those firms and therefore the antitrust stuff wasn't really necessary. Well, how true is that going to be again, just cause it's been true in the past doesn't mean it's true now. So what are the possible scenarios over the 2020s that might make it all happen again? And so each of those were sort of questions that we put out to others, but the ones that to me by far are the most likely I mean, they have the traditional one of company cultures sort of getting fat and happy and all, that's always the case, but the more specific ones, first of all by far I think is China. You know, Amazon retail is a low margin business. It would be vulnerable if it didn't have the cloud profits behind it, but imagine a year from now two years from now trade tensions with China get worse and Christmas comes along and China just says, well, you know, American consumers if you want that new exercise bike or that new shoes or clothing, well, anything that we make well, actually that's not available on Amazon right now, but you can get that from Alibaba. And maybe in America that's a little more farfetched, but in many countries all over the world it's not farfetched at all. And so the retail divisions vulnerability to China just seems pretty obvious. Another possible disruption, Amazon has spent billions and billions with their warehouses and their robots and their automated inventory systems and all the efficiencies that they've done there, but you could argue that maybe someday that's not really necessary that you have Search which finds where a good is made and a logistical system that picks that up and delivers it to customers and why do you need all those warehouses anyways? So those are probably the two top one, but there are others. I mean, a lot of retailers as they get stronger online, maybe they start pulling back some of the premium products from Amazon and Amazon takes their cut of whatever 30% or so people might want to keep more of that in house. You see some of that going on today. So the idea that the Amazon is in vulnerable disruption is probably is wrong and as part of the work that I'm doing, as part of stuff that I do with Dave and SiliconANGLE is how's that true for the others too? What are the scenarios for Google or Apple or Microsoft and the scenarios are all there. And so, will these companies be disrupted as they have in the past? Well, you can't say for sure, but the scenarios are certainly plausible and I certainly wouldn't bet against it and that's what history tells us. And it could easily happen once again and therefore, the antitrust should at least be cautionary and humble and realize that maybe they don't need to act as much as they think. >> Yeah, now, one of the things that you mentioned in your piece was felt like narrow remedies, were more logical. So you're not arguing for totally Les Affaire you're pushing for remedies that are more targeted in scope. And while the EU just yesterday announced new rules to limit the power of tech companies and we showed the article, some comments here the regulators they took the social media to announce a victory and they had a press conference. I know you watched that it was sort of a back slapping fest. The comments however, that we've sort of listed here are mixed, some people applauded, but we saw many comments that were, hey, this is a horrible idea, this was rushed together. And these are going to result as you say in unintended consequences, but this is serious stuff they're talking about applying would appear to be to your point or your prescription more narrowly defined restrictions although a lot of them to any company with a market cap of more than 75 billion Euro or turnover of more than 77.5 billion Euro which is a lot of companies and imposing huge penalties for violations up to 20% of annual revenue for repeat offenders, wow. So again, you've taken a brief look at these developments, you watched the press conference, what do you make of this? This is an application of more narrow restrictions, but in your quick assessment did they get it right? >> Yeah, let's break that down a little bit, start a little bit of history again and then get to Europe because although big sweeping breakups of the type that were proposed for IBM, Microsoft and all weren't necessary that doesn't mean that the government didn't do some useful things because they did. In the case of IBM government forces in Europe and America basically required IBM to make it easier for companies to make peripherals type drives, disc drives, printers that worked with IBM mainframes. They made them un-bundle their software pricing that made it easier for database companies and others to sell their of products. With AT&T it was the government that required AT&T to actually allow other phones to connect to the network, something they argued at the time would destroy security or whatever that it was the government that required them to allow MCI the long distance carrier to connect to the AT network for local deliveries. And with that Microsoft and Intel the government required them to at least treat their suppliers more even handly in terms of pricing and policies and support and such things. So the lessons out there is the big stuff wasn't really necessary, but the little stuff actually helped a lot and I think you can see the scenarios and argue in the piece that there's little stuff that can be done today in all the cases for the big five, there are things that you might want to consider the companies aren't saints they take advantage of their power, they use it in ways that sometimes can be reigned in and make for better off overall. And so that's how it brings us to the European piece of it. And to me, the European piece is much more the bad scenario of doing too much than the wiser course of trying to be narrow and specific. What they've basically done is they have a whole long list of narrow things that they're all trying to do at once. So they want Amazon not to be able to share data about its selling partners and they want Apple to open up their app store and they don't want people Google to be able to share data across its different services, Android, Search, Mail or whatever. And they don't want Facebook to be able to, they want to force Facebook to open up to other messaging services. And they want to do all these things for all the big companies all of which are American, and they want to do all that starting next year. And to me that looks like a scenario of a lot of difficult problems done quickly all of which might have some value if done really, really well, but all of which have all kinds of risks for the unintended consequence we've talked before and therefore they seem to me being too much too soon and the sort of problems we've seen in the past and frankly to really say that, I mean, the Europeans would never have done this to the companies if they're European firms, they're doing this because they're all American firms and the sort of frustration of Americans dominance of the European tech industry has always been there going back to IBM, Microsoft, Intel, and all of them. But it's particularly strong now because the tech business is so big. And so I think the politics of this at a time where we're supposedly all this great unity of America and NATO and Europe in regards to Ukraine, having the Europeans essentially go after the most important American industry brings in the geopolitics in I think an unavoidable way. And I would think the story is going to get pretty tense over the next year or so and as you say, the Europeans think that they're taking massive actions, they think they're doing the right thing. They think this is the natural follow on to the GDPR stuff and even a bigger version of that and they think they have more to come and they see themselves as the people taming big tech not just within Europe, but for the world and absent any other rules that they may pull that off. I mean, GDPR has indeed spread despite all of its flaws. So the European thing which it doesn't necessarily get huge attention here in America is certainly getting attention around the world and I would think it would get more, even more going forward. >> And the caution there is US public policy makers, maybe they can provide, they will provide a tailwind maybe it's a blind spot for them and it could be a template like you say, just like GDPR. Okay, Dave, we got to leave it there. Thanks for coming on the program today, always appreciate your insight and your views, thank you. >> Hey, thanks a lot, Dave. >> All right, don't forget these episodes are all available as podcast, wherever you listen. All you got to do is search, "Breaking Analysis Podcast". Check out ETR website, etr.ai. We publish every week on wikibon.com and siliconangle.com. And you can email me david.vellante@siliconangle.com or DM me @davevellante. Comment on my LinkedIn post. This is Dave Vellante for Dave Michelle for "theCUBE Insights" powered by ETR. Have a great week, stay safe, be well and we'll see you next time. (slow tempo music)

(bright upbeat music) >> Hi, everyone, welcome back to theCUBE's Unstoppable Domains Partner Showcase. I'm John Furrier, host of theCUBE. This segment in this session is about expansion into Asia Pacific and Europe for Unstoppable Domains. It's a hot startup in the Web3 area, really creating a new innovation around NFTs, crypto, single sign-on, and digital identity, giving users the power like they should. We've got two great guests, Sajjad Rehman, Head of Europe, and Nilkanth, known as Nil, Iyer, head of Asia. Sajjad, Nil, welcome to this CUBE, and let's talk about the expansion. It's not really an expansion, the global economy is global, but showcase here about Unstoppables going to Europe. Thanks for coming on. >> Thanks for inviting us. >> Thanks John, for inviting us. >> So we're living in a global world, obviously, crypto, blockchain, decentralized applications. You're starting to see mainstream adoption, which means the shift is happening. There are more apps coming, and it means more infrastructure, and things got to get easier, right? So, reduce the steps it takes to do stuff, makes the wallets better, give people more secure access and control of their data. This is what Unstoppable is all about. You guys are in the middle of it, you're on this wave. What is the potential of Web3 with Unstoppable, and in general, in Asia and in Europe? >> I can go first. So, now, let's look at the Asia market. I mean, typically, we see the US market, the Europe markets, for typical Web 2.0 software and infrastructure is definitely the larger markets, with US typically accounting for about 60%, and Europe about 20 to 30%, and Asia has always been small. But we see in this whole world of blockchain, crypto, Web 3.0, Asia already has about 160 million users. They have more than 35 local exchanges. And if you really look at the number of countries, in terms of the rate of adoption, many of the Asian countries, which probably you'd have never even heard of, like Vietnam, actually topping the list, right? One of the reasons that this is happening, again, if you go through the Asian Development Bank's latest report, you have these Gen Zs and millennials, of that's 50% of the Asian population. And if you really look at 50% of the Asian population, that's 1.1 billion people out of the total, 1.8 billion Gen Z and millennials that you have have in the world. And these folks are digitally native, they're people, in fact, the Gen Zs are mobile first, and millennials, many of us, like myself, at least, are people who are digital, and 20% of the world's economy is currently digital, and the rest, 40 to 50%, which is going to happen in the Web 3.0 world, and that's going to be driven by millennials and Gen Zs. I think that's why this whole space is so exciting, because it's being driven by the users, by the new generation. I mean, that's my broad thought on this whole thing. >> Before we get get this started, I want to just comment, Asia, also, in other areas where mobile first came, you had the younger demographics absolutely driving the change, because they're like, "Well, I don't want the old way." They go right from scratch at the beginning, they're using the technologies. That has propelled the crypto world. I mean, that is absolutely true. Everyone's kind of seeing that. And that's now influencing some of these developer nations, like say, in Europe, for instance, and even North America, I think Europe's more advanced than North America, in my opinion, but we'll get to that. Oh, so potential in Europe. Sajjad, take us through your thoughts on... As head of Europe, for our audience. >> Absolutely, so, Nil's right. I think Asia is way ahead in terms of Gen Z user adopting crypto, Europe is actually a distant second, but it's surprising to note that Europe actually has the highest transactional activity in crypto over the last year and a half. And if you dig a bit deeper, I'd say, arguably, for Europe, I think the opportunity in Web3 is perhaps the largest. And then perhaps it can mean the most for Europe. Europe, for the last decade, has been trailing behind Asia and North America, when it comes to birthing unicorns, and I think Web3 can provide a StepChain opportunity. This belief, for me, stems from the fact that Europe's policy, right, like, for example, GDPR, is focused on enabling your data ownership. And I think I recently read a very good paper out of Stanford, by Patrick Henson. He speaks about Web3 being the best part, here, for Europe enabling patient sovereignty. So what that means is users control the data, they're paying to enter it, and they harness the value from it. And on one hand, while Europe is enabling that regulation, that's entered in that code, Web3 actually brings it into action. So I think with more enablement, better regulation, and we'll see more hubs, like the Crypto Valley in Switzerland pop up, that will bring, I think, I'd rather be careful, better to say, not over-regulation, the right regulation. We can expect more in prop capital, more builder talent, that then drives more adoption. So I think the prospects for Europe in terms of usage, as well as builders, are quite bright. >> Yeah, and I think, also, you guys are in areas where the cultural shift is so dramatic. You mentioned Asia, the demographics, even the entrepreneurial culture in Europe right now is booming. You look at all the venture-backed startups, and the young generation building companies! And again, cloud computing is a big part of that, obviously. But look at, compared to the United States, you go back 15 years ago, Europe was way behind, on the startup scene. Now it's booming and pumping on all cylinders. And it kind of points at this cultural shift. It's almost like a generational... It's like the digital hippies changing the world. The Web3, it's kind of, "I don't want to be Web2, Web2 is so old, I don't want to do that." And then it's all because it's changing, right? And there are things inadequate with Web2, on the naming system. Also the arbitrage around fake information, bots, users being manipulated, and also merchandised and monetized through these portals. Okay, that's kind of ending. So talk about the dynamic of Web2, 3, at those areas. You've got users and you've got companies, who build applications. They're going to shift and be forced, in our opinion, and I want to get your reaction to that. Do you think applications are going to have to be Web3, or users will reject them? >> Yeah, I think that I'll jump in and add to there in Nil's part. I think the Web3 is built on three principles, right? They're decentralization, ownership, and composability. And I think these are not binary. So if I look further on in the future, I don't see a future where you have just Web3. I think there's going to be coexistence or cooperation between Web2 companies, Web3, building bridges. I think there's going to be... There's a sliding scale to decentralization, versus centralization. Similarly, ownership. And I think users will find what works best for them in different contexts. I think what Unstoppable is doing is essentially providing the identity system for Web3, and that's way more powerful when it comes to being built on blockchains, than with the naming system we had for Web2, right? The identity system can serve the purpose of taking a user's personal identifier, password, blockchain, domain name, and attaching all kinds of attributes that define who you are, both in the physical and digital world, and filling out information that you can transact on the basis of. And I think the users would, as we go to a no-code and low-code future, right, where in Web2, more of the users were essentially consumers, or readers of the internet. And in Web3, with more low-code and no-code technology platforms taking shape and getting proliferation, you would see more users being actually writers, publishers, and developers on the internet. And they would value owning their data, and to harness the most amount of value from it. So I think that's the power concept, and I think that's the future I see, where Web3 will dominate. Nil, what do you think? >> Well, I think you put it very, very nicely, Sajjad. I think you covered most of the points, I think. But I'm seeing a lot of different things that are happening at the ground. I think a lot of the governments, a lot of the Web 2.0 players, the traditional banks, these guys are not sitting quiet on the blockchain space. There are a lot of pilots happening in the blockchain space, right? I mean, I can give you real life examples. I mean, one of the biggest examples is in my home state of Maharashtra, where Mumbai is. They actually partnered with Polygon (MATIC), right? Actually built a private blockchain-based capability to kind of deliver your COVID vaccination certificates with the QR code, right? And that's the only way they could deliver that kind of volumes in that short a time, with the kind of user control, the user control the user has on the data. That could only be possible because of blockchain. Of course, it's still private, because it's healthcare data, they still want to keep it, something that's not fully on a blockchain. But that is something. Similarly, there is a consortium of about nine banks who have actually trying to work on making things like remittances or trade finance much, much easier. I mean, remittances through a traditional, Web 2.0 world is very, very costly. And especially in the Asian countries, a lot of people from Southeast Asia work across the world and send back money home. It's a very costly and a time-taking affair. So they have actually partnered and built a blockchain-based capability, again, in a pilot stage, to kind of reduce the transaction costs. For example, if you just look at the trade finance days where there are 14 million traders, who do 2.4, 5 trillion dollars, of transaction, they were able to actually reduce the time that it takes from eight to nine days, to about two to three days. And so, to add on to what you're saying, I think these two worlds are going to meet, and meet very soon. And when they meet, what they need is a single digital identity, a human-readable way of being able to send and receive and do commerce. I think that's where I see Unstoppable Domains, very nicely positioned to be able to integrate these two worlds, so that's my thought on all the logistics. >> That was a great point. I was going to get into which industries, and kind of what areas, you see in your geographies. But it's a good point about saving time. I like how you brought that up, because in these new waves, you either got to reduce the steps it takes to do something, or save time, make it easy. And this is the successful formula, in anything, whether it's an app or UI or whatever, but what specifically are they doing in your areas? And what about Unstoppable are they attracted to? Is it because of the identity? Is it because of the apps? Is it because of the single sign-on? What is the reason that they're leaning in, and unpacking this further into their pilots? >> Sajjad, do you want to take that? >> Yeah, absolutely, man. >> Because. >> Yeah, I'm happy. Please jump in if you want. So I think, and let me clarify the question, John, you're talking about Web2 companies, looking to partner in software, or potential partnerships, right? >> Yeah, what are they seeing, and what are they seeing as the value that these pilots we heard from Nilkanth around the financial industry? And obviously, gaming's one, it's obvious. Huge: financial, healthcare, I mean, these are obviously verticals that are going to be heavily impacted in a positive way. What are they seeing as value? What's getting them motivated to do these pilots? Why are they jumping in, with both feet, if you will, on these projects? Is it because it's saving money, is it time, or both, is it ease of use, is it the user's expectations? Trying to tease out how you guys see that evolving. >> Yeah, yeah, I think... This is still, the space is, the movement is going very fast, but I think the space is still young. And right now, a lot of these companies are seeing the potential that Web3 offers. And I think the key, key dimensions, right, composability, decentralization, and ownership. So I think the key thing I'm seeing in EU is these Web2 companies seeing the momentum and looking to harness that by enabling bridges to Web3. One of the key trends in Europe has been Fintech, I think over the last five to six years, we have the Revolut, N26, e-TOTAL creating platforms, new banks and super finance, super apps rising to the forefront. And they are all enabling, or also connecting a bridge with Web3 in some shape and form, either enabling creating of crypto, some are launching their own native wallets, and these are, essentially, ways that they can, one, attract users. So the Gen Z who are looking for more friction in finance, to get them on board, but also to look to enable more adoption by their own users, who are not using these services that potentially create new revenue streams, and create allocation of capital that they could not access, to have access to otherwise. So I think that's one trend I'm seeing over here. I think the other key trend is, in Europe, at least, has been games. And again, dead links or damaged, web creators would call the metaverse. So a lot of game companies are looking to step into Game Fire, which is, again, a completely different business model to what traditional game companies used to use. Similarly, metaverse is where again, ownership creates a different business model and they see that users and gamers of the future would want to engage with that, versus just being monetized on the basis of subscription or ads. And I think that's something that they're becoming aware of, and moving quickly in the space, launching their own metaverses, or game by applications. Or creating interoperability with these decentralized applications. >> You know, I wanted to get into this point, but I was going to ask about the community empowerment piece of this equation, 'cause digital identity is about the user's identity, which implies they're part of a community. Web3 is very community-centric. But you mentioned gaming, I mean, people who have been watching the gaming world, like ourselves, know that communities and marketplaces have been very active for years, many years, over 15 years. Community, games, currency, in-game activity, has been out there, right, but siloed within the games themselves. So now, it seems that that paradigm's coming in and empowering all communities. Is this something that you guys see and agree with? And if so, what's different about that? How are communities being empowered? I guess that's the question. >> Yeah, I can maybe take that, Sajjad. So, I mean, I must have heard of Axie Infinity, I mean, 40% of their user base is in Vietnam. And the average earning that a person makes in a month, out of playing this game, is more than the national, daily or minimum wage that is there, right? So that's the kind of potential. Actually, going back, as a combination of actually answering your earlier question, and I think over and above what Sajjad said, what's very unique in Asia is we still have a lot of unbanked people, right? So if you really look at the total unbanked population of the world, it's 1.6 billion, and 24% of that is in Asia, so almost 375 million people are in Asia. So these are people who do not have access to finance or credit. So the whole idea is, how do we get these people on to a banking system, onto peer-to-peer lending, or peer-to-peer finance kind of capabilities. I think, again, Unstoppable Domains kind of helps in that, right? If you just look at the pure Web 3.0 world, and the complex, technical way in which money or other crypto is transferred from one wallet to the other, it's very difficult for an unbanked person who probably cannot even do basic communication, cannot read and write, to actually be able to do it. But something that's very human-readable, something that's very easy for him to understand, something that's visual, something that he can see on his mobile. With 2G network, we are not talking of... The world is talking about 5G, but there are parts of Asia, which are still using 2G and 2.5G kind of network, right? So I think that's one key use case. I think the banks are trying to solve because for them, this is a whole new customer segment. And, sorry, I actually went back a little bit, to your earlier question, but coming to this whole community-building, right? So on March 8th, we're launching something called this Women of Web3, or, oh, that is WoW3, right? This is basically to, again, empower. So if you, again, look at Asia, women need a lot of training, they need a lot of enablement, for them to be able to leverage the power of Web 3.0. I can talk about India, of course, being from India. A lot of the women do not... They do all the small businesses, but the money is taken by middlemen, or taken by their husbands. With Web 3.0, fundamentally, the money comes to them, because that's what they use to educate their children. And it's the same thing in a lot of other Southeast Asian countries as well. I think it's very important to build those communities, communities of women entrepreneurs. I think this is a big opportunity to really get the section of society, which probably will take 10 more years, if we go through the normal Web1 to Web 2.0 progression, where the power is with corporations, and not with the individuals. >> And that's a great announcement, by the way, you mentioned the $10 million worth of domains being issued out for... This is democratization, it's what it's all about. Again, this is a new revolution. I mean, this is a new thing. So great stuff, more education, more learning. And going to get the banks up and running, get those people banking, 'cause once they're banking, they get wallets, right? So they need the wallets. So let's get to the real meat here. You guys are in the territory, Europe and Asia, where there's a lot of wallets. There's a lot of exchanges, 'cause that's... They're not in the United States. There's a few of them there, but most of them outside the United States. And you've got a lot of dApps developing, decentralized applications, okay? So you got all this coming together in your territory. What's the strategy, how you going to attack that? You got the wallets, you got the exchanges, and you got D applications. DApps. >> Yeah, I'm happy to (indistinct). So I think, and just quickly there, I think one point is, and Nil really expressed it beautifully, is finding inclusion. That is something that has inspired me, how Web3 can make the internet more inclusive. That inspired my move here. Yeah, I think, for us, I think we are at the base start when it comes to Europe, right? And the key focus, in terms of our approach in Europe would be that, we want to do two things. One, we want to increase the utility of these domain names. And the second thing is, we will invite proliferation with our partners. So when I speak about utility, I think utility is when you have a universal identifier, which is a domain name, and then you have these attributes around it, right? What then defines your identity. So in the context, in Europe, we would look to find partners to help us enrich that identity around the domain name. And that adds value for users, in terms of acquiring these domains and new clients. And on the other end, when it comes to proliferation, I think it's about working with all those crypto, and crypto and Web3, Web3 participants as well as Web3-adjacent companies, brands, and services, who can help us educate current and future, and upcoming Web3 users about the utility of domain names, and help us onboard them to the decentralized internet. So I think that's going to be the general focus. I think the key is that, as, oh, and hopefully, we'll be having one, overarching regulation, EU, that allowed us to do this at a vision level. But I would say I think it's going to be tackling it country by country, identifying countries where there's deeper penetration for Web3, and then making sure that we are partnered with local, trusted partners that are already developing for local communities there. So, yeah, that's my view and Nil, I believe those are wants in, for Asia. >> Oh, I think, yeah, so again, in Asia, one is you have a significant part of humanity living in Asia, right? So obviously, all the other challenges and the opportunities that we talk about, I think the first area of focus would be educating the people on the massive opportunity that they have, and if you're able to get them in early, I think it's great for them as well, right? Because by the time governments, regulations, large banking, financial companies move, but if you can get the larger population into this whole space, it's good for them, so they are first movers in that space. I think we are doing a lot of things on this, worldwide. I think we've done more than 100 past podcasts, just educating people on what is Web 3.0, what are NFT domains? What is DeFi, and so on and so forth. I think it would need some bit of localization, customization, in Asia, given that India itself has about 22 languages. And then there are the other countries which, each of them with their own local languages and syntax, semantics and all those things, right? So I think that that is very important, to be able to disseminate the knowledge, although it's global, but I think to get the grassroot people to understand the opportunity, I think it would need some amount of work there. I think also building communities, I think, John, you talked about communities, so did Sajjad talk about communities. I think it's very important to build communities, because communities create ideation. It talks about... People share their challenges, so that people don't repeat the same mistakes. So I think it's very important to build communities based on interest. I think we all know in the technology world, you can build communities around Elegram, Telegram, Discord, Twitter spaces, and all those things. But, again, when you're talking of financial inclusion, you're talking of a different kind of community-building. I think that that would be important. And then of course I will kind of, primarily from a company perspective, I think getting the 35 odd exchanges in Asia, the wallets to partner with us. Just as an example, MATIC. They had, until September of last year, about 3,500 apps. In just one quarter, it doubled to 7,000 dApps on their platform. But that is the pace, or the speed of innovation that we are seeing on this whole 3.0 space. I think it's very important to get those key partners, Who are developing those dApps. See the power of single sign-on, having a human-readable, digital identity, being able to seamlessly transfer all your assets, digital assets, across multiple cryptos, across multiple NFT marketplaces, and so on and so forth. >> Yeah, and I think the whole community thing, too, is also you seeing the communities being part of, certainly in the entertainment area, and the artistry, creator world, the users are art of the community, they own it, too. So it goes both ways, but this brings up the marketplace, too, as well, because you guys have the opportunity to have trust built into the software layer, right? So now you can keep the reputation data. You can be anonymous, but it's trustworthy, versus bots, which we all know bots can be killed and then started again with... And no one knows what the tagalong has been around. So the whole inadequacy of Web2, which is just growing pains, right? This is what it evolution looks like, next abstraction layer. So I love that vibe. How advanced do you think that thinking is, where people are saying, Hey, we need this abstraction layer. We need this digital identity. We need to start expanding our applications so that the users can move across these and break down those silos where the data is, 'cause that's... This is like the nerd problem, right? It's the data silos that are holding it back. What's your guys' reaction to that? The killing the silos and making it horizontally scalable? >> Yeah, I think it's a nerd problem. It is a problem of people who understand technology. It's a problem of a lot of the people in the business who want to compete effectively against those giants, which are holding all the data. So I think those are the people who will innovate and move. Again, coming back to financial inclusion, coming back to the unbanked, those guys just want to do their business. They want to live their daily life. I think that's not where you'll see... You will see innovation in a different form, but they're not going to disrupt the disrupters. I think that would be the people, Fintechs, I think they would be the first to move on to something like that. I mean, that's my humble opinion. >> Sajjad, you heard. >> Yeah, I think- >> Go ahead. >> I mean, absolutely. I think, I mean, I touched on creators, right? So, like I said earlier, right, we are heading to a future where more people will be creators on the internet. Whether you're publishing, writing something, you're creating video content, and that means that they have data they own, but that's their data, they bring it to the internet. That's more powerful, more useful, and they should be able to transact on that basis. So I think people are recognizing that, and they will increasingly look to do so. And as they do that, they would want these systems that enable them to hold permission to their data. They will want to be able to control what their permission and what they want to provide, dApp. And at the end of the day, these applications have to work backwards from customers, and the customer's looking for that. That's where... That's what they will build. >> The users want freedom. They want to be able to be connected, and not be restricted. They want to freely move around the global internet and do whatever they want with the friends and apps that they want to consume, and not feel arbitraged. They don't want to feel like they're kind of nailed into a walled garden and stuck there and having to come back. It's the new normal. >> They don't want to be the product, right, so. >> They don't want to be the product. Gentlemen, great to have you on, great conversation. We're going to continue this later. Certainly want to keep the updates coming. You guys are in a very hot area in Europe and Asia Pacific. That's where a lot of the action is happening. We see the entrepreneurial activity, the business transformation, certainly with the new paradigm shift, and this big wave that's coming. It's here, it's mainstream. Thanks for coming on and sharing your insights. Appreciate it. >> Thanks, John. >> Thanks, John, Thanks for the opportunity, have a good day. >> Okay, okay, great conversation. All the action's moving and happening real fast. This is theCUBE Unstoppable Domains Partner Showcase. I'm John Furrier, your host. Thanks for watching. (contemplative music)

(upbeat music) >> Hey everyone, welcome to theCUBE's coverage of Women in Tech: International Women's Day, 2022. I'm your host Lisa Martin. Clara Bidorini joins me next, a Business Developer for the startups team in Brazil at AWS. Clara, it's lovely to have you on the program. >> Hi Lisa, thank you for having me. >> I want to mention a couple accolades that you got just in 2021. You were one of the top 20 most influential women for open innovation in Brazil in 2021. And you were a finalist for Women in Tech Brazil Awards in the category of Ally in Tech 2021. Congratulations. >> Thank you so much, it was an awesome year and it's always important to be acknowledged for what you're doing in the market, right? >> Absolutely, everyone wants to be appreciated every now and then. Tell me a little bit about your role and your background. >> Of course. So I am living in Brazil, as you said, but actually I'm Italian. So I've been living abroad for the last, I will say 16 years. So I've been living in Portugal, I've been living in Switzerland and now in Brazil for the last, I will say 11 years. I'm a Social Entrepreneur and a Strategic Designer. I've been working with corporate ventures since 2014 and now I am Corporate Venture Manager for startups at Amazon Web Services. I've supported, throughout 10 years, enterprises, startups, public sector with corporate acceleration programs and open innovation initiatives within their customer throughout Latin America. >> What's the female representation like in the startup environment? >> Well it depends a lot, right? We have different trends globally speaking. If we look at, for example, global trends, and that includes United States for example, we see that the number of unicorns that for example are led by female is much lower than the number of total unicorn that you see. So if you talk about United States, for example, that has the highest number of unicorns, we see that between 2013 and 2021 the number of female at a unicorn is only 60 against 500 which is a total number of it. So we see that actually the percentage is 12% only, so we need much more representative in the female startup ecosystem. But numbers are changing, right? So this is promising. >> That is good, it is promising to see the numbers ticking up. In terms of positioning of women in leadership roles, what's the role that you see kind of commonly across startups, or maybe it varies by country. >> It varies by country you're right but definitely when we look at the trends and when we look at the data that we receive from National StartUp Association and startup organization in the different geos, you can see that startup that are founded by female leaders are, I will say as a proxy, from 4% to 12% in some countries, it gets to 18%, of the total number of startups to that country. So it's still a low number, but what we see which is interesting, is that much more startups that are led by both female and male co-founders are rising more and more. For example, in Brazil, it represents 28% which is almost 30% against the 12% of female-only founded startup and the 51% of the male founded startup. So I think it's promising to look at this mix of genders when we look at the foundations of startups because they're also getting, I will say, from five to six more investment than female founded startups. What does it mean? It means that we need to find I think more allies work in allyship with men in order to have more investment in startup by women. But it also means that unicorns and the biggest startup, the scale-up startups, are now starting for example to hire women in the leadership. So maybe we don't have so many startups that are founded by women, but we have more and more scale-ups and unicorns that are led by leaders which are women. So this is an interesting change, if we compare 2022 with 2013, for example. >> That's good that we've seen so much progress in that amount of time. And something that I've seen too, or looking at stats, we know that the number of females and technical roles is still pretty low below 25%, but there's a lot of data that show that companies with even 30% of the executive leadership team being female, are more performant and more profitable. So the data is there. Is that one of the reasons that you think that you're seeing a lot of these kind of co-CEOs, female-male counterparts in the startup community? >> Well, we already know that diversity and diverse teams are much more performative than I will say, non-inclusive ones. So it's always a matter of how you can thrive to success in every kind of environment you're working. So this is true for startups but this is also true for corporations. So it's just a matter of time. I think for the startup environment to start to be working faster with diversity and inclusion, then I will say the traditional corporate world. Many of those startups in Brazil, in these tests, are saying, "We want to work with inclusion. We want to have more equity throughout the journey. Not only in the leadership." They just need more resources. And this is something that is interesting for startup because resources is what a startup normally doesn't have. So we need to be really smart on where they put the resources and how we help them throughout this journey so that they can be as diverse as they can and therefore gain more profit, right? >> One of the things that we often say when we're talking about women in tech and here we are International Women's day is that we can't be what we can't see. And I think that's so important to have those female role models. It's also important to have male role models. Talk to me a little bit about your mentors and sponsors and how they've helped get you to where you are today. >> Okay. This is interesting, because I just had a nice conversation with some friends of mine and today we're going to launch a project which I'm very fond of which is called (foreign language) in Portuguese is leave it with them Them being a positive reinforce to women. And today we have launched the first episode, which is amazing. And we were talking about mentors. So how important are they? And we were discussing the fact that until now if we have to count the number of male mentors that we have of course it's much bigger than number of female mentors but from now on what about having more female role models for everybody in the startup ecosystems? This is not a motion in where women are becoming mentors for other women. Women can be mentors for everybody. And the fact that we are empowering more female founders and female leaders in the ecosystem is just bringing again more diversity and therefore more performance to the entire ecosystem. I had many different mentors from different worlds. I will tell a little bit more about myself. Originally I'm an architect and I've been working with building and houses and hospitals and library during the first part of my career. And that world was a male world actually and I had many great mentors that helped me out throughout my journey. When I changed my career into Service Design and starting working with systems and holistic approach for strategy, again, I found many male mentors especially in Switzerland, especially in Brazil. But when I started the startup ecosystem journey, I started meeting women that actually changed my career. So, I'm talking about investors, I'm talking about co-founders, I'm talking about leaders I'm talking about leaders in the community because we don't have to forget that we need always to rely on the personas that are working in the startup ecosystem such as accelerators, incubators, universities. And I could just tell you so many stories about my mentors, but I don't want to say here that we only need to focus on finding female mentors. We need to find the most meaningful relationship that we can and learn from them. It could be a woman, it could be a man, but we need to encourage more and more in women to have the strength and the courage to be mentored to, to speak up. >> I agree. You don't have to have mentors that are only female. I have many back in my day that were male that got me to where I am today that I just really looked up to. And that sponsored me. And that's important for women to know that you need to have your own personal board of directors, of mentors and sponsors. But I'd love to know a little bit more. You really pivoted in your career. Talk to me about how you got the courage to say, "You know what? I'm going to make a change here. I'm going to go in a different direction." >> Oh Lisa, that's such a question. Thank you so about asking me about this. So I've always have been this I will say status quo challenger. And at some point when I entered architecture I ended up making a master in complexity and using creativity to solve complex problem. So there was already a flag of me not working in architecture anymore in the future but I didn't notice at the time. So this idea of working with complexity and using creativity to work out complex problems in society brought me to start working more with design and then using design as a management approach to solve those problems. So I was pivoting but step by step from architecture to design, from design to branding, sorry, from branding to strategy. At certain point I was working with open innovation already, so was solving big challenges for big corporations. I was designing, innovation, planning, The step from here to join the startup ecosystem world is just really small. So from that moment on, I understood that business was the place where I was working and creating an understanding value proposition was actually the thing that was putting me on stage and letting me be more myself in terms of having more connections, being an agent of transformation in this ecosystem. And actually being the status quo challenger every day. So that's the way I pivoted, but it took a lot of courage and it also took a lot of curiosity. And this is something that I'm always telling the startups to have. You need to look at everything with the eyes of a tourist. You need to be curious about everything. That's also the reason why I've been changing countries. I love to learn about new cultures. I love to learn new expressions. I love to understand how other people think. And this is putting other people and other reality in the center of your attention. And this is what business is about. Building stuff that is interesting for people, for your customers, for your user. This is the center of building a value proposition >> Right you bring up several good points there. And one, the breadth of knowledge and experience that you have. There's so much value there in having that breadth, being courageous enough to be curious but you also bring up a point about some other skills like soft skills, for example, that are so valuable that you don't necessarily learn in school. For example, I think communication, relationship building, those are so important for women and men to have to really bring that breadth to what it is that they're doing so that they can do whatever it is that they want. >> Exactly. You're so, right. So many of these soft skills for women, I think have been censored throughout the years by society behaviors. Let's say negotiating or talking about finance or let's try to create something new and having the courage to say, "I'm going to fail several times before will bring my business to success." So all of these aspects that I'm trying to describe here were kind of silenced throughout century for women. And now the possibility not only to test those situations but also to speak up, to share this this knowledge, and to be mindful with other women that can help us to be courageous enough, to fail so many times that we need in order for us to be successful. This is something that I've learned from my colleagues in the startup ecosystem, both male and female founders. This is so important to fail. Failing first is important. And this is something that actually for women is contradicted, right? We are taught to be perfect. We are taught to be multitasking. We are taught to be everything that is not showing our vulnerabilities and learning from our mistakes. So these are the soft skills that I think are more important. And also sorry, I was forgetting one of the most important, which is resilience. Definitely (chuckles). >> Resilience is critical. But I always say that failure is not necessarily a bad F word and you bring up a good point. But if you think of the theme of International Women's Day this year which is #BreakTheBias where do you think we are with that in the startup entrepreneurial world? >> That's a good question, Lisa. I think we are in the middle of a big change. Many of the things that happened throughout the last two years all over the world brought society to rethink on what we want as a future. The pandemic, the killings of innocent people in the United States, in Brazil, what is happening right now in Ukraine. We are working together throughout the new future and we had to rethink to change completely the way we were controlling our daily life, when the pandemic started, right? I think we are in in the midst of a new change. In the startup ecosystem, more and more women are claiming their right to be mothers, to be workers, to be leaders, to be in the startup ecosystem stages like pitching and selling their businesses to investors or corporates, and at the same time to be part of a family and also our men. So I think we are at the point in which we are kind of looking at each other in the eyes and saying, "Okay, we need to compromise. We need to have a better quality of life. And we need to compromise in being core responsible at what we want to achieve in terms of business." And this is something that is happening in the startup ecosystem world as well. So it's impacting corporates and startup as well. So, I think it was a consequence of the last two three years of events throughout the world. But also we see more investors that are female investors and this is important because they're breaking the bias. If we have more female investors investing in more women, we can definitely have those entrepreneurs having raised more money or the same amount of money as men in less time. Now, as we are talking, it takes longer for women to raise less money than the men. So we need to break the bias in this sense. And I think it's happening already. >> We do need to break the bias and thank you for your insights and the work that you are doing to help that along the way. Clara, it was lovely to chat with you today. Thanks for sharing your background. >> Thank you again, Liz. It was wonderful to be here with you. And I just want to make a call to action for all the women and the men that are listening to us to be closer to the other gender, and to try to be an active listener of what's happening in the other gender's life. Because at the end of the day we are co-sharing this world together. Thank you very much >> Wise words, Clara. Thank you again. From Clara Bidorini, I'm Lisa Martin. You're watching Women in Tech: International Women's Day, 2022. (upbeat music)