>> (upbeat music) >> Announcer: From around the globe, it's theCUBE with digital coverage of AWS Public Sector Partner Awards Brought to you by Amazon Web Services. >> Hi, and welcome back. I'm Stu Miniman and this is theCUBE's coverage of Amazon Web Services, Public Sector Awards for their partners. Really interesting, we get to talk to people around the globe, we talked to the vendors, the award winners as well as their customers who have some interesting projects. So happy to welcome to the program coming to us from Argentina. I have Leo Bracco. He is the Latin American Executive Director for CloudHesive and joining him, his customer Carolina Tchintian. She is the Director of the Political Institution Program at CIPPEC. Thank you so much for joining us. >> Thank you. >> Thank you for having us. >> All right, so Leo, first of all, let's start with you if we could. So CloudHesive first of all, congratulations, you were the Nonprofit Sector award winner for cybersecurity solutions. Of course, anybody that knows public sector, there's the government agencies, there's nonprofits there's education. The cybersecurity of course, went from the top priority to the top, top priority here in 2020. So if you could just give us a snapshot of CloudHesive for our customer. >> Well, CloudHesive is a US based company, started six years ago in 2014. And we decide a couple of years ago to move to Latin America and to start working with Latin America customers. Our offices are in Argentina right now. And one of the focus that we have in the solutions that we give to our customers is security. We work on services to help companies to reduce the cost, increase productivity, and what should the security posture? So we've been working a long time ago to many NPOs, and seeing how they can leverage the solutions and how they can give secure, how to be secure in the world. In the internet. >> All right, Carolina, if you could tell us a little bit about the CIPPEC and maybe then key us up as the project that you're working on. >> Okay, thank you. So CIPPEC is a nonprofit think tank, nonprofit organization, independent organization that aims to deliver better public policies in different areas. In economic development, in social protection and state and government. My particular program, the political institutions program goal is, or the mission is basically to promote evidence based decisions to improve democratic processes and to guarantee civil and political rights across all the countries. So we on issues such as improving election administrations, legislative work, representation, and that's our area of work. >> Wonderful. Sounds like a phenomenal project. Leo, if you could help us understand where did CloudHesive get involved in this project? Was there an existing relationship already, or was it for a specific rollout? that tell us about, obviously the security angles are a big piece? >> No, we didn't have a previous engagement with them. They come to us with a very short time to elections and they need a secure solution. So we first have to analyze the actual solution, how it works, acknowledging well the current infra that they have. Then we have to understand the challenge that they're facing. They have a very public site, they need to go public and they need to be very secure. And the last, we have to develop a fast migration strategy. We knew that AWS was the perfect fit for the need. So we just had to align a good strategy with the customer need. And all these it has been done in less than 72 hours. That was our deadline to elections. >> Wow, talk about fast. Okay, Carolina, help us understand a little bit. Had your organization, had you been using a Cloud before? Seventy-two hours is definitely an aggressive timeline. So help us understand a little bit as to what went into making your decision and obviously, 72 hours super short timeframe. >> Super, super short. Yeah, that was a big challenge. So let me tell you more about what we do and the context. So Argentina holds elections, national elections every two years. In each election year CIPPEC tries to generate and systematize analysis of provincial and national elections with the goal of informing key actors in the electoral processes. This is and decision makers, political parties, media, and general population. So as our first experience in 2017, with informed voter project, we had this collaboration with the National Electoral Authorities in which we created a landing page in our website where you could find as the voter, all of the information you need to go and cast your vote throughout the entire election process. Meaning from the campaign stage, election administration details, polling places, electoral offer, participation et cetera. So that was a landing page hosted in our website. And in 2017, we managed to have a button in every eligible voter in Argentina Facebook feed. So you could go click there and go to our website, right. And have all of the information summarize in a very simple way, straightforward way. So what happened in the 2017 election day is that the button was so successful that the landing page made our server to collapse in the first hours of the election day. So we learned a huge lesson there, which was that we had to be prepared in 2019, if we wanted to repeat this experience. And that is how we get to CloudHesive. >> Wonderful, Leo, if you could, help us understand a little bit architecturally what's going on there, what was CoHesive doing, what AWS services were leveraged? >> Perfect. Well we need great reliability, performance, scalability of course and the main thing security. We have no doubt about the Cloud and all the differentials of AWS. Our main question was about how do we align the right services to give the best solution to the customer? So we did kind of strategy with S3, CloudFront, and we, at the same time being monitorizing everything with CloudTrail and securing the public's access to all of these information. That give us a perfect fit for the solution, a very easy solution and very of course scalable, but more than anything, we could improve the customer experience in very small amount of time. So this is a very simple solution, that fits perfect for the customer. >> Wonderful. Carolina, if you could, tell us how did things go? What lessons have you learned? Anything along the way that you would give feedback to your peers or other organizations that were looking to do something similar? >> Yeah, well, the 2017 experience was a very tough experience for us because we've been preparing for election day during the 2016 and 2017. And the infrastructure was the limit we had in that point. So we couldn't afford ... We have a commitment with informing voters and informing key actors on election process. And these key actors are expecting that information on election day, before, and after. The lesson there is, we cannot be limited by the infrastructure. Assuming that in 2019, that the landing page would receive a similar amount or a huge amount of traffic volume visits on the election day, basically, we knew that traditional hosting service couldn't fulfill those needs so we had to go beyond traditional and the partner was critical to help us to the migration, to the Cloud. >> Yeah, Leo, maybe you could speak a little bit to that, the scalability, and of course, nonprofit's very sensitive to costs involved in these solutions. Help us understand that those underpinnings of leveraging, AWS specifically in CloudHesive. How this meets their needs and still is financially, makes sense. >> Perfect. When you have this kind of solutions, of course, your first concern is, okay, how do I make a scalable solution that fits on the, just on this moment that they need the behavior for so many infrastructure involved. And then at the other day, they need no infra at all, but you have another two big things that you have to focus on. One, is the security, you need to monitor all the behaviors of the content and pay attention to any external menace. You have one 24-hour day, so you need to be very responsibility and high sensitive information that the customer has on the set of data there. It's good to say that we have no security incidents, and no security breach during the most public stage of the operation, so that there was very good for us. The next thing is from the delivery perspective. You have a potential pick of people over the side to usually manage the content delivery network to answer all the requirements. You must be able to share the content in CloudFront, and so you have, and you can achieve your goals, right? And what I can say, it's about numbers, we achieve more than 99.5 efficiency hit rate you over the CDN, that's over CloudFront. And we kept server CPU such below 10% all the time. So this was a major success for us. Like we have no trouble, we use things at the most. And most of anything, the customer has the security, everything look from our perspective. (mumbles) >> Leo, what follow up if I could, if you look at 2020 being able to scale and respond to the changes in workload and be able to stay secure when bad actors, many people are working at home, but doesn't mean the bad actors aren't out there. We've actually seen an increase in security attacks. So just, do you have any commentary overall about what's happening more recently in what you see in your space? >> Yeah, well, we're very focused right now and while security is being each time bigger, right? One of the biggest menace in security is our own team, because we have to keep our teams auto align to the process and understanding the security as a first step doing things from the network perspective. Then we have a very good experience over this last two years, with all the security tools that AWS is seeking to the market. So we now have CloudTrail. We can do many things with WAF we're working towers of new good security solutions. And so I think this will be the future. We have to focus ourself in these two pillars. The first pillar is, okay, what we can do on our own network and the other pillar's, all the tools that AWS is giving us so we can manage security from a new perspective. >> Carolina, last question that I have for you is, look forward a little bit, if you will, are there things that you'll be looking to do in future election cycles or anything else from this project that you could expect going forward? >> Yeah, definitely. We're going to repeat this experience in 2021. Trying to think of the success was the 2019 election cycle. And in this particular informed voter project, we might want to keep doing this for the next election cycles, not only 2023 now, but for the future. >> All right then, Leo, last piece for you, first of all, congratulations, again, winning Best Cyber Security Solution for Nonprofit. Just talk a little bit if you would, about your partnership with AWS and specifically, the requirements and what you see in the nonprofit segment. >> Well, we see that the nonprofit are growing large too, they will need very good scalable solutions. We see that all the focus that we have in on security is the next need because we have been working on these towers to the future. The solutions kept growing each time. The networks are growing each time. And the traffic is growing. The focus on the security will be one of the appendix of our work in the future. And I think that's the biggest issue that we are going to have. Having good engineers, good hard work and manage the challenge and consolidate all the solution as a need. Right now, we're working on many projects with different NGO's and we're working towers that they have the solution that fits them. And of course, we try to keep, in all the public sector, we try to keep the cost at a range level that we can afford that our customers can afford. That's I think, a big problem that we're having. >> Well, Carolina, congratulations on the progress with your project. Thank you so much for joining us. And Leo, thank you again for joining us and congratulations to you and the CloudHesive team for winning the award. >> Thanks. >> Thank you very much. >> All right, stay tuned for more coverage, theCUBE, at the AWS Public Sector Partner Awards. I'm Stu Miniman. Thanks for watching. (upbeat music)

(upbeat music) >> Announcer: From theCUBE studios in Palo Alto, in Boston, connecting with thought leaders all around the world. This is a CUBE conversation. >> Hi, and welcome back. I'm Stu Miniman and this is theCUBE's coverage of Amazon Web Services, Public Sector Awards for their partners. Really interesting, we get to talk to people around the globe, we talked to the vendors, the award winners as well as their customers who have some interesting projects. So happy to welcome to the program coming to us from Argentina. I have Leo Bracco. He is the Latin American Executive Director for CloudHesive and joining him, his customer Carolina Tchintian. She is the Director of the Political Institution Program at CIPPEC. Thank you so much for joining us. >> Thank you. >> Thank you for having us. >> All right, so Leo, first of all, let's start with you if we could. So CloudHesive first of all, congratulations, you were the Nonprofit Sector award winner for cybersecurity solutions. Of course, anybody that knows public sector, there's the government agencies, there's nonprofits there's education. The cybersecurity of course, went from the top priority to the top, top priority here in 2020. So if you could just give us a snapshot of CloudHesive for our customer. >> Well, CloudHesive is a US based company, started six years ago in 2014. And we decide a couple of years ago to move to Latin America and to start working with Latin America customers. Our offices are in Argentina right now. And one of the focus that we have in the solutions that we give to our customers is security. We work on services to help companies to reduce the cost, increase productivity, and what should the security posture? So we've been working a long time ago to many NPOs, and seeing how they can leverage the solutions and how they can give secure, how to be secure in the world. In the internet. >> All right, Carolina, if you could tell us a little bit about the CIPPEC and maybe then key us up as the project that you're working on. >> Okay, thank you. So CIPPEC is a nonprofit think tank, nonprofit organization, independent organization that aims to deliver better public policies in different areas. In economic development, in social protection and state and government. My particular program, the political institutions program goal is, or the mission is basically to promote evidence based decisions to improve democratic processes and to guarantee civil and political rights across all the countries. So we on issues such as improving election administrations, legislative work, representation, and that's our area of work. >> Wonderful. Sounds like a phenomenal project. Leo, if you could help us understand where did CloudHesive get involved in this project? Was there an existing relationship already, or was it for a specific rollout? that tell us about, obviously the security angles are a big piece? >> No, we didn't have a previous engagement with them. They come to us with a very short time to elections and they need a secure solution. So we first have to analyze the actual solution, how it works, acknowledging well the current infra that they have. Then we have to understand the challenge that they're facing. They have a very public site, they need to go public and they need to be very secure. And the last, we have to develop a fast migration strategy. We knew that AWS was the perfect fit for the need. So we just had to align a good strategy with the customer need. And all these it has been done in less than 72 hours. That was our deadline to elections. >> Wow, talk about fast. Okay, Carolina, help us understand a little bit. Had your organization, had you been using a Cloud before? Seventy-two hours is definitely an aggressive timeline. So help us understand a little bit as to what went into making your decision and obviously, 72 hours super short timeframe. >> Super, super short. Yeah, that was a big challenge. So let me tell you more about what we do and the context. So Argentina holds elections, national elections every two years. In each election year CIPPEC tries to generate and systematize analysis of provincial and national elections with the goal of informing key actors in the electoral processes. This is and decision makers, political parties, media, and general population. So as our first experience in 2017, with informed voter project, we had this collaboration with the National Electoral Authorities in which we created a landing page in our website where you could find as the voter, all of the information you need to go and cast your vote throughout the entire election process. Meaning from the campaign stage, election administration details, polling places, electoral offer, participation et cetera. So that was a landing page hosted in our website. And in 2017, we managed to have a button in every eligible voter in Argentina Facebook feed. So you could go click there and go to our website, right. And have all of the information summarize in a very simple way, straightforward way. So what happened in the 2017 election day is that the button was so successful that the landing page made our server to collapse in the first hours of the election day. So we learned a huge lesson there, which was that we had to be prepared in 2019, if we wanted to repeat this experience. And that is how we get to CloudHesive. >> Wonderful, Leo, if you could, help us understand a little bit architecturally what's going on there, what was CoHesive doing, what AWS services were leveraged? >> Perfect. Well we need great reliability, performance, scalability of course and the main thing security. We have no doubt about the Cloud and all the differentials of AWS. Our main question was about how do we align the right services to give the best solution to the customer? So we did kind of strategy with S3, CloudFront, and we, at the same time being monitorizing everything with CloudTrail and securing the public's access to all of these information. That give us a perfect fit for the solution, a very easy solution and very of course scalable, but more than anything, we could improve the customer experience in very small amount of time. So this is a very simple solution, that fits perfect for the customer. >> Wonderful. Carolina, if you could, tell us how did things go? What lessons have you learned? Anything along the way that you would give feedback to your peers or other organizations that were looking to do something similar? >> Yeah, well, the 2017 experience was a very tough experience for us because we've been preparing for election day during the 2016 and 2017. And the infrastructure was the limit we had in that point. So we couldn't afford ... We have a commitment with informing voters and informing key actors on election process. And these key actors are expecting that information on election day, before, and after. The lesson there is, we cannot be limited by the infrastructure. Assuming that in 2019, that the landing page would receive a similar amount or a huge amount of traffic volume visits on the election day, basically, we knew that traditional hosting service couldn't fulfill those needs so we had to go beyond traditional and the partner was critical to help us to the migration, to the Cloud. >> Yeah, Leo, maybe you could speak a little bit to that, the scalability, and of course, nonprofit's very sensitive to costs involved in these solutions. Help us understand that those underpinnings of leveraging, AWS specifically in CloudHesive. How this meets their needs and still is financially, makes sense. >> Perfect. When you have this kind of solutions, of course, your first concern is, okay, how do I make a scalable solution that fits on the, just on this moment that they need the behavior for so many infrastructure involved. And then at the other day, they need no infra at all, but you have another two big things that you have to focus on. One, is the security, you need to monitor all the behaviors of the content and pay attention to any external menace. You have one 24-hour day, so you need to be very responsibility and high sensitive information that the customer has on the set of data there. It's good to say that we have no security incidents, and no security breach during the most public stage of the operation, so that there was very good for us. The next thing is from the delivery perspective. You have a potential pick of people over the side to usually manage the content delivery network to answer all the requirements. You must be able to share the content in CloudFront, and so you have, and you can achieve your goals, right? And what I can say, it's about numbers, we achieve more than 99.5 efficiency hit rate you over the CDN, that's over CloudFront. And we kept server CPU such below 10% all the time. So this was a major success for us. Like we have no trouble, we use things at the most. And most of anything, the customer has the security, everything look from our perspective. (mumbles) >> Leo, what follow up if I could, if you look at 2020 being able to scale and respond to the changes in workload and be able to stay secure when bad actors, many people are working at home, but doesn't mean the bad actors aren't out there. We've actually seen an increase in security attacks. So just, do you have any commentary overall about what's happening more recently in what you see in your space? >> Yeah, well, we're very focused right now and while security is being each time bigger, right? One of the biggest menace in security is our own team, because we have to keep our teams auto align to the process and understanding the security as a first step doing things from the network perspective. Then we have a very good experience over this last two years, with all the security tools that AWS is seeking to the market. So we now have CloudTrail. We can do many things with WAF we're working towers of new good security solutions. And so I think this will be the future. We have to focus ourself in these two pillars. The first pillar is, okay, what we can do on our own network and the other pillar's, all the tools that AWS is giving us so we can manage security from a new perspective. >> Carolina, last question that I have for you is, look forward a little bit, if you will, are there things that you'll be looking to do in future election cycles or anything else from this project that you could expect going forward? >> Yeah, definitely. We're going to repeat this experience in 2021. Trying to think of the success was the 2019 election cycle. And in this particular informed voter project, we might want to keep doing this for the next election cycles, not only 2023 now, but for the future. >> All right then, Leo, last piece for you, first of all, congratulations, again, winning Best Cyber Security Solution for Nonprofit. Just talk a little bit if you would, about your partnership with AWS and specifically, the requirements and what you see in the nonprofit segment. >> Well, we see that the nonprofit are growing large too, they will need very good scalable solutions. We see that all the focus that we have in on security is the next need because we have been working on these towers to the future. The solutions kept growing each time. The networks are growing each time. And the traffic is growing. The focus on the security will be one of the appendix of our work in the future. And I think that's the biggest issue that we are going to have. Having good engineers, good hard work and manage the challenge and consolidate all the solution as a need. Right now, we're working on many projects with different NGO's and we're working towers that they have the solution that fits them. And of course, we try to keep, in all the public sector, we try to keep the cost at a range level that we can afford that our customers can afford. That's I think, a big problem that we're having. >> Well, Carolina, congratulations on the progress with your project. Thank you so much for joining us. And Leo, thank you again for joining us and congratulations to you and the CloudHesive team for winning the award. >> Thanks. >> Thank you very much. >> All right, stay tuned for more coverage, theCUBE, at the AWS Public Sector Partner Awards. I'm Stu Miniman. Thanks for watching. (upbeat music)

>> Announcer: Live from Orlando, Florida, it's theCUBE, covering .conf2018. Brought to you by Splunk. >> Welcome back to .conf2018 everybody, this is theCUBE the leader in live tech coverage. I'm Dave Vellante with Stu Miniman, wrapping up day one and we're pleased to have Bina Khimani, who's the global head of Partner Ecosystem for the infrastructure segments at AWS. Bina, it's great to see you, thanks for coming on theCUBE. >> Thank you for having me. >> You're very welcome. >> Pleasure to be here. >> It's an awesome show, everybody's talking data, we love data. >> Yes. >> You guys, you know, you're the heart of data and transformation. Talk about your role, what does it mean to be the global head Partner Ecosystems infrastructure segments, a lot going on in your title. >> Yes. >> Dave: You're busy. (laughing) >> So, in the infrastructure segment, we cover dev apps, security, networking as well as cloud migration programs, different types of cloud migration programs, and we got segment leaders who really own the strategy and figure out where are the best opportunities for us to work with the partners as well as partner development managers and solution architects who drive adoption of the strategy. That's the team we have for this segment. >> So everybody wants to work with AWS, with maybe one or two exceptions. And so Splunk, obviously, you guys have gotten together and formed an alliance. I think AWS has blessed a lot of the Splunk technology, vice versa. What's the partnership like, how has it evolved? >> So Splunk has been an excellent partner. We are really joined hands together in many fronts. They are fantastic AWS marketplace partner. We have many integrations of Splunk and AWS services, whether it is Kinesis data, Firehose, or Macy, or WAF. So many services Splunk and AWS really are well integrated together. They work together. In addition, we have joined go to market programs. We have field engagement, we have remand generation campaigns. We join hands together to make sure that our customers, joint customers, are really getting the best value out of it. So speaking of partnership, we recently launched migration program for getting Splunk on prem, Splunk Enterprise customers to Splunk Cloud while, you know, they are on their journey to Cloud anyway. >> Yeah, Bina let's dig into that some, we know AWS loves talking about migrations, we dig into all the databases that are going and we talk at this conference, you know Splunk started out very much on premises but we've talked to lots of users that are using the Cloud and it's always that right. How much do they migrate, how much do they start there? Bring us instead, you know, what led to this and what are the workings of it. >> So what, you know if you look at the common problems people have customers have on prem, they are same problems that customers have with Splunk Enterprise on prem, which is, you know, they are looking for resiliency. Their administrator goes on vacation. They want to keep it up and running all the time. They help people making some changes that shouldn't have been made. They want the experts to run their infrastructure. So Splunk Cloud is run by Splunk which is, you know they are the best at running that. Also, you know I just heard a term called lottery proof. So Splunk Cloud is lottery proof, what that means the funny thing is, that you know, your administrator wins lottery, you're not out of business. (laughs) At the same time if you look at the the time to value. I was talking to a customer last night over dinner and they were saying that if they wanted to get on Splunk Enterprise, for their volume of data that they needed to be ingested in Splunk, it would take them six months to just get the hardware in place. With Splunk Cloud they were running in 15 minutes. So, just the time to value is very important. Other things, you know, you don't need to plan for your peak performance. You can stretch it, you can get all the advantages of scalability, flexibility, security, everything you need. As well as running Splunk Cloud you know you are truly cost optimized. Also Splunk Cloud is built for AWS so it's really cost optimized in terms of infrastructure costs, as well as the Splunk licensing cost. >> Yeah it's funny you mentioned the joke, you know you go to Splunk cloud you're not out of a job, I mean what we've heard, the Splunk admins are in such high demand. Kind of running their instances probably isn't, you know a major thing that they'd want to be worrying about. >> Yes, yes, so-- >> Dave: Oh please, go. >> So Splunk administrators are in such a high demand and because of that, you know, not only that customers are struggling with having the right administrators in place, also retaining them. And when they go to Cloud, you know, this is a SAS version, they don't need administrators, nor they need hardware. They can just trust the experts who are really good at doing that. >> So migrations are a tricky thing and I wonder if we can get some examples because it's like moving a house. You don't want to move, or you actually do want to move but it's, you have be planful, it's a bit of a pain, but the benefits, a new life, so. In your world, you got to be better, so the world that you just described of elastic, you don't have to plan for peaks, or performance, the cost, capex, the opex, all that stuff. It's 10 X better, no debate there. But still there's a barrier that you have to go through. So, how does AWS make it easier or maybe you could give us some examples of successful migrations and the business impact that you saw. >> Definitely. So like you said, right, migration is a journey. And it's not always easy one. So I'll talk about different kinds of migration but let me talk about Splunk migration first. So Splunk migration unlike many other migration is actually fairly easy because the Splunk data is transient data, so customers can just point all their data sources to Splunk Cloud instead of Splunk Enterprise and it will start pumping data into Splunk Cloud which is productive from day one. Now if some customers want to retain 60 to 90 days data, then they can run this Splunk Enterprise on prem for 60 more days. And then they can move on to Splunk Cloud. So in this case there was no actual data migration involved. And because this is the log data that people want to see only for 60 to 90 days and then it's not valuable anymore. They don't really need to do large migration in this case it's practically just configure your data sources and you are done. That's the simplest part of the migration which is Splunk migration to Splunk Cloud. Let's talk about different migrations. So... you have heard many customers, you know like Capital One or many other Dow-Jones, they are saying that we are going all in on AWS and they are shutting down their data centers, they are, you know, migrating hundreds of thousands of applications and servers, which is not as simple as Splunk Cloud, right? So, what AWS, you know, AWS does this day in and day out. So we have figured it out again and again and again. In all of our customer interactions and migrations we are acquiring ton of knowledge that we are building toward our migration programs. We want to make sure that our customers are not reinventing the wheel every time. So we have migration programs like migration acceleration program which is for custom large scale migrations for larger customers. We have partner migration programs which is entirely focused on working with SI partners, consulting partners to lead the migrations. As well as we're workload migration program where we are standardizing migrations of standard applications like Splunk or Atlassian, or many of their such standard applications, how we can provide kind of easy button to migrate. Now, when customers are going through this migration journey, you know, it's going to be 10 X better like you said, but initially there is a hump. They are probably needing to run two parallel environments, there is a cost element to that. They are also optimizing their business processes there is some delay there. They are doing some technical work, you know, discovery, prioritization, landing zone creations, security, and networking aspects. There are many elements to this. What we try to do is, if you look at the graph, their cost is right now where this and it's going to go down but before that it goes up and then goes down. So what we try to do is really provide all the resources to take that hump out in terms of technical support, technical enablement, you know, partner support, funding elements, marketing. There are all types of elements as well as lot of technical integrations and quick starts to take that hump out and make it really easy for our customers. >> And that was our experience, we're Amazon customer and we went through a migration about, I don't know five or six years ago. We had, you know, server axe and a cage and we were like, you know, moving wires over and you'd get an alert you'd have to go down and fix things. And so it took us some time to get there, but it is 10 X better now though. >> It is. >> The developers were so excited and I wanted to ask you about, sort of the dev-ops piece of it because that's really, it became, we just completely eliminated all the operational pieces of it and integrated it and let the developers take care of it. Became, truly became infrastructure as code. So the dev-ops culture has permeated our small organization, can't imagine the impact on a larger company. Wonder if you could talk about that a little bit. >> Definitely. So... As customers are going through this cloud migration journey they are looking at their entire landscape of application and they're discovering things that they never did. When they discover they are trying to figure out should I go ahead and migrate everything to AWS right now, or should I a refactor and optimize some of my applications. And there I'm seeing both types of decisions where some customers are taking most of their applications shifting it to cloud and then pausing and thinking now it is phase two where I am on cloud, I want to take advantage of the best of the breed whatever technology is there. And I want to transform my applications and I want to really be more agile. At the same time there are customers who are saying that I'm going to discover all my workload and applications and I'm going to prioritize a small set of applications which we are going to take through transformation right now. And for the rest of it we will lift and shift and then we will transform. But as they go through this transformation they are changing the way they do business. They are changing the way they are utilizing different technology. Their core focus is on how do I really compete with my competition in the industry and for that how can IT provide me that agility that I need to roll out changes in my business day in day out. And for that, you know, Lambda, entire code portfolio, code build, code commit, code deploy, as well as cloud trail, and you know all the things that, all the services we have as well as our partners have, they provide them truly that edge on their industry and market. >> Bina, how has the security discussion changed? When Stu and I were at the AWS public sector summit in June, the CIO of the CIA stood up on stage in front of 10,000 people and said, "The cloud on my worst day from a security perspective "is better than my client server infrastructure "on a best day." That's quite an endorsement from the CIA, who's got some chops in security. How has that discussion changed? Obviously it's still fundamental, critical, it's something that you guys emphasize. But how has the perception and reality changed over the last five years? >> Cloud is, you know, security in cloud is a shared responsibility. So, Amazon is really, really good at providing all the very, very secure infrastructure. At the same time we are also really good at providing customers and business partners all of the tools and hand-holding them so that they can make their application secure. Like you said, you know, AWS, many of the analysts are saying that AWS is far more secure than anything they can have within their own data center. And as you can see that in this journey also customers are not now thinking about is it secure or not. We are seeing the conversation that, how in fact, speaking of Splunk right, one customer that I talked to he was saying that I was asking them why did you choose Splunk cloud on AWS and his take was that, "I wanted near instantaneous SOA compliant "and by moving to Splunk cloud on AWS "I got that right away." Even I'm talking to public sector customers they are saying, you know, I want fair DRAM I want in healthcare industry, I want HIPPA Compliance. Everywhere we are seeing that we are able to keep up with security and compliance requirements much faster than what customers can do on their own. >> So they, so you take care of, certainly from the infrastructure standpoint, those certifications and that piece of the compliance so the customer can worry about maybe some of the things that you don't cover, maybe some of their business processes and other documentation, ITIL stuff that they have to do, whatever. But now they have more time to do that presumably 'cause that's check box, AWS has that covered for me, right? Is that the right thinking? >> Yes, plus we provide them all the tools and support and knowledge and everything so that they, and even partner support who are really good at it so that not only they understand that the application and infrastructure will come together as entire secure environment but also they have everything they need to be able to make applications secure. And Splunk is another great example, right? Splunk helps customer get application level security and AWS is providing them infrastructure and together we are working together to make sure our customers' application and infrastructure together are secure. >> So speaking about migrations database, hot topic at a high level anyway, I wonder if you could talk about database migrations. Andy Jassy obviously talks a lot about, well let's see we saw RDS on Prim at VMworld, big announcement. Certainly Aurora, DynamoDB is one of the databases we use. Redshift obviously. How are database migrations going, what are you doing to make those easier? >> So what we do in a nutshell, right for everything we try to build a programatic reputable, scalable approach. That's what Amazon does. And what we do is that for each of these standard migrations for databases, we try to figure out, that let's take few examples, and let's figure out Play Books, let's figure out runbooks, let's make sure technical integrations are in place. We have quick starts in place. We have consulting partners who are really good at doing this again and again and again. And we have all the knowledge built into tools and services and support so that whenever customers want to do it they don't run into hiccups and they have really pleasant experience. >> Excellent. Well I know you're super busy thanks for making some time to come on theCUBE I always love to have AWS on. So thanks for your time Bina. >> Thank you very nice to meet you both. >> Alright you're very welcome. Alright so that's a wrap for day one here at Splunk .conf 2018, Stu and I will be back tomorrow. Day two more customers, we got senior executives coming on tomorrow, course Doug Merritt, always excited to see Doug. Go to siliconangle.com you'll see all the news theCUBE.net is where all these videos live and wikibon.com for all the research. We're out day one Splunk you're watching theCUBE we'll see you tomorrow. Thanks for watching. >> Bina: Thank you. (electronic music)

>> Narrator: Live from Las Vegas it's The Cube, covering AWS Reinvent 2017 presented by AWS, Intel and our ecosystem of partners. >> John: And we are live here at Las Vegas, at the Sands Expo wrapping up our coverage here. Reinvent three days strong, inter-going with AWS and a number of great partners within their ecosystem. One of those is Fortinet and we're now joined by Matt Play who is the VP of Cloud Carrier and service providers there at Fortinet, thanks for joining us here Matt, good to see you, sir. >> Matt: It's a pleasure to be here. Thank you. >> John: Yeah, tell us a little bit about, you know, first of all, what you do as far as the company's concerned and about your relationship with AWS and I know you're exhibiting just over our shoulder here so, its a big week for you and for them. >> Matt: I mean the energy here is unlike any other event I've been to, it's fantastic, you can't even describe what this feels like, you have to really be here to really appreciate it so it's just been, it's my first show, being here and it's just absolutely great to see, you know, all the companies collaborating, people getting together and working together. So from the show perspective, I mean it's just fantastic. So we're just happy to be a part of it and Fortinet is doing a lot of great things with AWS. I think our synergies are really well aligned, we have a lot of commonality in our DNA and our culture in history. So, you know, we love to, we're innovators. We love technology and we really hang our hat on that. So as a security ISV you can the products, that's always important right, the products that are involved in it but it's really about the theory or philosophy behind it that we really look towards to accelerate our partnership. >> John: Yeah. I mean, I don't know how much booth time you spend but I'm just always curious at shows. What's the chatter about? You know, when people come up what are they most interested about? You know, what's been like in your mind an overall theme or that recurring theme that you're hearing a lot from potential customers here? >> It's really diverse so it's not just one talk track. It's really a number of different points or elements or what's important. You look around you see IOT, you see dev-ops, you see a number of different things that are kind of bubbling up and you saw all the announcements from AWS and Bare-Metal so that's gonna change things quite a bit. So it was really surprising to see, you know some of our announcements this week were really important. >> John: You've had a big week. >> Matt: We had a great week. >> John: Yeah. >> Matt: We had some really special things that we'd been working on that got announced this week. You know FortiSandboxes and On Demand now in AWS. So we're the only sandbox available in AWS. I think that's very compelling and that's a pretty useful thing. The WAF rules that was a launch yesterday that happened and we're part of the role set so you can take some of the role sets it goes out to our fort of guard enforces it. And then finally they became fabric partner. So fabric really is for us an ecosystem of products. But not only our products it's really about working with other collaboration partners but sometimes competitors and that's okay with us because we believe that's really the only way security's gonna be effective. >> Justin: We were talking before and you were explaining some of the portfolio approach that Fortinet takes to security. We've always been talking about defense in depth as being a thing that you should do with security and really there is no one magic silver bullet that you can use. You have to have different tools for different use cases. And you've got lots of different products that all work well together but they also work well with other products. Which is quite interesting, that fabric concept. Could you maybe give us a bit more color on what the fabric is and some of the portfolio products that plug in? >> Absolutely. So to your first point, we have eight products in AWS and available. It's really about creating a security stack of enforcement because one product necessarily won't do the entire job you need it to do. So we have complementary products, we have, you know, bespoke products, or pointed products. So we have, like I was saying, eight. That's the most out of any other security ISV in the marketplace today. So I think that's a huge competitive advantage. And really what's important is that you really need to see, have a single pane of glass console to look to look at your environments. >> Yeah. >> Statistics say around 65% of organizations or enterprises will have a hybrid environment. So kinda the legacy bespoke, or the legacy traditional networks, and then they're gonna have obviously AWS in instances and it's really important for security that correlation and automation to see across your entire network and footprint that you have. Really all the products to us are all the same whether you deploy them on-premise, off-premise, in the cloud, private cloud, public cloud, really doesn't matter to us. It's all the same sort of look and feel for our products. >> Yeah, I am hearing from all the security people both vendor and on the customer side that I speak to that there is a real collaboration going on in security right now. And we were talking just before we went to air that the security has just blown up in the last sort of four or five years. What used to be a bit of an afterthought is now front of mind for a lot of customers. So they're using some of the products like Fortinet to be able to say "well I want to solve this and this is something I need to do today but I also need it to work with other things that I'm doing". So it's interesting that Fortinet's chosen to take that partnering approach particularly something like your relationship with AWS with web application firewalls that you're doing. That's a real partnership approach where you're saying "we do something quite well but Amazon can use this to give us access to more and more customers". Is that part of Fortinet's core way of doing things? Has that always been the case? >> Yeah, I think, you know the history and sort of DNA of Fortinet it was kinda founded on let's do it ourselves. Let's build it because we believe we can build it the best. And so kinda through the generation of that like you said, you know, security is one of the things that it was sort of geeky and kinda cool sorta specific like people didn't really understand security all that well but now it's headline news and changes market cap literally overnight. Right, we see that a lot in the news and unfortunately some nasty things happen to peoples' information. So if you look at that our CFO talked about digital trust a number of years ago. And really, you want to do business with companies you trust and that's so important. So when you give your credit card information, your social security number, that's important, right. You want somebody to take caution when jotting down that information, right. So, for us, we saw it as a competitive advantage because how it really started for us before the fabric was threat information sharing. So we have an initiative where we work with others in the marketplace who are security vendors to share threat data and to make that more useful for companies because really that's what's gonna win. And sharing and looking at the portfolio it really goes back Fortiguard platform. Everything kind of points back to that as far as the threat vectors, right. >> You mention that there'd been problems, obviously, there's a headline a week, right. And that's kind of the point of the question I want to get at here with you. In a way, from a consumer standpoint, we're almost desensitized a little bit because oh god another one, right. Another breach, another problem so what kind of mind set are you fighting in terms of you can have 1000 wins but one loss or a million wins but one loss it's another headline it's another problem and it's another barrier for you. I mean, how do you look at that from a philosophical approach as a company and a mind set approach as a company? >> That's a great question, right. So there is kind of this, I think in the industry, there's this consensus that it's not a question of if it's a question of when. And so, that's a little hard to stomach, right. >> John: Cause you wanna win them all. >> You're saying, hey look, right you wanna win 100% of the time and that's just the reality of life, right. Yeah, of course, right. So, of course we look at it as a layered approach. So if you, I'll use a very simple analogy but I think it's sort of effective. If you lock your front door, if you lock your windows, if you put on your alarm system, you have cameras, and then ideally you live in a gated neighborhood. They're just layers to ensure that if someone comes by to look at your environment, and they go "man that's too hard, it's just too much work. There's cameras there, I can tell they have a dog, it's way too complicated I'm getting into that". And that's what security really should be. Security should be a multi layer approach that uses complementary products that coordinate and orchestrate together and automate and those are really important things when it comes to security and keeping the bad guys out. So you sort of want to have this security posture that's just so many layers of defense that it's very hard to penetrate. >> So when's someone's thinking about what they've currently got in there like looking at their threat model that they might have and what their risk would be at the moment. How would you help customers to evaluate well, what should I do next? We were talking with someone else on the cube earlier today about well okay, you need to do the basics first. You need to brush your teeth. How do you help customers identify what is the 'locking your front door'? What is the 'I need to buy a dog'? What is the 'I need to make sure I've got all my windows locked'? >> Matt: Right. >> So how do you help customers figure that out? >> That's a great question. Always when we talk with customers we evaluate their environment, very bespoke and sort of custom-tailored. That's very important to understand exactly what you're trying to solve. However, just like your credit score, we believe that there should be a security competency score. So it's sort of an in depth evaluation of your network, the holistic security posture, how that looks, and so we're now offering that in our new platform. To come in and offer sort of a security threat score, if you will, to say how effective we think you are. So I think that helps. >> Justin: It's like a maturity model. >> What's that? >> It's like a maturity model. >> Matt: Yep, exactly so I think that's gonna help a lot of people make sense out of it. And there's different parameters and how we report that back to our customers that sort of makes sense and then we say, "well we believe these products should be the products that you choose and this is the kind of security posture you have". And, you know the reality is, if you're connected to the internet you have to get out and things have to get it. >> [One Of The Hosts] Yeah. >> So you just have to have that layered approach. >> John: It used to be like it was a cost decision way back. Now reputation's on the line, you said market cap as you pointed out. I mean, the risks and the exposure and the damage is exponentially worse today than it was just three, four years ago, right. >> I think it even seems different from like six months ago. You know, it's really insane to think that companies could disappear based upon what happens with that information. We don't want to be the ambulance chaser, that's not our philosophy but it's about being protected and it's about being you know. I think with with security, retrospectively going back, is not all that useful. With security, it's better to kinda take the work and do it up front and we believe that that's what's really changing in the market that pivot to when you design a network security is arm and arm with networking or you know in this case, in AWS' case, how you move workloads elastically to the cloud. I mean those are all considerations now and I think you see that in the marketplace and in AWS' launch, like we said in the WAF rules. I think that's one step closer to marrying security with the function of what you're trying to do in the cloud. >> Justin: Yeah, and it needs to evolve over time as well. So again, you start with the basics, and even as your business changes you might be in completely on-site today but if you go to cloud, well now I need to do cloud-based security things. You have to start thinking about it in a different way. So hopefully customers are looking at things and looking at the portfolio approach and saying "okay, today I might need one product but tomorrow, well, I'm gonna need something else, I'm gonna need two or three or four". And as you say, if I've got something that plays well with others, then I can make a decision yesterday that well, actually I can still use this. I don't suddenly have to throw everything I did a year ago, throw it all away and start again from scratch. >> Matt: Sure, absolutely and that's the fun of what we do. Working in technology, it moves so fast. That's why we all do it I think. Because it's, to be close to it and to be a part of it I mean, that's why I get up everyday it's the coolest thing we get to do. And so because of that, you're right. We don't even know what's gonna happen in 2019. I mean think about the change in just one year's time. The velocity, and what we're seeing that AWS is accomplishing in short periods of time you really need to move quickly. And that's our commitment absolutely as a security company. >> John: And fortunately, you're busy. Right, and fortunately you're busy but because the risks are greater the threats are bigger so all the more reason for the success that you've had obviously and the continued success. We wish you that and thank you for being here on The Cube. We appreciate it. >> Matt: Thanks for having me. >> John: Yeah, always good to see you. That wraps up our coverage here on the cube for my colleague, Mr. Warren, and all of us behind the scenes. Thank you for joining us here, live from AWS Reinvent in Las Vegas. (light music)

>> Announcer: Live from Manhattan It's theCUBE! Covering AWS Summit New York City 2017. Brought to you by Amazon Web Services. >> And welcome back here to New York. We're at the Javits Center here in midtown Manhattan for AWS Summit 2017. Along with Stu Miniman, I'm John Walls. Glad to have you here on theCUBE we continue our coverage here from New York City. Well, if you're making that move to the cloud these days, you're thinking about privacy, you're thinking about security, you're thinking about compliance. Big questions, and maybe some big problems that Bill Shin can answer for you. He is the Principal Security Architect at AWS, and Bill, thanks for being with us. >> Thanks for giving me the time. >> Hey CUBE rookie, right? This is- >> This is my first time. >> Your maiden voyage. >> First time for everything. >> Glad to have you, yeah. So I just hit on some of the high points, these are big, big questions for a lot of folks I would say. Just in general, before we jump in, how do you go about walking people into the water a little bit, and getting them thinking, get their arms around these topics? >> Absolutely. It's still among the first conversations we have with customers, it's our top priority at AWS, the security, and customers are concerned about their data security, regardless of where that data is. Once they move it into the cloud it's a real opportunity to be more secure, it's an opportunity to think about how they're doing security, and adapt and be a little faster. So we have a really prescriptive methodology for helping customers understand how to do a clouded option, and improve their security at the same time. We have a framework called the Well-Architected Framework, and there's a security pillar in that framework, it's built around five key areas. Identity access management, which is really what you should be thinking about first, because authorization is everything. Everything is code, everything is in API, so it all has to be authorized properly. Then we move into detective controls and talk about visibility and control, turning on CloudTrail, getting logging set up. All the detective controls so that before you even move a workload into the cloud, you know exactly what's happening, right? And then we move into infrastructure security, which includes your network trust boundaries, zone definition, things like firewall rules, load balancers, segmentation, as well as system security. Hardening and configuration state of all the resources in their account. Then we move on to data protection as we walk customers through this adoption journey. Things like encryption, backup, recovery, access control on data. And then finally incident response. We want to make sure that they have a really good, solid plan for incident response as they begin to move more and more of their business into the cloud. So to help them wade through the waters we bring it up. The CSO is a key partner in a clouded option, organizations need to make sure security is in lockstep with engineering as they move to the cloud. So we want to help with that. We also have the Cloud Adoption Framework, and there's a security perspective in that framework. Methodology for really treating security more like engineering these days. So you have Dev Ops and you have Dev Sec Ops. Security needs to have a backlog, they need to have sprints, they need to have user stories. It's very similar to how engineering would do it. In that way their partnering together as they move workloads into the cloud. >> Amazon's releasing so many new features, it's tough for a lot of us to keep up. Andy Jassey last year said, "Every day when you wake up, there's at least three new announcements coming out." So it's a new day, there are a number of announcements in your space, maybe bring us up to speed as to what we missed if you just woke up on the West Coast. >> Sure, sure. Customers love the pace of innovation, especially security organizations, they really like the fact that when we innovate on something, it means they might not have to put as much resources on that particular security opportunity or security concern. They can focus more on their code quality, more on engineering principles, things like that. So today, we happily announced Amazon Macie, love it, it performs data classification on your S3 objects. It provides user activity monitoring for who's accessing that data. It uses a lot of our machine learning algorithms under the hood to determine what is normal access behavior for that data. It has a very differentiated classification engine. So it does things like topic modeling, regular expressions, and a variety of other things to really identify that data. People were storing trillions of objects in S3, and they really want to know what their data is, whether it's important to them. Certainly customer's data is the most important thing, so being able to classify that data, perform user analytics on it, and then be able to alert and alarm on inappropriate activities. So take a look at Macie, it's really going make a big difference for customers who want to know that their data is secure in S3. >> Actually I got a question from the community looking at Macie came out, we've got a lot of questions about JDPR coming out. >> Bill: Okay sure, yeah. >> So Macie, or the underlying tech, can that be- >> Bill: Absolutely a great tool. We think the US is the greatest place to be to perform JDPR compliance. You really got to know your data, you have to know if you're moving data by European citizens around, you really have to understand that data. I think Macie will be a big part of a lot of customer strategy on JDPR compliance. To finish your question, we've announced quite a few things today, so Macie's one of them. We announced the next iteration of Cloud HSM, so it's cheaper, more automated, deals more with the clustering that you don't have to do. Deeper integration with things like CloudTrail. Customers really wanted a bit more control and integration with the services that what the previous iteration was, so we've offered that. We announced EFS volume encryption too, so EFS, or Elastic File System encryption at rest. It natively integrates with the key management system the same way that the many of our services do when you're storing data. We announced some config rules today to help customers better understand the access policies on their S3 buckets. So yeah, good stuff. >> John: Busy day, >> Busy day. >> I mean just from a security standpoint, when you are working with a new client, do you ever uncover, or do they discover things about themselves that need to be addressed? >> Bill: Yeah. I think the number one thing, and it's true for many organizations when they move to the cloud, is they want that agility, right? And when we talk to security organizations, one of the top things we advise them on is how to move faster. As much as we're having great conversations about WAF and Shield, the Web Application Firewall, and Shield, our D-DOS solution, Inspector, which performs configuration assessments, all the security services that we've launched, we're also having pretty deep conversations with security organizations these days about CodeStar, CodePipeline, CodeDeploy, and then DevOps tool chains, because security can get that fast engineering principles down, and their just as responsive. It also puts security in the hands of engineers and developers, you know that's the kind of conversations we're having. They discover that they kind of need to get a little closer to how development does their business. You know, talking in the same vocabulary as engineering and development. That's one of the things I think customers discover. Also it's a real opportunity, right? So if you don't have to look after a data center footprints and all the patch panels and switches and routers and firewalls and load balancers and things you have on premises, it really does allow a shift in focus for security organizations to focus on code quality, focus on user behavior, focus on a lot of things that every CSO would like to spend more time on. >> Bill, one of the things a lot of companies struggle with is how they keep up with everything that's happening, all the change there, when I talk to my friends in the security industry it's one of the things that they're most excited about. Is we need to be up on the latest fixes and the patches, and when I go to public cloud you don't ask somebody "Hey what version of AWS or Azure are you running on?" You're going to take care of that behind the scenes. How do you manage the application portfolio for customers, and get them into that framework so that they can, you know we were talking about, Cameron, Jean Kim just buy into that as security just becomes part of the process, as I get more out of agile. >> Yeah, so the question is really about helping customers understand all the services, and really get them integrated deeply. A couple of things, certainly the well architected framework, like I mentioned, is helpful for that. We have solution architects, professional services consultants, a very, very rich partner ecosystem that helps customers. A lot of training for security, there's some free training online, there's classroom, instructor-led training as well, so that training piece is important. I think the solutions are better together. We have a lot of great building blocks, but when you look at something like CloudTrail Cloud Watch Events, and Lambda together, we try and talk about the solutions, not just the individual building blocks. I think that's one key component too, to help them understand how to solve a security problem. Take, for example, monitoring the provisioning of identities and roles and permissions. We really want customers to know that that CloudTrail log, when someone attaches a role to a policy, that can go all the way to a slack channel, that can go all the way to a ticket system. You really want to talk about the end-to-end integration with our customers. Really to help them keep pace with our pace of innovation. We really try and get the blog in front of them, the security blog is a great source of information for all the security announcements we make. Follow Jeff Bar's Twitter, a bunch of things to help keep pace with all of our launches and things, yeah. >> You brought up server lists, if I look at the container space, which is related of course, security has been one of those questions. Bring us up to speed as to where you are with security containers, Lambda- >> Sure, I think Lambda's isolation is very strong, in Lambda we have a really confidence in the tenant isolation model for those functions. The nice thing about server lists is, when there's no code running, you really don't have a surface area to defend. I think from a security perspective, if you were building an application today, and you go to your security team and say "I'd really like to build this little piece of code, and tie these pieces of code together, and when they're not running there's nothing there that you need to defend." Or, would I like to build this big set of operating systems and fleet management and all the things I have to do. It's kind of a, it's a pretty easy conversation right? All the primitives are there in server-less. You have strong cryptography TLSM endpoints, you've got the IM policy framework so that identity access management has really consistent language across all the services, so principles, actions, resources, and conditions is the same across every service. It's not any different for server-less, so they can leverage the knowledge they have of how to manage identities and authorization in the same way. You've got integration of CloudTrail. So all the primitives are there, so customers can focus on their code and being builders. >> Stu: So it sounds like that's part of the way to attach security for IOT then if we're using those. >> I think for IOT it's a very similar architecture too, so you have similar policies that you can apply to what a device you can write to in the cloud. We have a really strong set of authorization and authentication features within the IOT platform so that it makes it easy for developers to build things, deploy them, and maintain them in a secure state. But you can go back to the Well-Architected Framework and the CAF, the Cloud Adoption Framework, you take those five key areas, you know identity, detective controls, infrastructure security, data protection, and IR incident response. It's pretty similar across all the different services. >> It just comes back to the fundamentals. >> It does, absolutely. And for customers, you know those control objectives haven't changed right? They have those control objectives today, they'll have them in the cloud, and we just want to make it easier and faster. >> Well Bill, thanks for being with us. >> You bet, thank you very much. >> Good to have you on theCUBE, look forward to seeing you again for the second time around. >> See you then hopefully >> Bill Shin, from AWS joining us here on theCUBE. Continuing our coverage from the AWS Summit here in New York in just a bit. (techno music)