(rousing music) >> Hello everyone. Welcome back to "theCUBE's" day one coverage of Cloud Native Security Con 23. This is going to be an exciting panel. I've got three great guests. I'm Lisa Martin, you know our esteemed analysts, John Furrier, and Dave Vellante well. And we're excited to welcome to "theCUBE" for the first time, Yves Sandfort, the CEO of Comdivision Group, who's coming to us from Germany. As you know, Cloud Native Security Con is a global event. Everyone welcome Yves, great to have you in particular. Welcome to "theCUBE." >> Great to be here. >> Thank you for inviting me. >> Yves, tell us a little bit, before we dig into really wanting to understand your perspectives on the event and get Dave and John's feedback as well, tell us a little bit about you. >> So yeah, talking about me, or talking about Comdivision real quick. We are in the business for over 27 years already. We started as a SaaS company, then became more like an architecture and, and Cloud Native company over the last few years. But what's interesting is, and I think that's, that's, that's really interesting when we look at our industry. It hasn't really, the requirements haven't really changed over the years. It's still security. We still have to figure out how we deal with security. We still have to figure out how we deal with compliance and everything else. And I think therefore, it's more and more important that we take these items more seriously. Also, based on the fact that when we look at it, how development and other things happen nowadays, it's, it's, everybody says it's like open source. It's great because everybody can look into the code. We, I think the last few years have shown us enough example that that's not necessarily solving all the issues, but it's also code and development has changed rapidly when we look at the Cloud Native approach, where it's far more about gluing the pieces together, versus the development pieces. When I was actually doing software development 25 years ago, and had to basically build my code because I didn't have that much internet access for it. So it has evolved, but even back then we had to deal with security and everything. >> Right. The focus on security is, is incredibly important, and the focus keeps growing as you mentioned. This is, guys, and I want to get your perspectives on this. We're going to start with John. This is the first time Cloud Native Security Con is its own event being extracted from, and amplified from KubeCon. John, I want to understand from your perspective, break down the event, what you see, what you've heard, and Cloud Native Security in general. What does this mean to companies? What does it mean to customers? Is this a reality? >> Well, I think that's the topic we want to discuss, and I think Yves background, you see the VMware certification, I love that. Because what VMware did with virtualization, was abstract that from server virtualization, kind of really changed the game on things, and you start to see Cloud Native kind of go that next level of how companies will be operating their business, not just digital transformation, as digital transformation goes to completion, it's total business transformation where IT is everywhere. And so you're starting to see the trends where, "Okay, that's happening." Now you're starting to see, that's Cloud Native Con, or KubeCon, AWS re:Invent, or whatever show, or whatever way you want to look at it. But in, in the past decade, past five years, security has always been front and center as almost a separate thing, and, in and of itself, but the same thing. So you're starting to see the breakout of security conversations around how to make things work. So a lot of operational conversations around what used to be DevOps makes infrastructure as code, and that was great, that fueled that. Then DevSecOps came. So the Cloud Native next level, is more application development at scale, developers driving the standards with developer first thinking, shifting left, I get all that. But down in the lower ends of the stack, you got real operational issues. DNS we've heard in the keynote, we heard about the Colonel, the Lennox Colonel. Things that need to be managed and taken care of at a security level. These are like, seem like in the weeds, but you're starting to see that happen. And the other thing that I think's real about Cloud Native Security Con that's going to be interesting to watch, is Amazon has pretty much canceled all their re:Invent like shows except for two; Re:Invent, which is their annual conference, and Re:Inforce, which is dedicated to securities. So Cloud Native, Linux, the Linux Foundation has now breaking out Cloud Native Con and KubeCon, and now Cloud Native Security Con. They can't call it KubeCon because it's not Kubernetes, but it's like security focus. I think this is the beginning of starting to see this new developer driving, developers driving the standards, and it has it implications, what used to be called IT ops, and that's like the VMwares of the world. You saw all the stuff that was not at developer focus, but more ops, becoming much more in the application. So I think, I think it's real. The question is where does it go? How fast does it develop? So to me, I think it's a real trend, and it's worthy of a breakout, but it's not yet clear of where the landing zone is for people to start doing it, how they get started, what are the best practices. Machine learning's going to be a big part of this. So to me it's totally cool, but I'm not yet seeing the beachhead. So that's kind of my take. >> Dave, our inventor and host of breaking analysis, what's your take? >> So when you, I think when you zoom out, there's some, there's a big macro change that's been going on. I think when you look back, let's say 10, 12 years ago, the, the need for speed far trumped the, the, the security aspect, the governance, the data privacy. It was like, "Yeah, the risks, they're not that great compared to our opportunity." That has completely changed because the risks are now so much higher. And so what's happening, I think there's a, there's a major effort amongst CIOs and CISOs to try to make security not a blocker because it use to be, it still is. "Okay, I got this great initiative." Eh, give it to the SecOps pros, and let them take it for a while before we can go to market. And so a huge challenge now is to simplify, automate, AI comes in, the whole supply chain security, so the, so the companies can not be facing so much friction. And that is non-trivial. I don't think we're anywhere close there, but I think the goal is by, within the next several years, we're going to be in a position, that security, we heard today, is, wasn't designed in to the initial internet protocols. It was bolted on. And so increasingly, the fundamental architecture of the internet, the Cloud, et cetera, is, is seeing designed in security, and, and that is an imperative, or else business is going to come to a grinding halt. >> Right. It's no longer, the bolt no longer works. Yves, what's your perspective on Cloud Native Security, where it stands today? What's in it for customers, whether we're talking about banks, or hospitals, or retailers, what do you think? >> I think when we, when we look at security in the, in the modern world, is we need to as, as Dave mentioned, we need to rethink how we apply it. Very often, security in the past has been always bolted on in the end. If we continue to do that, it'll become more and more difficult, because as companies evolve, and as companies want to bring products and software to market in a much faster and faster way, it's getting more and more difficult if we bolt on the security process at the end. It's like, developers build something and then someone checks security. That's not going to work any longer. Especially if we also consider now the changes in the industry. We had Stack Overflow over the last 10 years. If I would've had Stack Overflow 15, 20, what, 25 years ago when I was a developer, it would've changed a hell lot. Looking at it now, and looking at it what we had in the last few weeks, it's like where nearly all of my team members say is like finally I don't need any script kiddies anymore because I can't go to (indistinct) who writes the code for me. Which is on one end great, because it enables us to solve certain problems in a much higher pace. But the challenge with that is, if the people who just copy and past that code, don't understand the implications of that code, we have a much higher risk continuously. And what people thought was, is challenging with Stack Overflow. Imagine that something in one of these AI engines, is actually going ballistic, and it creates holes in nearly every one of these applications. And trust me, there will be enough developers who are going to use these tools to develop codes, the same as students in university are going to take this to write their essays and everything else. And so it's really important that every developer team basically has a security person within their team, and not a security at the end. So we build something, we check it, go through QA, and then it goes to security. Security needs to be at the forefront. And I think that's where we see Cloud Native Security Con, where we see AWS. I saw it during re:Invent already where they said is like, we have reinforced next year. I think this becomes more and more of a topic, and I think companies, as much as it is become a norm that you have a firewall and everything else, it needs to become a norm that when you are doing software development, and every development team needs to have a security person on that needs to be trained. >> I love that chat comment Dave, 'cause you and I were talking about this. And I think that is going to be the issue. Do we need security chat for the chat bot? And there's like a, like a recursive model there. The biases are built in. I think, and I think our interview with the Palo Alto Network's co-founder, Dave, when he talked about zero trust as a structured way to start things, but he was referencing that with Cloud, there's a chance to rethink or do a do-over in security. So, I think this is kind of to me, where this is all going. And I think you asked Pat Gelsinger what, year 2013, 2014, can, is security a do over? I think we're in that do over time. >> He said yes. >> He said yes. (laughing) He was right. But yeah, eight years later... But this is, how do you, zero trust gives you some structure, but how do you organize and redo security? Because to me, I think that's what's happening here. >> And John you heard, Zuk at Palo Alto Network said, "Yeah, the, the words security and architecture, they don't go together historically." And so it is a total, total retake. >> Well is that because there's too many tools out there and- >> Yeah. For sure. >> Yeah, well, first of all, a lot of hardware. And then yeah, a lot of tools. You even see IIOT and industry 40, you see IOT security coming up as another stove pipe, and that's not the right approach. And, and so- >> Well let me, let me ask you a question Dave, and Yves, if you don't mind. 'Cause I was just riffing on this yesterday about this. In the ML space, you're seeing the ML models, you're seeing proprietary models versus open source. Is security going to go down this proprietary security methods and open source? Because that's interesting, because the CNCF is run by the the Linux Foundation. So you can almost maybe see a model where there's more proprietary security methods than open source. Or is it, is that a non-issue? >> I would, I would, let me, if I, if I jump in here first, I think the last, especially last five or 10 years have clearly shown the, the whole and, and I invested early on in the, in the end 90s in several open source startups in the Bay area. So, I'm well behind the whole open source idea and, and mid (indistinct) and others back then several times. But the point is, I think what we have seen is open source is not in general, more secure or less secure, because code is too complex nowadays. You have millions of lines of code, and it's not that either one way or the other is going to solve it. The ways I think we are going to look at it is more is what's the role to market, because only because something is open source doesn't necessarily mean it's going to be available for everyone. And the same for proprietary source from that perspective, even though everybody mixes licensing and payments and all that all the time, but it doesn't necessarily have anything to do with it. But I think as we are going through it, and when we also look at the industry, security industry over the last 10 plus years has been primarily hardware focused. And a lot of these vendors have done a good business out of selling hardware boxes, putting software on top of it. Whereas in reality, those were still X86 standard boxes in the end. So it was not that we had specific security ethics or anything like that in there anymore. And so overall, the question of the market is going to change. And as we are looking into Cloud Native, think about someone like an AWS, do you really envision them to have a hardware box of every supplier in their data center, and that in every availability zone in every region? Same for Microsoft, same for Google, etc? So we need to have new ways on how we can apply security. And that applies both on the backend services, but also on the front end side. >> And if I, and if I could chime in, I think the, the good, I think the answer is, is, is no and yes. And what I mean by that is if you take, antivirus and known malware, I mean pretty much anybody today can, can solve that problem, it's the unknown malware. So I think the yes part of the answer is yes, it's, it's going to be proprietary, but in the sense we're going to use open source tooling, and then apply that in a proprietary way with, with specific algorithms and unique architectures that are going to solve problems. For example, XDR with, with unknown malware. So, and that's the, that's the hard part. As somebody said, I think this morning at the keynote, it's, it's all the stuff that, that the SecOps team couldn't find. That's the really hard part. >> (laughs) Well the question will be will, is the new IP, the ability to feed ChatGPT some magical spelled insertion query string that does the job, that's unique, that might be the new IP, the the question to ask. >> Well, that's what the hackers are going to do. And I, they're on offense. (John laughs) And the offense knows what play is coming. So, they're going to start. >> So guys, let's take this conversation up a level. I want to get your perspectives on what's in this for me as a customer? We know security is a board level conversation. We talk about this all the time. We also know that they're based on, I think David, was the conversations that you and I had, with Palo Alto Networks at Ignite in December. There's a, there's a lack of alignment between the executives and the board from a security perspective. When we talk about Cloud Native Security, we all talked about the value in that, what's in it for customers? I want to get your perspectives on should this be a board level conversation, and if so, how do you advise organizations, whether it is a hospital, or a bank, or an organization that is really affected by things like ransomware? How should they be thinking about this from an organizational perspective? >> Well, I'll start first, because we had this conversation during our Super Cloud event last month, and this comes up a lot. And this is, the CEO board level. Yes it is a board level conversation for security, as is application development as in terms of transforming their business to be competitive, not to be on the wrong side of history with this wave coming. So I think that's more of a management. But the issue is, they tell their people, "Go do it." And they're like, 'cause they get sold on the idea of, "Hey, won't you transform your business, and everything's going to be data driven, and machine learning's going to power your apps, get new customers, be profitable." "Oh, sign me up for that." When you have to implement this, it's really hard. And I think the core issue is, where are companies in their life cycle of the ability to execute and architect this thing properly as Dave said, Nick Zuk said, "You can't have architecture and security, you need platforms." So, I think the re-platforming, and the re-factoring of business is a big factor, and that's got to get down into the, the organizational shifts and the people to do it. So are there skills? Do I do a managed service? How do I architect it? Are there more services? Are there developers doing applications that are going to be more agile? So, this is not an easy thing. And to move a business from IT operations that is proven, to be positioned for this enablement, is just really difficult. And it's expensive. And if you screw it up, you could be, could be on the wrong side of things. So, to me, that's the big issue is, you sell the dream and then you got to implement it. And that's really difficult. >> Yves, give us your perspective on, based on John's comments, how do organizations shift so dramatically? There's a cultural element there as well, but there's also organizations that are, have competitive competitors in the rear view mirror, and there's time to waste. What are your thoughts on that? >> I think that's exactly the point. It's like, as an organization, you need to take the decision between the time, the risk, and all the other elements we have into this game. Because you can try to achieve 100% security, but that's exactly the same as trying to, to protect gold or anything else 100%. It's most likely not going to be from a risk perspective anyway sensible. And that's the same from a corporational perspective. When you look at building new internet services, or IOT services, or any kind of new shopping experience or whatever else, you need to balance out between the risks and the advantages out of it. And you also need to be accepting that you potentially on the way make mistakes, but then it's more important than ever that you are able to quickly fix any mistakes, and to adjust to anything what's happening in the market. Because as we are building all these new Cloud Native applications, and build up all these skill sets, one of the big scenarios is we are far more depending on individual building blocks. These building blocks come out of open source communities, which have a much different way. When we look back in software development, back then we had application servers from Oracle, Web Logic, whatsoever, they had a release cycles of every three to six months. As now we have to deal with open source, where sometimes release cycles are on a four week schedule, in between security patches. So you need to be much faster in adopting that, checking that, implementing that, getting things to work. So there is a security stretch from that perspective. There is a speech stretch on the other thing companies have to deal with, and on the other side it's always a measurement between the risk, and the security you can afford. Because reality is, you will not be 100% protected no matter what you do. So, you need to balance out what you as an organization can actually build on. But I think, coming back also to the point, it's on the bot level nowadays. It's like nearly every discussion we have with companies nowadays as they move into the Cloud, especially also here in Europe where for the last five years, it was always, it's like "It's data privacy." Data privacy is no longer, I mean, yes, for certain people, it's still the point, but for many more people it's like, "How protected is my data?" "What do we do in case of ransomware attack?" "What do we do in case of a denial of service?" All of these things become more vulnerable, where in the past you were discussing these things with a becking page, or, or like a stock exchange. They were, it's like, "What the hell is going to happen if we have a denial of service?" Now all of the sudden, this now affects nearly everyone in their storefronts and everything else, because everything is depending on it. >> Yeah, I think you're right on. You think about how cultural change occurs, it's bottom ups or, bottom up, top down or middle out. And what, what's happened with security is the people in the security team cared about it, they were the, everybody said, "Oh, it's their problem." And then it just did an end run to the board, kind of mid, early last decade. And then the board sort of pushed that down. And the line of business is realizing, "Holy cow. My business, my EBIT can be dramatically affected by this, so I care." Now it's this whole house, cultural team sport. I know it's sort of a, a cliche, but it, it's true. Everybody actually is beginning to care about security because the risks are now so high, and it's going to affect not only the bottom line of the company, the bottom line of the business, their job, it's, it's, it's virtually everywhere. It's a huge cultural shift that we're seeing. >> And that's a big challenge for organizations in any industry. And Yves, you talked about ransomware service. Every industry across the globe is vulnerable to this. But how can, maybe John, we'll start with you. How can Cloud Native Security help organizations if they're able to embrace it, operationally, culturally, dial down some of the vulnerabilities that just seem to keep growing? >> Well, I mean that's the big question. The breaches are, are critical. The governances also could be a way that anchors down growth. So I think the balance between the governance compliance piece of it is key, but making the developers faster and more productive is the key to me. And I think having the security paradigm where they're not blockers, as Dave said, is critical. So I love the whole shift left, but now that we have more data focused initiatives around how that, you can use data to understand the security issues, I think data and security are together, and I think there's a going to be a data operating system model emerging, where data and security will be almost one thing. And that will be set up by the security teams, and the data teams together. And that will feed guardrails into the developer environment. So the developer should feel no pain at all in doing this. So I think the best practice will end up being what we're seeing with supply chain, security, with making sure code's verified. And you're going to see the container, security side completely address has been, and KubeCon, we just, I asked Scott Johnson, the CEO of Docker, and I asked him directly, "Are you guys all tight on container security?" He said, yes, but other people are suggesting that's not true. There's a lot of issues with the container security. So, there's all kinds of areas where there's holes. So Cloud Native is cool on one hand, and very relevant, but if it's not shored up, it's going to be a problem. But I, so I think that's where the action will be, at the developer pipeline, in the containers, and the data. So, that will be very relevant, and if companies nail that, they'll be faster, they'll have better apps, and that'll be the differentiator. And again, if they don't on this next wave, they're going to be driftwood. >> Dave, how do they prevent becoming driftwood? >> Well, I think Cloud has had a huge impact. And a Cloud's by no means a panacea, but let's face it, it's dramatically improved a lot of companies security posture. Now there's still that shared responsibility. Even though an S3 bucket is encrypted, it's still your responsibility to make sure that it doesn't get decrypted by somebody who has access to it. So there are things like that, but to Yve's earlier point, that can be, that's done through software now, it's done through best practices. Those best practices can be shared. So the way you, you don't become driftwood, is you start to, you step back, rethink that security architecture as we were talking about earlier, take advantage of the Cloud, take advantage of Cloud Native, and all the, the rapid pace of innovation that's occurring there, and you don't use, it's called before, The audit is the last line of defense. That's no longer a check box item. "Oh yeah, we're in compliance." It's, this is a business imperative, and because we're going to reduce our expected loss and reduce our business risk. That's part of the business case today. >> Yeah. >> It's a huge, critically important part of the business case. Yves, question for you. If you're in an elevator with a CEO, a CFO, and a CISO, and they're talking about security and Cloud Native Security, what's your value proposition to them on a, on a say a 32nd elevator ride? >> Difficult story. I think at the moment, the most important part is, we need to get people to work together, and we need to train people to work more much better together. I think that's the overall most important part for all of these solutions, because in the end, security is always a person issue. If, we can have the best tools in the industry, as long as we don't get all of these teams to work together, then we have a problem. If the security team is always seen as the end of the solution to fix everything, that's not going to work because they always are the bad guys in the game. And so we need to bring the teams together. And once we have the teams work together, I think we have a far better track on, on maintaining security. >> John and Dave, I want to get your perspectives on what Yves just said. In all the experience that the two of you have as industry analysts here on "theCUBE," Wikibon, Siliconangle Media. How do you advise organizations to get those teams together? As Eve said, that alignment is critical, but John, we'll start with you, then Dave go to you. What's your advice for organizations that need to align those teams and really don't have a lot of time to wait to do it? >> (chuckling) That's a great question. I think, I think that's everyone pays hundreds of thousands of millions of dollars to get that advice from these consultants, organizations out there doing the transformations. But I think it comes down to personnel and commitment. I think if there's a C-level commitment to the effort, you'll see the institutional structure change. So you can see really getting behind it with their, with their wallet and their, and their support of either getting more personnel to support and assist, or manage services, or giving the power to the teams to execute and doing it in a way that, that's, that's well known and best practices. Start small, build out the pilots, build the platform, and then start getting it right. And I think that's the key. Not the magic wand, the old model of rolling out stuff in, in six month cycles. It's really, get the proof points, double down and change the culture, but also execute and have real metrics. And changing the architecture, like having more penetration tests as a service. Doing pen tests is like a joke now. So that doesn't make any sense. You got to have that built in almost every day, and every minute. So, these kinds of new techniques have to be implemented and have to be tried. So that's why these communities are growing. That's why I like what open source has been doing, and I like the open source as the place to have these conversations, because that's where the action will be for new stuff. And I think people will implement open source like they did before, but with different ways, better testing, better supply chain on the software side, verifying code. So, I see open source actually getting a tailwind from this, not a headwind. So, I'm bullish on the open source piece here on, on all levels, machine learning- >> Lisa, my answer is intramural sports. And it's 'cause I think it's cultural. And what I mean by that, is you take your your best and brightest security, and this is what frankly, a lot of CISOs do, an examples is Lena Smart, MongoDB. Take your best and brightest security pros, make them captains of the intramural teams, and pair them up with pods of individuals across the organization, which is most people who don't know anything about security, and put them together, so that they can, they, so that the folks that understand security can, can realize how little people know, what, what, what, how, what the worst practices that are out there in the reverse, how they can cross pollinate. And they do that on a regular basis, I know at Mongo and other companies. And that kind of cultural assimilation is a starting point for how you get security awareness up to your question around making it a team sport. >> Absolutely critical. Yves, I want to kind of wrap things with you. We've got a couple of minutes left. When you're really looking at the Cloud Native community, the growth of it, we talked about earlier in the program, Cloud Native Security Con being now extracted and elevated out of KubeCon, what are your thoughts on the groundswell that this community is generating around Cloud Native Security, the benefits that organizations will achieve from it? >> I think overall, when we have these securities conferences, or these security arms a bit spread out and separated out of the main conference, it helps to a certain degree, because especially in the security space, when you look at at other like black hat or white hat conferences and things like that in the past, although they were not focused on Cloud Native, a lot of these security folks didn't feel well taken care of in any of the other conferences because they were always these, it's like they are always blocking us, they're always making us problems, and all these kinds of things. Now that we really take the Cloud Native piece and the security piece together, or like AWS does it with re:Inforce, I think we will see more and more that people understand is that security is a permanent topic we need to cover, but we need to bring different people together, because security also has compliance and a lot of other components in there. So we will see at these conferences moving forward, also a different audience. It's not going to be only the Cloud Native developers. And if I see some of these security audiences, I can't really imagine them to really be at KubeCon because there is too much other things going on. And you couldn't really see much of that at re:Invent because re:Invent by itself has become a complete monster of a conference. It covers too many topics. And so having this very, very important security piece separated, also gives the opportunity, I think, that we can bring in the security people, but also have the type of board level discussions potentially, between the leaders of the industry, to also discuss on how we can evolve, how we can make things better, and how, how we can actually, yeah, evolve our industry for it. Because let's face it, that threat is not going to go away. It's, it's a business. And one of the last security conferences I was on, on the ransomware part, it was one of the topics someone said is like, "Look, currently on average, it takes a hacker group roughly around they said 15 to 20 K to break into a company, and they on average make 100K. It's a business, let's face it. And it's a business we don't like. And ethically, it's no discussion that this is not good, but that's something which is happening. People are making money with it. And as long as that's going to go on, and we have enough countries where these people can hide, it's going to stay and survive. And so, with that being said, it's important for us to really build an industry around this. But I also think it's good that we have separate conferences. In the past we had more the RSA conference, which tried to cover all of these areas. But that is not really fitting Cloud Native and everything else. So I think it's good that we have these new opportunities, the Cloud Native one, but also what AWS brings up for someone. >> Yves, you just nailed it. It just comes down to simple math. It's a fraction. Revenue over cost. And if you could increase the hacker's cost, increase the denominator, their ROI will go down. And that is the game. >> Great point, Dave. What I'm hearing guys, and we can talk about technology for days and days. I know all of you. But there's, there's a big component that, that the elevation of Cloud Native Security, on its own as standalone is critical, as is the people component. You guys all talked about that. We talked about the cultural change necessary for that. Hopefully what we're seeing with Cloud Native Security Con 23, this first event is going to give us more insight over the next couple of days, and the next months or so, as to how this elevation, and how the people can come together to really help organizations from a math perspective as, as Dave talked about, really dial down the risks there, understand more of the vulnerabilities so that ransomware as a service is not as lucrative as it is today. Guys, so much appreciate your time, really breaking down Cloud Native Security, the value in it from different perspectives, and what your thoughts are on where it's going. Thanks so much for your time. >> All right. Thanks. >> Thanks, Lisa. >> Thank you. >> Thanks, Yves. >> All right. For my guests, I'm Lisa Martin. You're watching theCUBE's day one coverage of Cloud Native Security Con 23. Thanks for watching. (rousing music)

>>from around the globe. It's the Cube with digital coverage of VM World 2020 brought to you by VM Ware and its ecosystem partners. Hello and welcome back to the cubes. Virtual coverage of VM World 2020 Virtual I'm John for your host of the Cube, our 11th year covering V emeralds. Not in person. It's virtual. I'm with my coast, Dave. A lot, of course. Ah, guest has been on every year since the cubes existed. Sanjay Putin, who is now the chief operating officer for VM Ware Sanjay, Great to see you. It's our 11th years. Virtual. We're not in person. Usually high five are going around. But hey, virtual fist pump, >>virtual pissed bump to you, John and Dave, always a pleasure to talk to you. I give you more than a virtual pistol. Here's a virtual hug. >>Well, so >>great. Back at great. >>Great to have you on. First of all, a lot more people attending the emerald this year because it's virtual again, it doesn't have the face to face. It is a community and technical events, so people do value that face to face. Um, but it is virtually a ton of content, great guests. You guys have a great program here, Very customer centric. Kind of. The theme is, you know, unpredictable future eyes is really what it's all about. We've talked about covert you've been on before. What's going on in your perspective? What's the theme of your main talks? >>Ah, yeah. Thank you, John. It's always a pleasure to talk to you folks. We we felt as we thought, about how we could make this content dynamic. We always want to make it fresh. You know, a virtual show of this kind and program of this kind. We all are becoming experts at many Ted talks or ESPN. Whatever your favorite program is 60 minutes on becoming digital producers of content. So it has to be crisp, and everybody I think was doing this has found ways by which you reduce the content. You know, Pat and I would have normally given 90 minute keynotes on day one and then 90 minutes again on day two. So 180 minutes worth of content were reduced that now into something that is that entire 180 minutes in something that is but 60 minutes. You you get a chance to use as you've seen from the keynote an incredible, incredible, you know, packed array of both announcements from Pat myself. So we really thought about how we could organize this in a way where the content was clear, crisp and compelling. Thekla's piece of it needed also be concise, but then supplemented with hundreds of sessions that were as often as possible, made it a goal that if you're gonna do a break out session that has to be incorporate or lead with the customer, so you'll see not just that we have some incredible sea level speakers from customers that have featured in in our pattern, Mikey notes like John Donahoe, CEO of Nike or Lorry beer C I, a global sea of JPMorgan Chase partner Baba, who is CEO of Zuma Jensen Wang, who is CEO of video. Incredible people. Then we also had some luminaries. We're gonna be talking in our vision track people like in the annuity. I mean, one of the most powerful women the world many years ranked by Fortune magazine, chairman, CEO Pepsi or Bryan Stevenson, the person who start in just mercy. If you watch that movie, he's a really key fighter for social justice and criminal. You know, reform and jails and the incarceration systems. And Malala made an appearance. Do I asked her personally, I got to know her and her dad's and she spoke two years ago. I asked her toe making appearance with us. So it's a really, really exciting until we get to do some creative stuff in terms of digital content this year. >>So on the product side and the momentum side, you have great decisions you guys have made in the past. We covered that with Pat Gelsinger, but the business performance has been very strong with VM. Where, uh, props to you guys, Where does this all tie together for in your mind? Because you have the transformation going on in a highly accelerated rate. You know, cov were not in person, but Cove in 19 has proven, uh, customers that they have to move faster. It's a highly accelerated world, a lot. Lots changing. Multi cloud has been on the radar. You got security. All the things you guys are doing, you got the AI announcements that have been pumping. Thean video thing was pretty solid. That project Monterey. What does the customer walk away from this year and and with VM where? What is the main theme? What what's their call to action? What's what do they need to be doing? >>I think there's sort of three things we would encourage customers to really think about. Number one is, as they think about everything in infrastructure, serves APS as they think about their APS. We want them to really push the frontier of how they modernize their athletic applications. And we think that whole initiative off how you modernized applications driven by containers. You know, 20 years ago when I was a developer coming out of college C, C plus, plus Java and then emerge, these companies have worked on J two ee frameworks. Web Logic, Be Aware logic and IBM Web Street. It made the development off. Whatever is e commerce applications of portals? Whatever was in the late nineties, early two thousands much, much easier. That entire world has gotten even easier and much more Micro service based now with containers. We've been talking about kubernetes for a while, but now we've become the leading enterprise, contain a platform making some incredible investments, but we want to not just broaden this platform. We simplified. It is You've heard everything in the end. What works in threes, right? It's sort of like almost t shirt sizing small, medium, large. So we now have tens Ooh, in the standard. The advanced the enterprise editions with lots of packaging behind that. That makes it a very broad and deep platform. We also have a basic version of it. So in some sense it's sort of like an extra small. In addition to the small medium large so tends to and everything around at modernization, I think would be message number one number two alongside modernization. You're also thinking about migration of your workloads and the breadth and depth of, um, er Cloud Foundation now of being able to really solve, not just use cases, you are traditionally done, but also new ai use cases. Was the reason Jensen and us kind of partner that, and I mean what a great company and video has become. You know, the king maker of these ai driven applications? Why not run those AI applications on the best infrastructure on the planet? Remember, that's a coming together of both of our platforms to help customers. You know automotive banking fraud detection is a number of AI use cases that now get our best and we want it. And the same thing then applies to Project Monterey, which takes the B c f e m A Cloud Foundation proposition to smart Knicks on Dell, HP Lenovo are embracing the in video Intel's and Pen Sandoz in that smart make architectural, however, that so that entire world of multi cloud being operative Phobia Macleod Foundation on Prem and all of its extended use cases like AI or Smart Knicks or Edge, but then also into the AWS Azure, Google Multi Cloud world. We obviously had a preferred relationship with Amazon that's going incredibly well, but you also saw some announcements last week from, uh, Microsoft Azure about azure BMR solutions at their conference ignite. So we feel very good about the migration opportunity alongside of modernization on the third priority, gentlemen would be security. It's obviously a topic that I most recently taken uninterested in my day job is CEO of the company running the front office customer facing revenue functions by night job by Joe Coffin has been driving. The security strategy for the company has been incredibly enlightening to talk, to see SOS and drive this intrinsic security or zero trust from the network to end point and workload and cloud security. And we made some exciting announcements there around bringing together MAWR capabilities with NSX and Z scaler and a problem black and workload security. And of course, Lassiter wouldn't cover all of this. But I would say if I was a attendee of the conference those the three things I want them to take away what BMR is doing in the future of APS what you're doing, the future of a multi cloud world and how we're making security relevant for distributed workforce. >>I know David >>so much to talk about here, Sanjay. So, uh, talk about modern APS? That's one of the five franchise platforms VM Ware has a history of going from, you know, Challenger toe dominant player. You saw that with end user computing, and there's many, many other examples, so you are clearly one of the top, you know. Let's call it five or six platforms out there. We know what those are, uh, and but critical to that modern APS. Focus is developers, and I think it's fair to say that that's not your wheelhouse today, but you're making moves there. You agree that that is, that is a critical part of modern APS, and you update us on what you're doing for that community to really take a leadership position there. >>Yeah, no, I think it's a very good point, David. We way seek to constantly say humble and hungry. There's never any assumption from us that VM Ware is completely earned anyplace off rightful leadership until we get thousands, tens of thousands. You know, we have a half a million customers running on our virtualization sets of products that have made us successful for 20 years 70 million virtual machines. But we have toe earn that right and containers, and I think there will be probably 10 times as many containers is their virtual machines. So if it took us 20 years to not just become the leader in in virtual machines but have 70 million virtual machines, I don't think it will be 20 years before there's a billion containers and we seek to be the leader in that platform. Now, why, Why VM Where and why do you think we can win in their long term. What are we doing with developers Number one? We do think there is a container capability independent of virtual machine. And that's what you know, this entire world of what hefty on pivotal brought to us on. You know, many of the hundreds of customers that are using what was formerly pivotal and FDR now what's called Tan Xue have I mean the the case. Studies of what those customers are doing are absolutely incredible. When I listen to them, you take Dick's sporting goods. I mean, they are building curbside, pick up a lot of the world. Now the pandemic is doing e commerce and curbside pick up people are going to the store, That's all based on Tan Xue. We've had companies within this sort of world of pandemic working on contact, tracing app. Some of the diagnostic tools built without they were the lab services and on the 10 zoo platform banks. Large banks are increasingly standardizing on a lot of their consumer facing or wealth management type of applications, anything that they're building rapidly on this container platform. So it's incredible the use cases I'm hearing public sector. The U. S. Air Force was talking about how they've done this. Many of them are not public about how they're modernizing dams, and I tend to learn the best from these vertical use case studies. I mean, I spend a significant part of my life is you know, it s a P and increasingly I want to help the company become a lot more vertical. Use case in banking, public sector, telco manufacturing, CPG retail top four or five where we're seeing a lot of recurrence of these. The Tan Xue portfolio actually brings us closest to almost that s a P type of dialogue because we're having an apse dialogue in the in the speak of an industry as opposed to bits and bytes Notice I haven't talked at all about kubernetes or containers. I'm talking about the business problem being solved in a retailer or a bank or public sector or whatever have you now from a developer audience, which was the second part of your question? Dave, you know, we talked about this, I think a year or two ago. We have five million developers today that we've been able to, you know, as bringing these acquisitions earn some audience with about two or three million from from the spring community and two or three million from the economic community. So think of those five million people who don't know us because of two acquisitions we don't. Obviously spring was inside Vienna where went out of pivotal and then came back. So we really have spent a lot of time with that community. A few weeks ago, we had spring one. You guys are aware of that? That conference record number of attendees okay, Registered, I think of all 40 or 50,000, which is, you know, much bigger than the physical event. And then a substantial number of them attended live physical. So we saw a great momentum out of spring one, and we're really going to take care of that, That that community base of developers as they care about Java Manami also doing really, really well. But then I think the rial audience it now has to come from us becoming part of the conversation. That coupon at AWS re invent at ignite not just the world, I mean via world is not gonna be the only place where infrastructure and developers come to. We're gonna have to be at other events which are very prominent and then have a developer marketplace. So it's gonna be a multiyear effort. We're okay with that. To grow that group of about five million developers that we today Kate or two on then I think there will be three or four other companies that also play very prominently to developers AWS, Microsoft and Google. And if we're one among those three or four companies and remembers including that list, we feel very good about our ability to be in a place where this is a shared community, takes a village to approach and an appeal to those developers. I think there will be one of those four companies that's doing this for many years to >>come. Santa, I got to get your take on. I love your reference to the Web days and how the development environment change and how the simplicity came along very relevant to how we're seeing this digital transformation. But I want to get your thoughts on how you guys were doing pre and now during and Post Cove it. You already had a complicated thing coming on. You had multi cloud. You guys were expanding your into end you had acquisitions, you mentioned a few of them. And then cove it hit. Okay, so now you have Everything is changing you got. He's got more complex city. You have more solutions, and then the customer psychology is change. You got to spectrums of customers, people trying to save their business because it's changed, their customer behavior has changed. And you have other customers that are doubling down because they have a tailwind from Cove it, whether it's a modern app, you know, coming like Zoom and others are doing well because of the environment. So you got your customers air in this in this in this, in this storm, you know, they're trying to save down, modernized or or or go faster. How are you guys changing? Because it's impacted how you sell. People are selling differently, how you implement and how you support customers, because you already had kind of the whole multi cloud going on with the modern APS. I get that, but Cove, it has changed things. How are you guys adopting and changing to meet the customer needs who are just trying to save their business on re factor or double down and continue >>John. Great question. I think I also talked about some of this in one of your previous digital events that you and I talked about. I mean, you go back to the last week of February 1st week of March, actually back up, even in January, my last trip on a plane. Ah, major trip outside this country was the World Economic Forum in Davos. And, you know, there were thousands of us packed into the small digits in Switzerland. I was sitting having dinner with Andy Jassy in a restaurant one night that day. Little did we know. A month later, everything would change on DWhite. We began to do in late February. Early March was first. Take care of employees. You always wanna have the pulse, check employees and be in touch with them. Because the health and safety of employees is much more important than the profits of, um, where you know. So we took care of that. Make sure that folks were taking care of older parents were in good place. We fortunately not lost anyone to death. Covert. We had some covert cases, but they've recovered on. This is an incredible pandemic that connects all of us in the human fabric. It has no separation off skin color or ethnicity or gender, a little bit of difference in people who are older, who might be more affected or prone to it. But we just have to, and it's taught me to be a significantly more empathetic. I began to do certain things that I didn't do before, but I felt was the right thing to do. For example, I've begun to do 25 30 minute calls with every one of my key countries. You know, as I know you, I run customer operations, all of the go to market field teams reporting to me on. I felt it was important for me to be showing up, not just in the big company meetings. We do that and big town halls where you know, some fractions. 30,000 people of VM ware attend, but, you know, go on, do a town hall for everybody in a virtual zoom session in Japan. But in their time zone. So 10 o'clock my time in the night, uh, then do one in China and Australia kind of almost travel around the world virtually, and it's not long calls 25 30 minutes, where 1st 10 or 15 minutes I'm sharing with them what I'm seeing across other countries, the world encouraging them to focus on a few priorities, which I'll talk about in a second and then listening to them for 10 15 minutes and be, uh and then the call on time or maybe even a little earlier, because every one of us is going to resume button going from call to call the call. We're tired of T. There's also mental, you know, fatigue that we've gotta worry about. Mental well, being long term. So that's one that I personally began to change. I began to also get energy because in the past, you know, I would travel to Europe or Asia. You know, 40 50%. My life has travel. It takes a day out of your life on either end, your jet lag. And then even when you get to a Tokyo or Beijing or to Bangalore or the London, getting between sites of these customers is like a 45 minute, sometimes in our commute. Now I'm able to do many of these 25 30 minute call, so I set myself a goal to talk to 1000 chief security officers. I know a lot of CEOs and CFOs from my times at S A P and VM ware, but I didn't know many security officers who often either work for a CEO or report directly to the legal counsel on accountable to the audit committee of the board. And I got a list of these 1,002,000 people we called email them. Man, I gotta tell you, people willing to talk to me just coming, you know, into this I'm about 500 into that. And it was role modeling to my teams that the top of the company is willing to spend as much time as possible. And I have probably gotten a lot more productive in customer conversations now than ever before. And then the final piece of your question, which is what do we tell the customer in terms about portfolio? So these were just more the practices that I was able to adapt during this time that have given me energy on dial, kind of get scared of two things from the portfolio perspective. I think we began to don't notice two things. One is Theo entire move of migration and modernization around the cloud. I describe that as you know, for example, moving to Amazon is a migration opportunity to azure modernization. Is that whole Tan Xue Eminem? Migration of modernization is highly relevant right now. In fact, taking more speed data center spending might be on hold on freeze as people kind of holding till depend, emmick or the GDP recovers. But migration of modernization is accelerating, so we wanna accelerate that part of our portfolio. One of the products we have a cloud on Amazon or Cloud Health or Tan Xue and maybe the other offerings for the other public dog. The second part about portfolio that we're seeing acceleration around is distributed workforce security work from home work from anywhere. And that's that combination off workspace, one for both endpoint management, virtual desktops, common black envelope loud and the announcements we've now made with Z scaler for, uh, distributed work for security or what the analysts called secure access. So message. That's beautiful because everyone working from home, even if they come back to the office, needs a very different model of security and were now becoming a leader in that area. of security. So these two parts of the portfolio you take the five franchise pillars and put them into these two buckets. We began to see momentum. And the final thing, I would say, Guys, just on a soft note. You know, I've had to just think about ways in which I balance work and family. It's just really easy. You know what, 67 months into this pandemic to burn out? Ah, now I've encouraged my team. We've got to think about this as a marathon, not a sprint. Do the personal things that you wanna do that will make your life better through this pandemic. That in practice is that you keep after it. I'll give you one example. I began biking with my kids and during the summer months were able to bike later. Even now in the fall, we're able to do that often, and I hope that's a practice I'm able to do much more often, even after the pandemic. So develop some activities with your family or with the people that you love the most that are seeing you a lot more and hopefully enjoying that time with them that you will keep even after this pandemic ends. >>So, Sanjay, I love that you're spending all this time with CSOs. I mean, I have a Well, maybe not not 1000 but dozens. And they're such smart people. They're really, you know, in the thick of things you mentioned, you know, your partnership with the scale ahead. Scott Stricklin on who is the C. C so of Wyndham? He was talking about the security club. But since the pandemic, there's really three waves. There's the cloud security, the identity, access management and endpoint security. And one of the things that CSOs will tell you is the lack of talent is their biggest challenge. And they're drowning in all these products. And so how should we think about your approach to security and potentially simplifying their lives? >>Yeah. You know, Dave, we talked about this, I think last year, maybe the year before, and what we were trying to do in security was really simplified because the security industry is like 5000 vendors, and it's like, you know, going to a doctor and she tells you to stay healthy. You gotta have 5000 tablets. You just cannot eat that many tablets you take you days, weeks, maybe a month to eat that many tablets. So ah, grand simplification has to happen where that health becomes part of your diet. You eat your proteins and vegetables, you drink your water, do your exercise. And the analogy and security is we cannot deploy dozens of agents and hundreds of alerts and many, many consoles. Uh, infrastructure players like us that have control points. We have 70 million virtual machines. We have 75 million virtual switches. We have, you know, tens of million's off workspace, one of carbon black endpoints that we manage and secure its incumbent enough to take security and making a lot more part of the infrastructure. Reduce the need for dozens and dozens of point tools. And with that comes a grand simplification of both the labor involved in learning all these tools. Andi, eventually also the cost of ownership off those particular tool. So that's one other thing we're seeking to do is increasingly be apart off that education off security professionals were both investing in ah, lot of off, you know, kind of threat protection research on many of our folks you know who are in a threat. Behavioral analytics, you know, kind of thread research. And people have come out of deep hacking experience with the government and others give back to the community and teaching classes. Um, in universities, there are a couple of non profits that are really investing in security, transfer education off CSOs and their teams were contributing to that from the standpoint off the ways in which we can give back both in time talent and also a treasure. So I think is we think about this. You're going to see us making this a long term play. We have a billion dollar security business today. There's not many companies that have, you know, a billion dollar plus of security is probably just two or three, and some of them have hit a wall in terms of their progress sport. We want to be one of the leaders in cybersecurity, and we think we need to do this both in building great product satisfying customers. But then also investing in the learning, the training enable remember, one of the things of B M worlds bright is thes hands on labs and all the training enable that happened at this event. So we will use both our platform. We in world in a variety of about the virtual environments to ensure that we get the best education of security to professional. >>So >>that's gonna be exciting, Because if you look at some of the evaluations of some of the pure plays I mean, you're a cloud security business growing a triple digits and, you know, you see some of these guys with, you know, $30 billion valuations, But I wanted to ask you about the market, E v m. Where used to be so simple Right now, you guys have expanded your tam dramatically. How are you thinking about, you know, the market opportunity? You've got your five franchise platforms. I know you're very disciplined about identifying markets, and then, you know, saying, Okay, now we're gonna go compete. But how do you look at the market and the market data? Give us the update there. >>Yeah, I think. Dave, listen, you know, I like davinci statement. You know, simplicity is the greatest form of sophistication, and I think you've touched on something that which is cos we get bigger. You know, I've had the great privilege of working for two great companies. s a P and B M where the bulk of my last 15 plus years And if something I've learned, you know, it's very easy. Both companies was to throw these TLS three letter acronyms, okay? And I use an acronym and describing the three letter acronyms like er or s ex. I mean, they're all acronyms and a new employee who comes to this company. You know, Carol Property, for example. We just hired her from Google. Is our CMO her first comments like, My goodness, there is a lot of off acronyms here. I've gotta you need a glossary? I had the same reaction when I joined B. M or seven years ago and had the same reaction when I joined the S A. P 15 years ago. Now, of course, two or three years into it, you learn everything and it becomes part of your speed. We have toe constantly. It's like an accordion like you expanded by making it mawr of luminous and deep. But as you do that it gets complex, you then have to simplify it. And that's the job of all of us leaders and I this year, just exemplifying that I don't have it perfect. One of the gifts I do have this communication being able to simplify things. I recorded a five minute video off our five franchise pill. It's just so that the casual person didn't know VM where it could understand on. Then, when I'm on your shore and when on with Jim Cramer and CNBC, I try to simplify, simplify, simplify, simplify because the more you can talk and analogies and pictures, the more the casual user. I mean, of course, and some other audiences. I'm talking to investors. Get it on. Then, Of course, as you go deeper, it should be like progressive layers or feeling of an onion. You can get deeper. It's not like the entire discussion with Sanjay Putin on my team is like, you know, empty suit. It's a superficial discussion. We could go deeper, but you don't have to begin the discussion in the bowels off that, and that's really what we don't do. And then the other part of your question was, how do we think about new markets? You know, we always start with Listen, you sort of core in contact our borough come sort of Jeffrey Moore, Andi in the Jeffrey more context. You think about things that you do really well and then ask yourself outside of that what the Jason sees that are closest to you, that your customers are asking you to advance into on that, either organically to partnerships or through acquisitions. I think John and I talked about in the previous dialogue about the framework of build partner and by, and we always think about it in that order. Where do we advance and any of the moves we've made six years ago, seven years ago and I joined the I felt VM are needed to make a move into mobile to really cement opposition in end user computing. And it took me some time to convince my peers and then the board that we should by Air One, which at that time was the biggest acquisition we've ever done. Okay. Similarly, I'm sure prior to me about Joe Tucci, Pat Nelson. We're thinking about nice here, and I'm moving to networking. Those were too big, inorganic moves. +78 years of Raghu was very involved in that. The decisions we moved to the make the move in the public cloud myself. Rgu pack very involved in the decision. Their toe partner with Amazon, the change and divest be cloud air and then invested in organic effort around what's become the Claudia. That's an organic effort that was an acquisition fast forward to last year. It took me a while to really Are you internally convinced people and then make the move off the second biggest acquisition we made in carbon black and endpoint security cement the security story that we're talking about? Rgu did a similar piece of good work around ad monetization to justify that pivotal needed to come back in. So but you could see all these pieces being adjacent to the core, right? And then you ask yourself, Is that context meaning we could leave it to a partner like you don't see us get into the hardware game we're partnering with. Obviously, the players like Dell and HP, Lenovo and the smart Knick players like Intel in video. In Pensando, you see that as part of the Project Monterey announcement. But the adjacent seas, for example, last year into app modernization up the stack and into security, which I'd say Maura's adjacent horizontal to us. We're now made a lot more logical. And as we then convince ourselves that we could do it, convince our board, make the move, We then have to go and tell our customers. Right? And this entire effort of talking to CSOs What am I doing is doing the same thing that I did to my board last year, simplified to 15 minutes and get thousands of them to understand it. Received feedback, improve it, invest further. And actually, some of the moves were now making this year around our partnership in distributed Workforce Security and Cloud Security and Z scaler. What we're announcing an XDR and Security Analytics. All of the big announcements of security of this conference came from what we heard last year between the last 12 months of my last year. Well, you know, keynote around security, and now, and I predict next year it'll be even further. That's how you advance the puck every year. >>Sanjay, I want to get your thoughts. So now we have a couple minutes left. But we did pull the audience and the community to get some questions for you, since it's virtually wanted to get some representation there. So I got three questions for you. First question, what comes after Cloud and number two is VM Ware security company. And three. What company had you wish you had acquired? >>Oh, my goodness. Okay, the third one eyes gonna be the turkey is one, I think. Listen, because I'm gonna give you my personal opinion, and some of it was probably predates me, so I could probably safely So do that. And maybe put the blame on Joe Tucci or somebody else is no longer here. But let me kind of give you the first two. What comes after cloud? I think clouds gonna be with us for a long time. First off this multi cloud world, you just look at the moment, um, that AWS and azure and the other clouds all have. It's incredible on I think this that multi cloud from phenomenon. But if there's an adapt ation of it, it's gonna be three forms of cloud. People are really only focus today in private public cloud. You have to remember the edge and Telco Cloud and this pendulum off the right balance of workloads between the data center called it a private cloud. The public cloud on one end and the telco edge on the other end. I think we're in a really good position for workloads to really swing between all three of those locations. Three other part that I think comes as a sequel to Cloud is cloud native. All of the capabilities a serverless functions but also containers that you know. Obviously the one could think of that a sister topics to cloud but the entire world of containers. The other seat, uh, then cloud a cloud native will also be topics, but these were all fairly connected. That's how I'd answer the first question. A security company? Absolutely. We you know, we aspire to be one of the leading companies in cyber security. I don't think they will be only one. We have to show this by the wealth on breath of our customers. The revenue momentum we have Gartner ranking us or the analysts ranking us in top rights of magic quadrants being viewed as an innovator simplifying the stack. But listen, we weren't even on the radar. We weren't speaking of the security conferences years ago. Now we are. We have a billion dollar security business, 20,000 plus customers, really strong presences and network endpoint and workload and Cloud Security. The three Coppola's a lot more coming in Security analytics, Cloud Security distributed workforce Security. So we're here to stay. And if anything, BMR persist through this, we're planning for multi your five or 10 year timeframe. And in that course I mean, the competition is smaller. Companies that don't have the breadth and depth of the n words are Andy muscle and are going market. We just have to keep building great products and serving customer on the third man. There's so many. But I mean, I think Listen, when I was looking back, I always wondered this is before I joined so I could say the summit speculatively on. Don't you know, make this This is BMR. Sorry. This is Sanjay one's opinion. Not VM. I gotta make very, very clear. Well, listen, I would have if I was at BMO in 2012 or 2013. I would love to about service now then service. It was a great company. I don't even know maybe the company's talk, but then talk about a very successful company at that time now. Maybe their priorities were different. I wasn't at the company at the time, but I can speculate if that had happened, that would have been an interesting Now I think that was during the time of Paul Maritz here and and so on. So for them, maybe there were other priorities the company need to get done. But at that time, of course, today s so it's not as big of a even slightly bigger market cap than us. So that's not happening. But that's a great example of a good company that I think would have at that time fit very well with VM Ware. And then there's probably we don't look back and regret we move forward. I mean, I think about the acquisitions we have made the big ones. Okay, Nice era air watch pop in black. Pivotal. The big moves we've made in terms of partnership. Amazon. What? We're announcing this This, you know, this week within video and Z scaler. So you never look back and regret. You always look for >>follow up on that To follow up on that from a developer, entrepreneurial or partner Perspective. Can you share where the white spaces for people to innovate around vm Where where where can people partner and play. Whether I'm an entrepreneur in a garage or venture back, funded or say a partner pivoting and or resetting with Govind, where's the white spaces with them? >>I think that, you know, there's gonna be a number off places where the Tan Xue platform develops, as it kind of makes it relevant to developers. I mean, there's, I think the first way we think about this is to make ourselves relevant toe all of that ecosystem around the C I. C. D type apply platform. They're really good partners of ours. They're like, get lab, You know, all of the ways in which open source communities, you know will play alongside that Hash E Corp. Jay frog there number of these companies that are partnering with us and we're excited about all of their relevancy to tend to, and it's our job to go and make that marketplace better and better. You're going to hear more about that coming up from us on. Then there's the set of data companies, you know, con fluent. You know, of course, you've seen a big I p o of a snowflake. All of those data companies, we'll need a very natural synergy. If you think about the old days of middleware, middleware is always sort of separate from the database. I think that's starting to kind of coalesce. And Data and analytics placed on top of the modern day middleware, which is containers I think it's gonna be now does VM or play physically is a data company. We don't know today we're gonna partner very heavily. But picking the right set of partners been fluent is a good example of one on. There's many of the next generation database companies that you're going to see us partner with that will become part of that marketplace influence. And I think, as you see us certainly produce out the VM Ware marketplace for developers. I think this is gonna be a game changing opportunity for us to really take those five million developers and work with the leading companies. You know, I use the example of get Lab is an example get help there. Others that appeal to developers tie them into our developer framework. The one thing you learn about developers, you can't have a mindset. With that, you all come to just us. It's a very mingled village off multiple ecosystems and Venn diagrams that are coalescing. If you try to take over the world, the developer community just basically shuns you. You have to have a very vibrant way in which you are mingling, which is why I described. It's like, Listen, we want our developers to come to our conferences and reinvent and ignite and get the best experience of all those provide tools that coincide with everybody. You have to take a holistic view of this on if you do that over many years, just like the security topic. This is a multi year pursuit for us to be relevant. Developers. We feel good about the future being bright. >>David got five minutes e. >>I thought you were gonna say Zoom, Sanjay, that was That was my wildcard. >>Well, listen, you know, I think it was more recently and very fast catapult Thio success, and I don't know that that's clearly in the complete, you know, sweet spot of the anywhere. I mean, you know, unified collaboration would have probably put us in much more competition with teams and, well, back someone you always have to think about what's in the in the bailiwick of what's closest to us, but zooms a great partner. Uh, I mean, obviously you love to acquire anybody that's hot, but Eric's doing really well. I mean, Erica, I'm sure he had many people try to come to buy him. I'm just so proud of him as a friend of all that he was named to Time magazine Top 100. But what he's done is phenomenon. I think he could build a company that's just his important, his Facebook. So, you know, I encourage him. Don't sell, keep building the company and you'll build a company that's going to be, you know, the enterprise version of Facebook. And I think that's a tremendous opportunity to do this better than anybody else is doing. And you know, I'm as an immigrant. He's, you know, China. Born now American, I'm Indian born, American, assim immigrants. We both have a similar story. I learned a lot from him. I learned a lot from him, from on speed on speed and how to move fast, he tells me he learns a thing to do for me on scale. We teach each other. It's a beautiful friendship. >>We'll make sure you put in a good word for the Kiwi. One more zoom integration >>for a final word or the zoom that is the future Facebook of the enterprise. Whatever, Sanjay, Thank >>you for connecting with us. Virtually. It is a digital foundation. It is an unpredictable world. Um, it's gonna change. It could be software to find the operating models or changing you guys. We're changing how you serve customers with new chief up commercial customer officer you have in place, which is a new hire. Congratulations. And you guys were flexing with the market and you got a tailwind. So congratulations, >>John and Dave. Always a pleasure. We couldn't do this without the partnership. Also with you. Congratulations of Successful Cube. And in its new digital format, Thank you for being with us With VM world here on. Do you know all that you're doing to get the story out? The guests that you have on the show, they look forward, including the nonviable people like, Hey, can I get on the Cuban like, Absolutely. Because they look at your platform is away. I'm telling this story. Thanks for all you're doing. I wish you health and safety. >>I'm gonna bring more community. And Dave is, you know, and Sanjay, and it's easier without the travel. Get more interviews, tell more stories and tell the most important stories. And thank you for telling your story and VM World story here of the emerald 2020. Sanjay Poon in the chief operating officer here on the Cube I'm John for a day Volonte. Thanks for watching Cube Virtual. Thanks for watching.

>> Hi, I'm Peter Burris, Welcome to Wikibon's Action Item. (slow techno music) Once again Wikibon's research team is assembled, centered here in The Cube Studios in lovely Palo Alto, California, so I've got David Floyer and George Gilbert with me here in the studio, on the line we have Neil Raden and Jim Kobielus, thank you once again for joining us guys. This week we are going to talk about an issue that has been dominant consideration in the industry, but it's unclear exactly what direction it's going to take, and that is the role that open source is going to play in the next generation of solving problems with technology, or we could say the role that open source will play in future digital transformations. No one can argue whether or not open source has been hugely consequential, as I said it has been, it's been one of the major drivers of not only new approaches to creating value, but also new types of solutions that actually are leading to many of the most successful technology implementations that we've seen ever, that is unlikely to change, but the question is what formal open source take as we move into an era where there's new classes of individuals creating value, like data scientists, where those new problems that we're trying to solve, like problems that are mainly driven by the role that data as opposed to code plays, and that there are new classes of providers, namely service providers as opposed to product or software providers, these issues are going to come together, and have some pretty important changes on how open source behaves over the next few years, what types of challenges it's going to successfully take on, and ultimately how users are going to be able to get value out of it. So to start the conversation off George, let's start by making a quick observation, what has the history of open source been, take us through it kind of quickly. >> The definition has changed, in its first incarnation it was fixed UNIX fragmentation and the high price of UNIX system servers, meaning UNIX the proprietary UNIX's and the proprietary servers they were built, that actually rather quickly morphed into a second incarnation where it was let's take the Linux stack, Linux, Apache, MySQL, PHP, Python, and substitute that for the old incumbents, which was UNIX, BEA Web Logic, the J2E server and Oracle Database on an EMC storage device. So that was the collapse of the price of infrastructure, so really quickly then it morphed into something very, very different, which was we had the growth of the giant Internet scale vendors, and neither on pricing nor on capacity could traditional software serve their needs, so Google didn't quite do open source, but they published papers about what they did, those papers then were implemented. >> Like Map Produce. Yeah Map Produce, Big Table, Google File System, those became the basis of Hadoop which Yahoo open sourced. There is another incarnation going, that's probably getting near its end of life right now, which is sort of a hybrid, where you might take Kafka which is open source, and put sort of proprietary bits around it for management and things like that, same what Cloudera, this is called the open core model, it's not clear if you can build a big company around it, but the principle is, the principle for most of these is, the value of the software is declining, partly because it's open source, and partly because it's so easy to build new software systems now, and the hard part is helping the customer run the stuff, and that's where some of these vendors are capturing it. >> So let's David turn our attention to how that's going to turn into actual money. So in this first generation of open source, I think up until now, certainly Red Hat, Canonical have made money by packaging and putting forward distributions, that have made a lot of money, IBM has been one of the leaders in contributing open source, and then turning that into a services business, Cloudera, Horton Works, NapR, some of these other companies have not generated the same type of market presence that a Red Hat or Canonical have put forward, but that doesn't mean there aren't companies out there that have been very successful at appropriating significant returns out of open source software, mainly however they're doing it as George said, as a service, give us some examples. >> I think the key part of open source is providing a win-win environment, so that people are paid to do stuff, and what is happening now a lot is that people are putting stuff into open source in order that it becomes a standard, and also in order that it is maintained by the community as a whole. So those two functions, those two capabilities of being paid by a company often, by IBM or by whoever it is to do something on behalf of that company, so that it becomes a standard, so that it becomes accepted, that is a good business model, in the sense that it's win-win, the developer gets recognition, the person paying for it achieves their business objective of for example getting a standard recognized-- >> A volume. >> Volume, yes. >> So it's a way to get to volume for the technology that you want to build your business around. >> Yes, what I think is far more difficult in this area is application type software, so where open source has been successful, as George said is in the stacks themselves, the lower end of the stacks, there are a few, and they usually come from very very successful applications like Word, Microsoft Word, or things like that where they can be copied, and be put into open source, but even there they have around them software from a company, Red Hat or whoever it is, that will make it successful. >> Yes but open office wasn't that successful, get to the kind of, today we have Amazon, we have some of the hyper scalars that are using that open core model and putting forward some pretty powerful services, is that the new Red Hat, is that the new Canonical? >> The person who's made most money is clearly Amazon, they took open source code and made it robust, and made it in volume, those are the two key things you to have for success, it's got to be robust, it's got to be in volume, and it's very difficult for the open source community to achieve that on its own, it needs the support of a large company to do that, and it needs the value that that large company is going to get from it, for them to put those resources in. So that has been a very successful model a lot of people decry it because they're not giving back, and there's an argument-- >> They being Amazon, have not given back quite as much. >> Yes they have relatively very few commiters. I think that's more of a problem in the T&Cs of the open source contract, so those should probably be changed, to put more onus on people to give back into the pool. >> So let me stop you, so we have identified one thing that is likely going to have to be evolved as we move forward, to prevent problems, some of the terms and conditions, we try to ensure that there is that quid pro quo, that that win-win exists. So Jim Kobielus, let me ask you a question, open source has been, as David mentioned, open source has been more successful where there is a clear model, a clear target of what the community is trying to build, it hasn't been quite successful, where it is in fact is expected that the open source community is going to start with some of the original designs, so for example, there's an enormous plethora of big data tools, and yet people are starting to ask why is big data more successful, and partly it's because putting these tools together is so difficult. So are we going to see the type of artifacts and assets and technologies associated with machine learning, AI, deep learning et cetera, easily lend themselves to an open source treatment, what do you think? >> I think were going to see open source very much take off in the niches of the deep learning and machine learning AI space, where the target capabilities we've built are fairly well understood by our broad community. Machine learning clearly, we have a fair number of frameworks that are already well established, with respect to the core capabilities that need to be performed from modeling and training, and deployment of statistical models into applications. That's where we see a fair amount of takeoff for Tensor Flow, which Google built in an open source, because the core of deep learning in terms of the algorithm, in terms of the kinds of functions you perform to be able to take data and do feature engineering and algorithm selection are fairly well understood, so those are the kinds of very discreet capabilities for which open source code is becoming standard, but there's many different alternative frameworks for doing that, Tensor Flow being one of them, that are jostling for presence in the market. The term is commoditized, more of those core capabilities are being commoditized by the fact that there well understood and agreed to by a broad community. So those are the discrete areas we're seeing the open source alternatives become predominant, but when you take a Tensor Flow and combine it with a Spark, and with a Hadoop and a Kafka and broader collections of capabilities that are needed for robust infrastructure, those are disparate communities that each have their own participants committed and so forth, nobody owns that overall step, there's no equivalent of a lamp stack were all things to do with deep learning machine learning AI on an open source basis come to the fore. If some group of companies is going to own that broadening stack, that would indicate some degree of maturation for this overall ecosystem, that's not happening yet, we don't see that happening right now. >> So Jim, I want to, my bias, I hate the term commoditization, but I Want to unify what you said with something that David said, essentially what we're talking about is the agreement in a collaborative open way around the conventions of how we perform work that compute model which then turns into products and technologies that can in fact be distributed and regarded as a standard, and regarded as a commodity around which trading can take place. But what about the data side of things George, we have got, Jim's articulated I think a pretty good case, that we're going to start seeing some tools in the marketplace, it's going to be interesting to see whether that is just further layering on top of all this craziness that is happening in the big data world, and just adding to it in the ML world, but how does the data fit into this, are we going to see something that looks like open source data in the marketplace? >> Yes, yes, and a modified yes. Let me take those in two pieces. Just to be slightly technical, hopefully not being too pedantic, software used to mean algorithms and data structures, so in other words the recipe for what to do, and the buckets for where to put the data, that has changed in the data in terms of machine learning, analytic world where the algorithms and data are so tied together, the instances of the data, not the buckets, that the data changed the algorithms, the algorithms change the data, the significance of that is, when we build applications now, it's never done, and so you go, the construct we've been focusing on is the digital twin, more broadly defined than a smart device, but when you go from one vendor and you sort of partially build it, it's an evergreen thing, it's never done, then you go to the next vendor, but you need to be able to backport some core of that to the original vendor, so for all intents and purposes that's open source, but it boils down to actually the original Berkeley license for open source, not the Apache one everyone is using now. And remind me of the other question? >> The other issue is are we going to see datasets become open source like we see code bases and code fragments and algorithms becoming open source? >> Yes this is also, just the way Amazon made infrastructure commoditized and rentable, there are going to be many datasets were they used to be proprietary, like a Google web crawl, and Google knowledge graph of disambiguation people, places and things, some of these things are either becoming open source, or openly accessible by API, so when you put those resources together you're seeing a massive deflation, or a massive shrinkage in the capital intensity of building these sorts of apps. >> So Neil, if we take a look at where we are this far, we can see that there is, even though we're moving to a services oriented model, Amazon for example is a company that is able to generate commercial rents out of open source software, Jim has made a pretty compelling case that open source software can be, or will emerge out of the tooling world for some of these new applications, there are going to be some examples of datasets, or at least APIs to datasets that will look more open source like, so it's not inconceivable that we'll see some actual open source data, I think GDPR, and some other regulations, we're still early in the process of figuring out how we're going to turn data into commodity, using Jim's words. But what about the personnel, what about the people? There were reasons why developers moved to open source, some of the soft reasons that motivated them to do things, who they work with, getting the recognition, working on relevant projects, working with relevant technologies, are we going to see a similar set of soft motivators, diffuse into the data scientist world, so that these individuals, the real ones who are creating the real value, are going to have some degree of motivation to participate with each other collaborate with each other in an open source way, what do you think? >> Good question, I think the answer is absolutely true, but it's not unique to data scientists, academics, scientists in molecular biology, civil engineers, they all wannabe recognized by their peers, on some level beyond just their, just what they're doing in their organization, but there is another segment of data scientists that are just guys working for a paycheck, and generating predictive analysis and helping the company along and so forth, and that's what they're going to do. The whole open source thing, you remember object programming, you remember JavaBeans, you remember Web Services, we tried to turn developers into librarians, and when they wanted to develop something, you go to Github, I go to Github right now and I say I'm looking for a utility that can figure out why my face is so pink on this camera, I get 1000 listings of programs, and have no idea which ones work and which ones don't, so I think the whole open source thing is about to explode, it already has, in terms of piece parts. But I think managing in an organization is different, and when I say an organization, there's the Googles and the Amazons and so forth of the world, and then there's everybody else. >> Alright so we've identified an area where we can see some consequence of change where we can anticipate some change will be required to modernize the open source model, the licensing model, we see another one where the open source communities going to have to understand how to move from a product and code to a data and service orientation, can we think of any others? >> There is one other that I'd like to add to that, and that is compliance. You addressed it to some extent, but compliance brings some real-world requirements onto code and data, and you were saying earlier on that one of the options is bringing code and data so that they intermingle and change each other, I wonder whether that when you look at it from a compliance point of view will actually pass muster, because you need from a compliance point of view to prove, for example, in the health service, that it works, and it works the same way every time, and if you've got a set of code and data that doesn't work the same every time, you probably are going to get pushed back from the people who regularly health that this is not, you can't do it that way, you'll have to find another way to do it. But that again is, is at the same each time, so the point I'm making-- >> This is a bigger issue than just open source, this is an issue where the idea if continuous refinement of the code, and the data-- >> Automatic refinement. >> Automatic refinement, could in fact, we're going to have to change some compliance laws, is open source, is it possible the open source community might actually help us understand that problem? >> Absolutely, yes. >> I think that's a good point, I think that's a really interesting point, because you're right George, the idea of a continuous development, is not something that for example Serr Banes actually says I get this, Serr Banes actually says "Oh yeah, I get this." Serr Banes actually is like, yes the data, I acknowledge that this date is right, and I acknowledge the process by which it was created was read, now this is another subject, let's bring this up later, but I think it's relevant here, because in many respects it's a difference between an income statement and balance sheet right? Saying it's good now, is kind of like the income statement, but let's come back to this, because I think it's a bigger issue. You're asserting the open source community in fact may help solve this problem by coming up with new ways of conceiving say versioning of things, and stamping things and what is a distribution, what isn't a distribution, with some of these more tightly bound sets of-- >> What we find normally is that-- >> Jim: I think that we are going to-- >> Peter: Go on Jim. >> Just to elaborate on what Peter was talking about, that whole theme, I think what we're going to see is more open source governance of models and data, within distributed development environments, using technologies like block chain as a core enabler for these workflows, for these as it were general distributed hyper ledgers indicate the latest and greatest version of a given dataset, or a given model being developed somewhere around some common solution domain, I think those kinds of environments for governance will become critically important, as this pipeline for development and training and deployment of these assets, gets ever more distributed and virtual. >> By the way Jim I actually had a conversation with a very large open source distribution company a few months ago about this very point, and I agree, I think blockchain in fact could become a mechanism by which we track intellectual property, track intellectual contributions, find ways to then monetize those contributions, going back to what you were saying David, and perhaps that becomes something that looks like the basis of a new business model, for how we think about how open source goes after these looser, goosier problems. >> But also to guarantee integrity without going through necessarily a central-- >> Very important, very important because at the end of the day George-- >> It's always hard to find somebody to maintain. >> Right, big companies, one of the big challenges that companies today are having is that they do open source is that they want to be able to keep track of their intellectual property, both from a contribution standpoint, but also inside their own business, because they're very, very concerned that the stuff that they're creating that's proprietary to their business in a digital sense, might leave the building, and that's not something a lot of banks for example want to see happen. >> I want to stick one step into this logic process that it think we haven't yet discussed, which is, we're talking about now how end customers will consume this, but there still a disconnect in terms of how the open source software vendor's or even hybrid ones can get to market with this stuff, because between open source pricing models and pricing levels, we've seen a slow motion price collapse, and the problem is that, the new go to market motion is actually made up of many motions, which is discover, learn, try, buy, recommend, and within each of those, the motion was different, and you hear it's almost like a reflex, like when your doctor hit you on the knee and your leg kind of bounced, everybody says yeah we do land and expand, and land was to discover, learn, try augmented with inside sales, the recommend and standardizes still traditional enterprise software where someone's got to talk to IT and procurement about fitting into the broader architecture, and infrastructure of the firm, and to do that you still need what has always been called the most expensive migratory workforce in the world, which is an enterprise sales force. >> But I would suggest there's a big move towards standardization of stacks, true private cloud is about having a stack which is well established, and the relationship between all the different piece parts, and the stack itself is the person who is responsible for putting that stack and maintaining that stack. >> So for a moment pretend that you are a CIO, are you going to buy OpenStack or are you going to buy the Vmware stack? >> I'm going to buy Vmware stack. >> Because that's about open source? >> No, the point I'm saying is that those open source communities or pieces, would then be absorbed into the stack as an OEM supplier as opposed to a direct supplier and I think that's true for all of these stacks, if you look at the stack for example and you have code from Netapp or whatever it is that's in that code and they're contributing It You need an OEM agreement with that provider, and it doesn't necessarily have to be open source. >> Bottom line is this stuff is still really, really complicated. >> But this model of being an OEM provider is very different from growing an enterprise sales force, you're selling something that goes into the cost of goods sold of your customer, and that the cost of goods sold better be less than 15 percent, and preferably less than five percent. >> Your point is if you can't afford a sales force, an OEM agreement is a much better way of doing it. >> You have to get somebody else's sales force to do it for you. So look I'm going to do the Action Item on this, I think that this has been a great conversation again, David, George, Neil, Jim, thanks a lot. So here's the Action Item, nobody argues that open source hasn't been important, and nobody suggests that open source is not going to remain important, what we think based on our conversation today is that open source is going to go through some changes, and those changes will occur as a consequence of new folks that are going to be important to this like data scientists, to some of the new streams of value in the industry, may not have the same motivations that the old developer world had, new types of problems that are inherently more data oriented as opposed process-oriented, and it's not as clear that the whole concept of data as an artifact, data as a convention, data as standards and commodities, are going to be as easy to define as it was in the cold world. As well as ultimately IT organizations increasingly moving towards an approach that focused more on the consumption of services, as opposed to the consumption of product, so for these and many other reasons, our expectation is that the open source community is going to go through its own transformation as it tries to support future digital transformations, current and future digital transformations. Now some of the areas that we think are going to be transformed, is we expect that there's going to be some pressure on licensing, we think there's going to be some pressure in how compliance is handled, and we think the open source community may in fact be able to help in that regard, and we think very importantly that there will be some pressure on the open source community trying to rationalize how it conceives of the new compute models, the new design models, because where open source always has been very successful is when we have a target we can collaborate to replicate and replace that target or provide a substitute. I think we can all agree that in 10 years we will be talking about how open source took some time to in fact put forward that TPC stack, as opposed to define the true private cloud stack. So our expectation is that open source is going to remain relevant, we think it's going to go through some consequential changes, and we look forward to working with our clients to help them navigate what some of those changes are, both as commiters, and also as consumers. Once again guys, thank you very much for this week's Action Item, this is Peter Barris, and until next week thank you very much for participating on Wikibon's Action Item. (slow techno music)

>> Narrator: Live, from San Francisco. It's the CUBE. Covering Oracle Open World 2016. Brought to you by Oracle. Now, here's your host: John Furrier and Peter Burris. (Music) (Background Noise) >> Okay, welcome back everyone. We are here, live at Oracle OpenWorld 2016. This is SiliconANGLE Media, it's The CUBE. Our flagship program, we go out to the events and extract the signal from the noise. I'm John Furrier, the co-CEO of SiliconANGLE, with Peter Burris, head of research for SiliconANGLE Media, as well as General Manager of Wikibon Research. Our next guest, I'm excited to have him back because he's a product guy and we love to go deep into the products. CUBE alumni, Juan Loaiza Senior Vice President of Database Technologies, veteran of Oracle, welcome back to The CUBE. Great to see you. >> Thanks, great to be here. >> Love talking to the product guys on the development side because we get to go deep into the road map. And we're going to try to get as much information out of you as possible. But you'll do your best to hold back, like you did last year. Only kidding. >> I know. (laughter) >> Okay no. >> You must have me confused with somebody else. (laughter) >> Maybe that was Larry Ellison, well he hasn't been on yet. Larry, we'll get you on. >> He's not so good at holding back either. (laughter) >> That's why we don't let him on. That's why they won't let him on, I think. That's, Larry would be too comfortable in The CUBE. No, in all seriousness, joking aside, the hottest areas right now is in your wheel house. Engineered systems, which is going to be a real enabler for Oracle on the performance side. And as you make your own chips, ZF SPARC and Exodeum All this other cool stuff is going to go faster, faster, faster, lower cost, higher performance. The database... >> Better security. Better availability. >> Security, I mean. Amazing stuff. But the database is where the crown jewel is for Oracle, always has been. Before you put Web Logic on it, make it sticky. But now you've got the cloud. The cloud is a environment for great opportunity for the database, business and other databases, some Oracle, some not Oracle. What's going on with the database and the Cloud? Can you take a minute to explain the current situation? >> Yeah, so that's a big question. (laughter) What's going on? So what do you want to start with database or do you want to start out with the Cloud? >> John: Let's start with the database. What's going on with the database? And what does that mean for customers as it moves to the cloud? >> Yeah. So, database we're in the process of releasing our next big database. We don't release databases very often. It only really happens every few years. It's a very big deal. So, what we're trying to do with our next generation database is modernize the whole infrastructure, adjust to a lot of the big transformations that are happening in the marketplace. So among those are things like big data. Where do we go with big data? So, with our new generation database we're making big database and database work seamlessly together. So we have something called big data SOQL, where we can query data regardless of whether it's in Hadoop, NoSQL, Oracle. It's completely transparent. So customers no longer have these silos of information. Another big thing in database is datatype search engine. So new generation wanted JSON, it's called JSON, which is a new data format, so it's used in javascripts. So web developers develop in javascript. They represent data in JSON. And then they say, hey. I don't want to take my JSON data and convert it to relational data. It's a big pain. >> John: True. So, one of the things we've done in our new generation 12-step database was say, hey. Take that JSON, we'll put that directly into the database. We'll allow it to be queried. We'll make it highly available >> John: Without a schema. Without any kind of a schema, >> Nothing. >> just throw it in there unstructured. >> Juan: Just throw it in there. That's right. So we've made it very simple for new-age developers to use JSON with databases. That's another really big thing that's happening. >> So tell us what, just let's double down on that for a second. JSON has been a big trend in API based systems, lot of abilities in JSON endpoints. For user experience, whether it's mobile or web, very prevalent now. Pretty much standard. >> Juan: Yes. >> How does that get rendered itself from a customer's perspective? Are you saying that Oracle will just onboard it into the database itself? Or is it a separate product? Or is it, I mean... >> - [Juan] Directly into the data. So we have native JSON directly into the data. We've essentially added JSON as a datatype. We've added the sequel, we have SOQL extensions. You can access JSON like an index... >> John: So, I can run in single queries on JSON? >> You can, exactly right. You can very simply run SOQL queries on JSON. >> And what's the impact to the customer? >> Juan: And all the stuff that comes with that. >> John: And what does that solve? What problem does that solve? >> It solves two problems. One is, people like that datatype. So new-age developers, they're writing in javascript. They have JSON and they just want to use it. So they don't have to convert it. >> John: Which by the way, everyone's running in javascripts. >> Right, that's right. That's the big programming language. And the other thing is unstructured data. So, data that's not structured initially, that every piece of data has its own structure. So it's a representation for saying, that dynamic, unstructured representation that's very standard in the industry. A little bit like XML used to be before. JSON is kind of the new XML, the new-age XML. >> John: Yeah, that's true. How about the data lay concept? Because Hadoop as a market, just didn't make it, right? I mean, it's out, Hadoop is out there >> Juan: Yes. SPARC is certainly relevant because you have, you know, that kind of use space and memory and faster processing. But the real power is that that a batch oriented data set. As things like Hadoop and SPARC evolve, how does that relate to Oracle's product road map? >> Juan: Yeah, so we have our own Hadoop big data plans, where we run a cloudera-based Hadoop product and what we're trying to do is make those work seamlessly with existing databases. So there's certain kinds of workload and applications that hadoop is really good for. You know, kind of a frivolous example is if you want to find cats in pictures, you're not going to do that with an Oracle database. So you know, here's a billion pictures. Find all the pictures that contain cats. Not a good application for Oracle, right? On the other hand, if you're running analytic queries against relational data that's perfect for Oracle. So we see that these technologies can coexist. So there's certain kinds of applications that are really good for that dual kind of work. Or that certain kind of applications are really good for relational. And what we need to do is make sure that these things run seamlessly. >> John: What's the glue between those two layers? >> Peter: Well that's just it, there's even more applications where they're going to want to use both. >> That's right. That's right. We can't, >> So, what's the glue? >> Eventually everyone goes to both, right? >> Peter: Yeah, so what's the glue? What is that glue? >> Well, there's a number of glues that we built. Which is, one is called big data SOQL. It lets you query seamlessly across them. We also have connectors that let you move data seamlessly between them. So, those are kind of the main glues between them. >> So one of the things that we've observed is that, to John's point, there's been a lot more downloads of hadoop than we've seen go into production. It's become a very, very complex ecosystem and it's got some limitations, batch-oriented, et cetera. The challenge that businesses have is that they try to run pilots around hadoop, because they find themselves piloting the hardware, hadoop, the clusters, all the way up to the use case. And a lot of times they end up failing. How does something like the big data pliers facilitate piloting? Because it looks like it should reduce the complexity of the infrastructure and give people the opportunity to spend more time on the use case. >> I mean, you've got it exactly right. Which is, you know, there's some people that are hobbyists. Right, like there's people that want to build their own log cabins. They want to cut their own trees, kind of build their own planks and put together their log cabin. And that's kind of how hadoop started. It was kind of a hobbyist model, right? And hadoop has kind of moved to the next level. Now, it's people that want to get stuff done. And it's like, I don't want to chop trees. You know, I want to be living in a, just give me a house. >> John: Well actually, I wouldn't say hobbyist. I mean Yahoo had a need, they needed log cabins. >> Right. >> So they built one. You know, but it was a use case. The web scaler guys needed an unstructured... >> Right. >> It has to be scalable. >> But a lot of people are very much, kind of thinking build your own. So now a lot of people want a solution. They're like, you know, I don't want to be building this. So that's where big data plans come in. Because it's a complete solution. It includes the hardware, it's been pre-tubed, pre-optimized. It includes the cloudera software. It includes all our connectors and it includes support for the whole thing. Because that's the other part. You know when you put together your own house, who are you going to call when it leaks? Right? You're on your own when it leaks. If Oracle puts it together, we can support the entire staff when you have any kind of issue, any kind of problem. And that's the kind of stuff enterprises want. It's not a hobby anymore once it becomes an enterprise >> Peter: So given that we're in a big data universe right now, where we've got use case that are proliferating very fast and we have limited experience about them. But the technologies underlying that we're deploying to build those use cases are also proliferating very fast. Is it going to be possible for the open source model that presumes downloads, try buy, not sales people, not a lot of learning, not a lot of hand-holding to make it possible to fix that whole thing or make it all come together? Or is a company like Oracle going to have to step in and take some responsibility for guiding how the market evolves? >> Yes, so open source and Oracle can work together. I mean, we have Lennox distributions. We own MYSOQL. So Oracle and Open Source is... >> Peter: You're not at odds. >> That's right. We, in fact, are one of the major Open Source companies in the world. But you know, like I said, real businesses are in it as a hobby. They want a solution. They're looking at this as a tool. And a lot of times they want somebody that can support it, that can physically assure that it's going to work for them. And they have someone they can call. It's not just hey, I'm going to post a message on a message board and hope that somebody responds. Right? I mean when you have, you know, airplanes in the air. when you have, you know, dollars flying across the network. You need a solution. You need somebody you can call and you can guarantee is going to solve the problem. And also that can ensure that the technology moves in the right direction, takes into account what users want. And that, you know, a certain level of quality and assurance is built into it. >> Peter: So let's build on that. When you look at the future of database, what do you see? >> Juan: Well, there's a lot of different, so database is in a very big change. There's some big changes happening in the database world right now. More than probably ever before. One that we've been kind of talking about is sort of this big data hadoop. Another thing is JSON. Another area is in-memory is a very big change that is happening in databases. The whole moving into in-memory, into these different kinds of formats. Along with that, Oracle is pioneering moving database algorithms directly into the chips. The chip technology, to make it run dramatically faster, to make it more available, make it more secure. That's another big thing. Building multitenancy directly into the database, that's another big area that Oracle is pioneering. Instead of having it, kind of cloudify the database directly, negatively inside the database. Another big area that we've been working on is putting native sharding of databases directly into the database. >> How about data protection? >> Well that's in the multitenancy, right? Take me through the multitenancy a little bit. How does multitenancy inside the database going to work? >> Well, okay. So that's what we call our multitenant database. It's a little bit like VM. So, Vms say, hey it looks like I have a physical machine. But in fact I have a fraction of a machine. It looks like, it looks to me like a physical machine. In fact, it's a virtual machine. >> Peter: Okay. >> We're doing the same kind of thing with the database. So it looks like I have a physical database to the application. But in fact, you're sharing a database among many users. So what is the advantage of that? The advantage of that is we don't have one database. Or thousands of databases anymore. So many of our customers have deployed thousands of databases. It becomes a huge maintenance headache to have thousands of databases. Especially in today's security world where you have to constantly patch and update these things. You can't just kind of leave them alone anymore. So if you have a small number of physical databases and lots of virtual databases it completely saves costs. It's more agile. Opex lower. Capex lower. That's the new world of multitenant cloud data. >> John: Also it's brand new with appliances. And I want to get your thoughts on last year the big range that I liked was this zero data loss >> Recovery plan, yes >> ZDLRA. >> Juan: That's right. You got it right. >> What's the, I mean very fascinating, basically zero data loss. >> Peter: It's cool technology. >> Juan: Yes. So what is, is that still on the, out there? What's going on with that? >> Zero data loss and recovery parts is our fastest growing appliance right now. >> John: It is? >> Yes. Easily. It's been very well received by the market. We have some of the biggest banks now, running it. Financial institutions, retailers. Why? Because its a very simple value proposition. Which is, hey I want to protect my data in a way that it's constantly protected that I don't lose any data. In a way that is scalable. In a way that offloads my production database. It's a very simple... >> That's a grace saving situation, right? So like the people that have these security breaches, is this where that fits? Where's the use case for ZDLRA? >> ZDLRA is not security, it's about availability. >> John: Okay, so if someone basically shuts the data center down. >> Right. If that database becomes corrupted... >> John: In one region. >> If there's some natural disaster. If there's a bomb. If there's a whatever. Is my data protected? Will I lose anything? Nobody can afford to lose data anymore. In the old days, when you did a backup, you did a nightly backup and then if something happened, then you'd restore it. Well guess what? That doesn't work anymore. We're too dependent. So, nobody wants to lose their airline records. Nobody wants to lose their bank records. Nobody wants to lose their retail records. We can't afford to lose data anymore. We need a solution that's zero data loss. >> I'm surprised aren't, there's not more fanfare at the show about that. I was really impressed last year I'm glad to hear it's doing well. Containers. Database containers. >> Juan: Yes. This is something that we talked about a little bit last time. >> Juan: That's the same as multitenants. >> Okay. That's multitenancy. >> Juan: It's different terminology for that. >> okay, now cloud based databases. Now we get to the cloud. Where does all this go to the cloud. >> Okay, so you know traditionally customers deployed on premeses. what we're doing now is we're taking the Oracle database that we've developed the last 40 years. It's the most sophisticated database in the world. And we're moving it onto the cloud. So what does the customer get? They get, they can provision it instantly. So you go onto our website and say I want a database. Here's the size. Here's the number of CPUs I want. Boom. They get it. They pay monthly instead of paying upfront. They don't pay for the licenses. They just pay us a monthly fee. And then Oracle operates the whole thing. It's like, I don't want manage it. I just want to use it. So that's the benefit of the cloud. I go somewhere. I need a database. I get it right away. I don't have to mess with it. And I pay monthly. >> John: So the Oracle, on your Oracle cloud you would then deploy all those other goodness, ZDLRA, all the other technology >> Juan: All that stuff, yes. (crosstalk) behind the curtain, so to speak. >> Juan: So we have a range of offerings in our cloud. So we have a regular database service. We have an enterprise service. And then we have a high end service, an exit data cloud service, right? >> That runs our exit data. Super fast, super available. And then we have something called exit data express, which is the lowest cost cloud database in the world. So we have kind of three things, depending on what the customer wants. They want a smaller database for really low cost. They want a super mission critical, high performance database or they kind of want something in the middle. So we span the whole range. And, by the way, our high end is higher than anybody else. Our low end is lower cost than anybody else. So we span a bigger range than anyone else. >> You know Juan, next year we need to get an hour with you. >> Juan: Yes. >> To cover all the... >> Juan: It's a lot of topics. >> No. You're a great guest. And you have a lot of experience and a lot of, and we appreciate the insight. I'll give you the final word, I want to get one more answer out of you because you're awesome. You're sharing great insight. For the folks watching, what's the one thing or one or two, three things they should know about Oracle, Cloud, the technology, the database? The things going on at Oracle that they may not be hearing about it could be the best selling things. Something that's not on the main stream press reporting. >> Well, you know our Oracle cloud is pretty simple. I mean, the main thing to understand is that it's 100% compatible with databases on premises. So it's very easy to move workloads back and forth. That's the main thing. And the other thing is, we are, we use the exact same infrastructure. So we've been developing, for example, our exit data product, which is kind of the precursor to cloud. It's a very specialized database system run on premises. And now we're running that in the cloud. So again, the customer can get the exact same thing. And our latest offering is cloud at customer. So we take those same cloud attributes and we can put them >> John: It's the cloud machine, right? >> inside the customer database. >> Juan: Yeah, so we have a cloud machine, an exelated cloud machine, and a big data cloud machine. >> John: So customers get all the choices of Oracle. >> That's right. So the customer has full choice, they can move to the cloud if and when they want at the speed they want. They can move back and forth. They can do disaster recovery in the cloud. They can do backup in the cloud. They can do development in the cloud. So all these range of offerings, all these range of choices are now the customers. >> So true or false? Larry Ellison is the master at the long game? >> Juan: Larry thinks long term, absolutely. >> John: Of course, true. >> Yes, absolutely. He's brilliant and he's shown it over and over again. >> I agree, big fan. Yesterday's key note, Larry could've done better. But he was too busy getting all those announcements out that he was mailing in at the end. It was so many announcements. >> Juan: It's hard these days because Oracle, there's so much happening at Oracle. There's so much happening at Oracle. Juan, Thanks so much for spending your valuable time with us at the CUBE, we really appreciate it. This is SiliconANGLE Media's The CUBE. We go out to the events I'm John Furrier, Juan Loaiza Senior Vice President Juan Laoiza, Senior Vice President of Database Platform Services. Live in San Francisco. We'll be right back. (Music)