(light airy music) >> Hello, everyone, welcome to theCUBE's presentation of the AWS Startup Showcase, AI and machine learning. "Top Startups Building Generative AI on AWS." This is season three, episode one of the ongoing series covering the exciting startups from the AWS ecosystem, talking about AI machine learning. We have three great guests Bratin Saha, VP, Vice President of Machine Learning and AI Services at Amazon Web Services. Tom Mason, the CTO of Stability AI, and Aidan Gomez, CEO and co-founder of Cohere. Two practitioners doing startups and AWS. Gentlemen, thank you for opening up this session, this episode. Thanks for coming on. >> Thank you. >> Thank you. >> Thank you. >> So the topic is hype versus reality. So I think we're all on the reality is great, hype is great, but the reality's here. I want to get into it. Generative AI's got all the momentum, it's going mainstream, it's kind of come out of the behind the ropes, it's now mainstream. We saw the success of ChatGPT, opens up everyone's eyes, but there's so much more going on. Let's jump in and get your early perspectives on what should people be talking about right now? What are you guys working on? We'll start with AWS. What's the big focus right now for you guys as you come into this market that's highly active, highly hyped up, but people see value right out of the gate? >> You know, we have been working on generative AI for some time. In fact, last year we released Code Whisperer, which is about using generative AI for software development and a number of customers are using it and getting real value out of it. So generative AI is now something that's mainstream that can be used by enterprise users. And we have also been partnering with a number of other companies. So, you know, stability.ai, we've been partnering with them a lot. We want to be partnering with other companies as well. In seeing how we do three things, you know, first is providing the most efficient infrastructure for generative AI. And that is where, you know, things like Trainium, things like Inferentia, things like SageMaker come in. And then next is the set of models and then the third is the kind of applications like Code Whisperer and so on. So, you know, it's early days yet, but clearly there's a lot of amazing capabilities that will come out and something that, you know, our customers are starting to pay a lot of attention to. >> Tom, talk about your company and what your focus is and why the Amazon Web Services relationship's important for you? >> So yeah, we're primarily committed to making incredible open source foundation models and obviously stable effusions been our kind of first big model there, which we trained all on AWS. We've been working with them over the last year and a half to develop, obviously a big cluster, and bring all that compute to training these models at scale, which has been a really successful partnership. And we're excited to take it further this year as we develop commercial strategy of the business and build out, you know, the ability for enterprise customers to come and get all the value from these models that we think they can get. So we're really excited about the future. We got hugely exciting pipeline for this year with new modalities and video models and wonderful things and trying to solve images for once and for all and get the kind of general value and value proposition correct for customers. So it's a really exciting time and very honored to be part of it. >> It's great to see some of your customers doing so well out there. Congratulations to your team. Appreciate that. Aidan, let's get into what you guys do. What does Cohere do? What are you excited about right now? >> Yeah, so Cohere builds large language models, which are the backbone of applications like ChatGPT and GPT-3. We're extremely focused on solving the issues with adoption for enterprise. So it's great that you can make a super flashy demo for consumers, but it takes a lot to actually get it into billion user products and large global enterprises. So about six months ago, we released our command models, which are some of the best that exist for large language models. And in December, we released our multilingual text understanding models and that's on over a hundred different languages and it's trained on, you know, authentic data directly from native speakers. And so we're super excited to continue pushing this into enterprise and solving those barriers for adoption, making this transformation a reality. >> Just real quick, while I got you there on the new products coming out. Where are we in the progress? People see some of the new stuff out there right now. There's so much more headroom. Can you just scope out in your mind what that looks like? Like from a headroom standpoint? Okay, we see ChatGPT. "Oh yeah, it writes my papers for me, does some homework for me." I mean okay, yawn, maybe people say that, (Aidan chuckles) people excited or people are blown away. I mean, it's helped theCUBE out, it helps me, you know, feed up a little bit from my write-ups but it's not always perfect. >> Yeah, at the moment it's like a writing assistant, right? And it's still super early in the technologies trajectory. I think it's fascinating and it's interesting but its impact is still really limited. I think in the next year, like within the next eight months, we're going to see some major changes. You've already seen the very first hints of that with stuff like Bing Chat, where you augment these dialogue models with an external knowledge base. So now the models can be kept up to date to the millisecond, right? Because they can search the web and they can see events that happened a millisecond ago. But that's still limited in the sense that when you ask the question, what can these models actually do? Well they can just write text back at you. That's the extent of what they can do. And so the real project, the real effort, that I think we're all working towards is actually taking action. So what happens when you give these models the ability to use tools, to use APIs? What can they do when they can actually affect change out in the real world, beyond just streaming text back at the user? I think that's the really exciting piece. >> Okay, so I wanted to tee that up early in the segment 'cause I want to get into the customer applications. We're seeing early adopters come in, using the technology because they have a lot of data, they have a lot of large language model opportunities and then there's a big fast follower wave coming behind it. I call that the people who are going to jump in the pool early and get into it. They might not be advanced. Can you guys share what customer applications are being used with large language and vision models today and how they're using it to transform on the early adopter side, and how is that a tell sign of what's to come? >> You know, one of the things we have been seeing both with the text models that Aidan talked about as well as the vision models that stability.ai does, Tom, is customers are really using it to change the way you interact with information. You know, one example of a customer that we have, is someone who's kind of using that to query customer conversations and ask questions like, you know, "What was the customer issue? How did we solve it?" And trying to get those kinds of insights that was previously much harder to do. And then of course software is a big area. You know, generating software, making that, you know, just deploying it in production. Those have been really big areas that we have seen customers start to do. You know, looking at documentation, like instead of you know, searching for stuff and so on, you know, you just have an interactive way, in which you can just look at the documentation for a product. You know, all of this goes to where we need to take the technology. One of which is, you know, the models have to be there but they have to work reliably in a production setting at scale, with privacy, with security, and you know, making sure all of this is happening, is going to be really key. That is what, you know, we at AWS are looking to do, which is work with partners like stability and others and in the open source and really take all of these and make them available at scale to customers, where they work reliably. >> Tom, Aidan, what's your thoughts on this? Where are customers landing on this first use cases or set of low-hanging fruit use cases or applications? >> Yeah, so I think like the first group of adopters that really found product market fit were the copywriting companies. So one great example of that is HyperWrite. Another one is Jasper. And so for Cohere, that's the tip of the iceberg, like there's a very long tail of usage from a bunch of different applications. HyperWrite is one of our customers, they help beat writer's block by drafting blog posts, emails, and marketing copy. We also have a global audio streaming platform, which is using us the power of search engine that can comb through podcast transcripts, in a bunch of different languages. Then a global apparel brand, which is using us to transform how they interact with their customers through a virtual assistant, two dozen global news outlets who are using us for news summarization. So really like, these large language models, they can be deployed all over the place into every single industry sector, language is everywhere. It's hard to think of any company on Earth that doesn't use language. So it's, very, very- >> We're doing it right now. We got the language coming in. >> Exactly. >> We'll transcribe this puppy. All right. Tom, on your side, what do you see the- >> Yeah, we're seeing some amazing applications of it and you know, I guess that's partly been, because of the growth in the open source community and some of these applications have come from there that are then triggering this secondary wave of innovation, which is coming a lot from, you know, controllability and explainability of the model. But we've got companies like, you know, Jasper, which Aidan mentioned, who are using stable diffusion for image generation in block creation, content creation. We've got Lensa, you know, which exploded, and is built on top of stable diffusion for fine tuning so people can bring themselves and their pets and you know, everything into the models. So we've now got fine tuned stable diffusion at scale, which is democratized, you know, that process, which is really fun to see your Lensa, you know, exploded. You know, I think it was the largest growing app in the App Store at one point. And lots of other examples like NightCafe and Lexica and Playground. So seeing lots of cool applications. >> So much applications, we'll probably be a customer for all you guys. We'll definitely talk after. But the challenges are there for people adopting, they want to get into what you guys see as the challenges that turn into opportunities. How do you see the customers adopting generative AI applications? For example, we have massive amounts of transcripts, timed up to all the videos. I don't even know what to do. Do I just, do I code my API there. So, everyone has this problem, every vertical has these use cases. What are the challenges for people getting into this and adopting these applications? Is it figuring out what to do first? Or is it a technical setup? Do they stand up stuff, they just go to Amazon? What do you guys see as the challenges? >> I think, you know, the first thing is coming up with where you think you're going to reimagine your customer experience by using generative AI. You know, we talked about Ada, and Tom talked about a number of these ones and you know, you pick up one or two of these, to get that robust. And then once you have them, you know, we have models and we'll have more models on AWS, these large language models that Aidan was talking about. Then you go in and start using these models and testing them out and seeing whether they fit in use case or not. In many situations, like you said, John, our customers want to say, "You know, I know you've trained these models on a lot of publicly available data, but I want to be able to customize it for my use cases. Because, you know, there's some knowledge that I have created and I want to be able to use that." And then in many cases, and I think Aidan mentioned this. You know, you need these models to be up to date. Like you can't have it staying. And in those cases, you augmented with a knowledge base, you know you have to make sure that these models are not hallucinating. And so you need to be able to do the right kind of responsible AI checks. So, you know, you start with a particular use case, and there are a lot of them. Then, you know, you can come to AWS, and then look at one of the many models we have and you know, we are going to have more models for other modalities as well. And then, you know, play around with the models. We have a playground kind of thing where you can test these models on some data and then you can probably, you will probably want to bring your own data, customize it to your own needs, do some of the testing to make sure that the model is giving the right output and then just deploy it. And you know, we have a lot of tools. >> Yeah. >> To make this easy for our customers. >> How should people think about large language models? Because do they think about it as something that they tap into with their IP or their data? Or is it a large language model that they apply into their system? Is the interface that way? What's the interaction look like? >> In many situations, you can use these models out of the box. But in typical, in most of the other situations, you will want to customize it with your own data or with your own expectations. So the typical use case would be, you know, these are models are exposed through APIs. So the typical use case would be, you know you're using these APIs a little bit for testing and getting familiar and then there will be an API that will allow you to train this model further on your data. So you use that AI, you know, make sure you augmented the knowledge base. So then you use those APIs to customize the model and then just deploy it in an application. You know, like Tom was mentioning, a number of companies that are using these models. So once you have it, then you know, you again, use an endpoint API and use it in an application. >> All right, I love the example. I want to ask Tom and Aidan, because like most my experience with Amazon Web Service in 2007, I would stand up in EC2, put my code on there, play around, if it didn't work out, I'd shut it down. Is that a similar dynamic we're going to see with the machine learning where developers just kind of log in and stand up infrastructure and play around and then have a cloud-like experience? >> So I can go first. So I mean, we obviously, with AWS working really closely with the SageMaker team, do fantastic platform there for ML training and inference. And you know, going back to your point earlier, you know, where the data is, is hugely important for companies. Many companies bringing their models to their data in AWS on-premise for them is hugely important. Having the models to be, you know, open sources, makes them explainable and transparent to the adopters of those models. So, you know, we are really excited to work with the SageMaker team over the coming year to bring companies to that platform and make the most of our models. >> Aidan, what's your take on developers? Do they just need to have a team in place, if we want to interface with you guys? Let's say, can they start learning? What do they got to do to set up? >> Yeah, so I think for Cohere, our product makes it much, much easier to people, for people to get started and start building, it solves a lot of the productionization problems. But of course with SageMaker, like Tom was saying, I think that lowers a barrier even further because it solves problems like data privacy. So I want to underline what Bratin was saying earlier around when you're fine tuning or when you're using these models, you don't want your data being incorporated into someone else's model. You don't want it being used for training elsewhere. And so the ability to solve for enterprises, that data privacy and that security guarantee has been hugely important for Cohere, and that's very easy to do through SageMaker. >> Yeah. >> But the barriers for using this technology are coming down super quickly. And so for developers, it's just becoming completely intuitive. I love this, there's this quote from Andrej Karpathy. He was saying like, "It really wasn't on my 2022 list of things to happen that English would become, you know, the most popular programming language." And so the barrier is coming down- >> Yeah. >> Super quickly and it's exciting to see. >> It's going to be awesome for all the companies here, and then we'll do more, we're probably going to see explosion of startups, already seeing that, the maps, ecosystem maps, the landscape maps are happening. So this is happening and I'm convinced it's not yesterday's chat bot, it's not yesterday's AI Ops. It's a whole another ballgame. So I have to ask you guys for the final question before we kick off the company's showcasing here. How do you guys gauge success of generative AI applications? Is there a lens to look through and say, okay, how do I see success? It could be just getting a win or is it a bigger picture? Bratin we'll start with you. How do you gauge success for generative AI? >> You know, ultimately it's about bringing business value to our customers. And making sure that those customers are able to reimagine their experiences by using generative AI. Now the way to get their ease, of course to deploy those models in a safe, effective manner, and ensuring that all of the robustness and the security guarantees and the privacy guarantees are all there. And we want to make sure that this transitions from something that's great demos to actual at scale products, which means making them work reliably all of the time not just some of the time. >> Tom, what's your gauge for success? >> Look, I think this, we're seeing a completely new form of ways to interact with data, to make data intelligent, and directly to bring in new revenue streams into business. So if businesses can use our models to leverage that and generate completely new revenue streams and ultimately bring incredible new value to their customers, then that's fantastic. And we hope we can power that revolution. >> Aidan, what's your take? >> Yeah, reiterating Bratin and Tom's point, I think that value in the enterprise and value in market is like a huge, you know, it's the goal that we're striving towards. I also think that, you know, the value to consumers and actual users and the transformation of the surface area of technology to create experiences like ChatGPT that are magical and it's the first time in human history we've been able to talk to something compelling that's not a human. I think that in itself is just extraordinary and so exciting to see. >> It really brings up a whole another category of markets. B2B, B2C, it's B2D, business to developer. Because I think this is kind of the big trend the consumers have to win. The developers coding the apps, it's a whole another sea change. Reminds me everyone use the "Moneyball" movie as example during the big data wave. Then you know, the value of data. There's a scene in "Moneyball" at the end, where Billy Beane's getting the offer from the Red Sox, then the owner says to the Red Sox, "If every team's not rebuilding their teams based upon your model, there'll be dinosaurs." I think that's the same with AI here. Every company will have to need to think about their business model and how they operate with AI. So it'll be a great run. >> Completely Agree >> It'll be a great run. >> Yeah. >> Aidan, Tom, thank you so much for sharing about your experiences at your companies and congratulations on your success and it's just the beginning. And Bratin, thanks for coming on representing AWS. And thank you, appreciate for what you do. Thank you. >> Thank you, John. Thank you, Aidan. >> Thank you John. >> Thanks so much. >> Okay, let's kick off season three, episode one. I'm John Furrier, your host. Thanks for watching. (light airy music)

(bright music) >> Hello, everyone. Welcome to theCUBE special presentation of International Women's Day. I'm John Furrier, host of theCUBE. This is a global special open program we're doing every year. We're going to continue it every quarter. We're going to do more and more content, getting the voices out there and celebrating the diversity. And I'm excited to have an amazing guest here, LaDavia Drane, who's the head of Global Inclusion Diversity & Equity at AWS. LaDavia, we tried to get you in on AWS re:Invent, and you were super busy. So much going on. The industry has seen the light. They're seeing everything going on, and the numbers are up, but still not there, and getting better. This is your passion, our passion, a shared passion. Tell us about your situation, your career, how you got into it. What's your story? >> Yeah. Well, John, first of all, thank you so much for having me. I'm glad that we finally got this opportunity to speak. How did I get into this work? Wow, you know, I'm doing the work that I love to do, number one. It's always been my passion to be a voice for the voiceless, to create a seat at the table for folks that may not be welcome to certain tables. And so, it's been something that's been kind of the theme of my entire professional career. I started off as a lawyer, went to Capitol Hill, was able to do some work with members of Congress, both women members of Congress, but also, minority members of Congress in the US Congress. And then, that just morphed into what I think has become a career for me in inclusion, diversity, and equity. I decided to join Amazon because I could tell that it's a company that was ready to take it to the next level in this space. And sure enough, that's been my experience here. So now, I'm in it, I'm in it with two feet, doing great work. And yeah, yeah, it's almost a full circle moment for me. >> It's really an interesting background. You have a background in public policy. You mentioned Capitol Hill. That's awesome. DC kind of moves slow, but it's a complicated machinery there. Obviously, as you know, navigating that, Amazon grew significantly. We've been at every re:Invent with theCUBE since 2013, like just one year. I watched Amazon grow, and they've become very fast and also complicated, like, I won't say like Capitol, 'cause that's very slow, but Amazon's complicated. AWS is in the realm of powering a generation of public policy. We had the JEDI contract controversy, all kinds of new emerging challenges. This pivot to tech was great timing because one, (laughs) Amazon needed it because they were growing so fast in a male dominated world, but also, their business is having real impact on the public. >> That's right, that's right. And when you say the public, I'll just call it out. I think that there's a full spectrum of diversity and we work backwards from our customers, and our customers are diverse. And so, I really do believe, I agree that I came to the right place at the right time. And yeah, we move fast and we're also moving fast in this space of making sure that both internally and externally, we're doing the things that we need to do in order to reach a diverse population. >> You know, I've noticed how Amazon's changed from the culture, male dominated culture. Let's face it, it was. And now, I've seen over the past five years, specifically go back five, is kind of in my mental model, just the growth of female leaders, it's been impressive. And there was some controversy. They were criticized publicly for this. And we said a few things as well in those, like around 2014. How is Amazon ensuring and continuing to get the female employees feel represented and empowered? What's going on there? What programs do you have? Because it's not just doing it, it's continuing it, right? And 'cause there is a lot more to do. I mean, the half (laughs) the products are digital now for everybody. It's not just one population. (laughs) Everyone uses digital products. What is Amazon doing now to keep it going? >> Well, I'll tell you, John, it's important for me to note that while we've made great progress, there's still more that can be done. I am very happy to be able to report that we have big women leaders. We have leaders running huge parts of our business, which includes storage, customer experience, industries and business development. And yes, we have all types of programs. And I should say that, instead of calling it programs, I'm going to call it strategic initiatives, right? We are very thoughtful about how we engage our women. And not only how we hire, attract women, but how we retain our women. We do that through engagement, groups like our affinity groups. So Women at Amazon is an affinity group. Women in finance, women in engineering. Just recently, I helped our Black employee network women's group launch, BEN Women. And so you have these communities of women who come together, support and mentor one another. We have what we call Amazon Circles. And so these are safe spaces where women can come together and can have conversations, where we are able to connect mentors and sponsors. And we're seeing that it's making all the difference in the world for our women. And we see that through what we call Connections. We have an inclusion sentiment tracker. So we're able to ask questions every single day and we get a response from our employees and we can see how are our women feeling, how are they feeling included at work? Are they feeling as though they can be who they are authentically at Amazon? And so, again, there's more work that needs to be done. But I will say that as I look at the data, as I'm talking to engaging women, I really do believe that we're on the right path. >> LaDavia, talk about the urgent needs of the women that you're hearing from the Circles. That's a great program. The affinity circles, the groups are great. Now, you have the groups, what are you hearing? What are the needs of the women? >> So, John, I'll just go a little bit into what's becoming a conversation around equity. So, initially I think we talked a lot about equality, right? We wanted everyone to have fair access to the same things. But now, women are looking for equity. We're talking about not just leveling the playing field, which is equality, but don't give me the same as you give everyone else. Instead, recognize that I may have different circumstances, I may have different needs. And give me what I need, right? Give me what I need, not just the same as everyone else. And so, I love seeing women evolve in this way, and being very specific about what they need more than, or what's different than what a man may have in the same situation because their circumstances are not always the same and we should treat them as such. >> Yeah, I think that's a great equity point. I interviewed a woman here, ex-Amazonian, she's now a GSI, Global System Integrator. She's a single mom. And she said remote work brought her equity because people on her team realized that she was a single mom. And it wasn't the, how do you balance life, it was her reality. And what happened was, she had more empathy with the team because of the new work environment. So, I think this is an important point to call out, that equity, because that really makes things smoother in terms of the interactions, not the assumptions, you have to be, you know, always the same as a man. So, how does that go? What's the current... How would you characterize the progress in that area right now? >> I believe that employers are just getting better at this. It's just like you said, with the hybrid being the norm now, you have an employer who is looking at people differently based on what they need. And it's not a problem, it's not an issue that a single mother says, "Well, I need to be able to leave by 5:00 PM." I think that employers now, and Amazon is right there along with other employers, are starting just to evolve that muscle of meeting the needs. People don't have to feel different. You don't have to feel as though there's some kind of of special circumstance for me. Instead, it's something that we, as employers, we're asking for. And we want to meet those needs that are different in some situations. >> I know you guys do a lot of support of women outside of AWS, and I had a story I recorded for the program. This woman, she talked about how she was a nerd from day one. She's a tomboy. They called her a tomboy, but she always loved robotics. And she ended up getting dual engineering degrees. And she talked about how she didn't run away and there was many signals to her not to go. And she powered through, at that time, and during her generation, that was tough. And she was successful. How are you guys taking the education to STEM, to women, at young ages? Because we don't want to turn people away from tech if they have the natural affinity towards it. And not everyone is going to be, as, you know, (laughs) strong, if you will. And she was a bulldog, she was great. She's just like, "I'm going for it. I love it so much." But not everyone's like that. So, this is an educational thing. How do you expose technology, STEM for instance, and making it more accessible, no stigma, all that stuff? I mean, I think we've come a long way, but still. >> What I love about women is we don't just focus on ourselves. We do a very good job of thinking about the generation that's coming after us. And so, I think you will see that very clearly with our women Amazonians. I'll talk about three different examples of ways that Amazonian women in particular, and there are men that are helping out, but I'll talk about the women in particular that are leading in this area. On my team, in the Inclusion, Diversity & Equity team, we have a program that we run in Ghana where we meet basic STEM needs for a afterschool program. So we've taken this small program, and we've turned their summer camp into this immersion, where girls and boys, we do focus on the girls, can come and be completely immersed in STEM. And when we provide the technology that they need, so that they'll be able to have access to this whole new world of STEM. Another program which is run out of our AWS In Communities team, called AWS Girls' Tech Day. All across the world where we have data centers, we're running these Girls' Tech Day. They're basically designed to educate, empower and inspire girls to pursue a career in tech. Really, really exciting. I was at the Girls' Tech Day here recently in Columbus, Ohio, and I got to tell you, it was the highlight of my year. And then I'll talk a little bit about one more, it's called AWS GetIT, and it's been around for a while. So this is a program, again, it's a global program, it's actually across 13 countries. And it allows girls to explore cloud technology, in particular, and to use it to solve real world problems. Those are just three examples. There are many more. There are actually women Amazonians that create these opportunities off the side of their desk in they're local communities. We, in Inclusion, Diversity & Equity, we fund programs so that women can do this work, this STEM work in their own local communities. But those are just three examples of some of the things that our Amazonians are doing to bring girls along, to make sure that the next generation is set up and that the next generation knows that STEM is accessible for girls. >> I'm a huge believer. I think that's amazing. That's great inspiration. We need more of that. It's awesome. And why wouldn't we spread it around? I want to get to the equity piece, that's the theme for this year's IWD. But before that, getting that segment, I want to ask you about your title, and the choice of words and the sequence. Okay, Global Inclusion, Diversity, Equity. Not diversity only. Inclusion is first. We've had this debate on theCUBE many years now, a few years back, it started with, "Inclusion is before diversity," "No, diversity before inclusion, equity." And so there's always been a debate (laughs) around the choice of words and their order. What's your opinion? What's your reaction to that? Is it by design? And does inclusion come before diversity, or am I just reading it to it? >> Inclusion doesn't necessarily come before diversity. (John laughs) It doesn't necessarily come before equity. Equity isn't last, but we do lead with inclusion in AWS. And that is very important to us, right? And thank you for giving me the opportunity to talk a little bit about it. We lead with inclusion because we want to make sure that every single one of our builders know that they have a place in this work. And so it's important that we don't only focus on hiring, right? Diversity, even though there are many, many different levels and spectrums to diversity. Inclusion, if you start there, I believe that it's what it takes to make sure that you have a workplace where everyone knows you're included here, you belong here, we want you to stay here. And so, it helps as we go after diversity. And we want all types of people to be a part of our workforce, but we want you to stay. And inclusion is the thing. It's the thing that I believe makes sure that people stay because they feel included. So we lead with inclusion. Doesn't mean that we put diversity or equity second or third, but we are proud to lead with inclusion. >> Great description. That was fabulous. Totally agree. Double click, thumbs up. Now let's get into the theme. Embracing equity, 'cause this is a term, it's in quotes. What does that mean to you? You mentioned it earlier, I love it. What does embrace equity mean? >> Yeah. You know, I do believe that when people think about equity, especially non-women think about equity, it's kind of scary. It's, "Am I going to give away what I have right now to make space for someone else?" But that's not what equity means. And so I think that it's first important that we just educate ourselves about what equity really is. It doesn't mean that someone's going to take your spot, right? It doesn't mean that the pie, let's use that analogy, gets smaller. The pie gets bigger, right? >> John: Mm-hmm. >> And everyone is able to have their piece of the pie. And so, I do believe that I love that IWD, International Women's Day is leading with embracing equity because we're going to the heart of the matter when we go to equity, we're going to the place where most people feel most challenged, and challenging people to think about equity and what it means and how they can contribute to equity and thus, embrace equity. >> Yeah, I love it. And the advice that you have for tech professionals out there on this, how do you advise other groups? 'Cause you guys are doing a lot of great work. Other organizations are catching up. What would be your advice to folks who are working on this equity challenge to reach gender equity and other equitable strategic initiatives? And everyone's working on this. Sustainability and equity are two big projects we're seeing in every single company right now. >> Yeah, yeah. I will say that I believe that AWS has proven that equity and going after equity does work. Embracing equity does work. One example I would point to is our AWS Impact Accelerator program. I mean, we provide 30 million for early stage startups led by women, Black founders, Latino founders, LGBTQ+ founders, to help them scale their business. That's equity. That's giving them what they need. >> John: Yeah. >> What they need is they need access to capital. And so, what I'd say to companies who are looking at going into the space of equity, I would say embrace it. Embrace it. Look at examples of what companies like AWS is doing around it and embrace it because I do believe that the tech industry will be better when we're comfortable with embracing equity and creating strategic initiatives so that we could expand equity and make it something that's just, it's just normal. It's the normal course of business. It's what we do. It's what we expect of ourselves and our employees. >> LaDavia, you're amazing. Thank you for spending the time. My final couple questions really more around you. Capitol Hill, DC, Amazon Global Head of Inclusion, Diversity & Equity, as you look at making change, being a change agent, being a leader, is really kind of similar, right? You've got DC, it's hard to make change there, but if you do it, it works, right? (laughs) If you don't, you're on the side of the road. So, as you're in your job now, what are you most excited about? What's on your agenda? What's your focus? >> Yeah, so I'm most excited about the potential of what we can get done, not just for builders that are currently in our seats, but for builders in the future. I tend to focus on that little girl. I don't know her, I don't know where she lives. I don't know how old she is now, but she's somewhere in the world, and I want her to grow up and for there to be no question that she has access to AWS, that she can be an employee at AWS. And so, that's where I tend to center, I center on the future. I try to build now, for what's to come, to make sure that this place is accessible for that little girl. >> You know, I've always been saying for a long time, the software is eating the world, now you got digital transformation, business transformation. And that's not a male only, or certain category, it's everybody. And so, software that's being built, and the systems that are being built, have to have first principles. Andy Jassy is very strong on this. He's been publicly saying, when trying to get pinned down about certain books in the bookstore that might offend another group. And he's like, "Look, we have first principles. First principles is a big part of leading." What's your reaction to that? How would you talk to another professional and say, "Hey," you know this, "How do I make the right call? Am I doing the wrong thing here? And I might say the wrong thing here." And is it first principles based? What's the guardrails? How do you keep that in check? How would you advise someone as they go forward and lean in to drive some of the change that we're talking about today? >> Yeah, I think as leaders, we have to trust ourselves. And Andy actually, is a great example. When I came in as head of ID&E for AWS, he was our CEO here at AWS. And I saw how he authentically spoke from his heart about these issues. And it just aligned with who he is personally, his own personal principles. And I do believe that leaders should be free to do just that. Not to be scripted, but to lead with their principles. And so, I think Andy's actually a great example. I believe that I am the professional in this space at this company that I am today because of the example that Andy set. >> Yeah, you guys do a great job, LaDavia. What's next for you? >> What's next. >> World tour, you traveling around? What's on your plate these days? Share a little bit about what you're currently working on. >> Yeah, so you know, at Amazon, we're always diving deep. We're always diving deep, we're looking for root cause, working very hard to look around corners, and trying to build now for what's to come in the future. And so I'll continue to do that. Of course, we're always planning and working towards re:Invent, so hopefully, John, I'll see you at re:Invent this December. But we have some great things happening throughout the year, and we'll continue to... I think it's really important, as opposed to looking to do new things, to just continue to flex the same muscles and to show that we can be very, very focused and intentional about doing the same things over and over each year to just become better and better at this work in this space, and to show our employees that we're committed for the long haul. So of course, there'll be new things on the horizon, but what I can say, especially to Amazonians, is we're going to continue to stay focused, and continue to get at this issue, and doing this issue of inclusion, diversity and equity, and continue to do the things that work and make sure that our culture evolves at the same time. >> LaDavia, thank you so much. I'll give you the final word. Just share some of the big projects you guys are working on so people can know about them, your strategic initiatives. Take a minute to plug some of the major projects and things that are going on that people either know about or should know about, or need to know about. Take a minute to share some of the big things you guys got going on, or most of the things. >> So, one big thing that I would like to focus on, focus my time on, is what we call our Innovation Fund. This is actually how we scale our work and we meet the community's needs by providing micro grants to our employees so our employees can go out into the world and sponsor all types of different activities, create activities in their local communities, or throughout the regions. And so, that's probably one thing that I would like to focus on just because number one, it's our employees, it's how we scale this work, and it's how we meet our community's needs in a very global way. And so, thank you John, for the opportunity to talk a bit about what we're up to here at Amazon Web Services. But it's just important to me, that I end with our employees because for me, that's what's most important. And they're doing some awesome work through our Innovation Fund. >> Inclusion makes the workplace great. Empowerment, with that kind of program, is amazing. LaDavia Drane, thank you so much. Head of Global Inclusion and Diversity & Equity at AWS. This is International Women's Day. I'm John Furrier with theCUBE. Thanks for watching and stay with us for more great interviews and people and what they're working on. Thanks for watching. (bright music)

(upbeat music) >> Hello, and welcome to Supercloud2. I'm John Furrier, host of theCUBE here. We're exploring all the new Supercloud trends around multiple clouds, hyper scale gaps in their systems, new innovations, new applications, new companies, new products, new brands emerging from this big inflection point. Got a great guest who's going to unpack it with me today, Ramesh Prabagaran, who's the co-founder and CEO of Prosimo, CUBE alumni. Ramesh, legend in the industry, you've been around. You've seen many cycles. Welcome to Supercloud2. >> Thank you. You're being too kind. >> Well, you know, you guys have been a technical, great technical founding team, multiple ventures, multiple times around the track as they say, but now we're seeing something completely different. This is our second event, kind of we're doing to start the the ball rolling around unpacking this idea of Supercloud which evolved from a riff with me and Dave to now a working group paper, multiple definitions. People are saying they're Supercloud. CloudFlare says this is their version. Someone says there over there. Fitzi over there in the blog is always, you know, challenging us on our definitions, but it's, the consensus is though something's happening. >> Ramesh: Absolutely. >> And what's your take on this kind of big inflection point? >> Absolutely, so if you just look at kind of this in layers right, so you have hyper scalers that are innovating really quickly on underlying capabilities, and then you have enterprises adopting these technologies, right, there is a layer in the middle that I would say is largely missing, right? And one that addresses the gaps introduced by these new capabilities, by the hyper scalers. At the same time, one that actually spans, let's say multiple regions, multiple clouds and so forth. So that to me is kind of the Supercloud layer of sorts. One that helps enterprises adopt the underlying hyper scaler capabilities a lot faster, and at the same time brings a certain level of consistency and homogeneity also. >> What do you think the big driver of Supercloud is? Is it the industry growing up or is it the demand for new kinds of capabilities or both? Or just evolution? What's your take? >> I would say largely it depends on kind of who the entity is that you're talking about, right? And so I would say both. So if you look at one cohort here, it's adoption, right? If I have a externally facing digital presence, for example, then I'm going to scale that up and get to as many subscribers and users no matter what, right? And at that time it's a different set of problems. If you're looking at kind of traditional enterprise inward that are bringing apps into the cloud and so forth, it's a different set of care abouts, right? So both are, I would say, equally important problems to solve for. >> Well, one reality that we're definitely tracking, and it's not really a debate anymore, is hybrid. >> Ramesh: Yep >> Hybrid happened. It happened faster than most people thought. But, you know, we were talking about this in 2015 when it first got kicked around, but now you see hybrid in the cloud, on premises and the edge. This kind of forms that distributed computing paradigm that we've always been predicting. And so if that continues to play out the way it is, you're now going to have a completely distributed, connected internet and sets of systems, intra and external within companies. So again, the world is connected 100%. Everything's changing, right? >> And that introduces. >> It wasn't your grandfather's networking anymore or storage. The game is still the same, but the play, the components are acting differently. What's your take on this? >> Absolutely. No, absolutely. That's a very key important point, and it's one that we always ask our customers right at the front end, right? Because your starting assumptions matter. If you have workloads of workloads in the cloud and data center is something that you want to connect into, then you'll make decisions kind of keeping cloud in the center and then kind of bolt on technologies for what that means to extend it to the data center. If your center of gravity is in the data center, and then cloud is let's say 10% right now, but you see that growing, then what choices do you have? Right, do you want to bring your data center technologies into the cloud because you want that consistency in operations? Or do you want to start off fresh, right? So this is a really key, important question, and one that many of our customers are actually are grappling with, right? They have this notion that going cloud native is the right approach, but at the same time that means I have a bifurcation in kind of how do I operate my data center versus my cloud, right? Two different operating models, and slowly it'll shift over to one. But you're going to have to deal with dual reality for a while. >> I was talking to an old friend of mine, CIO, very experienced CIO. Big time company, large deployment, a lot of IT. I said, so what's the big trend everyone's telling me about IT's going. He goes no, not really. IT's not going away for me. It's going everywhere in the company. >> Ramesh: Exactly. >> So I need to scale my IT-like capabilities everywhere and then make it invisible. >> Ramesh: Correct. >> Which is essentially code words for saying it's going to be completely cloud native everywhere. This is what is happening. Do you agree? >> Absolutely right, and so if you look at what do enterprises care about it? The reason to go to the cloud is to get speed of operations, and it's apps, apps, apps, right? Do you ever have a conversation on networking and infrastructure first? No, that kind of gets brought into the conversation because you want to deal with users, applications and services, right? And so the end goal is essentially how do users communicate with apps and get the right experience, security and whatnot, and how do apps talk to each other and make sure that you get all of the connectivity and security requirements? Underneath the covers, what does this mean for infrastructure, networking, security and whatnot? It's actually going to be someone else's job, right? And you shouldn't have to think too much about it. So this whole notion of kind of making that transparent is real actually, right? But at the same time, us and all the guys that we talk to on the customer side, that's their job, right? Like we have to work towards making that transparent. Some are going to be in the form of capability, some are going to be driven by data, but that's really where the two worlds are going to come together. >> Lots of debates going on. We just heard from Bob Muglia here on Supercloud2. He said Supercloud's a platform that provides programmatically consistent services hosted on heterogeneous cloud providers. So the question that's being debated is is Supercloud a platform or an architecture in your view? >> Okay, that's a tough one actually. I'm going to side on the side on kind of the platform side right, and the reason for that is architectural choices are things that you make ahead of time. And you, once you're in, there really isn't a fork in the road, right? Platforms continue to evolve. You can iterate, innovate and so on and so forth. And so I'm thinking Supercloud is more of a platform because you do have a choice. Hey, am I going AWS, Azure, GCP. You make that choice. What is my center of gravity? You make that choice. That's kind of an architectural decision, right? Once you make that, then how do I make things work consistently across like two or three clouds? That's a platform choice. >> So who's responsible for the architecture as the platform, the vendor serving the platform or is the platform vendor agnostic? >> You know, this is where you have to kind of peel the onion in layers, right? If you talk about applications, you can't go to a developer team or an app team and say I want you to operate on Google or AWS. They're like I'll pick the cloud that I want, right? Now who are we talking to? The infrastructure guys and the networking guys, right? They want to make sure that it's not bifurcated. It's like, hey, I want to make sure whatever I build for AWS I can equally use that on Azure. I can equally use that on GCP. So if you're talking to more of the application centric teams who really want infrastructure to be transparent, they'll say, okay, I want to make this choice of whether this is AWS, Azure, GCP, and stick to that. And if you come kind of down the layers of the stack into infrastructure, they are thinking a little more holistically, a little more Supercloud, a little more multicloud, and that. >> That's a good point. So that brings up the deployment question. >> Ramesh: Exactly! >> I want to ask you the next question, okay, what is the preferred deployment in your opinion for a Supercloud narrative? Is it single instance, spread it around everywhere? What's the, do you have a single global instance or do you have everything synchronized? >> So I would say first layer of that Supercloud really kind of fix the holes that have been introduced as a result of kind of adopting the hyper scaler technologies, right? So each, the hyper scalers have been really good at innovating and providing really massive scale elastic capabilities, right? But once you start to build capabilities on top of that to help serve the application, there's a few holes start to show up. So first job of Supercloud really is to plug those holes, right? Second is can I get to an operating model, so that I can replicate this not just in a single region, but across multiple regions, same cloud, and then across multiple clouds, right? And so both of those need to be solved for in order to be (cross talking). >> So is that multiple instantiations of the stack or? >> Yeah, so this again depends on kind of the capability, right? So if you take a more solution view, and so I can speak for kind of networking security combined right? There you always take a solution view. You don't ever look at, you know, what does this mean for a single instance in a single region. You take a macro view, and then you then break it down into what does this mean for region, what does it mean for instance, what does this mean for AZs? And so on and so forth. So you kind of have to go top to bottom. >> Okay, welcome you down into the trap now. Okay, synchronizing the data, latency, these are all questions. So what does the network Supercloud look like to you? Because networking is big here. >> Ramesh: Yes, absolutely. >> This is what you guys do. >> Exactly, yeah. So the different set of problems as you go up the stack, right? So if you have hundreds of workloads in a single region, the set of problems you're dealing with there are kind of app native connectivity, how do I go from kind of east/west, all of those fun things, right? Which are usually bound in terms of latency. You don't have those challenges as much, but can you build your entire enterprise application architecture in one region? No, you're going to have to create multiple instances, right? So my data lake is invariably going to be in one place. My business logic is going to be spread across a few places. What does that bring in? I need to go across regions. Am I going to put those two regions right next to each other? No, I'm not going to, right? I'm going to have places in Europe. I'm going to have APAC, and I'm going to have a North American presence, and I need to bring all these things together. So this is where, back to your point, latency really matters, right? Because I need to be able to find out not just best path but also how do I reduce the millisecond, microseconds that my application cares about, which brings in a layer of optimization and then so on and so on and so forth. So this is what we call kind of to borrow the Prosimo language full stack networking, right? Because I'm not just dealing with how do I go from one region to another because that's laws of physics. I can only control so much. But there are a few elements up the application stack in software that you can tweak to actually bring these things closer and closer. >> And on that point, you're seeing security being talked a lot more at the network layer. So how do you secure the Supercloud at the network layer? What's that look like? >> Yeah, we've been grappling with essentially is security kind of foundational, and then is the network on top. And then we had an alternative viewpoint which is kind of network and then security on top. And the answer is actually it's neither, right? It's almost like a meshed up sandwich of sorts. So you need to have networking security work really well together, right? Case in point, I mean we were talking to a customer yesterday. He said, hey, I have my data lake in one region that needs to talk to an analytics service in a completely different region of a different cloud. These two things just need to be able to talk to each other, which means I need to bring elements of networking. I need to bring elements of security, secure access, app segmentation, all of those things. Very simple, I have an analytics service that needs to contact a data lake. That's what he starts with, but then before you know it, it actually brings up a whole stack underneath, so that's. >> VMware calls that cloud chaos. >> Ramesh: Yes, exactly. >> And then that's the halfway point between cloud smart. Cloud first, cloud chaos, cloud smart, and the next thing, you can skip that whole step. But again, again, it's pick your strategy right? Again, this comes back down to your earlier point. I want to ask you from a customer standpoint, you got the hyper scalers doing very, very well. >> Ramesh: Yep, absolutely. >> And I love what their Amazon's doing. I think Microsoft again though they had a little bit of downgrade are catching up fast, and they have their installed base. So you got the land of the installed bases. >> Correct. >> First and greater, better cloud. Install base getting better, almost as good, almost as good is a gift, but close. Now you have them specializing. Silicon, special silicon. So there's gaps for other services. >> Ramesh: Correct. >> And Amazon Web Services, Adam Selipsky's a open book saying, hey, we want our ecosystem to pick up these gaps and build on them. Go ahead, go to town. >> So this is where I think choices are tough, right? Because if you had one choice, you would work with it, and you would work around it, right? Now I have five different choices. Now what do I do? Our viewpoint is there are a bunch of things that say AWS does really, really well. Use that as a foundational layer, right? Like don't reinvent the wheel on those things. Transit gateways, global accelerators and whatnot, they exist for a reason. Billions of dollars have gone into building those things. Use that foundational layer, right? But what you want to build on top of that is actually driven by the application. The requirements of a lambda application that's serverless, it's very different than a packaged application that's responding for transactions, right? Like it's just completely very, very different. And so bring in the right set of capabilities required for those set of applications, and then you go based on that. This is also where I think whether something is a regional construct versus an overall global construct really, really matters, right? Because if you start with the assumption that everything is going to be built regionally, then it's someone else's job to make sure that all of these things are connected. But if you start with kind of the global purview, then the rest of them start to (cross talking). >> What are some of the things that the enterprises might want that are gaps that are going to be filled by the, by startups like you guys and the ecosystem because we're seeing the ecosystem form into two big camps. >> Ramesh: Yep. >> ISVs, which is an old school definition of independent software vendor, aka someone who writes software. >> Ramesh: Exactly. >> SaaS app. >> Ramesh: Correct. >> And then ecosystem software players that were once ISVs now have people building on top of them. >> Ramesh: Correct. >> They're building on top of the cloud. So you have that new hyper scale effect going on. >> Ramesh: Exactly. >> You got ISVs, which is software developers, software vendors. >> Ramesh: Correct. >> And ecosystems. >> Yep. >> What's that impact of that? Cause it's a new dynamic. >> Exactly, so if you take kind of enterprises, want to make sure that that their apps and the data center migrate to the cloud, new apps are developed the right way in the cloud, right? So that's kind of table stakes. So now what choices do they have? They listen to AWS and say, okay, I have all these cloud native services. I want to be able to instantiate all that. Now comes the interesting choice that they have to make. Do I go hire a whole bunch of people and do it myself or do I go there on the platform route, right? Because I made an architectural choice. Now I have to decide whether I want to do this myself or the platform choice. DIY works great for some, but you don't know what you're getting into, and it's people involved, right? People, process, all those fun things involved, right? So we show up there and say, you don't know what you don't know, right? Like because that's the nature of it. Why don't you invest in a platform like what what we provide, and then you actually build on top of it. We will, it's our job to make sure that we keep up with the innovation happening underneath the covers. And at the same time, this is not a closed ended system. You can actually build on top of our platform, right? And so that actually gives you a good mix. Now the care abouts are interesting. Some apps care about experience. Some apps care about latency. Some apps are extremely charty and extremely data intensive, but nobody wants to pay for it, right? And so it's a interesting Jenga that you have to play between experience versus security versus cost, right? And that makes kind of head of infrastructure and cloud platform teams' life really, really, really interesting. >> And this is why I love your background, and Stu Miniman, when he was with theCUBE, and now he's at Red Hat, we used to riff about the network and how network folks are now, those concepts are now up the top of the stack because the cloud is one big network effect. >> Ramesh: Exactly, correct. >> It's a computer. >> Yep, absolutely. No, and case in point, right, like say we're in let's say in San Jose here or or Palo Alto here, and let's say my application is sitting in London, right? The cloud gives you different express lanes. I can go down to my closest pop location provided by AWS and then I can go ride that all the way up to up to London. It's going to give me better performance, low latency, but I'm going to have to incur some costs associated with it. Or I can go all the wild internet all the way from Palo Alta up to kind of the ingress point into London and then go access, but I'm spending time on the wild internet, which means all kinds of fun things happen, right? But I'm not paying much, but my experience is not going to be so great. So, and there are various degrees of shade in them, of gray in the middle, right? So how do you pick what? It all kind of is driven by the applications. >> Well, we certainly want you back for Supercloud3, our next version of this virtual/live event here in our Palo Alto studios. Really appreciate you coming on. >> Absolutely. >> While you're here, give a quick plug for the company. Next minute, we can take a minute to talk about the success of the company. >> Ramesh: Absolutely. >> I know you got a fresh financing this past year. Plenty of money in the bank, going to ride this new wave, Supercloud wave. Give us a quick plug. >> Absolutely, yeah. So three years going on to four this calendar year. So it's an interesting time for the company. We have proven that our technology, product and our initial customers are quite happy with it. Now comes essentially more of those and scale and so forth. That's kind of the interesting phase that we are in. Also heartened to see quite a few of kind of really large and dominant players in the market, partners, channels and so forth, invest in us to take this to the next set of customers. I would say there's been a dramatic shift in the conversation with our customers. The first couple of years or so of the company, we are about three years old right now, was really about us educating them. This is what you need. This is what you need. Now actually it's a lot of just pull, right? We've seen a good indication, as much as a hate RFIs, a good indication is the number of RFIs that show up at our door saying we want you to participate in this because we want to understand more, right? And so as a, I think we are at an interesting point of the, of that shift. >> RFIs always like do all this work and hope for the best. Pray for a deal. You know, you guys on the right side of history. If a customer asks with respect to Supercloud, multicloud, is that your focus? Is that the direction you guys are going into? >> Yeah, so I would say we are kind of both, right? Supercloud and multicloud because we, our customers are hybrid, multiple clouds, all of the above, right? Our main pitch and kind of value back to the customers is go embrace cloud native because that's the right approach, right? It doesn't make sense to go reinvent the wheel on that one, but then make a really good choice about whether you want to do this yourself or invest in a platform to make your life easy. Because we have seen this story play out with many many enterprises, right? They pick the right technologies. They do a simple POC overnight, and they say, yeah, I can make this work for two apps, right? And then they say, yes, I can make this work for 100. You go down a certain path. You hit a wall. You hit a wall, and it's a hard wall. It's like, no, there isn't a thing that you can go around it. >> A lot of dead bodies laying around. >> Ramesh: Exactly. >> Dead wall. >> And then they have to unravel around that, and then they come talk to us, and they say, okay, now what? Like help me, help me through this journey. So I would say to the extent that you can do this diligence ahead of time, do that, and then, and then pick the right platform. >> You've got to have the talent. And you got to be geared up. You got to know what you're getting into. >> Ramesh: Exactly. >> You got to have the staff to do this. >> And cloud talent and skillset in particular, I mean there's lots available but it's in pockets right? And if you look at kind of web three companies, they've gone and kind of amassed all those guys, right? So enterprises are not left with the cream of the crop. >> John: They might be coming back. >> Exactly, exactly, so. >> With this downturn. Ramesh, great to see you and thanks for contributing to Supercloud2, and again, love your team. Very technical team, and you're in the right side of history in this one. Congratulations. >> Ramesh: No, and thank you, thank you very much. >> Okay, this is Supercloud2. I'm John Furrier with Dave Vellante. We'll be back right after this short break. (upbeat music)

(upbeat music) >> Okay, welcome back everyone at Supercloud 2 event, live here in Palo Alto, theCUBE Studios live stage performance, virtually syndicating it all over the world. I'm John Furrier with Dave Vellante here as Cube alumni, and special influencer guest, Howie Xu, VP of Machine Learning and Zscaler, also part-time as a CUBE analyst 'cause he is that good. Comes on all the time. You're basically a CUBE analyst as well. Thanks for coming on. >> Thanks for inviting me. >> John: Technically, you're not really a CUBE analyst, but you're kind of like a CUBE analyst. >> Happy New Year to everyone. >> Dave: Great to see you. >> Great to see you, Dave and John. >> John: We've been talking about ChatGPT online. You wrote a great post about it being more like Amazon, not like Google. >> Howie: More than just Google Search. >> More than Google Search. Oh, it's going to compete with Google Search, which it kind of does a little bit, but more its infrastructure. So a clever point, good segue into this conversation, because this is kind of the beginning of these kinds of next gen things we're going to see. Things where it's like an obvious next gen, it's getting real. Kind of like seeing the browser for the first time, Mosaic browser. Whoa, this internet thing's real. I think this is that moment and Supercloud like enablement is coming. So this has been a big part of the Supercloud kind of theme. >> Yeah, you talk about Supercloud, you talk about, you know, AI, ChatGPT. I really think the ChatGPT is really another Netscape moment, the browser moment. Because if you think about internet technology, right? It was brewing for 20 years before early 90s. Not until you had a, you know, browser, people realize, "Wow, this is how wonderful this technology could do." Right? You know, all the wonderful things. Then you have Yahoo and Amazon. I think we have brewing, you know, the AI technology for, you know, quite some time. Even then, you know, neural networks, deep learning. But not until ChatGPT came along, people realize, "Wow, you know, the user interface, user experience could be that great," right? So I really think, you know, if you look at the last 30 years, there is a browser moment, there is iPhone moment. I think ChatGPT moment is as big as those. >> Dave: What do you see as the intersection of things like ChatGPT and the Supercloud? Of course, the media's going to focus, journalists are going to focus on all the negatives and the privacy. Okay. You know we're going to get by that, right? Always do. Where do you see the Supercloud and sort of the distributed data fitting in with ChatGPT? Does it use that as a data source? What's the link? >> Howie: I think there are number of use cases. One of the use cases, we talked about why we even have Supercloud because of the complexity, because of the, you know, heterogeneous nature of different clouds. In order for me as a developer, in order for me to create applications, I have so many things to worry about, right? It's a complexity. But with ChatGPT, with the AI, I don't have to worry about it, right? Those kind of details will be taken care of by, you know, the underlying layer. So we have been talking about on this show, you know, over the last, what, year or so about the Supercloud, hey, defining that, you know, API layer spanning across, you know, multiple clouds. I think that will be happening. However, for a lot of the things, that will be more hidden, right? A lot of that will be automated by the bots. You know, we were just talking about it right before the show. One of the profound statement I heard from Adrian Cockcroft about 10 years ago was, "Hey Howie, you know, at Netflix, right? You know, IT is just one API call away." That's a profound statement I heard about a decade ago. I think next decade, right? You know, the IT is just one English language away, right? So when it's one English language away, it's no longer as important, API this, API that. You still need API just like hardware, right? You still need all of those things. That's going to be more hidden. The high level thing will be more, you know, English language or the language, right? Any language for that matter. >> Dave: And so through language, you'll tap services that live across the Supercloud, is what you're saying? >> Howie: You just tell what you want, what you desire, right? You know, the bots will help you to figure out where the complexity is, right? You know, like you said, a lot of criticism about, "Hey, ChatGPT doesn't do this, doesn't do that." But if you think about how to break things down, right? For instance, right, you know, ChatGPT doesn't have Microsoft stock price today, obviously, right? However, you can ask ChatGPT to write a program for you, retrieve the Microsoft stock price, (laughs) and then just run it, right? >> Dave: Yeah. >> So the thing to think about- >> John: It's only going to get better. It's only going to get better. >> The thing people kind of unfairly criticize ChatGPT is it doesn't do this. But can you not break down humans' task into smaller things and get complex things to be done by the ChatGPT? I think we are there already, you know- >> John: That to me is the real game changer. That's the assembly of atomic elements at the top of the stack, whether the interface is voice or some programmatic gesture based thing, you know, wave your hand or- >> Howie: One of the analogy I used in my blog was, you know, each person, each professional now is a quarterback. And we suddenly have, you know, a lot more linebacks or you know, any backs to work for you, right? For free even, right? You know, and then that's sort of, you should think about it. You are the quarterback of your day-to-day job, right? Your job is not to do everything manually yourself. >> Dave: You call the play- >> Yes. >> Dave: And they execute. Do your job. >> Yes, exactly. >> Yeah, all the players are there. All the elves are in the North Pole making the toys, Dave, as we say. But this is the thing, I want to get your point. This change is going to require a new kind of infrastructure software relationship, a new kind of operating runtime, a new kind of assembler, a new kind of loader link things. This very operating systems kind of concepts. >> Data intensive, right? How to process the data, how to, you know, process so gigantic data in parallel, right? That's actually a tough job, right? So if you think about ChatGPT, why OpenAI is ahead of the game, right? You know, Google may not want to acknowledge it, right? It's not necessarily they do, you know, not have enough data scientist, but the software engineering pieces, you know, behind it, right? To train the model, to actually do all those things in parallel, to do all those things in a cost effective way. So I think, you know, a lot of those still- >> Let me ask you a question. Let me ask you a question because we've had this conversation privately, but I want to do it while we're on stage here. Where are all the alpha geeks and developers and creators and entrepreneurs going to gravitate to? You know, in every wave, you see it in crypto, all the alphas went into crypto. Now I think with ChatGPT, you're going to start to see, like, "Wow, it's that moment." A lot of people are going to, you know, scrum and do startups. CTOs will invent stuff. There's a lot of invention, a lot of computer science and customer requirements to figure out. That's new. Where are the alpha entrepreneurs going to go to? What do you think they're going to gravitate to? If you could point to the next layer to enable this super environment, super app environment, Supercloud. 'Cause there's a lot to do to enable what you just said. >> Howie: Right. You know, if you think about using internet as the analogy, right? You know, in the early 90s, internet came along, browser came along. You had two kind of companies, right? One is Amazon, the other one is walmart.com. And then there were company, like maybe GE or whatnot, right? Really didn't take advantage of internet that much. I think, you know, for entrepreneurs, suddenly created the Yahoo, Amazon of the ChatGPT native era. That's what we should be all excited about. But for most of the Fortune 500 companies, your job is to surviving sort of the big revolution. So you at least need to do your walmart.com sooner than later, right? (laughs) So not be like GE, right? You know, hand waving, hey, I do a lot of the internet, but you know, when you look back last 20, 30 years, what did they do much with leveraging the- >> So you think they're going to jump in, they're going to build service companies or SaaS tech companies or Supercloud companies? >> Howie: Okay, so there are two type of opportunities from that perspective. One is, you know, the OpenAI ish kind of the companies, I think the OpenAI, the game is still open, right? You know, it's really Close AI today. (laughs) >> John: There's room for competition, you mean? >> There's room for competition, right. You know, you can still spend you know, 50, $100 million to build something interesting. You know, there are company like Cohere and so on and so on. There are a bunch of companies, I think there is that. And then there are companies who's going to leverage those sort of the new AI primitives. I think, you know, we have been talking about AI forever, but finally, finally, it's no longer just good, but also super useful. I think, you know, the time is now. >> John: And if you have the cloud behind you, what do you make the Amazon do differently? 'Cause Amazon Web Services is only going to grow with this. It's not going to get smaller. There's more horsepower to handle, there's more needs. >> Howie: Well, Microsoft already showed what's the future, right? You know, you know, yes, there is a kind of the container, you know, the serverless that will continue to grow. But the future is really not about- >> John: Microsoft's shown the future? >> Well, showing that, you know, working with OpenAI, right? >> Oh okay. >> They already said that, you know, we are going to have ChatGPT service. >> $10 billion, I think they're putting it. >> $10 billion putting, and also open up the Open API services, right? You know, I actually made a prediction that Microsoft future hinges on OpenAI. I think, you know- >> John: They believe that $10 billion bet. >> Dave: Yeah. $10 billion bet. So I want to ask you a question. It's somewhat academic, but it's relevant. For a number of years, it looked like having first mover advantage wasn't an advantage. PCs, spreadsheets, the browser, right? Social media, Friendster, right? Mobile. Apple wasn't first to mobile. But that's somewhat changed. The cloud, AWS was first. You could debate whether or not, but AWS okay, they have first mover advantage. Crypto, Bitcoin, first mover advantage. Do you think OpenAI will have first mover advantage? >> It certainly has its advantage today. I think it's year two. I mean, I think the game is still out there, right? You know, we're still in the first inning, early inning of the game. So I don't think that the game is over for the rest of the players, whether the big players or the OpenAI kind of the, sort of competitors. So one of the VCs actually asked me the other day, right? "Hey, how much money do I need to spend, invest, to get, you know, another shot to the OpenAI sort of the level?" You know, I did a- (laughs) >> Line up. >> That's classic VC. "How much does it cost me to replicate?" >> I'm pretty sure he asked the question to a bunch of guys, right? >> Good luck with that. (laughs) >> So we kind of did some napkin- >> What'd you come up with? (laughs) >> $100 million is the order of magnitude that I came up with, right? You know, not a billion, not 10 million, right? So 100 million. >> John: Hundreds of millions. >> Yeah, yeah, yeah. 100 million order of magnitude is what I came up with. You know, we can get into details, you know, in other sort of the time, but- >> Dave: That's actually not that much if you think about it. >> Howie: Exactly. So when he heard me articulating why is that, you know, he's thinking, right? You know, he actually, you know, asked me, "Hey, you know, there's this company. Do you happen to know this company? Can I reach out?" You know, those things. So I truly believe it's not a billion or 10 billion issue, it's more like 100. >> John: And also, your other point about referencing the internet revolution as a good comparable. The other thing there is online user population was a big driver of the growth of that. So what's the equivalent here for online user population for AI? Is it more apps, more users? I mean, we're still early on, it's first inning. >> Yeah. We're kind of the, you know- >> What's the key metric for success of this sector? Do you have a read on that? >> I think the, you know, the number of users is a good metrics, but I think it's going to be a lot of people are going to use AI services without even knowing they're using it, right? You know, I think a lot of the applications are being already built on top of OpenAI, and then they are kind of, you know, help people to do marketing, legal documents, you know, so they're already inherently OpenAI kind of the users already. So I think yeah. >> Well, Howie, we've got to wrap, but I really appreciate you coming on. I want to give you a last minute to wrap up here. In your experience, and you've seen many waves of innovation. You've even had your hands in a lot of the big waves past three inflection points. And obviously, machine learning you're doing now, you're deep end. Why is this Supercloud movement, this wave of Supercloud and the discussion of this next inflection point, why is it so important? For the folks watching, why should they be paying attention to this particular moment in time? Could you share your super clip on Supercloud? >> Howie: Right. So this is simple from my point of view. So why do you even have cloud to begin with, right? IT is too complex, too complex to operate or too expensive. So there's a newer model. There is a better model, right? Let someone else operate it, there is elasticity out of it, right? That's great. Until you have multiple vendors, right? Many vendors even, you know, we're talking about kind of how to make multiple vendors look like the same, but frankly speaking, even one vendor has, you know, thousand services. Now it's kind of getting, what Kid was talking about what, cloud chaos, right? It's the evolution. You know, the history repeats itself, right? You know, you have, you know, next great things and then too many great things, and then people need to sort of abstract this out. So it's almost that you must do this. But I think how to abstract this out is something that at this time, AI is going to help a lot, right? You know, like I mentioned, right? A lot of the abstraction, you don't have to think about API anymore. I bet 10 years from now, you know, IT is one language away, not API away. So think about that world, right? So Supercloud in, in my opinion, sure, you kind of abstract things out. You have, you know, consistent layers. But who's going to do that? Is that like we all agreed upon the model, agreed upon those APIs? Not necessary. There are certain, you know, truth in that, but there are other truths, let bots take care of, right? Whether you know, I want some X happens, whether it's going to be done by Azure, by AWS, by GCP, bots will figure out at a given time with certain contacts with your security requirement, posture requirement. I'll think that out. >> John: That's awesome. And you know, Dave, you and I have been talking about this. We think scale is the new ratification. If you have first mover advantage, I'll see the benefit, but scale is a huge thing. OpenAI, AWS. >> Howie: Yeah. Every day, we are using OpenAI. Today, we are labeling data for them. So you know, that's a little bit of the- (laughs) >> John: Yeah. >> First mover advantage that other people don't have, right? So it's kind of scary. So I'm very sure that Google is a little bit- (laughs) >> When we do our super AI event, you're definitely going to be keynoting. (laughs) >> Howie: I think, you know, we're talking about Supercloud, you know, before long, we are going to talk about super intelligent cloud. (laughs) >> I'm super excited, Howie, about this. Thanks for coming on. Great to see you, Howie Xu. Always a great analyst for us contributing to the community. VP of Machine Learning and Zscaler, industry legend and friend of theCUBE. Thanks for coming on and sharing really, really great advice and insight into what this next wave means. This Supercloud is the next wave. "If you're not on it, you're driftwood," says Pat Gelsinger. So you're going to see a lot more discussion. We'll be back more here live in Palo Alto after this short break. >> Thank you. (upbeat music)

(sparkly music) >> Welcome to the Cube Special Program series "Women of the Cloud", brought to you by AWS. I'm your host, Lisa Martin. I'm very pleased to welcome Veronica McCarthy to the program, Senior Sales Manager ISB for Amazon Web Services. Veronica, great to have you on the program. Thanks for joining me today. >> Thanks for having me. >> Tell me a little bit about your current role. A little bit about yourself. >> Absolutely. Yeah, so I've been at Amazon just about four years now. I am really passionate about technology. I've been in the tech industry for about 20 plus years. Right now I'm a sales leader, so I lead a team of folks that help software companies build technology in the cloud or move technology to the cloud and help them scale and innovate in the cloud. >> Awesome, I love that. Talk a little bit about for, for those looking to grow their careers in tech, what are some of the tactical recommendations that you have that you think are really, really pertinent for others that are looking to climb that ladder? >> Yeah, it's so important to have that passion for technology 'cause that's what we do every day. It excites me to jump out of bed and learn what's new, what's coming, what we're building together and how early we are in cloud computing and in technology as a whole. So really get curious and even, you know feel free to get, get hands on. I remember early as a kid just building computers with my dad in his room. So get hands on. Today there's so many things available on the internet for free tiers. You can just play with software to get building websites, games, whatever interests you. And oh by the way, watch the Cube 'cause you're going to learn a lot and you're going to get immersed in technology, which is so important when you're learning to grow a career here because it comes across when you're interviewing, when you're talking with others, when you're networking, that you're really interested in the topic and you're really here to, to grow and and help build tech to be what it can be in the future. >> These are all great recommendations for really building that authenticity. I love your advice of really from an immersion perspective. You're right, there's so many opportunities for people of all ages to start playing around with tech and, and, but that your point of opening up your mind and being curious and embracing the different learning paths is also that curiosity. I always think creativity as well are just really important recommendations for others that are looking to grow their career in tech. >> I want to understand some of, based on some of, of those tactical recommendations. Talk to us about a success story that you've had where you've solved problems for customers relating to cloud computing based on some of your recommendations. >> Totally, just picking up on the curiosity theme that we were talking about, one of the things that I did when I was earlier in my career and I was looking after a customer, is I got curious about their business. How did they interact with their customers? And I worked backwards from that experience 'cause they were selling to consumers and I said what if they could do all these other things that could open up the consumer's eyes? So I came up with a zany idea of what if they did a partnership with Amazon and we flew their goods directly to the end consumer by a drone, you know, just crazy stuff. And I wrote something called a PRFAQ which at Amazon we use very often. It's a press release, frequently asked questions. This PRFAQ was, what could you do in the future with tech? What could, you know things what could we unlock with tech in your business? The C-suite of this company said, "You know what, that's really interesting. We're not going to do that crazy drone thing. But we like the thinking, we like the learning we like thinking about the future. How does cloud help us unlock that future?" So the long story short, they had a monolith OnPrem getting their, getting their technology from a OnPrem monolith to microservices in the cloud unlocks and opens up APIs for them to partner with other organizations to grow their customer base and in turn grow their revenue. This company in particular, pandemic hit, market change. They had to pivot or else they were going to go out of business. And because we had moved their technology from an OnPrem monolith to the cloud they were able to make that pivot and they survived the pandemic and are thriving. So it's a real life example of a success story of just getting curious, understanding the customer's business, coming back from that and then aligning for the future and getting a customer to, to get curious with you and build for the future, which worked out. And who could have predicted the pandemic, but it worked >> Right. But getting the the customer to be curious with you kind of leads me into talking about, you know, and, and the customer wanting to embrace and, and embrace cloud computing is really a transformative business model. Also takes cultural impact. Sounds like what you've been able to achieve with this particular success story. The customer had the appetite from a cultural transformation perspective but that's a hard thing to accomplish. Talk a little bit about that maybe from that customer's perspective and how they really were able to transform into a culture that embraces cloud computing. >> Absolutely. You're spot on . With all of these transformations, it's people process technology. Technology's the easy part, right? The cloud's there, we can, the architecture's there, we can build software. It's the people and the process that's hard. So as part of that transformation and part of that engagement, they actually hired me. So I left Amazon and I went and became the VP of technology for this company and I led 650 engineers globally through this transformation from an OnPrem model with microservices in the cloud. So they put faith in me because they knew this was the outcome we needed to get to but they needed the people in the process to change. So bringing the, the engineers on that journey of I know you've been building this way for a really long time and in this place, we're going to bring you into the future and we're all going to do it together. So it's a learning journey because we're all going to learn how to build microservices in the cloud and we're going to do it together and then it opens up their future as well as they continue to grow as engineers. So it's not easy to do, but it takes time. But we were able to do it in that case. >> But you bring up a great point, it's a learning journey. Yeah. And for organizations to have that appetite and that understanding and appreciation, that is as critical as the technology. You talk about, you know, people across technology. The technology is easy, it's really changing the frames of mind at the speed at which they need to change for organizations to be competitive so they can leverage cloud to really help unlock the competitive advantage as as that success story customer that you mentioned. >> Absolutely. Absolutely. And building on that innovation, right which innovation is just a, a flywheel of learning. So absolutely. >> It is. Let's shift gears a little bit, but speaking of people and processes, you know, what are some of the challenges that you see from a diversity perspective whether it's thought diversity in tech today? >> Yeah, great question. Tech is an opportunity for a level playing ground because tech is a platform with which you can build things. The important piece of building tech though is we need to make sure that many diversities are represented in the room. So when we're making tech decisions of how we're going to build, what our consumers are going to, how they're going to interact with our technology. Not everyone is one individual person. It's not a monolith out there, you know consuming our technology. So let's make sure we have that diversity in the decision making and building the tech as well as in the user use case and, and working backwards from our end users of our technology. I think one of the most, one of the easiest ways to start to approach, approach that diversity of thought and getting that diversity within your teams is looking at a gender diversity ratio. And, and we've seen historically, whilst we've seen gains in gender diversity and technology over the last few years, it's still not where it needs to be. There's a stat that I read recently in a McKinsey study that only one in four C-suite leaders are women today. And of all of all the entry level jobs from entry level to manager of all, like let's say you take a hundred men only 87 of those are women that are concurrently being promoted. Only 82 are women of color. So it's an opportunity for us to really level the playing field and think about how do we intentionally put people in the room when tech decisions are being made that can make change and build tech for who we, we know is out there to consume and, and are be a part of our tech community. >> Intention you mentioned. That is so critical for organizations really need to be looking at diversity, DEI from a, from an an intentional perspective. It can't just be ad hoc here and there. They really have to have a strategy behind it. And when I see companies, and there are a few that I've worked with that really caught my eye that have done a phenomenal job of that thought diversity, gender diversity, cultural diversity within their leadership even the people that they put on stage to talk to their events, they stand out incredibly well. We also know that there's, you probably have numbers on this, that organizations with women in the C-suite are far more profitable than organizations that don't have that. So the data, we want to talk nerdy tech, the data is there. It's demonstrating what the potentials are the capabilities, the, the opportunities. Yet we're still so far behind and we have so much road to cover. We know the direction we need to go in, we just got to be able to get the teams behind that to get there. >> Absolutely. And data's key. I read a study recently that said if you don't have at least 30% diversity in the room when you're making decisions, you are statistically not going to make the right decision, which is incredible. So the powers and the data. We know better decisions are made. Companies do better when there's diversity in the room of all types. >> Absolutely. And can you imagine the sky's the limit, if organizations are actually able to just start making headway on that percentage number and shifting it towards that diversity. What incredible opportunities and technologies and services and solutions that can be developed and delivered to meet the demanding consumers needs. So much potential there. It's, it's a, it's kind of like a crystal ball. If only we had one, we could actually see what we could actually be. >> Yeah, you're absolutely right. And I think thinking about some of the older reasons why maybe women didn't stay in the workforce longer or maybe didn't take a a career in tech, a lot of those were minimized during the pandemic. So we think about the work from home concept, right? Like that's so normal now it's, we're no longer grinding you know, I have to leave early for daycare pickup or whatever the challenges or the perceived challenges there were to women progressing in their careers. A lot of that can be managed now. So there was some good things that have come out of that pandemic time that, you know, it's much more acceptable to be home remote working. I think the balance isn't making sure that we continue our in-person innovation where we can. I find with customers today, bringing executive teams together in a room to have them brainstorm and innovate is still priceless, right? Like we still have to spend that time, we're humans, but as a woman in technology, I love the flexibility that we are now taking and adopting as a norm. And even, you know, some of my male peers that have kids at home, they love being around the kids at home and and it's a, it's a real positive impact I think that we've had amongst a lot of negative impacts by the pandemic as well. >> It is, they're definitely silver linings. That's one of them. I was talking with somebody in, in Italy this morning we were filming and you said, "I don't think my daughters are going to run in here." And I thought, you know what, even if they do that's part of totally the remote workforce, that's part of the hybrid workforce that we're all embracing. But you bring up a great point about the in-person innovation. You know, events are starting to come back, so exciting. There's just certain things about event from an innovation perspective you just can't replicate by video. So getting those executives in a room together. Talk about what you guys are doing there and, and some of the things that you think of over the next few years that will really help drive evolution and innovation of tech. >> Absolutely, yeah. I have a lot of clients that often will say, "Oh well we're we're a remote first company." So it's okay that we do our innovation session online. But then I remind them of when was the last happy hour you had online? Like do you remember the early days of the pandemic? And we all sat on, you know pick your web conferencing platform and we, you know drank wine and but there was only one person that you could hear in that. So when they're, everybody's going around and all the boxes are on the screen, it was difficult to have multiple conversations. If you walk into a happy hour in, in real life people all over the room are having multiple conversations and a lot of different things are happening in the room at the same time. It's the same thing with innovation. If we bring an executive team into the room, guess what? There's going to be a couple sidebar conversations going on as the big room progresses. And that's really healthy and that's a great way to get people that may not be the one, the star of the happy hour that wants to speak the whole time to also get their inputs and their feedback into the innovation process. So that's just an example of why it's so important. One of the things we do here at Amazon is we have so called a digital innovation workshop which is exactly as it sounds, right? Just get in a room with some whiteboards, with some thought leaders and really let's innovate for the future and it's a blank sheet of paper kind of start and out of it we come up with a business plan, a PRFAQ, like a press release I mentioned in my story earlier. That's the seeds of that. So it's really powerful and I'm so excited we're continuing to do those face to face 'cause it's so important. >> It's so important, you know, to have diversity present in the room when decisions are being made, whether it's decisions about technology or not. That thought diversity is, and as the data show that you mentioned, demonstrates how much more successful and profitable organizations can be. I'm going to ask you kind of switching gears again. Last question. If we look kind of down the road from an evolution perspective of of you're in cloud, of your role evolving. What are some of the things that you see down down the pike? >> Yeah, so great question. I am in a field sales organization today, so when the pandemic first hit, I thought, oh boy, that's the end of our career. I think we're not going to be going out and calling on customers face to face anymore. But it's actually been the opposite. I've seen more engagement from our customers. They, they really do want to spend time with us innovating. When we come into those conversations we come in with a curious mindset. So I think from a field sales perspective, it's it's not, you know, going away. And I think it's going to continue to build and it's a great career for women in particular to get into. Super flexible, the privilege of travel which is a nice vacation from home life sometimes. And the, the benefit of working from home as well. So a good balance there. So I think from a, my role specifically it's going to continue to evolve and continue to be a growth area. >> From previous roles I've had where I've worked in technology and, and software development, I think are we're still such at early stages in cloud computing and cloud technology that there is so much technology that we're continuing to build from an engineering standpoint. And I think back to my, you know, 20 year old self if I was in those shoes today and I would absolutely be doing a career in engineering. I think it's such an exciting space and as a person of, of of a, as a female I want to be at the forefront of the engineering team. So I encourage anyone if they're, you know of a diverse background, like you are the people that I want in engineering in the future because that's how you're going to build the future is build the tech, which is really cool. >> So absolutely. It's, it's very cool. I do have one more question for you. What's of your lens, what's next in cloud? What are some of the things that you think are coming down the horizon? >> Yeah, so great question. So I, I actually have a son who's special needs and I think about some of the accommodations that we have to make for him today. And I think about the tech that's coming in terms of personal tech on helping him communicate or helping him read or helping him write. And I'm excited for his future where I think a diagnosis like his, if I'd gotten it many years ago, I would be very fearful about his future. But I know that tech is going to support people like him. So I'm excited for what it's going to do for humanity. I'm excited for what it's going to help us unlock for people that may have been hindered in previous lives. My, my mom grew up with a disability and she had to keep her career relatively low level because she couldn't overcome that disability without tech. And now that she has tech, you know it would've changed the game for her. So I'm excited for my son and his future. That's what inspires me and, and I'm excited about. >> I love that. Well, with a mom like you, he's sure to succeed and fly flying colors. Veronica, it's been such a pleasure having you on the Cube. >> Thank you. >> Exciting special series of women in the cloud. We so appreciate your insights and your time. You'll have to come back. >> Thank you so much. I appreciate it. >> All right, Veronica McCarthy. I'm Lisa Martin. You're watching The Cube's special program series Women of the Cloud, brought to you by AWS. Thanks for watching. (sparkly music)

>> Hey everyone. Welcome back to theCUBE's coverage day two of CloudNative Security CON 23. Lisa Martin here in studio in Palo Alto with John Furrier. John, we've had some great conversations. I've had a global event. This was a global event. We had Germany on yesterday. We had the Boston Studio. We had folks on the ground in Seattle. Lot of great conversations, a lot of great momentum at this event. What is your number one takeaway with this inaugural event? >> Well, first of all, our coverage with our CUBE alumni experts coming in remotely this remote event for us, I think this event as an inaugural event stood out because one, it was done very carefully and methodically from the CNCF. I think they didn't want to overplay their hand relative to breaking out from CUBE CON So Kubernetes success and CloudNative development has been such a success and that event and ecosystem is booming, right? So that's the big story is they have the breakout event and the question was, was it a good call? Was it successful? Was it going to, would the dog hunt as they say, in this case, I think the big takeaway is that it was successful by all measures. One, people enthusiastic and confident that this has the ability to stand on its own and still contribute without taking away from the benefits and growth of Kubernetes CUBE CON and CloudNative console. So that was the key. Hallway conversations, the sessions all curated and developed properly to be different and focused for that reason. So I think the big takeaway is that the CNCF did a good job on how they rolled this out. Again, it was very intimate event small reminds me of first CUBE CON in Seattle, kind of let's test it out. Let's see how it goes. Again, clearly it was people successful and they understood why they're doing it. And as we commented out in our earlier segments this is not something new. Amazon Web Services has re:Invent and re:Inforce So a lot of parallels there. I see there. So I think good call. CNCF did the right thing. I think this has legs. And then as Dave pointed out, Dave Vellante, on our last keynote analysis was the business model of the hackers is better than the business model of the industry. They're making more money, it costs less so, you know, they're playing offense and the industry playing defense. That has to change. And as Dave pointed out we have to make the cost of hacking and breaches and cybersecurity higher so that the business model crashes. And I think that's the strategic imperative. So I think the combination of the realities of the market globally and open source has to go faster. It's good to kind of decouple and be highly cohesive in the focus. So to me that's the big takeaway. And then the other one is, is that there's a lot more security problems still unresolved. The emphasis on developers productivity is at risk here, if not solved. You saw supply chain software, again, front and center and then down in the weeds outside of Kubernetes, things like BIND and DNS were brought up. You're seeing the Linux kernel. Really important things got to be paid attention to. So I think very good call, very good focus. >> I would love if for us to be able to, as the months go on talk to some of the practitioners that actually got to attend. There were 72 sessions, that's a lot of content for a small event. Obviously to your point, very well curated. We did hear from some folks yesterday who were just excited to get the community back together in person. To your point, having this dedicated focus on CloudNativesecurity is incredibly important. You talked about, you know, the offense defense, the fact that right now the industry needs to be able to pivot from being on defense to being on offense. This is a challenging thing because it is so lucrative for hackers. But this seems to be from what we've heard in the last couple days, the right community with the right focus to be able to make that pivot. >> Yeah, and I think if you look at the success of Kubernetes, 'cause again we were there at theCUBE first one CUBE CON, the end user stories really drove end user participation. Drove the birth of Kubernetes. Left some of these CloudNative early adopters early pioneers that were using cloud hyperscale really set the table for CloudNative CON. I think you're seeing that here with this CloudNative SecurityCON where I think we're see a lot more end user stories because of the security, the hairs on fire as we heard from Madrona Ventures, you know, as they as an investor you have a lot of use cases out there where customers are leaning in with getting the rolling up their sleeves, working with open source. This has to be the driver. So I'm expecting to see the next level of SecurityCON to be end user focused. Much more than vendor focused. Where CUBECON was very end user focused and then attracted all the vendors in that grew the industry. I expect the similar pattern here where end user action will be very high at the beginning and that will essentially be the rising tide for the vendors to be then participating. So I expect almost a similar trajectory to CUBECON. >> That's a good path that it needs to all be about all the end users. One of the things I'm curious if what you heard was what are some of the key factors that are going to move CloudNative Security forward? What did you hear the last two days? >> I heard that there's a lot of security problems and no one wants to kind of brag about this but there's a lot of under the hood stuff that needs to get taken care of. So if automation scales, and we heard that from one of the startups we've just interviewed. If automation and scale continues to happen and with the business model of the hackers still booming, security has to be refactored quickly and there's going to be an opportunity structurally to use the cloud for that. So I think it's a good opportunity now to get dedicated focus on fixing things like the DNS stuff old school under the hood, plumbing, networking protocols. You're going to start to see this super cloud-like environment emerge where data's involved, everything's happening and so security has to be re imagined. And I think there's a do over opportunity for the security industry with CloudNative driving that. And I think this is the big thing that I see as an opportunity to, from a story standpoint from a coverage standpoint is that it's a do-over for security. >> One of the things that we heard yesterday is that there's a lot of it, it's a pretty high percentage of organizations that either don't have a SOCK or have a very primitive SOCK. Which kind of surprised me that at this day and age the risks are there. We talked about that today's focus and the keynote was a lot about the software supply chain and what's going on there. What did you hear in terms of the appetite for organizations through the voice of the practitioner to say, you know what guys, we got to get going because there's going to be the hackers are they're here. >> I didn't hear much about that in the coverage 'cause we weren't in the hallways. But from reading the tea leaves and talking to the folks on the ground, I think there's an implied like there's an unlimited money from customers. So it's a very robust from the data infrastructure stack building we cover with the angel investor Kane you're seeing data infrastructure's going to be part of the solution here 'cause data and security go hand in hand. So everyone's got basically checkbook wide open everyone wants to have the answer. And we commented that the co-founder of Palo Alto you had on our coverage yesterday was saying that you know, there's no real platform, there's a lot of tools out there. People will buy anything. So there's still a huge appetite and spend in security but the answer's not going to more tool sprawling. It's going to more platform auto, something that enables automation, fix some of the underlying mechanisms involved and fix it fast. So to me I think it's going to be a robust monetary opportunity because of the demand on the business side. So I don't see that changing at all and I think it's going to accelerate. >> It's a great point in terms of the demand for the business side because as we know as we said yesterday, the next Log4j is out there. It's not a matter of if this happens again it's when, it's the extent, it's how frequent we know that. So organizations all the way up to the board have to be concerned about brand reputation. Nobody wants to be the next big headline in terms of breaches and customer data being given to hackers and hackers making all this money on that. That has to go all the way up to the board and there needs to be alignment between the board and the executives at the organization in terms of how they're going to deal with security, and now. This is not a conversation that can wait. Yeah, I mean I think the five C's we talked about yesterday the culture of companies, the cloud is an enabler, you've got clusters of servers and capabilities, Kubernetes clusters, you've got code and you've got all kinds of, you know, things going on there. Each one has elements that are at risk for hacking, right? So that to me is something that's super important. I think that's why the focus on security's different and important, but it's not going to fork the main event. So that's why I think the spin out was, spinout, or the new event is a good call by the CNCF. >> One of the things today that struck me they're talking a lot about software supply chain and that's been in the headlines for quite a while now. And a stat that was shared this morning during the keynote just blew my brains that there was a 742% increase in the software supply chain attacks occurring over the last three years. It's during Covid times, that is a massive increase. The threat landscape is just growing so amorphously but organizations need to help dial that down because their success and the health of the individuals and the end users is at risk. Well, Covid is an environment where everyone's kind of working at home. So there was some disruption to infrastructure. Also, when you have change like that, there's opportunities for hackers, they'll arbitrage that big time. But I think general the landscape is changing. There's no perimeter anymore. It's CloudNative, this is where it is and people who are moving from old IT to CloudNative, they're at risk. That's why there's tons of ransomware. That's why there's tons of risk. There's just hygiene, from hygiene to architecture and like Nick said from Palo Alto, the co-founder, there's not a lot of architecture in security. So yeah, people have bulked up their security teams but you're going to start to see much more holistic thinking around redoing security. I think that's the opportunity to propel CloudNative, and I think you'll see a lot more coming out of this. >> Did you hear any specific information on some of the CloudNative projects going on that really excite you in terms of these are the right people going after the right challenges to solve in the right direction? >> Well I saw the sessions and what jumped out to me at the sessions was it's a lot of extensions of what we heard at CUBECON and I think what they want to do is take out the big items and break 'em out in security. Kubescape was one we just covered. They want to get more sandbox type stuff into the security side that's very security focused but also plays well with CUBECON. So we'll hear more about how this plays out when we're in Amsterdam coming up in April for CUBECON to hear how that ecosystem, because I think it'll be kind of a relief to kind of decouple security 'cause that gives more focus to the stakeholders in CUBECON. There's a lot of issues going on there and you know service meshes and whatnot. So it's a lot of good stuff happening. >> A lot of good stuff happening. One of the things that'll be great about CUBECON is that we always get the voice of the customer. We get vendors coming on with the voice of the customer talking about and you know in that case how they're using Kubernetes to drive the business forward. But it'll be great to be able to pull in some of the security conversations that spin out of CloudNative Security CON to understand how those end users are embracing the technology. You brought up I think Nir Zuk from Palo Alto Networks, one of the themes there when Dave and I did their Ignite event in December was, of 22, was really consolidation. There are so many tools out there that organizations have to wrap their heads around and they need to be able to have the right enablement content which this event probably delivered to figure out how do we consolidate security tools effectively, efficiently in a way that helps dial down our risk profile because the risks just seem to keep growing. >> Yeah, and I love the technical nature of all that and I think this is going to be the continued focus. Chris Aniszczyk who's the CTO listed like E and BPF we covered with Liz Rice is one of the most three important points of the conference and it's just, it's very nerdy and that's what's needed. I mean it's technical. And again, there's no real standards bodies anymore. The old days developers I think are super important to be the arbiters here. And again, what I love about the CNCF is that they're developer focused and we heard developer first even in security. So you know, this is a sea change and I think, you know, developers' choice will be the standards bodies. >> Lisa: Yeah, yeah. >> They decide the future. >> Yeah. >> And I think having the sandboxing and bringing this out will hopefully accelerate more developer choice and self-service. >> You've been talking about kind of putting the developers in the driver's seat as really being the key decision makers for a while. Did you hear information over the last couple of days that validates that? >> Yeah, absolutely. It's clearly the fact that they did this was one. The other one is, is that engineering teams and dev teams and script teams, they're blending together. It's not just separate silos and the ones that are changing their team dynamics, again, back to the culture are winning. And I think this has to happen. Security has to be embedded everywhere in making it frictionless and to provide kind of the guardrail so developers don't slow down. And I think where security has become a drag or an anchor or a blocker has been just configuration of how the organization's handling it. So I think when people recognize that the developers are in charge and they're should be driving the application development you got to make sure that's secure. And so that's always going to be friction and I think whoever does it, whoever unlocks that for the developer to go faster will win. >> Right. Oh, that's what I'm sure magic to a developer's ear is the ability to go faster and be able to focus on co-development in a secure fashion. What are some of the things that you're excited about for CUBECON. Here we are in February, 2023 and CUBECON is just around the corner in April. What are some of the things that you're excited about based on the groundswell momentum that this first inaugural CloudNative Security CON is generating from a community, a culture perspective? >> I think this year's going to be very interesting 'cause we have an economic challenge globally. There's all kinds of geopolitical things happening. I think there's going to be very entrepreneurial activity this year more than ever. I think you're going to see a lot more innovative projects ideas hitting the table. I think it's going to be a lot more entrepreneurial just because the cycle we're in. And also I think the acceleration of mainstream deployments of out of the CNCF's main event CUBECON will happen. You'll see a lot more successes, scale, more clarity on where the security holes are or aren't. Where the benefits are. I think containers and microservices are continuing to surge. I think the Cloud scale hyperscale as Amazon, Azure, Google will be more aggressive. I think AI will be a big theme this year. I think you can see how data is going to infect some of the innovation thinking. I'm really excited about the data infrastructure because it powers a lot of things in the Cloud. So I think the Amazon Web Services, Azure next level gen clouds will impact what happens in the CloudNative foundation. >> Did you have any conversations yesterday or today with respect to AI and security? Was that a focus of anybody's? Talk to me about that. >> Well, I didn't hear any sessions on AI but we saw some demos on stage. But they're teasing out that this is an augmentation to their mission, right? So I think a lot of people are looking at AI as, again, like I always said there's the naysayers who think it's kind of a gimmick or nothing to see here, and then some are just going to blown away. I think the people who are alpha geeks and the industry connect the dots and understand that AI is going to be an accelerant to a lot of heavy lifting that was either manual, you know, hard to do things that was boring or muck as they say. I think that's going to be where you'll see the AI stories where it's going to accelerate either ways to make security better or make developers more confident and productive. >> Or both. >> Yeah. So definitely AI will be part of it. Yeah, definitely. One of the things too that I'm wondering if, you know, we talk about CloudNative and the goal of it, the importance of it. Do you think that this event, in terms of what we were able to see, obviously being remote the event going on in Seattle, us being here in Palo Alto and Boston and guests on from Seattle and Germany and all over, did you hear the really the validation for why CloudNative Security why CloudNative is important for organizations whether it's a bank or a hospital or a retailer? Is that validation clear and present? >> Yeah, absolutely. I think it was implied. I don't think there was like anyone's trying to debate that. I think this conference was more of it's assumed and they were really trying to push the ability to make security less defensive, more offensive and more accelerated into the solving the problems with the businesses that are out there. So clearly the CloudNative community understands where the security challenges are and where they're emerging. So having a dedicated event will help address that. And they've got great co-chairs too that put it together. So I think that's very positive. >> Yeah. Do you think, is it possible, I mean, like you said several times today so eloquently the industry's on the defense when it comes to security and the hackers are on the offense. Is it really possible to make that switch or obviously get some balances. As technology advances and industry gets to take advantage of that, so do the hackers, is that balance achievable? >> Absolutely. I mean, I think totally achievable. The question's going to be what's the environment going to be like? And I remember as context to understanding whether it's viable or not, is to look at, just go back 13 years ago, I remember in 2010 Amazon was viewed as an unsecure environment. Everyone's saying, "Oh, the cloud is not secure." And I remember interviewing Steve Schmidt at AWS and we discussed specifically how Amazon Cloud was being leveraged by hackers. They made it more complex for the hackers. And he said, "This is just the beginning." It's kind of like barbed wire on a fence. It's yeah, you're not going to climb it so people can get over it. And so since then what's happened is the Cloud has become more secure than on premises for a lot of either you know, personnel reasons, culture reasons, not updating, you know, from patches to just being insecure to be more insecure. So that to me means that the flip the script can be flipped. >> Yeah. And I think with CloudNative they can build in automation and code to solve some of these problems and make it more complex for the hacker. >> Lisa: Yes. >> And increase the cost. >> Yeah, exactly. Make it more complex. Increase the cost. That'll be in interesting journey to follow. So John, here we are early February, 2023 theCUBE starting out strong as always. What year are we in, 12? Year 12? >> 13th year >> 13! What's next for theCUBE? What's coming up that excites you? >> Well, we're going to do a lot more events. We got the theCUBE in studio that I call theCUBE Center as kind of internal code word, but like, this is more about getting the word out that we can cover events remotely as events are starting to change with hybrid, digital is going to be a big part of that. So I think you're going to see a lot more CUBE on location. We're going to do, still do theCUBE and have theCUBE cover events from the studio to get deeper perspective because we can then bring people in remote through our our studio team. We can bring our CUBE alumni in. We have a corpus of content and experts to bring to table. So I think the coverage will be increased. The expertise and data will be flowing through theCUBE and so Cube Center, CUBE CUBE Studio. >> Lisa: Love it. >> Will be a integral part of our coverage. >> I love that. And we have such great conversations with guests in person, but also virtually, digitally as well. We still get the voices of the practitioners and the customers and the vendors and the partner ecosystem really kind of lauded loud and clear through theCUBE megaphone as I would say. >> And of course getting the clips out there, getting the highlights. >> Yeah. >> Getting more stories. No stories too small for theCUBE. We can make it easy to get the best content. >> The best content. John, it's been fun covering CloudNative security CON with you with you. And Dave and our guests, thank you so much for the opportunity and looking forward to the next event. >> John: All right. We'll see you at Amsterdam. >> Yeah, I'll be there. We want to thank you so much for watching TheCUBES's two day coverage of CloudNative Security CON 23. We're live in Palo Alto. You are live wherever you are and we appreciate your time and your view of this event. For John Furrier, Dave Vellante, I'm Lisa Martin. Thanks for watching guys. We'll see you at the next show.

(upbeat music) >> Hello everyone, welcome back to theCUBE's coverage of Cloud Native SecurityCon North America 2023. Obviously, CUBE's coverage with our CUBE Center Report. We're not there on the ground, but we have folks and our CUBE Alumni there. We have entrepreneurs there. Of course, we want to be there in person, but we're remote. We've got Ben Hirschberg, CTO and Co-Founder of Armo, a cloud native security startup, well positioned in this industry. He's there in Seattle. Ben, thank you for coming on and sharing what's going on with theCUBE. >> Yeah, it's great to be here, John. >> So we had written on you guys up on SiliconANGLE. Congratulations on your momentum and traction. But let's first get into what's going on there on the ground? What are some of the key trends? What's the most important story being told there? What is the vibe? What's the most important story right now? >> So I think, I would like to start here with the I think the most important thing was that I think the event is very successful. Usually, the Cloud Native Security Day usually was part of KubeCon in the previous years and now it became its own conference of its own and really kudos to all the organizers who brought this up in, actually in a short time. And it wasn't really clear how many people will turn up, but at the end, we see a really nice turn up and really great talks and keynotes around here. I think that one of the biggest trends, which haven't started like in this conference, but already we're talking for a while is supply chain. Supply chain is security. I think it's, right now, the biggest trend in the talks, in the keynotes. And I think that we start to see companies, big companies, who are adopting themselves into this direction. There is a clear industry need. There is a clear problem and I think that the cloud native security teams are coming up with tooling around it. I think for right now we see more tools than adoption, but the adoption is always following the tooling. And I think it already proves itself. So we have just a very interesting talk this morning about the OpenSSL vulnerability, which was I think around Halloween, which came out and everyone thought that it's going to be a critical issue for the whole cloud native and internet infrastructure and at the end it turned out to be a lesser problem, but the reason why I think it was understood that to be a lesser problem real soon was that because people started to use (indistinct) store software composition information in the environment so security teams could look into, look up in their systems okay, what, where they're using OpenSSL, which version they are using. It became really soon real clear that this version is not adopted by a wide array of software out there so the tech surface is relatively small and I think it already proved itself that the direction if everyone is talking about. >> Yeah, we agree, we're very bullish on this move from the Cloud Native Foundation CNCF that do the security conference. Amazon Web Services has re:Invent. That's their big show, but they also have re:Inforce, the security show, so clearly they work together. I like the decoupling, very cohesive. But you guys have Kubescape of Kubernetes security. Talk about the conversations that are there and that you're hearing around why there's different event what's different around KubeCon and CloudNativeCon than this Cloud Native SecurityCon. It's not called KubeSucSecCon, it's called Cloud Native SecurityCon. What's the difference? Are people confused? Is it clear? What's the difference between the two shows? What are you hearing? >> So I think that, you know, there is a good question. Okay, where is Cloud Native Computing Foundation came from? Obviously everyone knows that it was somewhat coupled with the adoption of Kubernetes. It was a clear understanding in the industry that there are different efforts where the industry needs to come together without looking be very vendor-specific and try to sort out a lot of issues in order to enable adoption and bring great value and I think that the main difference here between KubeCon and the Cloud Native Security Conference is really the focus, and not just on Kubernetes, but the whole ecosystem behind that. The way we are delivering software, the way we are monitoring software, and all where Kubernetes is only just, you know, maybe the biggest clog in the system, but, you know, just one of the others and it gives great overview of what you have in the whole ecosystem. >> Yeah, I think it's a good call. I would add that what I'm hearing too is that security is so critical to the business model of every company. It's so mainstream. The hackers have a great business model. They make money, their costs are lower than the revenue. So the business of hacking in breaches, ransomware all over the place is so successful that they're playing offense, everyone's playing defense, so it's about time we can get focus to really be faster and more nimble and agile on solving some of these security challenges in open source. So I think that to me is a great focus and so I give total props to the CNC. I call it the event operating system. You got the security group over here decoupled from the main kernel, but they work together. Good call and so this brings back up to some of the things that are going on so I have to ask you, as your startup as a CTO, you guys have the Kubescape platform, how do you guys fit into the landscape and what's different from your tools for Kubernetes environments versus what's out there? >> So I think that our journey is really interesting in the solution space because I think that our mode really tries to understand where security can meet the actual adoption because as you just said, somehow we have to sort out together how security is going to be automated and integrated in its best way. So Kubescape project started as a Kubernetes security posture tool. Just, you know, when people are really early in their adoption of Kubernetes systems, they want to understand whether the installation is is secure, whether the basic configurations are look okay, and giving them instant feedback on that, both in live systems and in the CICD, this is where Kubescape came from. We started as an open source project because we are big believers of open source, of the power of open source security, and I can, you know I think maybe this is my first interview when I can say that Kubescape was accepted to be a CNCF Sandbox project so Armo was actually donating the project to the CNCF, I think, which is a huge milestone and a great way to further the adoption of Kubernetes security and from now on we want to see where the users in Armo and Kubescape project want to see where the users are going, their Kubernetes security journey and help them to automatize, help them to to implement security more fast in the way the developers are using it working. >> Okay, if you don't mind, I want to just get clarification. What's the difference between the Armo platform and Kubescape because you have Kubescape Sandbox project and Armo platform. Could you talk about the differences and interaction? >> Sure, Kubescape is an open source project and Armo platform is actually a managed platform which runs Kubescape in the cloud for you because Kubescape is part, it has several parts. One part is, which is running inside the Kubernetes cluster in the CICD processes of the user, and there is another part which we call the backend where the results are stored and can be analyzed further. So Armo platform gives you managed way to run the backend, but I can tell you that backend is also, will be available within a month or two also for everyone to install on their premises as well, because again, we are an open source company and we are, we want to enable users, so the difference is that Armo platform is a managed platform behind Kubescape. >> How does Kubescape differ from closed proprietary sourced solutions? >> So I can tell you that there are closed proprietary solutions which are very good security solutions, but I think that the main difference, if I had to pick beyond the very specific technicalities is the worldview. The way we see that our user is not the CISO. Our user is not necessarily the security team. From our perspective, the user is the DevOps and the developers who are working on the Kubernetes cluster day to day and we want to enable them to improve their security. So actually our approach is more developer-friendly, if I would need to define it very shortly. >> What does this risk calculation score you guys have in Kubscape? That's come up and we cover that in our story. Can you explain to the folks how that fits in? Is it Kubescape is the platform and what's the benefit, what's the purpose? >> So the risk calculation is actually a score we are giving to clusters in order for the users to understand where they are standing in the general population, how they are faring against a perfect hardened cluster. It is based on the number of different tests we are making. And I don't want to go into, you know, the very specifics of the mathematical functions, but in general it takes into account how many functions are failing, security tests are failing inside your cluster. How many nodes you are having, how many workloads are having, and creating this number which enables you to understand where you are standing in the global, in the world. >> What's the customer value that you guys pitching? What's the pitch for the Armo platform? When you go and talk to a customer, are they like, "We need you." Do they come to you? Is it word of mouth? You guys have a strategy? What's the pitch? What's so appealing to the customers? Why are they enthusiastic about you guys? >> So John, I can tell you, maybe it's not so easy to to say the words, but I nearly 20 years in the industry and though I've been always around cyber and the defense industry and I can tell you that I never had this journey where before where I could say that the the customers are coming to us and not we are pitching to customers. Simply because people want to, this is very easy tool, very very easy to use, very understandable and it very helps the engineers to improve security posture. And they're coming to us and they're saying, "Well, awesome, okay, how we can like use it. Do you have a graphical interface?" And we are pointing them to the Armor platform and they are falling in love and coming to us even more and we can tell you that we have a big number of active users behind the platform itself. >> You know, one of the things that comes up every time at KubeCon and Cloud NativeCon when we're there, and we'll be in Amsterdam, so folks watching, you know, we'll see onsite, developer productivity is like the number one thing everyone talks about and security is so important. It's become by default a blocker or anchor or a drag on productivity. This is big, the things that you're mentioning, easy to use, engineering supporting it, developer adoption, you know we've always said on theCUBE, developers will be the de facto standards bodies by their choices 'cause developers make all the decisions. So if I can go faster and I can have security kind of programmed in, I'm not shifting left, it's just I'm just having security kind of in there. That's the dream state. Is that what you guys are trying to do here? Because that's the nirvana, everyone wants to do that. >> Yeah, I think your definition is like perfect because really we had like this, for a very long time we had this world where we decoupled security teams from developers and even for sometimes from engineering at all and I think for multiple reasons, we are more seeing a big convergence. Security teams are becoming part of the engineering and the engineering becoming part of the security and as you're saying, okay, the day-to-day world of developers are becoming very tangled up in the good way with security, so the think about it that today, one of my developers at Armo is creating a pull request. He's already, code is already scanned by security scanners for to test for different security problems. It's already, you know, before he already gets feedback on his first time where he's sharing his code and if there is an issue, he already can solve it and this is just solving issues much faster, much cheaper, and also you asked me about, you know, the wipe in the conference and we know no one can deny the current economic wipe we have and this also relates to security teams and security teams has to be much more efficient. And one of the things that everyone is talking, okay, we need more automation, we need more, better tooling and I think we are really fitting into this. >> Yeah, and I talked to venture capitalists yesterday and today, an angel investor. Best time for startup is right now and again, open source is driving a lot of value. Ben, it's been great to have you on and sharing with us what's going on on the ground there as well as talking about some of the traction you have. Just final question, how old's the company? How much funding do you have? Where you guys located? Put a plug in for the company. You guys looking to hire? Tell us about the company. Were you guys located? How much capital do you have? >> So, okay, the company's here for three years. We've passed a round last March with Tiger and Hyperwise capitals. We are located, most of the company's located today in Israel in Tel Aviv, but we have like great team also in Ukraine and also great guys are in Europe and right now also Craig Box joined us as an open source VP and he's like right now located in New Zealand, so we are a really global team, which I think it's really helps us to strengthen ourselves. >> Yeah, and I think this is the entrepreneurial equation for the future. It's really great to see that global. We heard that in Priyanka Sharma's keynote. It's a global culture, global community. >> Right. >> And so really, really props you guys. Congratulations on Armo and thanks for coming on theCUBE and sharing insights and expertise and also what's happening on the ground. Appreciate it, Ben, thanks for coming on. >> Thank you, John. >> Okay, cheers. Okay, this is CUB coverage here of the Cloud Native SecurityCon in North America 2023. I'm John Furrier for Lisa Martin, Dave Vellante. We're back with more of wrap up of the event after this short break. (gentle upbeat music)

>>Hello and welcome back to the Cube's coverage of AWS Reinvent 2022. I'm John Furrier, host of the Cube. We got a great conversation with Patrick Kauflin, vice president of Go to Market Strategy and specialization at Splunk. We're talking about the open cybersecurity scheme of framework, also known as the O C sf, a joint strategic collaboration between Splunk and aws. It's got a lot of traction momentum. Patrick, thanks for coming on the cube for reinvent coverage. >>John, great to be here. I'm excited for this. >>You know, I love this open source movement and open source and continues to add value, almost sets the standards. You know, we were talking at the CNCF Linux Foundation this past fall about how standards are coming outta open source. Not so much the the classic standards groups, but you start to see the developers voting with their code groups deciding what to adopt de facto standards and security is a real key part of that where data becomes key for resilience. And this has been the top conversation at reinvent and all around the industry, is how to make data a key part of building into cyber resilience. So I wanna get your thoughts about the problem that you see that's emerging that you guys are solving with this group kind of collaboration around the ocs f >>Yeah, well look, John, I I think, I think you, you've already, you've already hit the high notes there. Data is proliferating across the enterprise. The attack surface area is rapidly expanding. The threat landscape is ever changing. You know, we, we just had a, a lot of scares around open SSL before that we had vulnerabilities and, and Confluence and Atlassian, and you go back to log four J and SolarWinds before that and, and challenges with the supply chain. In this year in particular, we've had a, a huge acceleration in, in concerns and threat vectors around operational technology. In our customer base alone, we saw a huge uptake, you know, and double digit percentage of customers that we're concerned about the traditional vectors like, like ransomware, like business email compromise, phishing, but also from insider threat and others. So you've got this, this highly complex environment where data continues to proliferate and flow through new applications, new infrastructure, new services, driving different types of outcomes in the digitally transformed enterprise of today. >>And, and what happens there is, is our customers, particularly in security, are, are left with having to stitch all of this together. And they're trying to get visibility across multiple different services, infrastructure applications across a number of different point solutions that they've bought to help them protect, defend, detect, and respond better. And it's a massive challenge. And you know, when our, when our customers come to us, they are often looking for ways to drive more consolidation across a variety of different solutions. They're looking to drive better outcomes in terms of speed to detection. How do I detect faster? How do I bind the thing that when bang in the night faster? How do I then fix it quickly? And then how do I layer in some automation so hopefully I don't have to do it again? Now, the challenge there that really OCF Ocsf helps to, to solve is to do that effectively, to detect and to respond at the speed at which attackers are demanding. >>Today we have to have normalization of data across this entire landscape of tools, infrastructure, services. We have to have integration to have visibility, and these tools have to work together. But the biggest barrier to that is often data is stored in different structures and in different formats across different solution providers, across different tools that are, that are, that our customers are using. And that that lack of data, normalization, chokes the integration problem. And so, you know, several years ago, a number of very smart people, and this was, this was a initiative s started by Splunk and AWS came together and said, look, we as an industry have to solve this for our customers. We have to start to shoulder this burden for our customers. We can't, we can't make our customers have to be systems integrators. That's not their job. Our job is to help make this easier for them. And so OCS was born and over the last couple of years we've built out this, this collaboration to not just be AWS and Splunk, but over 50 different organizations, cloud service providers, solution providers in the cybersecurity space have come together and said, let's decide on a single unified schema for how we're gonna represent event data in this industry. And I'm very proud to be here today to say that we've launched it and, and I can't wait to see where we go next. >>Yeah, I mean, this is really compelling. I mean, it's so much packed in that, in that statement, I mean, data normalization, you mentioned chokes, this the, the solution and integration as you call it. But really also it's like data's not just stored in silos. It may not even be available, right? So if you don't have availability of data, that's an important point. Number two, you mentioned supply chain, there's physical supply chain that's coming up big time at reinvent this time as well as in open source, the software supply chain. So you now have the perimeter's been dead for multiple years. We've been talking with that for years, everybody knows that. But now combined with the supply chain problem, both physical and software, there's so much more to go on. And so, you know, the leaders in the industry, they're not sitting on their hands. They know this, but they're just overloaded. So, so how do leaders deal with this right now before we get into the ocs f I wanna just get your thoughts on what's the psychology of the, of the business leader who's facing this landscape? >>Yeah, well, I mean unfortunately too many leaders feel like they have to face these trade offs between, you know, how and where they are really focusing cyber resilience investments in the business. And, and often there is a siloed approach across security, IT developer operations or engineering rather than the ability to kind of drive visibility integration and, and connection of outcomes across those different functions. I mean, the truth is the telemetry that, that you get from an application for application performance monitoring or infrastructure monitoring is often incredibly valuable when there's a security incident and vice versa. Some of the security data that, that you may see in a security operation center can be incredibly valuable in trying to investigate a, a performance degradation in an application and understanding where that may come from. And so what we're seeing is this data layer is collapsing faster than the org charts are or the budget line items are in the enterprise. And so at Splunk here, you know, we believe security resilience is, is fundamentally a data problem. And one of the things that we do often is, is actually help connect the dots for our customers and bring our customers together across the silos they may have internally so that they can start to see a holistic picture of what resilience means for their enterprise and how they can drive faster detection outcomes and more automation coverage. >>You know, we recently had an event called Super Cloud, we're going into the next gen kind of a cloud, how data and security are all kind of part of this NextGen application. It's not just us. And we had a panel that was titled The Innovators Dilemma, kind of talk about you some of the challenges. And one of the panelists said, it's not the innovator's dilemma, it's the integrator's dilemma. And you mentioned that earlier, and I think this a key point right now into integration is so critical, not having the data and putting pieces together now open source is becoming a composability market. And I think having things snap together and work well, it's a platform system conversation, not a tool conversation. So I really wanna get into where the OCS f kind of intersects with this area people are working on. It's not just solution architects or cloud cloud native SREs, especially where DevSecOps is. So this that's right, this intersection is critical. How does Ocsf integrate into that integration of the data making that available to make machine learning and automation smarter and more relevant? >>Right, right. Well look, I mean, I I think that's a fantastic question because, you know, we talk about, we use Bud buzzwords like machine learning and, and AI all the time. And you know, I know they're all over the place here at Reinvent and, and the, there's so much promise and hope out there around these technologies and these innovations. However, machine learning AI is only as effective as the data is clean and normalized. And, and we will not realize the promise of these technologies for outcomes in resilience unless we have better ways to normalize data upstream and better ways to integrate that data to the downstream tools where detection and response is happening. And so Ocsf was really about the industry coming together and saying, this is no longer the job of our customers. We are going to create a unified schema that represents the, an event that we will all bite down on. >>Even some of us are competitors, you know, this is, this is that, that no longer matters because at the point, the point is how do we take this burden off of our customers and how do we make the industry safer together? And so 15 initial members came together along with AWS and Splunk to, to start to create that, that initial schema and standardize it. And if you've ever, you know, if you've ever worked with a bunch of technical grumpy security people, it's kind of hard to drive consensus about around just about anything. But, but I, I'm really happy to see how quickly this, this organization has come together, has open sourced the schema, and, and, and just as you said, like I think this, this unlocks the potential for real innovation that's gonna be required to keep up with the bad guys. But right now is getting stymied and held back by the lack of normalization and the lack of integration. >>I've always said Splunk was a, it eats data for breakfast, lunch, and dinner and turns it into insights. And I think you bring up the silo thing. What's interesting is the cross company sharing, I think this hits point on, so I see this as a valuable opportunity for the industry. What's the traction on that? Because, you know, to succeed it does take a village, it takes a community of security practitioners and, and, and architects and developers to kind of coalesce around this defacto movement has been, has been the uptake been good? How's traction? Can you share your thoughts on how this is translating across companies? >>Yeah, absolutely. I mean, look, I, I think cybersecurity has a, has a long track record of, of, of standards development. There's been some fantastic standards recently. Things like sticks and taxi for threat intelligence. There's been things like the, you know, the Mir attack framework coming outta mi mir and, and, and the adoption, the traction that we've seen with Attack in particular has been amazing to, to watch how that has kind of roared onto the scene in the last couple of years and has become table stakes for how you do security operations and incident response. And, you know, I think with ocs f we're gonna see something similar here, but, you know, we are in literally the first innings of, of this. So right now, you know, we're architecting this into our, into every part of our sort of backend systems here at Polan. I know our our collaborators at AWS and elsewhere are doing it too. >>And so I think it starts with bringing this standard now that the standard exists on a, you know, in schema format and there, there's, you know, confluence and Jira tickets around it, how do we then sort of build this into the code of, of the, the collaborators that have been leading the way on this? And you know, it's not gonna happen overnight, but I think in the coming quarters you'll start to see this schema be the standard across the leaders in this space. Companies like Splunk and AWS and others who are leading the way. And often that's what helps drive adoption of a standard is if you can get the, the big dogs, so to speak, to, to, to embrace it. And, and, you know, there's no bigger one than aws and I think there's no, no more important one than Splunk in the cybersecurity space. And so as we adopt this, we hope others will follow. And, and like I said, we've got over 50 organizations contributing to it today. And so I think we're off to a running >>Start. You know, it's interesting, choking innovation or having things kind of get, get slowed down has really been a problem. We've seen successes recently over the past few years. Like Kubernetes has really unlocked and accelerated the cloud native worlds of runtime with containers to, to kind of have the consensus of the community to say, Hey, if we just do this, it gets better. I think this is really compelling with the o the ocs F because if people can come together around this and get unified as well as all the other official standards, things can go highly accelerated. So I think, I think it looks really good and I think it's great initiative and I really appreciate your insight on that, on, on your relationship with Amazon. Okay. It's not just a partnership, it's a strategic collaboration. Could you share that relationship dynamic, how to start, how's it going, what's strategic about it? Share to the audience kind of the relationship between Splunk and a on this important OCS ocsf initiative. >>Look, I, I mean I think this, this year marks the, the 10th year anniversary that, that Splunk and AWS have been collaborating in a variety of different ways. I, I think our, our companies have a fantastic and, and long standing relationship and we've, we've partnered on a number of really important projects together that bring value obviously to our individual companies, but also to our shared customers. When I think about some of the most important customers at Splunk that I spend a significant amount of time with, I I I know how many of those are, are AWS customers as well, and I know how important AWS is to them. So I think it's, it's a, it's a collaboration that is rooted in, in a respect for each other's technologies and innovation, but also in a recognition that, that our shared customers want to see us work better together over time. And it's not, it's not two companies that have kind of decided in a back room that they should work together. It's actually our customers that are, that are pushing us. And I think we're, we're both very customer centric organizations and I think that has helped us actually be better collaborators and better partners together because we're, we're working back backwards from our customers >>As security becomes a physical and software approach. We've seen the trend where even Steven Schmidt at Amazon Web Services is, is the cso, he is not the CSO anymore. So, and I asked him why, he says, well, security's also physical stuff too. So, so he's that's right. Whole lens is now expanded. You mentioned supply chain, physical, digital, this is an important inflection point. Can you summarize in your mind why open cybersecurity schema for is important? I know the unification, but beyond that, what, why is this so important? Why should people pay attention to this? >>You know, I, if, if you'll let me be just a little abstract in meta for a second. I think what's, what's really meaningful at the highest level about the O C S F initiative, and that goes beyond, I think, the tactical value it will provide to, to organizations and to customers in terms of making them safer over the coming years and, and decades. I think what's more important than that is it's really the, one of the first times that you've seen the industry come together and say, we got a problem. We need to solve. That, you know, doesn't really have anything to do with, with our own economics. Our customers are, are hurt. And yeah, some of us may be competitors, you know, we got different cloud service providers that are participating in this along with aws. We got different cybersecurity solution providers participating in this along with Splunk. >>But, but folks who've come together and say, we can actually solve this problem if, if we're able to kind of put aside our competitive differences in the markets and approach this from the perspective of what's best for information security as a whole. And, and I think that's what I'm most proud of and, and what I hope we can do more of in other places in this industry, because I think that kind of collaboration from real market leaders can actually change markets. It can change the, the, the trend lines in terms of how we are keeping up with the bad guys. And, and I'd like to see a lot more of >>That. And we're seeing a lot more new kind of things emerging in the cloud next kind of this next generation architecture and outcomes are happening. I think it's interesting, you know, we always talk about sustainability, supply chain sustainability about making the earth a better place. But you're hitting on this, this meta point about businesses are under threat of going under. I mean, we want to keep businesses to businesses to be sustainable, not just, you know, the, the environment. So if a business goes outta business business, which they, their threats here are, can be catastrophic for companies. I mean, there is, there is a community responsibility to protect businesses so they can sustain and and stay Yeah. Stay producing. This is a real key point. >>Yeah. Yeah. I mean, look, I think, I think one of the things that, you know, we, we, we complain a lot of in, in cyber security about the lack of, of talent, the talent shortage in cyber security. And every year we kinda, we kind of whack ourselves over the head about how hard it is to bring people into this industry. And it's true. But one of the things that I think we forget, John, is, is how important mission is to so many people in what they do for a living and how they work. And I think one of the things that cybersecurity is strongest in information Security General and has been for decades is this sense of mission and people work in this industry be not because it's, it's, it's always the, the, the most lucrative, but because it, it really drives a sense of safety and security in the enterprises and the fabric of the economy that we use every day to go through our lives. And when I think about the spun customers and AWS customers, I think about the, the different products and tools that power my life and, and we need to secure them. And, and sometimes that means coming to work every day at that company and, and doing your job. And sometimes that means working with others better, faster, and stronger to help drive that level of, of, of maturity and security that this industry >>Needs. It's a human, is a human opportunity, human problem and, and challenge. That's a whole nother segment. The role of the talent and the human machines and with scale. Patrick, thanks so much for sharing the information and the insight on the Open cybersecurity schema frame and what it means and why it's important. Thanks for sharing on the Cube, really appreciate it. >>Thanks for having me, John. >>Okay, this is AWS Reinvent 2022 coverage here on the Cube. I'm John Furry, you're the host. Thanks for watching.

(lively music) >> Good morning. Welcome back to theCUBE's coverage at Supercomputing Conference 2022, live here in Dallas. I'm Dave Nicholson with my co-host Paul Gillin. So far so good, Paul? It's been a fascinating morning Three days in, and a fascinating guest, Ian from AWS. Welcome. >> Thanks, Dave. >> What are we going to talk about? Batch computing, HPC. >> We've got a lot, let's get started. Let's dive right in. >> Yeah, we've got a lot to talk about. I mean, first thing is we recently announced our batch support for EKS. EKS is our Kubernetes, managed Kubernetes offering at AWS. And so batch computing is still a large portion of HPC workloads. While the interactive component is growing, the vast majority of systems are just kind of fire and forget, and we want to run thousands and thousands of nodes in parallel. We want to scale out those workloads. And what's unique about our AWS batch offering, is that we can dynamically scale, based upon the queue depth. And so customers can go from seemingly nothing up to thousands of nodes, and while they're executing their work they're only paying for the instances while they're working. And then as the queue depth starts to drop and the number of jobs waiting in the queue starts to drop, then we start to dynamically scale down those resources. And so it's extremely powerful. We see lots of distributed machine learning, autonomous vehicle simulation, and traditional HPC workloads taking advantage of AWS Batch. >> So when you have a Kubernetes cluster does it have to be located in the same region as the HPC cluster that's going to be doing the batch processing, or does the nature of batch processing mean, in theory, you can move something from here to somewhere relatively far away to do the batch processing? How does that work? 'Cause look, we're walking around here and people are talking about lengths of cables in order to improve performance. So what does that look like when you peel back the cover and you look at it physically, not just logically, AWS is everywhere, but physically, what does that look like? >> Oh, physically, for us, it depends on what the customer's looking for. We have workflows that are all entirely within a single region. And so where they could have a portion of say the traditional HPC workflow, is within that region as well as the batch, and they're saving off the results, say to a shared storage file system like our Amazon FSx for Lustre, or maybe aging that back to an S3 object storage for a little lower cost storage solution. Or you can have customers that have a kind of a multi-region orchestration layer to where they say, "You know what? "I've got a portion of my workflow that occurs "over on the other side of the country "and I replicate my data between the East Coast "and the West Coast just based upon business needs. "And I want to have that available to customers over there. "And so I'll do a portion of it in the East Coast "a portion of it in the West Coast." Or you can think of that even globally. It really depends upon the customer's architecture. >> So is the intersection of Kubernetes with HPC, is this relatively new? I know you're saying you're, you're announcing it. >> It really is. I think we've seen a growing perspective. I mean, Kubernetes has been a long time kind of eating everything, right, in the enterprise space? And now a lot of CIOs in the industrial space are saying, "Why am I using one orchestration layer "to manage my HPC infrastructure and another one "to manage my enterprise infrastructure?" And so there's a growing appreciation that, you know what, why don't we just consolidate on one? And so that's where we've seen a growth of Kubernetes infrastructure and our own managed Kubernetes EKS on AWS. >> Last month you announced a general availability of Trainium, of a chip that's optimized for AI training. Talk about what's special about that chip or what is is customized to the training workloads. >> Yeah, what's unique about the Trainium, is you'll you'll see 40% price performance over any other GPU available in the AWS cloud. And so we've really geared it to be that most price performance of options for our customers. And that's what we like about the silicon team, that we're part of that Annaperna acquisition, is because it really has enabled us to have this differentiation and to not just be innovating at the software level but the entire stack. That Annaperna Labs team develops our network cards, they develop our ARM cards, they developed this Trainium chip. And so that silicon innovation has become a core part of our differentiator from other vendors. And what Trainium allows you to do is perform similar workloads, just at a lower price performance. >> And you also have a chip several years older, called Inferentia- >> Um-hmm. >> Which is for inferencing. What is the difference between, I mean, when would a customer use one versus the other? How would you move the workload? >> What we've seen is customers traditionally have looked for a certain class of machine, more of a compute type that is not as accelerated or as heavy as you would need for Trainium for their inference portion of their workload. So when they do that training they want the really beefy machines that can grind through a lot of data. But when you're doing the inference, it's a little lighter weight. And so it's a different class of machine. And so that's why we've got those two different product lines with the Inferentia being there to support those inference portions of their workflow and the Trainium to be that kind of heavy duty training work. >> And then you advise them on how to migrate their workloads from one to the other? And once the model is trained would they switch to an Inferentia-based instance? >> Definitely, definitely. We help them work through what does that design of that workflow look like? And some customers are very comfortable doing self-service and just kind of building it on their own. Other customers look for a more professional services engagement to say like, "Hey, can you come in and help me work "through how I might modify my workflow to "take full advantage of these resources?" >> The HPC world has been somewhat slower than commercial computing to migrate to the cloud because- >> You're very polite. (panelists all laughing) >> Latency issues, they want to control the workload, they want to, I mean there are even issues with moving large amounts of data back and forth. What do you say to them? I mean what's the argument for ditching the on-prem supercomputer and going all-in on AWS? >> Well, I mean, to be fair, I started at AWS five years ago. And I can tell you when I showed up at Supercomputing, even though I'd been part of this community for many years, they said, "What is AWS doing at Supercomputing?" I know you care, wait, it's Amazon Web Services. You care about the web, can you actually handle supercomputing workloads? Now the thing that very few people appreciated is that yes, we could. Even at that time in 2017, we had customers that were performing HPC workloads. Now that being said, there were some real limitations on what we could perform. And over those past five years, as we've grown as a company, we've started to really eliminate those frictions for customers to migrate their HPC workloads to the AWS cloud. When I started in 2017, we didn't have our elastic fabric adapter, our low-latency interconnect. So customers were stuck with standard TCP/IP. So for their highly demanding open MPI workloads, we just didn't have the latencies to support them. So the jobs didn't run as efficiently as they could. We didn't have Amazon FSx for Lustre, our managed lustre offering for high performant, POSIX-compliant file system, which is kind of the key to a large portion of HPC workloads is you have to have a high-performance file system. We didn't even, I mean, we had about 25 gigs of networking when I started. Now you look at, with our accelerated instances, we've got 400 gigs of networking. So we've really continued to grow across that spectrum and to eliminate a lot of those really, frictions to adoption. I mean, one of the key ones, we had a open source toolkit that was jointly developed by Intel and AWS called CFN Cluster that customers were using to even instantiate their clusters. So, and now we've migrated that all the way to a fully functional supported service at AWS called AWS Parallel Cluster. And so you've seen over those past five years we have had to develop, we've had to grow, we've had to earn the trust of these customers and say come run your workloads on us and we will demonstrate that we can meet your demanding requirements. And at the same time, there's been, I'd say, more of a cultural acceptance. People have gone away from the, again, five years ago, to what are you doing walking around the show, to say, "Okay, I'm not sure I get it. "I need to look at it. "I, okay, I, now, oh, it needs to be a part "of my architecture but the standard questions, "is it secure? "Is it price performant? "How does it compare to my on-prem?" And really culturally, a lot of it is, just getting IT administrators used to, we're not eliminating a whole field, right? We're just upskilling the people that used to rack and stack actual hardware, to now you're learning AWS services and how to operate within that environment. And it's still key to have those people that are really supporting these infrastructures. And so I'd say it's a little bit of a combination of cultural shift over the past five years, to see that cloud is a super important part of HPC workloads, and part of it's been us meeting the the market segment of where we needed to with innovating both at the hardware level and at the software level, which we're going to continue to do. >> You do have an on-prem story though. I mean, you have outposts. We don't hear a lot of talk about outposts lately, but these innovations, like Inferentia, like Trainium, like the networking innovation you're talking about, are these going to make their way into outposts as well? Will that essentially become this supercomputing solution for customers who want to stay on-prem? >> Well, we'll see what the future lies, but we believe that we've got the, as you noted, we've got the hardware, we've got the network, we've got the storage. All those put together gives you a a high-performance computer, right? And whether you want it to be redundant in your local data center or you want it to be accessible via APIs from the AWS cloud, we want to provide that service to you. >> So to be clear, that's not that's not available now, but that is something that could be made available? >> Outposts are available right now, that have this the services that you need. >> All these capabilities? >> Often a move to cloud, an impetus behind it comes from the highest levels in an organization. They're looking at the difference between OpEx versus CapEx. CapEx for a large HPC environment, can be very, very, very high. Are these HPC clusters consumed as an operational expense? Are you essentially renting time, and then a fundamental question, are these multi-tenant environments? Or when you're referring to batches being run in HPC, are these dedicated HPC environments for customers who are running batches against them? When you think about batches, you think of, there are times when batches are being run and there are times when they're not being run. So that would sort of conjure, in the imagination, multi-tenancy, what does that look like? >> Definitely, and that's been, let me start with your second part first is- >> Yeah. That's been a a core area within AWS is we do not see as, okay we're going to, we're going to carve out this super computer and then we're going to allocate that to you. We are going to dynamically allocate multi-tenant resources to you to perform the workloads you need. And especially with the batch environment, we're going to spin up containers on those, and then as the workloads complete we're going to turn those resources over to where they can be utilized by other customers. And so that's where the batch computing component really is powerful, because as you say, you're releasing resources from workloads that you're done with. I can use those for another portion of the workflow for other work. >> Okay, so it makes a huge difference, yeah. >> You mentioned, that five years ago, people couldn't quite believe that AWS was at this conference. Now you've got a booth right out in the center of the action. What kind of questions are you getting? What are people telling you? >> Well, I love being on the show floor. This is like my favorite part is talking to customers and hearing one, what do they love, what do they want more of? Two, what do they wish we were doing that we're not currently doing? And three, what are the friction points that are still exist that, like, how can I make their lives easier? And what we're hearing is, "Can you help me migrate my workloads to the cloud? "Can you give me the information that I need, "both from a price for performance, "for an operational support model, "and really help me be an internal advocate "within my environment to explain "how my resources can be operated proficiently "within the AWS cloud." And a lot of times it's, let's just take your application a subset of your applications and let's benchmark 'em. And really that, AWS, one of the key things is we are a data-driven environment. And so when you take that data and you can help a customer say like, "Let's just not look at hypothetical, "at synthetic benchmarks, let's take "actually the LS-DYNA code that you're running, perhaps. "Let's take the OpenFOAM code that you're running, "that you're running currently "in your on-premises workloads, "and let's run it on AWS cloud "and let's see how it performs." And then we can take that back to your to the decision makers and say, okay, here's the price for performance on AWS, here's what we're currently doing on-premises, how do we think about that? And then that also ties into your earlier question about CapEx versus OpEx. We have models where actual, you can capitalize a longer-term purchase at AWS. So it doesn't have to be, I mean, depending upon the accounting models you want to use, we do have a majority of customers that will stay with that OpEx model, and they like that flexibility of saying, "Okay, spend as you go." We need to have true ups, and make sure that they have insight into what they're doing. I think one of the boogeyman is that, oh, I'm going to spend all my money and I'm not going to know what's available. And so we want to provide the, the cost visibility, the cost controls, to where you feel like, as an HPC administrator you have insight into what your customers are doing and that you have control over that. And so once you kind of take away some of those fears and and give them the information that they need, what you start to see too is, you know what, we really didn't have a lot of those cost visibility and controls with our on-premises hardware. And we've had some customers tell us we had one portion of the workload where this work center was spending thousands of dollars a day. And we went back to them and said, "Hey, we started to show this, "what you were spending on-premises." They went, "Oh, I didn't realize that." And so I think that's part of a cultural thing that, at an HPC, the question was, well on-premises is free. How do you compete with free? And so we need to really change that culturally, to where people see there is no free lunch. You're paying for the resources whether it's on-premises or in the cloud. >> Data scientists don't worry about budgets. >> Wait, on-premises is free? Paul mentioned something that reminded me, you said you were here in 2017, people said AWS, web, what are you even doing here? Now in 2022, you're talking in terms of migrating to cloud. Paul mentioned outposts, let's say that a customer says, "Hey, I'd like you to put "in a thousand-node cluster in this data center "that I happen to own, but from my perspective, "I want to interact with it just like it's "in your data center." In other words, the location doesn't matter. My experience is identical to interacting with AWS in an AWS data center, in a CoLo that works with AWS, but instead it's my physical data center. When we're tracking the percentage of IT that's that is on-prem versus off-prem. What is that? Is that, what I just described, is that cloud? And in five years are you no longer going to be talking about migrating to cloud because people go, "What do you mean migrating to cloud? "What do you even talking about? "What difference does it make?" It's either something that AWS is offering or it's something that someone else is offering. Do you think we'll be at that point in five years, where in this world of virtualization and abstraction, you talked about Kubernetes, we should be there already, thinking in terms of it doesn't matter as long as it meets latency and sovereignty requirements. So that, your prediction, we're all about insights and supercomputing- >> My prediction- >> In five years, will you still be talking about migrating to cloud or will that be something from the past? >> In five years, I still think there will be a component. I think the majority of the assumption will be that things are cloud-native and you start in the cloud and that there are perhaps, an aspect of that, that will be interacting with some sort of an edge device or some sort of an on-premises device. And we hear more and more customers that are saying, "Okay, I can see the future, "I can see that I'm shrinking my footprint." And, you can see them still saying, "I'm not sure how small that beachhead will be, "but right now I want to at least say "that I'm going to operate in that hybrid environment." And so I'd say, again, the pace of this community, I'd say five years we're still going to be talking about migrations, but I'd say the vast majority will be a cloud-native, cloud-first environment. And how do you classify that? That outpost sitting in someone's data center? I'd say we'd still, at least I'll leave that up to the analysts, but I think it would probably come down as cloud spend. >> Great place to end. Ian, you and I now officially have a bet. In five years we're going to come back. My contention is, no we're not going to be talking about it anymore. >> Okay. >> And kids in college are going to be like, "What do you mean cloud, it's all IT, it's all IT." And they won't remember this whole phase of moving to cloud and back and forth. With that, join us in five years to see the result of this mega-bet between Ian and Dave. I'm Dave Nicholson with theCUBE, here at Supercomputing Conference 2022, day three of our coverage with my co-host Paul Gillin. Thanks again for joining us. Stay tuned, after this short break, we'll be back with more action. (lively music)

(upbeat synth intro music) >> Hey everyone and welcome to Detroit, Michigan. theCUBE is live at KubeCon CloudNativeCon, North America 2022. Lisa Martin here with John Furrier. John, this event, the keynote that we got out of a little while ago was, standing room only. The Solutions hall is packed. There's so much buzz. The community is continuing to mature. They're continuing to contribute. One of the big topics is Cloud Native at Scale. >> Yeah, I mean, this is a revolution happening. The developers are coming on board. They will be running companies. Developers, structurally, will be transforming companies with just, they got to get powered somewhere. And, I think, the Cloud Native at Scale speaks to getting everything under the covers, scaling up to support developers. In this next segment, we have two Kube alumnis. We're going to talk about Cloud Native at Scale. Some of the things that need to be there in a unified architecture, should be great. >> All right, it's going to be fantastic. Let's go under the covers here, as John mentioned, two alumni with us, Madhura Maskasky joins us, co-founder of Platform9. Sirish Raghuram, also co-founder of Platform9 joins us. Welcome back to theCUBE. Great to have you guys here at KubeCon on the floor in Detroit. >> Thank you for having us. >> Thank you for having us. >> Excited to be here >> So, talk to us. You guys have some news, Madhura, give us the sneak peak. What's going on? >> Definitely, we are very excited. So, we have John, not too long ago we spoke about our very new open source project called Arlon. And, we were talking about the launch of Arlon in terms of its first release and etcetera. And, just fresh hot of the press, we, Platform9 had its 5.6 release which is its most recent release of our product. And there's a number of key interesting announcements that we'd like to share as part of that. I think, the prominent one is, Platform9 added support for EKS Kubernetes cluster management. And, so, this is part of our vision of being able to add value, no matter where you run your Kubernetes clusters, because, Kubernetes or cluster management, is increasingly becoming commodity. And, so, I think the companies that succeed are going to add value on top, and are going to add value in a way that helps end users, developers, DevOps solve problems that they encounter as they start running these environments, with a lot of scale and a lot of diversity. So, towards that, key features in the 5.6 six release. First, is the very first package release of the product online, which is the open source project that we've kicked off to do cluster and application, entire cluster management at scale. And, then there's few other very interesting capabilities coming out of that. >> I want to just highlight something and then get your thoughts on this next, this release 5.6. First of all, 5.6, it's been around for a while, five reps, but, now, more than ever, you mentioned the application in Ops. You're seeing WebAssembly trends, you're seeing developers getting more and more advanced capability. It's going to accelerate their ability to write code and compose applications. So, you're seeing a application tsunami coming. So, the pressure is okay, they're going to need infrastructure to run all that stuff. And, so, you're seeing more clusters being spun up, more intelligence trying to automate. So you got the automation, so you got the dynamic, the power dynamic of developers and then under the covers. What does 5.6 do to push the mission forward for developers? How would you guys summarize that for people watching? what's in it for them right now? >> So it's, I think going back to what you just said, right, the breadth of applications that people are developing on top of something like Kubernetes and Cloud Native, is always growing. So, it's not just a number of clusters, but also the fact that different applications and different development groups need these clusters to be composed differently. So, a certain version of the application may require some set of build components, add-ons, and operators, and extensions. Whereas, a different application may require something entirely different. And, now, you take this in an enterprise context, right. Like, we had a major media company that worked with us. They have more than 10,000 pods being used by thousands of developers. And, you now think about the breadth of applications, the hundreds of different applications being built. how do you consistently build, and compose, and manage, a large number of communities clusters with a a large variety of extensions that these companies are trying to manage? That's really what I think 5.6 is bringing to the table. >> Scott Johnston just was on here early as the CEO of Docker. He said there's more applications being pushed now than in the history of application development combined. There's more and more apps coming, more and more pressure on the system. >> And, that's where, if you go, there's this famous landscape chart of the CNCF ecosystem technologies. And, the problem that people here have is, how do they put it all together? How do they make sense of it? And, what 5.6 and Arlon and what Platform9 is doing is, it's helping you declaratively capture blueprints of these clusters, using templates, and be able to manage a small number of blueprints that helps you make order out of the chaos of these hundreds of different projects, that are all very interesting and powerful. >> So Project Arlon really helping developers produce the configuration and the deployment complexities of Kubernetes at scale. >> That's exactly right. >> Talk about the, the impact on the business side. Ease of use, what's the benefits for 5.6? What's does it turn into for a benefit standpoint? >> Yeah, I think the biggest benefit, right, is being able to do Cloud Native at Scale faster, and while still keeping a very lean Ops team that is able to spend, let's say 70 plus percent of their time, caring for your actual business bread and butter applications, and not for the infrastructure that serves it, right. If you take the analogy of a restaurant, you don't want to spend 70% of your time in building the appliances or setting up your stoves etcetera. You want to spend 90 plus percent of your time cooking your own meal, because, that is your core key ingredient. But, what happens today in most enterprises is, because, of the level of automation, the level of hands-on available tooling, being there or not being there, majority of the ops time, I would say 50, 70% plus, gets spent in making that kitchen set up and ready, right. And, that is exactly what we are looking to solve, online. >> What would a customer look like, or prospect environment look like that would be really ready for platform9? What, is it more apps being pushed, big push on application development, or is it the toil of like really inefficient infrastructure, or gaps in skills of people? What does an environment look like? So, someone needs to look at their environment and say, okay, maybe I should call platform9. What's it look like? >> So, we generally see customers fall into two ends of the barbell, I would say. One, is the advanced communities users that are running, I would say, typically, 30 or more clusters already. These are the people that already know containers. They know, they've container wise... >> Savvy teams. >> They're savvy teams, a lot of them are out here. And for them, the problem is, how do I manage the complexity at scale? Because, now, the problem is how do I scale us? So, that's one end of the barbell. The other end of the barbell, is, how do we help make Kubernetes accessible to companies that, as what I would call the mainstream enterprise. We're in Detroit in Motown, right, And, we're outside of the echo chamber of the Silicon Valley. Here's the biggest truth, right. For all the progress that we made as a community, less than 20% of applications in the enterprise today are running on Kubernetes. So, what does it take? I would say it's probably less than 10%, okay. And, what does it take, to grow that in order of magnitude? That's the other kind of customer that we really serve, is, because, we have technologies like Kube Word, which helps them take their existing applications and start adopting Kubernetes as a directional roadmap, but, while using the existing applications that they have, without refactoring it. So, I would say those are the two ends of the barbell. The early adopters that are looking for an easier way to adopt Kubernetes as an architectural pattern. And, the advanced savvy users, for whom the problem is, how do they operationally solve the complexity of managing at scale. >> And, what is your differentiation message to both of those different user groups, as you talked about in terms of the number of users of Kubernetes so far? The community groundswell is tremendous, but, there's a lot of opportunity there. You talked about some of the barriers. What's your differentiation? What do you come in saying, this is why Platform9 is the right one for you, in the both of these groups. >> And it's actually a very simple message. We are the simplest and easiest way for a new user that is adopting Kubernetes as an architectural pattern, to get started with existing applications that they have, on the infrastructure that they have. Number one. And, for the savvy teams, our technology helps you operate with greater scale, with constrained operations teams. Especially, with the economy being the way it is, people are not going to get a lot more budget to go hire a lot more people, right. So, that all of them are being asked to do more with less. And, our team, our technology, and our teams, help you do more with less. >> I was talking with Phil Estes last night from AWS. He's here, he is one of their engineer open source advocates. He's always on the ground pumping up AWS. They've had great success, Amazon Web Services, with their EKS. A lot of people adopting clusters on the cloud and on-premises. But Amazon's doing well. You guys have, I think, a relationship with AWS. What's that, If I'm an Amazon customer, how do I get involved with Platform9? What's the hook? Where's the value? What's the product look like? >> Yeah, so, and it kind of goes back towards the point we spoke about, which is, Kubernetes is going to increasingly get commoditized. So, customers are going to find the right home whether it's hyperscalers, EKS, AKS, GKE, or their own infrastructure, to run Kubernetes. And, so, where we want to be at, is, with a project like Arlon, Sirish spoke about the barbell strategy, on one end there is these advanced Kubernetes users, majority of them are running Kubernetes on AKS, right? Because, that was the easiest platform that they found to get started with. So, now, they have a challenge of running these 50 to 100 clusters across various regions of Amazon, across their DevTest, their staging, their production. And, that results in a level of chaos that these DevOps or platform... >> So you come in and solve that. >> That is where we come in and we solve that. And it, you know, Amazon or EKS, doesn't give you tooling to solve that, right. It makes it very easy for you to create those number of clusters. >> Well, even in one hyperscale, let's say AWS, you got regions and locations... >> Exactly >> ...that's kind of a super cloud problem, we're seeing, opportunity problem, and opportunity is that, on Amazon, availability zones is one thing, but, now, also, you got regions. >> That is absolutely right. You're on point John. And the way we solve it, is by using infrastructure as a code, by using GitOps principles, right? Where you define it once, you define it in a yaml file, you define exactly how for your DevTest environment you want your entire infrastructure to look like, including EKS. And then you stamp it out. >> So let me, here's an analogy, I'll throw out this. You guys are like, someone learns how to drive a car, Kubernetes clusters, that's got a couple clusters. Then once they know how to drive a car, you give 'em the sports car. You allow them to stay on Amazon and all of a sudden go completely distributed, Edge, Global. >> I would say that a lot of people that we meet, we feel like they're figuring out how to build a car with the kit tools that they have. And we give them a car that's ready to go and doesn't require them to be trying to... ... they can focus on driving the car, rather than trying to build the car. >> You don't want people to stop, once they get the progressions, they hit that level up on Kubernetes, you guys give them the ability to go much bigger and stronger. >> That's right. >> To accelerate that applications. >> Building a car gets old for people at a certain point in time, and they really want to focus on is driving it and enjoying it. >> And we got four right behind us, so, we'll get them involved. So that's... >> But, you're not reinventing the wheel. >> We're not at all, because, what we are building is two very, very differentiated solutions, right. One, is, we're the simplest and easiest way to build and run Cloud Native private clouds. And, this is where the operational complexity of trying to do it yourself. You really have to be a car builder, to be able to do this with our Platform9. This is what we do uniquely that nobody else does well. And, the other end is, we help you operate at scale, in the hyperscalers, right. Those are the two problems that I feel, whether you're on-prem, or in the cloud, these are the two problems people face. How do you run a private cloud more easily, more efficiently? And, how do you govern at scale, especially in the public clouds? >> I want to get to two more points before we run out of time. Arlon and Argo CD as a service. We previously mentioned up coming into KubeCon, but, here, you guys couldn't be more relevant, 'cause Intuit was on stage on the keynote, getting an award for their work. You know, Argo, it comes from Intuit. That ArgoCon was in Mountain View. You guys were involved in that. You guys were at the center of all this super cloud action, if you will, or open source. How does Arlon fit into the Argo extension? What is Argo CD as a service? Who's going to take that one? I want to get that out there, because, Arlon has been talked about a lot. What's the update? >> I can talk about it. So, one of the things that Arlon uses behind the scenes, is it uses Argo CD, open source Argo CD as a service, as its key component to do the continuous deployment portion of its entire, the infrastructure management story, right. So, we have been very strongly partnering with Argo CD. We, really know and respect the Intuit team a lot. We, as part of this effort, in 5.6 release, we've also put out Argo CD as a service, in its GA version, right. Because, the power of running Arlon along with Argo CD as a service, in our mind, is enabling you to run on one end, your infrastructure as a scale, through GitOps, and infrastructure as a code practices. And on the other end, your entire application fleet, at scale, right. And, just marrying the two, really gives you the ability to perform that automation that we spoke about. >> But, and avoid the problem of sprawl when you have distributed teams, you have now things being bolted on, more apps coming out. So, this is really solves that problem, mainly. >> That is exactly right. And if you think of it, the way those problems are solved today, is, kind of in disconnected fashion, which is on one end you have your CI/CD tools, like Argo CD is an excellent one. There's some other choices, which are managed by a separate team to automate your application delivery. But, that team, is disconnected from the team that does the infrastructure management. And the infrastructure management is typically done through a bunch of Terraform scripts, or a bunch of ad hoc homegrown scripts, which are very difficult to manage. >> So, Arlon changes sure, as they change the complexity and also the sprawl. But, that's also how companies can die. They're growing fast, they're adding more capability. That's what trouble starts, right? >> I think in two ways, right. Like one is, as Madhura said, I think one of the common long-standing problems we've had, is, how do infrastructure and application teams communicate and work together, right. And, you've seen Argo's really get adopted by the application teams, but, it's now something that we are making accessible for the infrastructure teams to also bring the best practices of how application teams are managing applications. You can now use that to manage infrastructure, right. And, what that's going to do is, help you ultimately reduce waste, reduce inefficiency, and improve the developer experience. Because, that's what it's all about, ultimately. >> And, I know that you just released 5.6 today, congratulations on that. Any customer feedback yet? Any, any customers that you've been able to talk to, or have early access? >> Yeah, one of our large customers is a large SaaS retail company that is B2C SaaS. And, their feedback has been that this, basically, helps them bring exactly what I said in terms of bring some of the best practices that they wanted to adopt in the application space, down to the infrastructure management teams, right. And, we are also hearing a lot of customers, that I would say, large scale public cloud users, saying, they're really struggling with the complexity of how to tame the complexity of navigating that landscape and making it consumable for organizations that have thousands of developers or more. And that's been the feedback, is that this is the first open source standard mechanism that allows them to kind of reuse something, as opposed to everybody feels like they've had to build ad hoc solutions to solve this problem so far. >> Having a unified infrastructure is great. My final question, for me, before I end up, for Lisa to ask her last question is, if you had to explain Platform9, why you're relevant and cool today, what would you say? >> If I take that? I would say that the reason why Platform9, the reason why we exist, is, putting together a cloud, a hybrid cloud strategy for an enterprise today, historically, has required a lot of DIY, a lot of building your own car. Before you can drive a car, or you can enjoy the car, you really learn to build and operate the car. And that's great for maybe a 100 tech companies of the world, but, for the next 10,000 or 50,000 enterprises, they want to be able to consume a car. And that's why Platform9 exists, is, we are the only company that makes this delightfully simple and easy for companies that have a hybrid cloud strategy. >> Why you cool and relevant? How would you say it? >> Yeah, I think as Kubernetes becomes mainstream, as containers have become mainstream, I think automation at scale with ease, is going to be the key. And that's exactly what we help solve. Automation at scale and with ease. >> With ease and that differentiation. Guys, thank you so much for joining me. Last question, I guess, Madhura, for you, is, where can Devs go to learn more about 5.6 and get their hands on it? >> Absolutely. Go to platform9.com. There is info about 5.6 release, there's a press release, there's a link to it right on the website. And, if they want to learn about Arlon, it's an open source GitHub project. Go to GitHub and find out more about it. >> Excellent guys, thanks again for sharing what you're doing to really deliver Cloud Native at Scale in a differentiated way that adds ostensible value to your customers. John, and I, appreciate your insights and your time. >> Thank you for having us. >> Thanks so much >> Our pleasure. For our guests and John Furrier, I'm Lisa Martin. You're watching theCUBE Live from Detroit, Michigan at KubeCon CloudNativeCon 2022. Stick around, John and I will be back with our next guest. Just a minute. (light synth outro music)

(soft music) >> Welcome back to Chicago guys and gals. Lisa Martin here with John Furrier. We have been covering Ansible Fest '22 for the last two days. This is our show wrap. We're going to leave you with some great insights into the things that we were able to dissect over the last two days. John, this has been an action packed two days. A lot of excitement, a lot of momentum. Good to be back in person. >> It's great to be back in person. It was the first time for you to do Ansible Fest. >> Yes. >> My first one was 2019 in person. That's the last time they had an event in person. So again, it's a very chill environment here, but it's content packed, great active loyal community and is growing. It's changing. Ansible now owned by Red Hat, and now Red Hat owned by IBM. Kind of see some game changing kind of movements here on the chess board, so to speak, in the industry. Ansible has always been a great product. It started in open source. It evolved configuration management configuring servers, networks. You know, really the nuts and bolts of IT. And became a fan favorite mainly because it was built by the fans and I think that never stopped. And I think you started to see an opportunity for Ansible to be not only just a, I won't say niche product or niche kind of use case to being the overall capabilities for large scale enterprise system architectures, system management. So it's very interesting. I mean I find it fascinating how, how it stays relevant and cool and continues to power through a massive shift >> A massive shift. They've done a great job though since the inception and through the acquisition of being still community first. You know, we talked a lot yesterday and today about helping organizations become automation first that Ansible has really stayed true to its roots in being community first, community driven and really that community flywheel was something that was very obvious the last couple of days. >> Yeah, I mean the community thing is is is their production system. I mean if you look at Red Hat, their open source, Ansible started open source, good that they're together. But what people may or may not know about Ansible is that they build their product from the community. So the community actually makes the suggestions. Ansible's just in listening modes. So when you have a system that's that efficient where you have direct working backwards from the customer like that, it's very efficient. Now, as a product manager you might want to worry about scope creep, but at the end of the day they do a good job of democratizing that process. So again, very strong product production system with open source, very relevant, solves the right problems. But this year the big story to me is the cultural shift of Ansible's relevance. And I think with multicloud on the horizon, operations is the new kind of developer kind of ground. DevOps has been around for a while. That's now shifted up to the developer themselves, the cloud native developer. But at cloud scale and hybrid computing, it's about the operations. It's about the data and the security. All of it's about the data. So to me there's a new ops configuration operating model that you're seeing people use, SRE and DevOps. That's the new culture, and the persona's changing. The operator of a large scale enterprise is going to be a lot different than it was past five, 10 years. So major cultural shift, and I think this community's going to step up to that position and fill that role. >> They seem to be having a lot of success meeting people where they are, meeting the demographics, delivering on how their community wants to work, how they want to collaborate. But yesterday you talked about operations. We talked a lot about Ops as code. Talk about what does that mean from your perspective, and what did you hear from our guests on the program with respect that being viable? >> Well great, that's a great point. Ops as code is the kind of their next layer of progression. Infrastructure is code. Configuration is code. Operations is code. To me that means running the company as software. So software influencing how operators, usually hardware in the past. Now it's infrastructure and software going to run things. So ops as code's, the next progression in how people are going to manage it. And I think most people think of that as enterprises get larger, when they hear words like SRE, which stands for Site Reliable Engineer. That came out of Google, and Google had all these servers that ran the search engine and at scale. And so one person managed boatload of servers and that was efficient. It was like a multiple 10x engineer, they used to call it. So that that was unique to Google but not everyone's Google. So it became language or parlance for someone who's running infrastructure but not everyone's that scale. So scale is a big issue. Ops as code is about scale and having that program ability as an operator. That's what Ops as code is. And that to me is a sign of where the scale meets the automation. Large scale is hard to do. Automating at large scale is even harder. So that's where Ansible fits in with their new automation platform. And you're seeing new things like signing code, making sure it's trusted and verified. So that's the software supply chain issue. So they're getting into the world where software, open source, automation are all happening at scale. So to me that's a huge concept of Ops as code. It's going to be very relevant, kind of the next gen positioning. >> Let's switch gears and talk about the partner ecosystem. We had Stefanie Chiras on yesterday, one of our longtime theCUBE alumni, talking about what they're doing with AWS in the marketplace. What was your take on that, and what's the "what's in it for me" for both Red Hat, Ansible and AWS? >> Yeah, so the big news on the automation platform was one. The other big news I thought was really, I won't say watered down, but it seems small but it's not. It's the Amazon Web Services relationship with Red Hat, now Ansible, where Ansible's now a product in AWS's marketplace. AWS marketplace is kind of hanging around. It's a catalog right now. It's not the most advanced technical system in the world, and it does over 2 billion plus revenue transactions. So even if it's just sitting there as a large marketplace, that's already doing massive amounts of disruption in the procurement, how software is bought. So we interviewed them in the past, and they're innovating on that. They're going to make that a real great platform. But the fact that Ansible's in the marketplace means that their sales are going to go up, number one. Number two, that means customers can consume it simply by clicking a button on their Amazon bill. That means they don't have to do anything. It's like getting a PO for free. It's like, hey, I'm going to buy Ansible, click, click, click. And then by the way, draw that down from their commitment to AWS. So that means Amazon's going into business with Ansible, and that is a huge revenue thing for Ansible, but also an operational efficiency thing that gives them more of an advantage over the competition. >> Talk what's in it for me as a customer. At Red Hat Summit a few months ago they announced similar partnership with Azure. Now we're talking about AWS. Customers are living in this hybrid cloud world, often by default. We're going to see that proliferate. What do you think this means for customers in terms of being able to- >> In the marketplace deal or Ansible? >> Yeah, the marketplace deal, but also what Red Hat and Ansible are doing with the hyperscalers to enable customers to live successfully in the hyper hybrid cloud world. >> It's just in the roots of the company. They give them the choice to consume the product on clouds that they like. So we're seeing a lot of clients that have standardized on AWS with their dev teams but also have productivity software on Azure. So you have the large enterprises, they sit on both clouds. So you know, Ansible, the customer wants to use Ansible anyway, they want that to happen. So it's a natural thing for them to work anywhere. I call that the Switzerland strategy. They'll play with all the clouds. Even though the clouds are fighting against each other, and they have to to differentiate, there's still going to be some common services. I think Ansible fits this shim layer between clouds but also a bolt on. Now that's a really a double win for them. They can bolt on to the cloud, Azure and bolt on to AWS and Google, and also be a shim layer technically in clouds as well. So there's two technical advantages to that strategy >> Can Ansible be a facilitator of hybrid cloud infrastructure for organizations, or a catalyst? >> I think it's going to be a gateway on ramp or gateway to multicloud or supercloud, as we call it, because Ansible's in that configuration layer. So you know, it's interesting to hear the IBM research story, which we're going to get to in a second around how they're doing the AI for Ansible with that wisdom project. But the idea of configuring stuff on the fly is really a concept that's needed for multicloud 'Cause programs don't want to have to configure anything. (he laughs) So standing up an application to run on Azure that's on AWS that spans both clouds, you're going to need to have that automation, and I think this is an opportunity whether they can get it or not, we'll see. I think Red Hat is probably angling on that hard, and I can see them kind of going there and some of the commentary kind of connects the dots for that. >> Let's dig into some of news that came out today. You just alluded to this. IBM research, we had on with Red Hat. Talk about what they call project wisdom, the value in that, what it also means for for Red Hat and IBM working together very synergistically. >> I mean, I think the project wisdom is an interesting dynamic because you got the confluence of the organic community of Ansible partnering with a research institution of IBM research. And I think that combination of practitioners and research groups is going to map itself out to academic and then you're going to see this kind of collaboration going forward. So I think it's a very nuanced story, but the impact to me is very clear that this is the new power brokers in the tech industry, because researchers have a lot of muscle in terms of deep research in the academic area, and the practitioners are the ones who are actually doing it. So when you bring those two forces together, that pretty much trumps any kind of standards bodies or anything else. So I think that's a huge signaling benefit to Ansible and Red Hat. I think that's an influence of Red Hat being bought by IBM. But the project itself is really amazing. It's taking AI and bringing it to Ansible, so you can do automated configurations. So for people who don't know how to code they can actually just automate stuff and know the process. I don't need to be a coder, I can just use the AI to do that. That's a low code, no code dynamic. That kind of helps with skill gaps, because I need to hire someone to do that. Today if I want to automate something, and I don't know how to code, I've got to get someone who codes. Here I can just do it and automate it. So if that continues to progress the way they want it to, that could literally be a game changer, 'cause now you have software configuring machines and that's pretty badass in my opinion. So that thought that was pretty cool. And again it's just an evolution of how AI is becoming more relevant. And I think it's directionally correct, and we'll see how it goes. >> And they also talked about we're nearing an inflection point in AI. You agree? >> Yeah I think AI is at an inflection point because it just falls short on the scale side. You see it with chatbots, NLP. You see what Amazon's doing. They're building these models. I think we're one step away from model scaling. I think the building the models is going to be one of these things where you're going to start to see marketplace and models and you start to composability of AI. That's where it's going to get very interesting to see which cloud is the best AI scale. So I think AI at scale's coming, and that's going to be something to watch really closely. >> Something exciting. Another thing that was big news today was the event driven Ansible. Talk about that, and that's something they've been working on in conjunction with the community for quite a while. They were very proud of that release and what that's going to enable organizations to do. >> Well I think that's more meat on the bone on the AI side 'cause in the big trend right now is MLAI ops. You hear that a lot. Oh, data ops or AI ops. What event driven automation does is allows you to take things that are going on in your world, infrastructure, triggers, alarms, notifications, data pipelining flows, things that go on in the plumbing of infrastructure. are being monitored and observed. So when events happen they trigger events. You want to stream something, you send a trigger and things happen. So these are called events. Events are wide ranging number of events. Kafka streaming for data. You got anything that produces data is an event. So harnessing that data into a pipeline is huge. So doing that at scale, that's where I think that product's a home run, and I think that's going to be a very valuable product, 'cause once you understand what the event triggers are, you then can automate that, and no humans involved. So that will save a lot of time for people in the the higher pay grade of MLAI ops automate some of that low level plumbing. They move their skill set to something more valuable or more impactful. >> And we talked about, speaking of impact, we talked about a lot of the business impact that organizations across industries are going to be able to likely achieve by using that. >> Yeah, I mean I think that you're going to see the community fill the gap on that. I mean the big part about all this is that their community builds the product and they have the the playbooks and they're shareable and they're reusable. So we produce content as a media company. They'd talk about content as is playbooks and documentation for people to use. So reuse and and reusing these playbooks is a huge part of it. So as they build up these catalogs and these playbooks and rules, it gets better by the community. So it's going to be interesting to see the adoption. That's going to be a big tell sign for what's going to happen. >> Yep, we get definitely are going to be watching that space. And the last thing, we got to talk to a couple of customers. We talked to Wells Fargo who says "We are a tech company that does banking," which I loved. We got to talk with Rockwell Automation. What are some of your takeaways from how the customers are leveraging Ansible and the technology to drive their businesses forward to meet demanding customers where they are? >> I think you're seeing the script flipping a little bit here, where the folks that used to use Ansible for configuration are flipping to be on the front edge of the innovation strategy where what process to automate is going to drive the profitability and scale. Cause you're talking about things like skill gaps, workflows. These are business constructs and people These are assets so they have economic value. So before it was just, IT serve the business, configure some servers, do some stuff. When you start getting into automation where you have expertise around what this means, that's economic value. So I think you're going to see the personas change significantly in this community where they're on the front lines, kind of like developers are. That's why ops as code is to me a developer kind of vibe. That's going to completely change how operations runs in IT. And I think that's going to be a very interesting cultural shift. And some will make it, some won't. That's going to be a big thing. Some people say, I'm going to retire. I'm old school storage server person, or no, I'm the new guard. I'm going to be the new team. I'm going be on the right side of history here. So they're clearly going down that right path in my opinion. >> What's your overall summary in the last minute of what this event delivered the last couple of days in terms of really talking about the transformation of enterprises and industries through automation? >> I think the big takeaway from me in listening and reading the tea leaves was the Ansible company and staff and the community together. It was really a call for arms. Like, hey, we've had it right from the beginning. We're on the right wave and the wave's getting bigger. So expand your scope, uplevel your skills. They're on the right side of history. And I think the message was engage more. Bring more people in because it is open source, and if they are on that track, you're going to see more of hey, we got it right, let's continue. So they got platform release. They got the key products coming out after years of work. So you know, they're doing their work. And the message I heard was, it's bigger than we thought. So I think that's interesting. We'll see what that means. We're going to unpack that after the event in series of showcases. But yeah, it was very positive, I thought. Very positive. >> Yeah, I think there was definitely some surprises in there for them. John, thank you so much. It's been a pleasure co-hosting with you the last couple of days, really uncovering what Ansible is doing, what they're enabling customers in every industry to achieve. >> Been fun. >> Yes. All right for my co-host, John Furrier, I'm Lisa Martin. You've been watching theCUBE's coverage of Ansible Fest 2022 live from Chicago. We hope you take good care and we'll see you soon.

>> The past 2 1/2 years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This we know. This had several ripple effects on CSO and CIO strategies that were highly visible at the Board of Directors' level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized. Protection, as a result, moved away from things like perimeter-based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerged as a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies, and more specifically, CIOs quickly realized that their business resilience strategies were too narrowly DR-focused, that their DR approach was not cost efficient and needed to be modernized, and that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello, and welcome to "Why Ransomware isn't Your Only Problem," a service of theCUBE made possible by Druva, and in collaboration with IDC. I'm your host, Dave Vellante, and today, we're presenting a three-part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face in today's new world. IDC Research Vice President Phil Goodwin is here to share the highlights of the study and to summarize the findings from a recent research report on the topic. After that, we're going to hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically, and data protection, generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at Druva, Stephen Manley and Anjan Srinivas. Stephen is a 10-time CUBE alum and Chief Technology Officer at Druva, and Anjan is Vice President and General Manager of Product Management at the company. And these individuals will specifically address how Druva is closing the gaps presented in the IDC survey through their product innovation. But right now I'm going to toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. (upbeat music) >> Bill Goodwin joins me next, the VP of Research at IDC. We're going to be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on theCUBE. >> Hey, Lisa, it's great to be here with you. >> So talk to me about the state of the global IT landscape as we see cyberattacks massively increasing, the threat landscape changing so much. What is IDC seeing? >> You know, you really hit the top topic that we find from IT organizations as well as business organizations. And really, it's that digital resilience, that ransomware that has everybody's attention, and it has the attention, not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also has accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty, and this is relatively new for 2022, but within IDC we've been doing a lot of research around what are those impacts going to be? And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to have the scale up or scale down on demand nature of cloud. So those are, in a nutshell, kind of the three things that people are looking at. >> You mentioned ransomware. It's a topic we've been talking about a lot. It's a household word these days. It's now, Phil, no longer if we're going to get attacked, it's when, it's how often, it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite, and what are they trying to do to become resilient against it? >> Well, what some of the research that we did is we found that about 77% of organizations have digital resilience as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping them awake at night, quite honestly. If you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data. >> And digital resilience, data resilience, as every company these days has to be a data company to be competitive. Digital resilience, data resilience, are you using those terms interchangeably or is data resilience defined as something a little bit different? >> Well, sometimes yeah, we do get caught using them when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself in the context of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You can't have IT resilience without data resilience. So that's where we're coming from on it. >> Inextricably linked, and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >> Well, one of the biggest is what you mentioned at the top of the segment, and that is the area of ransomware. The research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally, being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to defend against these ransomers. The other thing about it is it's really a lot like Whac-A-Mole, you know. They attack us in one area and we defend against it so they attack us in another area, and we defend against it. And in fact, I had an individual come up to me at a show not long ago and said, "You know, one of these days we're going to get pretty well defended against ransomware and it's going to go away." And I responded I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't going to just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that is here for the long term and something that we have to address and have to get proactive about. >> You mentioned some stats there, and recently IDC and Druva did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concerning ransomware? >> Yeah, this was a worldwide study. It was sponsored by Druva and conducted by IDC as an independent study. And what we did, we surveyed 500, it was a little over 500 different individuals across the globe in North America, select countries in Western Europe, as well as several in Asia Pacific. And we did it across industries there were 20 different industries represented, they're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of infrastructure, you know, managers of data centers, things like that. And the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they get attacked. Some of the statistics that we learned from this, Lisa, include 83% of organizations believe, or told us that they have a playbook that they have for ransomware. I think 93% said that they have a high degree, or a high or very high degree of confidence in their recovery tools and are fully automated. And yet, when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than 1/3 of organizations were able to fully recover their data without paying the ransom, and some 2/3 actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't necessarily to be trusted, and so the software that they provide sometimes is fully recovered, sometimes it's not. So you look at that and you go, wow. On the one hand, people think they're really, really prepared, and on the other hand, the results are absolutely horrible. You know, 2/3 of people having to pay the ransom. So you start to ask yourself, well, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. "Everybody has a plan until they get punched in the mouth." And I think that's kind of what happens with ransomware. You think you know what you're doing. You think you're ready, based on the information you have. And these people are smart people, and they're professionals, but oftentimes, you don't know what you don't know. And like I said, the bad guys are always dreaming up new ways to attack us. And so, I think, for that reason, a lot of these have been successful. So that was kind of the key finding to me and kind of the aha moment really in this whole thing, Lisa. >> That's a massive disconnect with the vast majority saying, "We have a cyber recovery playbook," yet nearly 1/2 being the victims of ransomware in the last three years, and then 1/2 of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience, data resilience? As we said, this is a matter of this is going to happen, just a matter of when and how often. >> It is a matter, yeah, as you said, it's not if, when, or how often, it's really how badly. So I think what organizations are really doing now is starting to turn more to cloud-based services, you know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of scanning, in terms of analysis, and so forth. So they're turning to professionals in the cloud much more, in order to get that breadth of experience, and to take advantage of cloud-based services that are out there. >> Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why is IDC seeing this big shift to cloud where data resilience is concerned? >> Well, the first and foremost is the economics of it. You know, you can have on-demand resources. In the old days, when we had disaster recoveries where we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If you're financial services, it might even be triple the infrastructure. It was very complicated, very difficult. By going to the cloud, organizations can subscribe to disaster recovery as a service. And increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources, to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that organizations think they're ready, but then all of a sudden they get hit, and all of a sudden they have to engage with outside consultants, or they have to bring in other experts, and that extends the time to recover that they have and it also complicates it. So if they have those resources in place, then they can simply turn them on, engage them, and get that recovery going as quickly as possible. >> So what do you think the big issue here is? Is it that these IPT practitioners, over 500 that you surveyed across 20 industries, this a global survey, do they they not know what they don't know? What's the overlying issue here? >> Yeah, I think that's right. You don't know what you don't know, and until you get into a specific attack, you know, there are so many different ways that organizations can be attacked. And, in fact, from this research that we found is that, in many cases, data exfiltration exceeds data corruption by about 50%. But when you think about that, the issue is, once I have your data, what are you going to do? I mean, there's no amount of recovery that is going to help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web, or whatever, or simply saying no, and taking their chances. So best practice things like encryption, immutability, things like that that organizations can put into place. Certainly air gaps, having a solid backup foundation to where data is, you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place, really as a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >> Given some of the disconnect that you articulated, the stats that show so many think we are prepared, we've got a playbook, yet so many are being attacked, the vulnerabilities as the landscape, threat landscape, just gets more and more amorphous. What do you recommend organizations do? You talked to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry, we are vulnerable, this is going to happen. We've got to make sure that we are truly resilient and proactive? >> Yes, and in fact, what we found from this research is in more than 1/2 of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the consequences of ransomware, it's not just the ransom, it's the lost productivity, it's the loss of revenue. It's the loss of customer faith and goodwill, and organizations that have been attacked have suffered those consequences, and many of them are permanent. So people at the board level, whether it's the CEO, the CFO, the CIO, the CSO, you know, whoever it is, they're extremely concerned about these. And I can tell you, they are fully engaged in addressing those issues within their organization. >> So all the way at the top, and critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education. We've just seen a big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business, it's very profitable. But what is IDC's prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and SaaS-based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they really actually have a functioning playbook? >> I don't know if we'll ever get to the point where the C-suite is not involved. It's probably very important to have that level of executive sponsorship. But what we are seeing is, in fact, we predict that by 2025, 55% of organizations will have shifted to a cloud-centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and at the edge, and that's really where the growth is. So being able to take that cloud-centric model and take advantage of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily, and to be able to take that cloud-centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >> Got it, we're just cracking the surface here, Phil. I wish we had more time, but I had a chance to read the Druva-sponsored IDC white paper. Fascinating finds. I encourage all of you to download that, take a read. You're going to learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining me. >> No problem. Thank you, Lisa. >> In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin, and you are watching theCUBE, the leader in live tech coverage. >> We live in a world of infinite data. Sprawling, dispersed, valuable, but also vulnerable. So how do organizations achieve data resiliency when faced with ever expanding workloads, increasing security threats, and intensified regulations? Unfortunately, the answer often boils down to what flavor of complexity do you like best? The common patchwork approaches are expensive, convoluted, and difficult to manage. There's multiple software and hardware vendors to worry about, different deployments for workloads running on-premises or in the cloud. And an inconsistent security framework resulting in enterprises maintaining four to five copies of the same data, increasing costs and risk, building to an incoherent mess of complications. Now, imagine a world free from these complexities. Welcome to the the Druva Data Resiliency Cloud, where full data protection and beautiful simplicity converge. No hardware, no upgrades, no management, just total data resilience. With just a few clicks, you can get started integrating all of your data resiliency workflows in minutes. Through a true cloud experience built on Amazon Web Services, the Druva platform automates and manages critical daily tasks, giving you time to focus on your business. In other words, get simplicity, scalability, and security instantly. With the Druva Data Resiliency Cloud, your data isn't just backed up, it's ready to be used 24/7 to meet compliance needs and to extract critical insights. You can archive data for long-term retention, be protected against device failure and natural disasters, and recover from ransomware lightning fast. Druva is trusted with billions of backups annually by thousands of enterprises, including more than 60 of the Fortune 500, costing up to 50% less than the convoluted hardware, software, and appliance solutions. As data grows and becomes more critical to your business advantage, a data resiliency plan is vital, but it shouldn't be complicated. Druva makes it simple. (upbeat music) (mouse clicks) >> Welcome back, everyone, to theCUBE and the Druva special presentation of "Why Ransomware isn't Your Only Problem." I'm John Furrier, host of theCUBE. We're here with W Curtis Preston, Curtis Preston, as he's known in the industry, Chief Technical Evangelist at Druva. Curtis, great to see you. We're here at "Why Ransomware isn't Your Only Problem." Great to see you, thanks for coming on. >> Happy to be here. >> So we always see each other at events now events are back. So it's great to have you here for this special presentation. The white paper from IDC really talks about this in detail. I'd like to get your thoughts, and I'd like you to reflect on the analysis that we've been covering here in this survey data, how it lines up with the real world that you're seeing out there. >> Yeah, I think it's, the survey results really, I'd like to say, I'd like to say that they surprised me, but unfortunately, they didn't. The data protection world has been this way for a while where there's this difference in belief, or difference between the belief and the reality. And what we see is that there are a number of organizations that have been hit, successfully hit by ransomware, paid the ransom and/or lost data, and yet the same people that were surveyed, they had high degrees of confidence in their backup system. And, you know, I could probably go on for an hour as to the various reasons why that would be the case, but I think that this long running problem that as long as I've been associated with backups, which, you know, has been a while, it's that problem of, you know, nobody wants to be the backup person. And people often just, they don't want to have anything to do with the backup system, and so it sort of exists in this vacuum. And so then management is like, "Oh, the backup system's great," because the backup person often, you know, might say that it's great because maybe it's their job to say so. But the reality has always been very, very different. >> It's funny, you know. "We're good, boss, we got this covered." >> Yeah, it's all good, it's all good. >> And the fingers crossed, right? So again, this is the reality, and as it becomes backup and recovery, which we've talked about many times on theCUBE, certainly we have with you before, but now with ransomware, also, the other thing is people get ransomware hit multiple times. So it's not only like they get hit once, so, you know, this is a constant chasing the tail on some ends, but there are some tools out there, You guys have a solution, and so let's get into that. You know, you have had hands-on backup experience. What are the points that surprise you the most about what's going on in this world and the realities of how people should be going forward? What's your take? >> Well, I would say that the one part in the survey that surprised me the most was people that had a huge, you know, there was a huge percentage of people that said that they had, you know, a ransomware response, you know, and readiness program. And you look at that, and how could you be, you know, that high a percentage of people be comfortable with their ransomware readiness program, which includes a number of things, right? There's the cyberattack aspect of responding to a ransomware attack, and then there's the recovery aspect. And so you believe that your company was ready for that, and then you go, and I think it was 67% of the people in the survey paid the ransom, which as a person who, you know, has spent my entire career trying to help people successfully recover their data, that number, I think, just hurt me the most is that because, you talked about re-infections. The surest way to guarantee that you get re-attacked and reinfected is to pay the ransom. This goes back all the way to ransom since the beginning of time, right? Everyone knows if you pay the blackmail, all you're telling people is that you pay blackmail. >> You're in business, you're a good customer >> Yeah, yeah, exactly. >> for ransomware. >> Yeah, so the fact that, you know, 60, what, 2/3 of the people that were attacked by ransomware paid the ransom. That one statistic just hurt my heart. >> Yeah, and I think this is the reality. I mean, we go back, and even the psychology of the practitioners was, you know, it's super important to get backup and recovery, and that's been around for a long time, but now that's an attack vector, okay? And there's dollars involved, like I said, I'm joking, but there's recurring revenue for the bad guys if they know you're paying up and if you're stupid enough not to change your tooling. So again, it works both ways. So I got to ask you, why do you think so many owners are unable to successfully respond after an attack? Is it because, they know it's coming, I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding successfully to this? >> I think it's a litany of things, starting with that aspect that I mentioned before, that nobody wants to have anything to do with the backup system, right? So nobody wants to be the one to raise their hand because if you're the one that raises their hand, "You know, that's a good idea, Curtis, why don't you look into that?" Nobody wants to be- >> Where's that guy now? He doesn't work here anymore. Yeah, I hear where you coming from. >> Exactly. >> It's psychology (indistinct) >> Yeah, so there's that. But then the second is that because of that, no one's looking at the fact that backups are the attack vector. They become the attack vector. And so because they're the attack vector, they have to be protected as much, if not more than the rest of the environment. The rest of the environment can live off of Active Directory and, you know, and things like Okta, so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment. Why? Because if that production environment is compromised, now knowing that the attacks or that the backup systems are a significant portion of the attack vector, then if the production system is compromised, then the backup system is compromised. So you've got to segregate all of that. And I just don't think that people are thinking about that. You know, and they're using the same backup techniques that they've used for many, many years. >> So what you're saying is that the attack vectors and the attackers are getting smarter. They're saying, "Hey, we'll just take out the backup first so they can't backup. So we got the ransomware." It makes sense. >> Yeah, exactly. The largest ransomware group out there, the Conti ransomware group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored, and they are exfiltrating the backups first, and then deleting them, and then letting you know you have ransom. >> Okay, so you guys have a lot of customers. They all kind of have the same problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? >> Well, again, you've got to fully segregate that data, and everything about how that data is stored and everything about how that data's created and accessed, there are ways to do that with other, you know, with other commercial products. You can take a standard product and put a number of layers of defense on top of it, or you can switch to the way Druva does things, which is a SaaS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account. It's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically, what you get by default with the way Druva stores your backups is the best you can get after doing many, many layers of defense on the other side and having to do all that work. With us, you just log in and you get all of that. >> I guess, how do you break the laws of physics? I guess that's the question here. >> Well, because that's the other thing is that by storing the data in the cloud, and I've said this a few times, you get to break the laws of physics, and the only way to do that is time travel. (both laughing) So yes, so Druva has time travel. And this is a Curtisism, by the way, I don't think this is our official position, but the idea is that the only way to restore data as fast as possible is to restore it before you actually need it, and that's kind of what I mean by time travel, in that you, basically, you configure your DR, your disaster recovery environment in Druva one time, and then we are pre-restoring your data as often as you tell us to do, to bring your DR environment up to the, you know, the current environment as quickly as we can so that in a disaster recovery scenario, which is part of your ransomware response, right? Again, there are many different parts, but when you get to actually restoring the data, you should be able to just push a button and go. The data should already be restored. And that's the way that you break the laws of physics is you break the laws of time. >> (laughs) Well, all right, everyone wants to know the next question, and this is a real big question is, are you from the future? >> (laughs) Yeah. Very much the future. >> What's it like in the future, backup, recovery? How does it restore? Is it air gapping everything? >> Yeah, well, it's a world where people don't have to worry about their backups. I like to use the phrase get out of the backup business, just get into the restore business. You know, I'm a grandfather now, and I love having a granddaughter, and I often make the joke that if I'd have known how great grandkids were, I would've skipped straight to them, right? Not possible. Just like this. Recoveries are great. Backups are really hard. So in the future, if you use a SaaS data protection system and data resiliency system, you can just do recoveries and not have to worry about backups. >> Yeah, and what's great about your background is you've got a lot of historical perspective. You've seen that, the waves of innovation. Now it really is about the recovery and real time. So a lot of good stuff going on. And got to think automated, things got to be rocking and rolling. >> Absolutely. Yeah. I do remember, again, having worked so hard with many clients over the years, back then, we worked so hard just to get the backup done. There was very little time to work on the recovery. And I really, I kid you not, that our customers don't have to do all of those things that all of our competitors have to do to, you know, to break, to try to break the laws of physics, I've been fighting the laws of physics my entire career, to get the backup done in the first place, then to secure all the data, and to air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible and they get to do a full test by simply pressing a single button. And you know, I wish everybody had that ability. >> Yeah, I mean, security's a big part of it. Data's in the middle of it all. This is now mainstream, front lines, great stuff. Curtis, great to have you on, bring that perspective, and thanks for the insight. Really appreciate it. >> Always happy to talk about my favorite subject. >> All right, we'll be back in a moment. We'll have Stephen Manley, the CTO, and Anjan Srinivas, the GM and VP of Product Management will join me. You're watching theCUBE, the leader in high tech enterprise coverage. >> Ransomware is top of mind for everyone. Attacks are becoming more frequent and more sophisticated. It's a problem you can't solve alone anymore. Ransomware is built to exploit weaknesses in your backup solution, destroying data, and your last line of defense. With many vendors, it can take a lot of effort and configuration to ensure your backup environment is secure. Criminals also know that it's easy to fall behind on best practices like vulnerability scans, patches, and updates. In fact, 42% of vulnerabilities are exploited after a patch has been released. After an attack, recovery can be a long and manual process that still may not restore clean or complete data. The good news is that you can keep your data safe and recover faster with the Druva Data Resiliency Cloud on your side. The Druva platform functions completely in the cloud with no hardware, software, operating system, or complex configurations, which means there are none of the weaknesses that ransomware commonly uses to attack backups. Our software as a service model delivers 24/7/365 fully managed security operations for your backup environment. We handle all the vulnerability scans, patches, and upgrades for you. Druva also makes zero trust security easy with built-in multifactor authentication, single sign-on, and role-based access controls. In the event of an attack, Druva helps you stop the spread of ransomware and quickly understand what went wrong with built-in access insights and anomaly detection. Then you can use industry first tools and services to automate the recovery of clean, unencrypted data from the entire timeframe of the attack. Cyberattacks are a major threat, but you can make protection and recovery easy with Druva. (electronic music) (upbeat music) (mouse clicks) >> Welcome back, everyone, to theCUBE's special presentation with Druva on "Why Ransomware isn't Your Only Problem." I'm John Furrier, host of theCUBE. Our next guests are Stephen Manley, Chief Technology Officer of Druva, and Anjan Srinivas, who is the General Manager and Vice President of Product Management at Druva. Gentlemen, you got the keys to the kingdom, the technology, ransomware, data resilience. This is the topic. The IDC white paper that you guys put together with IDC really kind of nails it out. I want to get into it right away. Welcome to this segment. I really appreciate it. Thanks for coming on. >> Great to be here, John. >> So what's your thoughts on the survey's conclusion? Obviously, the resilience is huge. Ransomware continues to thunder away at businesses and causes a lot of problems, disruption. I mean, it's endless ransomware problems. What's your thoughts on the conclusion? >> So I'll say the thing that pops out to me is, on the one hand, everybody who sees the survey and reads it is going to say, "Well, that's obvious." Of course, ransomware continues to be a problem. Cyber resilience is an issue that's plaguing everybody. But I think when you dig deeper and there's a lot of subtleties to look into, but one of the things that I hear on a daily basis from the customers is, it's because the problem keeps evolving. It's not as if the threat was a static thing to just be solved and you're done. Because the threat keeps evolving, it remains top of mind for everybody because it's so hard to keep up with what's happening in terms of the attacks. >> And I think the other important thing to note, John, is that people are grappling with this ransomware attack all of a sudden where they were still grappling with a lot of legacy in their own environment. So they were not prepared for the advanced techniques that these ransomware attackers were bringing to market. It's almost like these ransomware attackers had a huge leg up in terms of technology that they had in their favor while keeping the lights on was keeping IT away from all the tooling that they needed to do. A lot of people are even still wondering, when that happens next time, what do I even do? So clearly not very surprising. Clearly, I think it's here to stay, and I think as long as people don't retool for a modern era of data management, this is going to to stay this way. >> Yeah, I hear this all the time in our CUBE conversations with practitioners. It's kind of like the security pro, give me more tools, I'll buy anything that comes in the market, I'm desperate. There's definitely attention, but it doesn't seem like people are satisfied with the tooling that they have. Can you guys share kind of your insights into what's going on in the product side? Because, you know, people claim that they have tools at crime points of recovery opportunities, but they can't get there. So it seems to be that there's a confidence problem here in the market. How do you guys see that? 'cause I think this is where the rubber meets the road with ransomware 'cause it is a moving train, it's always changing, but it doesn't seem there's confidence. Can you guys talk about that? What's your reaction? >> Yeah, let me jump in first, and Stephen can add to it. What happens is, I think this is a panic buying and they have accumulated this tooling now just because somebody said they could solve your problem, but they haven't had a chance to take a real look from a ground up perspective to see where are the bottlenecks? Where are the vulnerabilities? And which tooling set needs to lie where? Where does the logic need to reside? And what, in Druva, we are watching people do and people do it successfully, is that as they have adopted Druva technology, which is ground up built for the cloud, and really built in a way which is, you know, driven at a data insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really kind of mitigating this ransomware, and then there's a whole plethora of ecosystem players that kind of combine to really finish the story, so to say, right? So I think this has been a panic buying situation. This is like, "Get me any help you can give me." And I think as this settles down and people really understand that longer term as they really build out a true defense mechanism, they need to think really ground up. They will start to really see the value of technologies like Druva, and try to identify the right set of ecosystem to really bring together to solve it meaningfully. >> Yes, Stephen? >> I was going to say, I mean, one of the the really interesting things in the survey for me, and for a moment, a little more than a moment, it made me think was that the large number of respondents who said, "I've got a really efficient, well-run back environment," who, then, on basically the next question said, "And I have no confidence that I can recover from a ransomware attack." And you scratch your head and you think, "Well, if your backup environment is so good, why do you have such low confidence?" And I think that's the moment when we dug deeper and we realized, if you've got a traditional architecture, and let's face it, the disk-based architecture's been around for almost two decades now, in terms of disk-based backup, you can have that tuned to the hilt. That can be running as efficiently as you want it, but it was built before the ransomware attacks, before all these cyber issues, you know, really start hitting companies. And so I have this really well-run traditional backup environment that is not at all built for these modern threat vectors. And so that's really why customers are saying, "I'm doing the best I can," but as Anjan pointed out, the architecture, the tooling isn't there to support what problems I need to solve today. >> Yeah, great point. >> And so, yeah. >> Well, that's a great point. Before we get into the customer side I want to get to in second, you know, I interviewed Jaspreet, the founder and CEO many years ago, even before the pandemic, and you mentioned modern. You guys have always had the cloud with Druva. This is huge. Now that you're past the pandemic, what is that modern cloud edge that you guys have? 'Cause that's a great point. A lot of stuff was built kind of backup and recovery bolted on, not really kind of designed into the current state of the infrastructure and the cloud native application modern environment we're seeing right now. It's a huge issue. >> I think, to me there's three things that come up over and over and over again as we talk to people in terms of, you know, being built in cloud, being cloud native, why is it an advantage? The first one is security and ransomware. And we can go deeper, but the most obvious one that always comes up is every single backup you do with Druva is air gapped, offsite, managed under a separate administrative domain so that you're not retrofitting any sort of air gap network and buying another appliance or setting up your own cloud environment to manage this. Every backup is ransomware protected, guaranteed. The second advantage is the scalability. And you know, this certainly plays into account as your business grows, or, in some cases, as you shrink or repurpose workloads, you're only paying for what you use. But it also plays a big role, again, when you start thinking of ransomware recoveries because we can scale your recovery in cloud, on premises as much or as little as you want. And then I think the third one is we're seeing, basically, things evolving, new workloads, data sprawl, new threat vectors. And one of the nice parts of being a SaaS service in the cloud is we're able to roll out new functionality every two weeks and there's no upgrade cycle, there's no waiting. The customer doesn't have to say, "Wow, I needed six months in the lab before I upgrade it and it's an 18-month, 24-month cycle before the functionality releases. You're getting it every two weeks, and it's backed by Druva to make sure it works. >> Anjan, you know, you got the product side, you know, it's a challenging job 'cause you have so many customers asking for things, probably on the roadmap, you probably can go an hour for that one, but I want to get your thoughts on what you're hearing and seeing from customers. We just reviewed the IDC with Phil. How are you guys responding to your customer's needs? Because it seems that it's highly accelerated, probably on the feature requests, but also structurally as ransomware continues to evolve. What are you hearing? What's the key customer need? How are you guys responding? >> Yeah, actually, I have two things that I hear very clearly when I talk to customers. One, I think, after listening to their security problems and their vulnerability challenges, because we see customers and help customers who are getting challenged by ransomware on a weekly basis. And what I find that this problem is not just a technology problem, it's an operating model problem. So in order to really secure themselves, they need a security operating model and a lot of them haven't figured out that security operating model in totality. Now where we come in, as Druva, is that we are providing them the cloud operating model and a data protection operating model, combined with a data insights operating model which all fit into their overall security operating model that they are really owning and they need to manage and operate, because this is not just about a piece of technology. On top of that, I think our customers are getting challenged by all the same challenges of not just spending time on keeping the lights on, but innovating faster with less. And that has been this age old problem, do more with less. But in this whole, they're like trying to innovate in the middle of the war, so to say. The war is happening, they're getting attacked, but there's also net new shadow IT challenges that's forcing them to make sure that they can manage all the new applications that are getting developed in the cloud. There is thousands of SaaS applications that they're consuming, not knowing which data is critical to their success and which ones to protect and govern and secure. So all of these things are coming at them at 100 miles per hour, while they're just trying to live one day at a time. And unless they really develop this overall security operating model, helped by cloud native technologies like Druva that really providing them a true cloud native model of really giving like a touchless and an invisible protection infrastructure. Not just beyond backups, beyond just the data protection that we all know of into this mindset of kind of being able to look at where each of those functionalities need to lie. That's where I think they're grappling with. Now Druva is clearly helping them with keep up to pace with the public cloud innovations that they need to do and how to protect data. We just launched our EC2 offering to protect EC2 virtual machines back in AWS, and we are going to be continuing to evolve that to further the many services that public cloud software 'cause our customers are really kind of consuming them at breakneck speed. >> So new workloads, new security capabilities. Love that. Good call out there. Stephen, there's still the issue of the disruption side of it. You guys have a guarantee. There's a cost of ownership as you get more tools. Can you talk about that angle of it? You got new workloads, you got the new security needs, what's the disruption impact? 'Cause you want to avoid that. How much is it going to cost you? And you guys have this guarantee, can you explain that? >> Yeah, absolutely. So Druva launched our $10 million data resiliency guarantee. And for us, there were really two key parts to this. The first obviously is $10 million means that, you know, again, we're willing to put our money where our mouth is, and that's a big deal, right? That we're willing to back this with the guarantee. But then the second part, and this is the part that I think reflects that sort of model that Anjan was talking about. We sort of look at this and we say the goal of Druva is to do the job of protecting and securing your data for you so that you, as a customer, don't have to do it anymore. And so the guarantee actually protects you against multiple types of risks, all with SLAs. So everything from your data's going to be recoverable in the case of a ransomware attack. Okay, that's good. Of course, for it to be recoverable, we're also guaranteeing your backup success rate. We're also guaranteeing the availability of the service. We're guaranteeing that the data that we're storing for you can't be compromised or leaked externally, and we're guaranteeing the long-term durability of the data so that if you backup with us today and you need to recover 30 years from now, that data's going to be recovered. So we wanted to really attack the end-to-end risks that affect our customers. Cybersecurity is a big deal, but it is not the only problem out there, and the only way for this to work is to have a service that can provide you SLAs across all of the risks, because that means, as a SaaS vendor, we're doing the job for you so you're buying results as opposed to technology. >> That's great. Great point. Ransomware isn't the only problem. That's the title of this presentation, but it's a big one. (laughs) People are concerned about it, so great stuff. In the last five minutes, guys, if you don't mind, I'd love to have you share what's on the horizon for Druva? You mentioned the new workloads, Anjan. You mentioned this new security. You're going to shift left. DevOps is now the developer model. They're running IT. Get data and security teams now stepping in and trying to be as high velocity as possible for the developers and enterprises. What's on the horizon for Druva? What trends is the company watching, and how are you guys putting that together to stay ahead in the marketplace and the competition? >> Yeah, I think, listening to our customers, what we realize is they need help with the public cloud, number one. I think that's a big wave of consumption. People are consolidating their data centers, moving to the public cloud. They need help in expanding data protection, which becomes the basis of a lot of the security operating model that I talked about. They need that first, from Druva, before they can start to get into much more advanced level of insights and analytics around that data to protect themselves and secure themselves and do interesting things with that data. So we are expanding our coverage on multiple fronts there. The second key thing is to really bring together a very insightful presentation layer, which, I think, is very unique to Druva because only we can look at multiple tenants, multiple customers because we are a SaaS vendor, and look at insights and give them best practices and guidances and analytics that nobody else can give. There's no silo anymore because we are able to take a good big vision view and now help our customers with insights that otherwise that information map is completely missing. So we are able to guide them down a path where they can optimize which workloads need what kind of protection, and then how to secure them. So that is the second level of insights and analytics that we are building. And there's a whole plethora of security offerings that we are going to build, all the way from a feature level where we have things like (audio distorts) that's already available to our customers today to prevent any anomalous behavior and attacks that would delete their backups and then they still have a way to recover from it, but also things to curate and get back to that point in time where it is safe to recover and help them with a sandbox which they can recover confidently knowing it's not going to jeopardize them again and reinfect the whole environment again. So there's a whole bunch of things coming, but the key themes are public cloud, data insights, and security, and that's where my focus is, to go and get those features delivered, and Stephen can add a few more things around services that Stephen is looking to build and launch. >> Sure, so, yeah, so John, I think one of the other areas that we see just an enormous groundswell of interest. So public cloud is important, but there are more and more organizations that are running hundreds, if not thousands of SaaS applications, and a lot of those SaaS applications have data. So there's the obvious things, like Microsoft 365, Google Workspace, but we're also seeing a lot of interest in protecting Salesforce because, if you think about it, if someone you know deletes some really important records in Salesforce, that's actually kind of the record of your business. And so, we're looking at more and more SaaS application protection, and really getting deep in that application awareness. It's not just about backup and recovery when you look at something like a Salesforce, or something like Microsoft 365. You do want to look into sandboxing, you want to look into long-term archival, because this is the new record of the business. What used to be in your on-premises databases, that all lives in cloud and SaaS applications now. So that's a really big area of investment for us. The second one, just to echo what Anjan said is, one of the great things of being a SaaS provider is I have metadata that spans across thousands of customers and tens of billions of backups a year. I'm tracking all sorts of interesting information that is going to enable us to do things like make backups more autonomous so that customers, again, I want to do the job for them. We'll do all the tuning, we'll do all the management for them to be able to better detect ransomware attacks, better respond to ransomware attacks, because we're seeing across the globe. And then, of course, being able to give them more insight into what's happening in their data environment so they can get a better security posture before any attack happens. Because, let's face it, if you can set your data up more cleanly, you're going to be a lot less worried and a lot less exposed when that attack happens. So we want to be able to, again, cover those SaaS applications in addition to the public cloud, and then we want to be able to use our metadata and use our analytics and use this massive pipeline we've got to deliver value to our customers. Not just charts and graphs, but actual services that enable them to focus their attention on other parts of the business. >> That's great stuff. >> And remember, John, I think all this while keeping things really easy to consume, consumer grade UI, APIs, and then really the power of SaaS as a service, simplicity to kind of continue on, amongst kind of keeping these complex technologies together. >> Anjan, that's a great callout. I was going to mention ease of use and self-service. Big part of the developer and IT experience. Expected. It's the table stakes. Love the analytic angle, I think that brings the scale to the table, and faster time to value to get to learn best practices. But at the end of the day, automation, cross-cloud protection and security to protect and recover. This is huge, and this is a big part of not only just protecting against ransomware and other things, but really being fast and being agile. So really appreciate the insights. Thanks for sharing on this segment, really under the hood and really kind of the value of the product. Thanks for coming on, appreciate it. >> Thank you very much. >> Okay, there it is. You have the experts talk about under the hood, the product, the value, the future of what's going on with Druva, and the future of cloud native protecting and recovering. This is what it's all about. It's not just ransomware they have to worry about. In a moment, Dave Vellante will give you some closing thoughts on the subject here. You're watching theCUBE, the leader in high tech enterprise coverage. >> As organizations migrate their business processes to multi-cloud environments, they still face numerous threats and risks of data loss. With a growing number of cloud platforms and fragmented applications, it leads to an increase in data silos, sprawl, and management complexity. As workloads become more diverse, it's challenging to effectively manage data growth, infrastructure, and resource costs across multiple cloud deployments. Using numerous backup vendor solutions for multiple cloud platforms can lead to management complexity. More importantly, the lack of centralized visibility and control can leave you exposed to security vulnerabilities, including ransomware that can cripple your business. The Druva Data Resiliency Cloud is the only 100% SaaS data resiliency platform that provides centralized, secure, air gapped, and immutable backup and recovery. With Druva, your data is safe with multiple layers of protection and is ready for fast recovery from cyberattacks, data corruption, or accidental data loss. Through a simple, easy to manage platform, you can seamlessly protect fragmented, diverse data at scale, across public clouds, and your business critical SaaS applications. Druva is the only 100% SaaS vendor that can manage, govern, and protect data across multiple clouds and business critical SaaS applications. It supports not just backup and recovery, but also data resiliency across high value use cases, such as e-discovery, sensitive data governance, ransomware, and security. No other vendor can match Druva for customer experience, infinite scale, storage optimization, data immutability, and ransomware protection. The Druva Data Resiliency Cloud, your data, always safe, always ready. Visit druva.com today to schedule a free demo. (upbeat music) >> One of the big takeaways from today's program is that in the scramble to keep business flowing over the past 2+ years, a lot of good technology practices have been put into place, but there's much more work to be done, specifically, because the frequency of attacks is on the rise and the severity of lost, stolen, or inaccessible data is so much higher today, business resilience must be designed into architectures and solutions from the start. It cannot be an afterthought. Well, actually it can be, but you won't be happy with the results. Now, part of the answer is finding the right partners, of course, but it also means taking a system's view of your business, understanding the vulnerabilities and deploying solutions that can balance cost efficiency with appropriately high levels of protection, flexibility, and speed slash accuracy of recovery. Here we hope you found today's program useful and informative. Remember, this session is available on demand in both its full format and the individual guest segments. All you got to do is go to thecube.net, and you'll see all the content, or you can go to druva.com. There are tons of resources available, including analyst reports, customer stories. There's this cool TCO calculator. You can find out what pricing looks like and lots more. Thanks for watching "Why Ransomware isn't Your Only Problem," made possible by Druva, in collaboration with IDC and presented by theCUBE, your leader in enterprise and emerging tech coverage. (upbeat music)

(upbeat electronic music) >> Welcome back to everyone, to "theCUBE's" coverage here in Seattle, Washington for Amazon Web Services Partner Marketplace Seller Conference, combining their partner network with Marketplace forming a new organization called AWS Partner Organization. This is "theCUBE" coverage. I'm John Furrier, your host. We've got great "Cube" alumni here from Zscaler, a very successful cloud company doing great work. Stelio D'Alo, senior director of cloud business development and Raveesh Chugh, VP of Public Cloud Partnerships at Zscaler. Welcome back to "theCUBE." Good to see you guys. Thanks for coming on. >> Thank you. >> Thanks having us, John. >> So we've been doing a lot of coverage of Zscaler, what a great success story. I mean, the numbers are great. The business performance, it's in the top two, three, one, two, three in all metrics on public companies, SaaS. So you guys, check. Good job. >> Yes, thank you. >> So you guys have done a good job. Now you're here, selling through the Marketplace. You guys are a world class performing company in cloud SaaS, so you're in the front lines doing well. Now, Marketplace is a procurement front end opportunity for people to buy. Hey, self-service, buy and put things together. Sounds novel, what a great concept. Great cloud life. >> Yes. >> You guys are participating and now sellers are coming together. The merger of the public, the partner network with Marketplace. It feels like this is a second act for AWS to go to the next level. They got their training wheels done with partners. Now they're going to the next level. What do you guys think about this? >> Well, I think you're right, John. I think it is very much something that is in keeping with the way AWS does business. Very Amazonian, they're working back from the customer. What we're seeing is, our customers and in general, the market is gravitating towards purchase mechanisms and route to market that just are lower friction. So in the same way that companies are going through their digital transformations now, really modernizing the way they host applications and they reach the internet. They're also modernizing on the purchasing side, which is super exciting, because we're all motivated to help customers with that agility. >> You know, it's fun to watch and again I'm being really candid and props to you guys as a company. Now, everyone else is kind of following that. Okay, lift and shift, check, doing some things. Now they go, whoa, I can really build on this. People are building their own apps for their companies. Going to build their own stuff. They're going to use piece parts. They're going to put it together in a really scalable way. That's the new normal. Okay, so now they go okay, I'm going to just buy through the market, I get purchasing power. So you guys have been a real leader with AWS. Can you share what you guys are doing in the Marketplace? I think you guys are a nice example of how to execute the Marketplace. Take us through. What are you guys offering there? What's the contract look like? Is it multi-pronged? What's the approach? What do customers get if they go to the marketplace for Zscaler? >> Yeah, so it's been a very exciting story and been a very pleasing one for us with AWS marketplace. We see a huge growth potentially. There are more than 350,000 customers that are actively buying through Marketplace today. We expect that number to grow to around a million customers by the next, I would say, five to ten years and we want to be part of this wave. We see AWS Marketplace to be a channel where not only our resalers or our channel partners can come and transact, but also our GSIs like Accenture want to transact through this channel. We are doing a lot, in terms of bringing new customers through Marketplace, who want to not only close their deals, but close it in the next few hours. That's the beauty of Marketplace, the agility, the flexibility in terms of pricing that it provides to ISVs like us. If a customer wants to delay their payments by a couple of quarters, Marketplace supports that. If a customer wants to do monthly payments, Marketplace supports that. We are seeing lot of customers, big customers, that have signed EDPs, enterprise discount plans with AWS. These are multi-year cloud commits coming to us and saying we can retire our EDPs with AWS if we transact your solution through AWS Marketplace. So what we have done, as of today, we have all of our production services enabled through AWS Marketplace. What that means for customers, they can now retire their EDPs by buying Zscaler products through AWS Marketplace and in return get the full benefit of maximizing their EDP commits with AWS. >> So you guys are fully committed, no toe on the water, as we heard. You guys are all in. >> Absolutely, that's exactly the way to put it. We're all in, all of our solutions are available in the marketplace. As you mentioned, we're a SaaS provider. So we're one of the vendors in the Marketplace that have SaaS solutions. So unlike a lot of customers and even the market in general, associate the Marketplace for historical reasons, the way it started with a lot of monthly subscriptions and just dipping your toe in it from a consumer perspective. Whereas we're doing multimillion dollar, multi-year SaaS contracts. So the most complicated kinds of transactions you'd normally associate with enterprise software, we're doing in very low friction ways. >> On the Zscaler side going in low friction. >> Yep, yeah, that's right. >> How about the customer experience? >> So it is primarily the the customer that experiences. >> Driving it? >> Yeah, they're driving it and it's because rather than traditional methods of going through paperwork, purchase orders- >> What are some of the things that customers are saying about this, bcause I see two benefits, I'll say that. The friction, it's a channel, okay, for Zscaler. Let's be clear, but now you have a customer who's got a lot of Amazon. They're a trusted partner too. So why wouldn't they want to have one point of contact to use their purchasing power and you guys are okay with that. >> We're absolutely okay with it. The reason being, we're still doing the transaction and we can do the transaction with our... We're a channel first company, so that's another important distinction of how people tend to think of the Marketplace. We go through channel. A lot of our transactions are with traditional channel partners and you'd be surprised the kinds of, even the Telcos, carrier providers, are starting to embrace Marketplace. So from a customer perspective, it's less paperwork, less legal work. >> Yeah, I'd love to get your reaction to something, because I think this highlights to me what we've been reporting on with "theCUBE" with super cloud and other trends that are different in a good way. Taking it to the next level and that is that if you look at Zscaler, SaaS, SaaS is self-service, the scale, there's efficiencies. Marketplace first started out as a self-service catalog, a website, you know, click and choose, but now it's a different. He calls it a supply chain, like the CICD pipeline of buying software. He mentions that, there's also services. He put the Channel partners can come in. The GSIs, global system integrators can come in. So it's more than just a catalog now. It's kind of self-service procurement more than it is just a catalog of buy stuff. >> Yes, so yeah, I feel CEOs, CSOs of today should understand what Marketplace brings to the bear in terms of different kinds of services or Zscaler solutions that they can acquire through Marketplace and other ISV solutions, for that matter. I feel like we are at a point, after the pandemic, where there'll be a lot of digital exploration and companies can do more in terms of not just Marketplace, but also including the channel partners as part of deals. So you talked about channel conflict. AWS addressed this by bringing a program called CPPO in the picture, Channel Partner Private Offers. What that does is, we are not only bringing all our channel partners into deals. For renewals as well, they're the partner of record and they get paid alongside with the customer. So AWS does all the heavy lifting, in terms of disbursements of payments to us, to the channel partner, so it's a win-win situation for all. >> I mean, private offers and co-sale has been very popular. >> It has been, and that is our bread and butter in the Marketplace. Again, we do primarily three year contracts and so private offers work super well. A nice thing for us as a vendor is it provides a great amount of flexibility. Private Offer gives you a lot of optionality, in terms of how the constructs of the deal and whether or not you're working with a partner, how the partner is utilizing as well to resell to the end user. So, we've always talked about AWS giving IT agility. This gives purchasing and finance business agility. >> Yeah, and I think this comes up a lot. I just noticed this happening a lot more, where you see dedicated sessions, not just on DevOps and all the goodies of the cloud, financial strategy. >> Yeah. >> Seeing a lot more conversation around how to operationalize the business transactions in the cloud. >> Absolutely. >> This is the new, I mean it's not new, it's been thrown around, but not at a tech conference. You don't see that. So I got to ask you guys, what's the message to the CISOs and executives watching the business people about Zscaler in the Marketplace? What should they be looking at? What is the pitch for Zscaler for the Marketplace buyer? >> So I would say that we are a cloud-delivered network security service. We have been in this game for more than a decade. We have years of early head start with lots of features and functionality versus our competitors. If customers were to move into AWS Cloud, they can get rid of their next-gen firewalls and just have all the traffic routed through our Zscaler internet access and use Zscaler private access for accessing their private applications. We feel we have done everything in our capacity, in terms of enabling customers through Marketplace and will continue to participate in more features and functionality that Marketplace has to offer. We would like these customers to take advantage of their EDPs as well as their retirement and spend for the multi-commit through AWS Marketplace. Learn about what we have to offer and how we can really expedite the motion for them, if they want to procure our solutions through Marketplace >> You know, we're seeing an ability for them to get more creative, more progressive in terms of the purchasing. We're also doing, we're really excited about the ability to serve multiple markets. So we've had an immense amount of success in commercial. We also are seeing increasing amount of public sector, US federal government agencies that want to procure this way as well for the same reasons. So there's a lot of innovation going on. >> So you have the FedRAMP going on, you got all those certifications. >> Exactly right. So we are the first cloud-native solution to provide IL5 ATO, as well as FedRAMP pie and we make that all available, GSA schedule pricing through the AWS Marketplace, again through FSIs and other resellers. >> Public private partnerships have been a big factor, having that span of capability. I got to ask you about, this is a cool conversation, because now you're like, okay, I'm selling through the Marketplace. Companies themselves are changing how they operate. They don't just buy software that we used to use. So general purpose, bundled stuff. Oh yeah, I'm buying this product, because this has got a great solution and I have to get forced to use this firewall, because I bought this over here. That's not how companies are architecting and developing their businesses. It's no longer buying IT. They're building their company digitally. They have to be the application. So they're not sitting around, saying hey, can I get a solution? They're building and architecting their solution. This is kind of like the new enterprise that no one's talking about. They kind of, got to do their own work. >> Yes. >> There's no general purpose solution that maps every company. So they got to pick the best piece parts and integrate them. >> Yes and I feel- >> Do you guys agree with that? >> Yeah, I agree with that and customers don't want to go for point solutions anymore. They want to go with a platform approach. They want go with a vendor that can not only cut down their vendors from multi-dozens to maybe a dozen or less and that's where, you know, we kind of have pivoted to the platform-centric approach, where we not only help customers with Cloud Network Security, but we also help customers with Cloud Native Application Protection Platform that we just recently launched. It's going by the name of the different elements, including Cloud Security Posture Management, Cloud Identity Event Management and so we are continuously doing more and more on the configuration and vulnerability side space. So if a customer has an AWS S3 bucket that is opened it can be detected and can be remediated. So all of those proactive steps we are taking, in terms of enhancing our portfolio, but we have come a long way as a company, as a platform that we have evolved in the Marketplace. >> What's the hottest product? >> The hottest product? >> In Marketplace right now. >> Well, the fastest growing products include our digital experience products and we have new Cloud Protection. So we've got Posture and Workload Protection as well and those are the fastest growing. For AWS customers a strong affinity also for ZPA, which provides you zero trust access to your workloads on AWS. So those are all the most popular in Marketplace. >> Yeah. >> So I would like to add that we recently launched and this has been a few years, a couple of years. We launched a product called Zscaler Digital X, the ZDX. >> Mm-hmm. >> What that product does is, let's say you're making a Zoom call and your WiFi network is laggy or it's a Zoom server that's laggy. It kind of detects where is the problem and it further tells the IT department you need to fix either the server on which Zoom is running, or fix your home network. So that is the beauty of the product. So I think we are seeing massive growth with some of our new editions in the portfolio, which is a long time coming. >> Yeah and certainly a lot of growth opportunities for you guys, as you come in. Where do you see Zscaler's big growth coming from product-wise? What's the big push? Actually, this is great upside for you here. >> Yeah. >> On the go to market side. Where's the big growth for Zscaler right now? So I think we are focused as a company on zero trust architecture. We want to securely connect users to apps, apps to apps, workloads to workloads and machines to machines. We want to give customers an experience where they have direct access to the apps that's hidden from the outside world and they can securely connect to the apps in a very succinct fashion. The user experience is second to none. A lot of customers use us on the Microsoft Office 365 side, where they see a lag in connecting to Microsoft Office 365 directly. They use the IE service to securely connect. >> Yeah, latency kills. >> Microsoft Office 365. >> Latency kills, as we always say, you know and security, you got to look at the pattern, you want to see that data. >> Yeah, and emerging use cases, there is an immense amount of white space and upside for us as well in emerging use cases, like OT, 5G, IOT. >> Yeah. >> Federal government, DOD. >> Oh god, tactical edge government. >> Security at the edge, absolutely, yeah. >> Where's the big edge? What's the edge challenge right now, if you have to put your finger on the edge, because right now that's the hot area, we're watching that. It's going to be highly contested. It's not yet clear, I mean certainly hybrid is the operating model, cloud, distributing, computing, but edge has got unique things that you can't really point to on premises that's the same. It's highly dynamic, you need high bandwidth, low latency, compute at the edge. The data has to be processed right there. What's the big thing at the edge right now? >> Well, so that's probably an emerging answer. I mean, we're working with our customers, they're inventing and they're kind of finding the use cases for those edge, but one of the good things about Zscaler is that we are able to, we've got low latency at the edge. We're able to work as a computer at the edge. We work on Outpost, Snowball, Snowcone, the Snow devices. So we can be wherever our customers need us. Mobile devices, there are a lot of applications where we've got to be either on embedded devices, on tractors, providing security for those IOT devices. So we're pretty comfortable with where we are being the- >> So that's why you guys are financially doing so well, performance wise. I got to ask you though, because I think that brings up the great point. If this is why I like the Marketplace, if I'm a customer, the edge is highly dynamic. It's changing all the time. I don't want to wait to buy something. If I got my solution architects on a product, I need to know I'm going to have zero trust built in and I need to push the button on Zscaler. I don't want to wait. So how does the procurement side impact? What have you guys seen? Share your thoughts on how Marketplace is working from the procurement standpoint, because it seems to me to be fast. Is that right, or is it still slow on their side? On the buyer side, because this to me would be a benefit to developers, if we say, hey, the procurement can just go really fast. I don't want to go through a bunch of PO approvals or slow meetings. >> It can be, that manifests itself in several ways, John. It can be, for instance, somebody wants to do a POC and traditionally you could take any amount of time to get budget approval, take it through. What if you had a pre-approved cloud budget and that was spent primarily through AWS Marketplace, because it's consolidated data on your AWS invoice. The ability to purchase a POC on the Marketplace could be done literally within minutes of the decision being made to go forward with it. So that's kind of a front end, you know, early stage use case. We've got examples we didn't talk about on our recent earnings call of how we have helped customers bring in their procurement with large million dollar, multimillion dollar deals. Even when a resaler's been involved, one of our resaler partners. Being able to accelerate deals, because there's so much less legal work and traditional bureaucratic effort. >> Agility. >> That agility purchasing process has allowed our customers to pull into the quarter, or the end of month, or end of quarter for them, deals that would've otherwise not been able to be done. >> So this is a great example of where you can set policy and kind of create some guard rails around innovation and integration deals, knowing if it's something that the edge is happening, say okay, here's some budget. We approved it, or Amazon gives credits and partnership going on. Then I'd say, hey, well green light this, not to exceed a million dollars, or whatever number in their range and then let people have the freedom to execute. >> You're absolutely right, so from the purchasing side, it does give them that agility. It eliminates a lot of the processes that would push out a purchase in actual execution past when the business decision is made and quite frankly, to be honest, AWS has been very accommodative. They're a great partner. They've invested a lot in Marketplace, Marketplace programs, to help customers do the right thing and do it more quickly as well as vendors like us to help our customers make the decisions they need to. >> Rising tide, a rising tide floats all boats and you guys are a great example of an independent company. Highly successful on your own. >> Yep. >> Certainly the numbers are clear. Wall Street loves Zscaler and economics are great. >> Our customer CSAT numbers are off the scale as well. >> Customers are great and now you've got the Marketplace. This is again, a new normal. A new kind of ecosystem is developing where it's not like the old monolithic ecosystems. The value creation and extraction is happening differently now. It's kind of interesting. >> Yes and I feel we have a long way to go, but what I can tell you is that Zscaler is in this for the long run. We are seeing some of the competitors erupt in the space as well, but they have a long way to go. What we have built requires years worth of R&D and features and thousands of customer's use cases which kind of lead to something what Zscaler has come up with today. What we have is very unique and is going to continuously be an innovation in the market in the years to come. In terms of being more cloud-savvy or more cloud-focused or more cloud-native than what the market has seen so far in the form of next-gen firewalls. >> I know you guys have got a lot of AI work. We've had many conversations with Howie over there. Great stuff and really appreciate you guys participating in our super cloud event we had and we'll see more of that where we're talking about the next generation clouds, really enabling that new disruptive, open-spanning capabilities across multiple environments to run cloud-native modern applications at scale and secure. Appreciate your time to come on "theCUBE". >> Thank you. >> Thank you very much. >> Thanks for having us. >> Thanks, I totally appreciate it. Zscaler, leading company here on "theCUBE" talking about their relationship with Marketplace as they continue to grow and succeed as technology goes to the next level in the cloud. Of course "theCUBE's" covering it here in Seattle. I'm John Furrier, your host. Thanks for watching. (peaceful electronic music)

>>Welcome back everyone to the cubes coverage here in Seattle, Washington for AWS's marketplace seller conference. The big news here is that the Amazon partner network and marketplace coming together and reorganizing into one organization, the AIST partner organization, APO bringing together the best of the partnership and the marketplace to sell through. It's a sellers company. This is the second year, but technically with COVID, I call it a year and a half. This is the cube. I'm John for your host. Got a great guest, Leah for sale vice president of business development at four square. Leah, thanks for coming on the cube. Look great. Yeah. >>Hey, thanks. Thanks for having me here. >>So four square, everyone, and that has internet history knows you. You check in you'd become the mayor of a place right back in the day, all fun. It was a great app and I think it was competitor go sold the Facebook, but that was the beginning of location data. Now you got Uber apps, you got all apps, location, everywhere. Data is big here in the marketplace. They sell data, they got a data exchange, Chris head of marketplaces. Like we have all these things we're gonna bring 'em together, make it simpler. So you're on the data side. I'm assuming you're selling data and you're participating at the data exchange. What is Foursquare doing right now? Yeah, >>Exactly. So we are part of the data exchange. And you mentioned checking in. So we, we are really proud of our roots, the, the four square app, and that's kind of the basis still of our business. We have a hundred million data points, which are actually places of interest across the world 200 countries. And we are we're in the business of understanding whereplace are and how people move through those places over time. And >>What's the value proposition for that data. You're selling the data. >>We are selling the data and we're selling it. You can think about use cases. Like how can I improve the engagement with my app through location data? So for example, next door, as a customer of ours, everyone knows next door. When a new business comes online, they wanna make sure that business is a real business. So they use our places to ensure that the address of that business is accurate. >>So how did you, how do you guys get your data? Because if you don't have the first party app, you probably had critical mass of data. Yeah. But then do other people use your data and then re contribute back in kinda like, well, Stripe is for financial. You guys are plugging in yeah. To >>Apps. A great question. So we still do have our consumer apps. We're still proud of those. It's still a basis of our company really. Okay. So, but we take that data. So our first party data, we also, for all the web, we have some partners integrate our SDK. And so we're pulling in all that data from various sources and then scrubbing it and making sure we have the most unique. >>So you guys still have a business where the app's working. Yep. Okay. But also let's just say, I wanna have a cube app. Yeah. And I want to do a check in button. Yep. So rather than build checking in, could I OEM you could four square is that you >>Could, and we could help you understand where people are checking in. So we know someone's here at the Hilton and Bellevue, we know exactly where that place is. You building the Cub app. You could say, I'm gonna check in here and we are verified. We know that that's the >>Right place. So that's a good for developer if they're building an app. >>Absolutely. So we have an SDK that any developer can integrate. >>Great. Okay. So what's the relationship with the marketplace? Take us through how Foursquare works with AWS marketplace. >>Sure. So we are primarily integrated with ADX, which is sort of a piece of marketplace it's for data specifically, we have both of our main products, which are places that POI database and visits, which is how people move through those places over time. So we're able to say these are the top chains in the country. Here's how people move throughout those. And both those products are listed on ADX. >>So if I'm in Palo Alto and I go to Joe in the juice yeah. You know that I kind of hang in one spot or is it privacy there? I mean, how do you know like what goes on? Well, >>We know somebody does that. We don't >>Know that you do that. So >>We ensure, you know, we're very privacy centric and privacy focused. We're not gonna, we don't tell anybody at you >>Yourself it's pattern data. It is. >>Okay. So it's normalized data, right? Over time groups of people, >>How they, how are people using the data to improve processes, user experience? What are some of the use cases? >>So that example, nextdoor, that's really a use case that we see a lot and that's improving their application. So that nextdoor app to ensure that the ACC, the data's accurate and that as you, as a user, you know, that that business is real. Cuz it's verified by four wear. Another one is you can use our data to make business decisions around where you're gonna place your next loca. You know, your next QSR. So young brands is a customer of ours. Those are, those guys are pizza hut KFC. They work with us to figure out where they should put their next KFC. Yeah. >>I mean retail location, location, location. Yeah. >>Right. Yeah. People are still, even though e-commerce right. People still go into stores >>And still are. Yeah. There's, there's, there's probably lot, a lot of math involved in knowing demographics patterns. Volume. >>Yeah. Some of our key customers are really data scientists. Like the think about cus with businesses that have true data science companies. They're really looking at that. >>Yeah. I mean in, and out's on the exit for a reason. Right. They want in and out. Yeah. So they wanna put it inland. >>Right. And we can actually tell you where that customer from in and out where they go next. Right. So then, you know, oh, they go to this park or they go somewhere and we can help you place your next in and out based on that visitation. >>Yeah. And so it's real science involved. So take us through the customers. You said data scientists, >>Mostly data scientists is kind of a key customer data science at a large corporation, like a QSR that's >>Somebody. Okay. So how is the procurement process on the marketplace? What does the buyer get? >>So what we see the real value is, is because they're already a customer of Amazon. That procurement is really easy, right? All the fulfillment goes through Amazon, through ADX. And what you're buying is either at API. So you can, that API can make real time calls or you're buying a flat file, like an actual database of those hundred points of interest. >>And then they integrate into their tool set. Right. They can do it. So it's pretty data friendly in terms of format. >>You can kind of do whatever you want with it. We're gonna give you that as long as you're smart enough to figure out what to do. Do we have a >>Lot of, so what's your experience with AWS marketplace? I mean, obviously we, we see a lot of changes. They had a reorg partner network merging with marketplace. You've been more on the data exchange, Chris kind of called that out. It's yeah. It's kind of a new thing. And, and he was hinting at a lot of confusion, but simplifying things. Yeah. What's your take of the current AWS marketplace >>Religions? I actually think ADX because our experience has primarily been ADX. I think they've done a really good job. They've really focused on the data and they understand how CU, how, you know, people like us sell our data. It hasn't been super confusing. We've had a lot of support. I think that's what Amazon gives you. You have to put a lot of effort into it, but they're also, they also give you a lot of support. >>Yeah. And, and I think data exchange is pretty significant to the strategic. It is >>Mission. It is. We feel that. Yeah. You know, we feel like they really value us as a partner. >>What's the big thing you're seeing out there right now in data, because like you're seeing a lot more data exchanges going on. There's always been data exchange, but you're seeing a lot more exchanges between companies. So let's just take partners. You're seeing a lot more people handle front end of a, a supply chain and you got more data exchanges. What's the future of data exchanges. If you had to kind of, you know, guess given your history in, in the industry. Yeah. What's the next around the corner trend? >>I think. Well, I think there's a, has to be consolidation. I know everyone's building one, but there's probably too many. I know from our experience, we can't support all of them. We're not a huge company. We can't support Amazon and X and Y and Z. Like it's just too many. So we kind of put all of our eggs in a couple baskets. So I think there'll be consolidation. I think there has to be just some innovation on what data products are, you know, for us, we have these two, it's an API and a flat file. I think as exchanges think about, you know, expanding what are the other types of data products that can help us build? >>Yeah. I mean, one of the things that's, you know, we see, we cover a lot of on the cube is edge. You know, you got, yeah. Amazon putting out new products in regions, you got new wavelength out there, you got regions, you got city level connectivity, data coming from cars. So a lot more IOT data. How do you guys see that folding into your vision of data acquisition and data usage, leverage, reuse, durability. These >>Are, yeah. I mean, we're, we are keeping an eye on all of that. You know, I think we haven't quite figured out how we wanna allocate resources against it, but you know, it's definitely, it's a really interesting space to be in. Like, I don't think data's going anywhere and I think it's really just gonna grow and how people use it's >>Gonna expand. Okay. So if I'm a customer, I go to the marketplace, I wanna buy four square data. What's the pitch. >>We can help you improve your business decisions or your applications through location data. We know where places are and how people move through the world over time. So we can tell you we're, we're sure that this is the Hilton in Bellevue. We know that, that we know how many people are moving through here and that's really the pitch. >>And they use that for whatever their needs are, business improvement, user experience. Yeah. >>Those are really the primary. I mean, we also have some financial use cases. So hedge funds, maybe they're thinking about yeah. How they wanna invest their money. They're gonna look at visits over time to understand what people are doing. Right. The pandemic made that super important. >>Yeah. That's awesome. Well, this is great. Great success story. Congratulations. And thanks for sharing on the cube. Really appreciate you coming on. Thank you. My final question is more about kind of the future. I wanna get your thoughts because your season pro, when you have the confluence of physical and digital coming together. Yeah. You know, I was just talking with a friend about FedEx's earnings, comparing that to say, AWS has a fleet of delivery too. Right? Amazon, Amazon nots. So, but physical world only products location matters. But then what about the person when they're walking around the real world? What happens when they get to the metaverses or, you know, they get to digital, they tend an event. Yeah. How do you see that crossroad? Cuz you have foot in both camps. We do, you got the app and you got the physical world it's gonna come together. Is there thoughts around, you can take your course care hat off and put your industry hat on. Yeah. You wanna answer that? Not officially on behalf of Foursquare, but I'm just curious, this is a, this is the confluence of like the blending of physical and digital. >>Yeah. I know. Wow. I admittedly haven't thought a whole lot about that. I think it would be really weird if I could track myself over time and the metaverse I mean, I think, yeah, as you said, it's >>It's, by the way, I'm not Bo on the metaverse when it's blocked diagrams, when you have gaming platforms that are like the best visual experience possible, right? >>Yeah. I mean, I think it, I think we'll see, I don't, I don't know that I have a >>Prediction, well hybrid we've seeing a lot of hybrid events. Like this event is still intimate VIP, but next year I guarantee it's gonna be larger, much larger and it's gonna be physical and face to face, but, but digital right as well. Yeah. Not people experiencing the, both that first party, physical, digital hybrid. Yeah. And it's interesting something that we track a lot >>Of. Yeah, for sure. Yeah. I think we'll have a, well, I think we'll, there's something there for us. I think that those there's a play there as we watch kind >>Of things change. All right, Leah, thank you for coming on the Q appreciate so much it all right. With four Graham, John fur a year checking in with four square here on the cube here at the Amazon web services marketplace seller conference. Second year back from the pandemic in person, more coverage after this break.

(upbeat electronic music) >> Welcome back to everyone, to "theCUBE's" coverage here in Seattle, Washington for Amazon Web Services Partner Marketplace Seller Conference, combining their partner network with Marketplace forming a new organization called AWS Partner Organization. This is "theCUBE" coverage. I'm John Furrier, your host. We've got great "Cube" alumni here from Zscaler, a very successful cloud company doing great work. Stelio D'Alo, senior director of cloud business development and Raveesh Chugh, VP of Public Cloud Partnerships at Zscaler. Welcome back to "theCUBE." Good to see you guys. Thanks for coming on. >> Thank you. >> Thanks having us, John. >> So we've been doing a lot of coverage of Zscaler, what a great success story. I mean, the numbers are great. The business performance, it's in the top two, three, one, two, three in all metrics on public companies, SaaS. So you guys, check. Good job. >> Yes, thank you. >> So you guys have done a good job. Now you're here, selling through the Marketplace. You guys are a world class performing company in cloud SaaS, so you're in the front lines doing well. Now, Marketplace is a procurement front end opportunity for people to buy. Hey, self-service, buy and put things together. Sounds novel, what a great concept. Great cloud life. >> Yes. >> You guys are participating and now sellers are coming together. The merger of the public, the partner network with Marketplace. It feels like this is a second act for AWS to go to the next level. They got their training wheels done with partners. Now they're going to the next level. What do you guys think about this? >> Well, I think you're right, John. I think it is very much something that is in keeping with the way AWS does business. Very Amazonian, they're working back from the customer. What we're seeing is, our customers and in general, the market is gravitating towards purchase mechanisms and route to market that just are lower friction. So in the same way that companies are going through their digital transformations now, really modernizing the way they host applications and they reach the internet. They're also modernizing on the purchasing side, which is super exciting, because we're all motivated to help customers with that agility. >> You know, it's fun to watch and again I'm being really candid and props to you guys as a company. Now, everyone else is kind of following that. Okay, lift and shift, check, doing some things. Now they go, whoa, I can really build on this. People are building their own apps for their companies. Going to build their own stuff. They're going to use piece parts. They're going to put it together in a really scalable way. That's the new normal. Okay, so now they go okay, I'm going to just buy through the market, I get purchasing power. So you guys have been a real leader with AWS. Can you share what you guys are doing in the Marketplace? I think you guys are a nice example of how to execute the Marketplace. Take us through. What are you guys offering there? What's the contract look like? Is it multi-pronged? What's the approach? What do customers get if they go to the marketplace for Zscaler? >> Yeah, so it's been a very exciting story and been a very pleasing one for us with AWS marketplace. We see a huge growth potentially. There are more than 350,000 customers that are actively buying through Marketplace today. We expect that number to grow to around a million customers by the next, I would say, five to ten years and we want to be part of this wave. We see AWS Marketplace to be a channel where not only our resalers or our channel partners can come and transact, but also our GSIs like Accenture want to transact through this channel. We are doing a lot, in terms of bringing new customers through Marketplace, who want to not only close their deals, but close it in the next few hours. That's the beauty of Marketplace, the agility, the flexibility in terms of pricing that it provides to ISVs like us. If a customer wants to delay their payments by a couple of quarters, Marketplace supports that. If a customer wants to do monthly payments, Marketplace supports that. We are seeing lot of customers, big customers, that have signed EDPs, enterprise discount plans with AWS. These are multi-year cloud commits coming to us and saying we can retire our EDPs with AWS if we transact your solution through AWS Marketplace. So what we have done, as of today, we have all of our production services enabled through AWS Marketplace. What that means for customers, they can now retire their EDPs by buying Zscaler products through AWS Marketplace and in return get the full benefit of maximizing their EDP commits with AWS. >> So you guys are fully committed, no toe on the water, as we heard. You guys are all in. >> Absolutely, that's exactly the way to put it. We're all in, all of our solutions are available in the marketplace. As you mentioned, we're a SaaS provider. So we're one of the vendors in the Marketplace that have SaaS solutions. So unlike a lot of customers and even the market in general, associate the Marketplace for historical reasons, the way it started with a lot of monthly subscriptions and just dipping your toe in it from a consumer perspective. Whereas we're doing multimillion dollar, multi-year SaaS contracts. So the most complicated kinds of transactions you'd normally associate with enterprise software, we're doing in very low friction ways. >> On the Zscaler side going in low friction. >> Yep, yeah, that's right. >> How about the customer experience? >> So it is primarily the the customer that experiences. >> Driving it? >> Yeah, they're driving it and it's because rather than traditional methods of going through paperwork, purchase orders- >> What are some of the things that customers are saying about this, bcause I see two benefits, I'll say that. The friction, it's a channel, okay, for Zscaler. Let's be clear, but now you have a customer who's got a lot of Amazon. They're a trusted partner too. So why wouldn't they want to have one point of contact to use their purchasing power and you guys are okay with that. >> We're absolutely okay with it. The reason being, we're still doing the transaction and we can do the transaction with our... We're a channel first company, so that's another important distinction of how people tend to think of the Marketplace. We go through channel. A lot of our transactions are with traditional channel partners and you'd be surprised the kinds of, even the Telcos, carrier providers, are starting to embrace Marketplace. So from a customer perspective, it's less paperwork, less legal work. >> Yeah, I'd love to get your reaction to something, because I think this highlights to me what we've been reporting on with "theCUBE" with super cloud and other trends that are different in a good way. Taking it to the next level and that is that if you look at Zscaler, SaaS, SaaS is self-service, the scale, there's efficiencies. Marketplace first started out as a self-service catalog, a website, you know, click and choose, but now it's a different. He calls it a supply chain, like the CICD pipeline of buying software. He mentions that, there's also services. He put the Channel partners can come in. The GSIs, global system integrators can come in. So it's more than just a catalog now. It's kind of self-service procurement more than it is just a catalog of buy stuff. >> Yes, so yeah, I feel CEOs, CSOs of today should understand what Marketplace brings to the bear in terms of different kinds of services or Zscaler solutions that they can acquire through Marketplace and other ISV solutions, for that matter. I feel like we are at a point, after the pandemic, where there'll be a lot of digital exploration and companies can do more in terms of not just Marketplace, but also including the channel partners as part of deals. So you talked about channel conflict. AWS addressed this by bringing a program called CPPO in the picture, Channel Partner Private Offers. What that does is, we are not only bringing all our channel partners into deals. For renewals as well, they're the partner of record and they get paid alongside with the customer. So AWS does all the heavy lifting, in terms of disbursements of payments to us, to the channel partner, so it's a win-win situation for all. >> I mean, private offers and co-sale has been very popular. >> It has been, and that is our bread and butter in the Marketplace. Again, we do primarily three year contracts and so private offers work super well. A nice thing for us as a vendor is it provides a great amount of flexibility. Private Offer gives you a lot of optionality, in terms of how the constructs of the deal and whether or not you're working with a partner, how the partner is utilizing as well to resell to the end user. So, we've always talked about AWS giving IT agility. This gives purchasing and finance business agility. >> Yeah, and I think this comes up a lot. I just noticed this happening a lot more, where you see dedicated sessions, not just on DevOps and all the goodies of the cloud, financial strategy. >> Yeah. >> Seeing a lot more conversation around how to operationalize the business transactions in the cloud. >> Absolutely. >> This is the new, I mean it's not new, it's been thrown around, but not at a tech conference. You don't see that. So I got to ask you guys, what's the message to the CISOs and executives watching the business people about Zscaler in the Marketplace? What should they be looking at? What is the pitch for Zscaler for the Marketplace buyer? >> So I would say that we are a cloud-delivered network security service. We have been in this game for more than a decade. We have years of early head start with lots of features and functionality versus our competitors. If customers were to move into AWS Cloud, they can get rid of their next-gen firewalls and just have all the traffic routed through our Zscaler internet access and use Zscaler private access for accessing their private applications. We feel we have done everything in our capacity, in terms of enabling customers through Marketplace and will continue to participate in more features and functionality that Marketplace has to offer. We would like these customers to take advantage of their EDPs as well as their retirement and spend for the multi-commit through AWS Marketplace. Learn about what we have to offer and how we can really expedite the motion for them, if they want to procure our solutions through Marketplace >> You know, we're seeing an ability for them to get more creative, more progressive in terms of the purchasing. We're also doing, we're really excited about the ability to serve multiple markets. So we've had an immense amount of success in commercial. We also are seeing increasing amount of public sector, US federal government agencies that want to procure this way as well for the same reasons. So there's a lot of innovation going on. >> So you have the FedRAMP going on, you got all those certifications. >> Exactly right. So we are the first cloud-native solution to provide IL5 ATO, as well as FedRAMP pie and we make that all available, GSA schedule pricing through the AWS Marketplace, again through FSIs and other resellers. >> Public private partnerships have been a big factor, having that span of capability. I got to ask you about, this is a cool conversation, because now you're like, okay, I'm selling through the Marketplace. Companies themselves are changing how they operate. They don't just buy software that we used to use. So general purpose, bundled stuff. Oh yeah, I'm buying this product, because this has got a great solution and I have to get forced to use this firewall, because I bought this over here. That's not how companies are architecting and developing their businesses. It's no longer buying IT. They're building their company digitally. They have to be the application. So they're not sitting around, saying hey, can I get a solution? They're building and architecting their solution. This is kind of like the new enterprise that no one's talking about. They kind of, got to do their own work. >> Yes. >> There's no general purpose solution that maps every company. So they got to pick the best piece parts and integrate them. >> Yes and I feel- >> Do you guys agree with that? >> Yeah, I agree with that and customers don't want to go for point solutions anymore. They want to go with a platform approach. They want go with a vendor that can not only cut down their vendors from multi-dozens to maybe a dozen or less and that's where, you know, we kind of have pivoted to the platform-centric approach, where we not only help customers with Cloud Network Security, but we also help customers with Cloud Native Application Protection Platform that we just recently launched. It's going by the name of the different elements, including Cloud Security Posture Management, Cloud Identity Event Management and so we are continuously doing more and more on the configuration and vulnerability side space. So if a customer has an AWS S3 bucket that is opened it can be detected and can be remediated. So all of those proactive steps we are taking, in terms of enhancing our portfolio, but we have come a long way as a company, as a platform that we have evolved in the Marketplace. >> What's the hottest product? >> The hottest product? >> In Marketplace right now. >> Well, the fastest growing products include our digital experience products and we have new Cloud Protection. So we've got Posture and Workload Protection as well and those are the fastest growing. For AWS customers a strong affinity also for ZPA, which provides you zero trust access to your workloads on AWS. So those are all the most popular in Marketplace. >> Yeah. >> So I would like to add that we recently launched and this has been a few years, a couple of years. We launched a product called Zscaler Digital X, the ZDX. >> Mm-hmm. >> What that product does is, let's say you're making a Zoom call and your WiFi network is laggy or it's a Zoom server that's laggy. It kind of detects where is the problem and it further tells the IT department you need to fix either the server on which Zoom is running, or fix your home network. So that is the beauty of the product. So I think we are seeing massive growth with some of our new editions in the portfolio, which is a long time coming. >> Yeah and certainly a lot of growth opportunities for you guys, as you come in. Where do you see Zscaler's big growth coming from product-wise? What's the big push? Actually, this is great upside for you here. >> Yeah. >> On the go to market side. Where's the big growth for Zscaler right now? So I think we are focused as a company on zero trust architecture. We want to securely connect users to apps, apps to apps, workloads to workloads and machines to machines. We want to give customers an experience where they have direct access to the apps that's hidden from the outside world and they can securely connect to the apps in a very succinct fashion. The user experience is second to none. A lot of customers use us on the Microsoft Office 365 side, where they see a lag in connecting to Microsoft Office 365 directly. They use the IE service to securely connect. >> Yeah, latency kills. >> Microsoft Office 365. >> Latency kills, as we always say, you know and security, you got to look at the pattern, you want to see that data. >> Yeah, and emerging use cases, there is an immense amount of white space and upside for us as well in emerging use cases, like OT, 5G, IOT. >> Yeah. >> Federal government, DOD. >> Oh god, tactical edge government. >> Security at the edge, absolutely, yeah. >> Where's the big edge? What's the edge challenge right now, if you have to put your finger on the edge, because right now that's the hot area, we're watching that. It's going to be highly contested. It's not yet clear, I mean certainly hybrid is the operating model, cloud, distributing, computing, but edge has got unique things that you can't really point to on premises that's the same. It's highly dynamic, you need high bandwidth, low latency, compute at the edge. The data has to be processed right there. What's the big thing at the edge right now? >> Well, so that's probably an emerging answer. I mean, we're working with our customers, they're inventing and they're kind of finding the use cases for those edge, but one of the good things about Zscaler is that we are able to, we've got low latency at the edge. We're able to work as a computer at the edge. We work on Outpost, Snowball, Snowcone, the Snow devices. So we can be wherever our customers need us. Mobile devices, there are a lot of applications where we've got to be either on embedded devices, on tractors, providing security for those IOT devices. So we're pretty comfortable with where we are being the- >> So that's why you guys are financially doing so well, performance wise. I got to ask you though, because I think that brings up the great point. If this is why I like the Marketplace, if I'm a customer, the edge is highly dynamic. It's changing all the time. I don't want to wait to buy something. If I got my solution architects on a product, I need to know I'm going to have zero trust built in and I need to push the button on Zscaler. I don't want to wait. So how does the procurement side impact? What have you guys seen? Share your thoughts on how Marketplace is working from the procurement standpoint, because it seems to me to be fast. Is that right, or is it still slow on their side? On the buyer side, because this to me would be a benefit to developers, if we say, hey, the procurement can just go really fast. I don't want to go through a bunch of PO approvals or slow meetings. >> It can be, that manifests itself in several ways, John. It can be, for instance, somebody wants to do a POC and traditionally you could take any amount of time to get budget approval, take it through. What if you had a pre-approved cloud budget and that was spent primarily through AWS Marketplace, because it's consolidated data on your AWS invoice. The ability to purchase a POC on the Marketplace could be done literally within minutes of the decision being made to go forward with it. So that's kind of a front end, you know, early stage use case. We've got examples we didn't talk about on our recent earnings call of how we have helped customers bring in their procurement with large million dollar, multimillion dollar deals. Even when a resaler's been involved, one of our resaler partners. Being able to accelerate deals, because there's so much less legal work and traditional bureaucratic effort. >> Agility. >> That agility purchasing process has allowed our customers to pull into the quarter, or the end of month, or end of quarter for them, deals that would've otherwise not been able to be done. >> So this is a great example of where you can set policy and kind of create some guard rails around innovation and integration deals, knowing if it's something that the edge is happening, say okay, here's some budget. We approved it, or Amazon gives credits and partnership going on. Then I'd say, hey, well green light this, not to exceed a million dollars, or whatever number in their range and then let people have the freedom to execute. >> You're absolutely right, so from the purchasing side, it does give them that agility. It eliminates a lot of the processes that would push out a purchase in actual execution past when the business decision is made and quite frankly, to be honest, AWS has been very accommodative. They're a great partner. They've invested a lot in Marketplace, Marketplace programs, to help customers do the right thing and do it more quickly as well as vendors like us to help our customers make the decisions they need to. >> Rising tide, a rising tide floats all boats and you guys are a great example of an independent company. Highly successful on your own. >> Yep. >> Certainly the numbers are clear. Wall Street loves Zscaler and economics are great. >> Our customer CSAT numbers are off the scale as well. >> Customers are great and now you've got the Marketplace. This is again, a new normal. A new kind of ecosystem is developing where it's not like the old monolithic ecosystems. The value creation and extraction is happening differently now. It's kind of interesting. >> Yes and I feel we have a long way to go, but what I can tell you is that Zscaler is in this for the long run. We are seeing some of the competitors erupt in the space as well, but they have a long way to go. What we have built requires years worth of R&D and features and thousands of customer's use cases which kind of lead to something what Zscaler has come up with today. What we have is very unique and is going to continuously be an innovation in the market in the years to come. In terms of being more cloud-savvy or more cloud-focused or more cloud-native than what the market has seen so far in the form of next-gen firewalls. >> I know you guys have got a lot of AI work. We've had many conversations with Howie over there. Great stuff and really appreciate you guys participating in our super cloud event we had and we'll see more of that where we're talking about the next generation clouds, really enabling that new disruptive, open-spanning capabilities across multiple environments to run cloud-native modern applications at scale and secure. Appreciate your time to come on "theCUBE". >> Thank you. >> Thank you very much. >> Thanks for having us. >> Thanks, I totally appreciate it. Zscaler, leading company here on "theCUBE" talking about their relationship with Marketplace as they continue to grow and succeed as technology goes to the next level in the cloud. Of course "theCUBE's" covering it here in Seattle. I'm John Furrier, your host. Thanks for watching. (peaceful electronic music)

(upbeat music) >> Hello, welcome everyone to "theCUBE" presentation of the AWS Startup Showcase, this is Season Two, Episode Four of the ongoing series covering exciting startups from the AWS ecosystem. Here to talk about Cyber Security. I'm your host John Furrier here joined by two great "CUBE" alumnus, Liz Rice who's the chief open source officer at Isovalent, and Mark Nunnikhoven who's the distinguished cloud strategist at Lacework. Folks, thanks for joining me today. >> Hi. Pleasure. >> You're in the U.K. Mark, welcome back to the U.S, I know you were overseas as well. Thanks for joining in this panel to talk about set the table for the Cybersecurity Showcase. You guys are experts out in the field. Liz we've had many conversations with the rise of open source, and all the innovations coming from out in the open source community. Mark, we've been going and covering the events, looking at all the announcements we're kind of on this next generation security conversation. It's kind of a do over in progress, happening every time we talk security in the cloud, is what people are are talking about. Amazon Web Services had reinforced, which was more of a positive vibe of, Hey, we're all on it together. Let's participate, share information. And they talk about incidents, not breaches. And then, you got Black Hat just happened, and they're like, everyone's getting hacked. It's really interesting as we report that. So, this is a new market that we're in. People are starting to think differently, but still have to solve the same problems. How do you guys see the security in the cloud era unfolding? >> Well, I guess it's always going to be an arms race. Isn't it? Everything that we do to defend cloud workloads, it becomes a new target for the bad guys, so this is never going to end. We're never going to reach a point where everything is completely safe. But I think there's been a lot of really interesting innovations in the last year or two. There's been a ton of work looking into the security of the supply chain. There's been a ton of new tooling that takes advantage of technology that I'm really involved with and very excited about called eBPF. There's been a continuation of this new generation of tooling that can help us observe when security issues are happening, and also prevent malicious activities. >> And it's on to of open source activity. Mark, scale is a big factor now, it's becoming a competitive advantage on one hand. APIs have made the cloud great. Now, you've got APIs being hacked. So, all the goodness of cloud has been great, but now we've got next level scale, it's hard to keep up with everything. And so, you start to see new ways of doing things. What's your take? >> Yeah, it is. And everything that's old is new again. And so, as you start to see data and business workloads move into new areas, you're going to see a cyber crime and security activity move with them. And I love, Liz calling out eBPF and open source efforts because what we've really seen to contrast that sort of positive and negative attitude, is that as more people come to the security table, as more developers, as more executives are aware, and the accessibility of these great open source tools, we're seeing that shift in approach of like, Hey, we know we need to find a balance, so let's figure out where we can have a nice security outcome and still meet our business needs, as opposed to the more, let's say to be polite, traditional security view that you see at some other events where it's like, it's this way or no way. And so, I love to see that positivity and that collaboration happening. >> You know, Liz, this brings up a good point. We were talking at our Super Cloud Event we had here when we were discussing the future of how cloud's emerging. One of the conversations that Adrian Cockcroft brought up, who's now retired from AWS, former with Netflix. Adrian being open source fan as well. He was pointing out that every CIO or CISO will buy an abstraction layer. They love the dream. And vendors sell the dream, so to speak. But the reality it's not a lot of uptake because it's complex, And there's a lot of non-standard things per vendor. Now, we're in an era where people are looking for some standardization, some clean, safe ways to deploy. So, what's the message to CSOs, and CIOs, and CXOs out there around eBPF, things like that, that are emerging? Because it's almost top down, was the old way, now as bottoms up with open source, you're seeing the shift. I mean, it's complete flipping the script of how companies are buying? >> Yeah. I mean, we've seen with the whole cloud native movement, how people are rather than having like ETF standards, we have more of a defacto collaborative, kind of standardization process going on. So, that things like Kubernetes become the defacto standard that we're all using. And then, that's helping enterprises be able to run their workloads in different clouds, potentially in their own data centers as well. We see things like EKS anywhere, which is allowing people to run their workloads in their data center in exactly the same way as they're running it in AWS. That sort of leveling of the playing field, if you like, can help enterprises apply the same tooling, and that's going to always help with security if you can have a consistent approach wherever you are running your workload. >> Well, Liz's take a minute to explain eBPF. The Berkeley packet filtering technology, people know from Trace Dumps and whatnot. It's kind of been around for a while, but what is it specifically? Can you take a minute to explain eBPF, and what does that mean for the customer? >> Yeah. So, you mentioned the packet filtering acronym. And honestly, these days, I tell people to just forget that, because it means so much more for. What eBPF allows you to do now, is to run custom programs inside the kernel. So, we can use that to change the way that the kernel behaves. And because the kernel has visibility over every process that's running across a machine, a virtual machine or a bare metal machine, having security tooling and observability tooling that's written using eBPF and sitting inside the kernel. It has this great perspective and ability to observe and secure what's happening across that entire machine. This is like a step change in the capabilities really of security tooling. And it means we don't have to rely on things like kernel modules, which traditionally people have been quite worried about with good reason. eBPF is- >> From a vulnerability standpoint, you mean, right? From a reliability. >> From a vulnerability standpoint, but even just from the point of view that kernel modules, if they have bugs in them, a bug in the kernel will bring the machine to a halt. And one of the things that's different with eBPF, is eBPF programs go through a verification process that ensures that they're safe to run that, but happens dynamically and ensures that the program cannot crash, will definitely run to completion. All the memory access is safe. It gives us this very sort of reassuring platform to use for building these kernel-based tools. >> And what's the bottom line for the customer and the benefit to the organization? >> I think the bottom line is this new generation of really powerful tools that are very high performance. That have this perspective across the whole set of workloads on a machine. That don't need to rely on things like a CCAR model, which can add to a lot of complexity that was perfectly rational choice for a lot of security tools and observability tools. But if you can use an abstraction that lives in the kernel, things are much more efficient and much easier to deploy. So, I think that's really what that enterprise is gaining, simpler to deploy, easier to manage, lower overhead set of tools. >> That's the dream they want. That's what they want. Mark, this is whether the trade offs that comes up. We were talking about the supercloud, and all kinds. Even at AWS, you're going to have supercloud, but you got super hackers as well. As innovation happens on one side, the hackers are innovating on the other. And you start to see a lot of advances in the lower level, AWS with their Silicon and strategies are continuing to happen and be stronger, faster, cheaper, better down the lower levels at the network lay. All these things are innovating, but this is where the hackers are going too, right? So, it's a double edge sword? >> Yeah, and it always will be. And that's the challenge of technology, is sort of the advancement for one, is an advancement for all. But I think, while Liz hit the technical aspects of the eBPF spot on, what I'm seeing with enterprises, and in general with the market movement, is all of those technical advantages are increasing the confidence in some of this security tooling. So, the long sort of anecdote or warning in security has always been things like intrusion prevention systems where they will look at network traffic and drop things they think bad. Well, for decades, people have always deployed them in detect-only mode. And that's always a horrible conversation to have with the board saying, "Well, I had this tool in place that could have stopped the attack, but I wasn't really confident that it was stable enough to turn on. So, it just warned me that it had happened after the fact." And with the stability and the performance that we're seeing out of things based on technologies like eBPF, we're seeing that confidence increase. So, people are not only deploying this new level of tooling, but they're confident that it's actually providing the security it promised. And that's giving, not necessarily a leg up, but at least that level of parody with that push forward that we're seeing, similar on the attack side. Because attackers are always advancing as well. And I think that confidence and that reliability on the tooling, can't be underestimated because that's really what's pushing things forward for security outcomes. >> Well, one of the things I want get your both perspective on real quick. And you kind of segue into this next set of conversations, is with DevOps success, Dev and Ops, it's kind of done, right? We're all happy. We're seeing DevOps being so now DevSecOps. So, CSOs were like kind of old school. Buy a bunch of tools, we have a vendor. And with cloud native, Liz, you mentioned this earlier, accelerating the developers are even driving the standards more and more. So, shifting left is a security paradigm. So, tooling, Mark, you're on top of this too, it's tooling versus how do I organize my team? What are the processes? How do I keep the CICD pipeline going, higher velocity? How can I keep my app developers programming faster? And as Adrian Cockcroft said, they don't really care about locking, they want to go faster. It's the ops teams that have to deal with everything. So, and now security teams have to deal with the speed and velocity. So, you're seeing a new kind of step function, ratchet game where ops and security teams who are living DevOps, are still having to serve the devs, and the devs need more help here. So, how do you guys see that dynamic in security? Because this is clearly the shift left's, cloud native trend impacting the companies. 'Cause now it's not just shifting left for developers, it has a ripple effect into the organization and the security posture. >> We see a lot of organizations who now have what they would call a platform team. Which is something similar to maybe what would've been an ops team and a security team, where really their role is to provide that platform that developers can use. So, they can concentrate on the business function that they don't have to really think about the underlying infrastructure. Ideally, they're using whatever common definition for their applications. And then, they just roll it out to a cloud somewhere, and they don't have to think about where that's operating. And then, that platform team may have remit that covers, not just the compute, but also the networking, the common set of tooling that allows people to debug their applications, as well as securing them. >> Mark, this is a big discussion because one, I love the team, process collaboration. But where's the team? We've got a skills gap going on too, right? So, in all this, there's a lot of action happening. What's your take on this dynamic of tooling versus process collaboration for security success? >> Yeah, it's tough. And I think what we're starting to see, and you called it out spot on, is that the developers are all about dynamic change and rapid change, and operations, and security tend to like stability, and considered change in advance. And the business needs that needle to be threaded. And what we're seeing is sort of, with these new technologies, and with the ideas of finally moving past multicloud, into, as you guys call supercloud, which I absolutely love is a term. Let's get the advantage of all these things. What we're seeing, is people have a higher demand for the outputs from their tooling, and to find that balance of the process. I think it's acknowledged now that you're not going to have complete security. We've gotten past that, it's not a yes or no binary thing. It's, let's find that balance in risk. So, if we are deploying tooling, whether that's open source, or commercial, or something we built ourselves, what is the output? And who is best to take action on that output? And sometimes that's going to be the developers, because maybe they can just fix their architecture so that it doesn't have a particular issue. Sometimes that's going to be those platform teams saying like, "Hey, this is what we're going to apply for everybody, so that's a baseline standard." But the good news, is that those discussions are happening. And I think people are realizing that it's not a one size-fits-all. 10 years ago was sort of like, "Hey, we've got a blueprint and everyone does this." That doesn't work. And I think that being out in the open, really helps deliver these better outcomes. And because it isn't simple, it's always going to be an ongoing discussion. 'Cause what we decide today, isn't going to be the same thing in a week from now when we're sprint ahead, and we've made a whole bunch of changes on the platform and in our code. >> I think the cultural change is real. And I think this is hard for security because you got so much current action happening that's really important to the business. That's hard to just kind of do a reset without having any collateral damage. So, you kind of got to mitigate and manage all the current situation, and then try to build a blueprint for the future and transform into a kind of the next level. And it kind of reminds me of, I'm dating myself. But back in the days, you had open source was new. And the common enemy was proprietary, non-innovative old guard, kind of mainframe mini computer kind of proprietary analysis, proprietary everything. Here, there is no enemy. The clouds are doing great, right? They're leaning in open source is at all time high and not stopping, it's it's now standard. So, open is not a rebel. It's not the rebel anymore, it's the standard. So, you have the innovation happening in open source, Liz, and now you have large scale cloud. And this is a cultural shift, right? How people are buying, evaluating product, and implementing solutions. And I when I say new, I mean like new within the decades or a couple decades. And it's not like open source is not been around. But like we're seeing new things emerge that are pretty super cool in the sense that you have projects defining standards, new things are emerging. So, the CIO decision making process on how to structure teams and how to tackle security is changing. Why IT department? I mean, just have a security department and a Dev team. >> I think the fact that we are using so much more open source software is a big part of this cultural shift where there are still a huge ecosystem of vendors involved in security tools and observability tools. And Mark and I both represent vendors in those spaces. But the rise of open source tools, means that you can start with something pretty powerful that you can grow with. As you are experimenting with the security tooling that works for you, you don't have to pay a giant sum to get a sort of black box. You can actually understand the open source elements of the tooling that you are going to use. And then build on that and get the enterprise features when you need those. And I think that cultural change makes it much easier for people to work security in from the get go, and really, do that shift left that we've been talking about for the last few years. >> And I think one of the things to your point, and not only can you figure out what's in the open source code, and then build on top of it, you can also leave it too. You can go to something better, faster. So, the switching costs are a lot lower than a lock in from a vendor, where you do all the big POCs and the pilots. And, Mark, this is changing the game. I mean, I would just be bold enough to say, IT is going to be irrelevant in the sense of, if you got DevOps and it works, and you got security teams, do you really need IT 'cause the DevOps is the IT? So, if everyone goes to the cloud operations, what does IT even mean? >> Yeah, and it's a very valid point. And I think what we're seeing, is where IT is still being successful, especially in large companies, is sort of the economy of scale. If you have enough of the small teams doing the same thing, it makes sense to maybe take one tool and scale it up because you've got 20 teams that are using it. So, instead of having 20 teams run it, you get one team to run it. On the economic side, you can negotiate one contract if it's a purchase tool. There is still a place for it, but I think what we're seeing and in a very positive way, is that smaller works better when it comes to this. Because really what the cloud has done and what open source continues to do, is reduce the barrier to entry. So, a team of 10 people can build something that it took a 1000 people, a decade ago. And that's wonderful. And that opens up all these new possibilities. We can work faster. But we do need to rethink it at reinforce from AWS. They had a great track about how they're approaching it from people side of things with their security champion's idea. And it's exactly about this, is embedding high end security talent in the teams who are building it. So, that changes the central role, and the central people get called in for big things like an incident response, right? Or a massive auditor reviews. But the day-to-day work is being done in context. And I think that's the real key, is they've got the context to make smarter security decisions, just like the developers and the operational work is better done by the people who are actually working on the thing, as opposed to somebody else. Because that centralized thing, it's just communication overhead most of the time. >> Yeah. I love chatting with you guys because here's are so much experts on the field. To put my positive hat on around IT, remember the old argument of, "Oh, automation's, technology's going to kill the bank teller." There's actually more tellers now than ever before. So, the ATM machine didn't kill that. So, I think IT will probably reform from a human resource perspective. And I think this is kind of where the CSO conversation comes full circle, Liz and Mark, because, okay, let's assume that this continues the trajectory to open source, DevOps, cloud scale, hybrid. It's a refactoring of personnel. So, you're going to have DevOps driving everything. So, now the IT team becomes a team. So, most CSOs we talk to are CXOs, is how do I deploy my teams? How do I structure things, my investment in people, and machines and software in a way that I get my return? At the end of the day, that's what they live for, and do it securely. So, this is the CISO's kind of thought process. How do you guys react to that? What's the message to CISOs? 'Cause they have a lot of companies to look at here. And in the marketplace, they got to spend some money, they got to get a return, they got to reconfigure. What's your advice? Liz, what's your take? Then we'll go to Mark. >> That's a really great question. I think cloud skills, cloud engineering skills, cloud security skills have never been more highly valued. And I think investing in training people to understand cloud that there are tons of really great resources out there to help ramp people up on these skills. The CNCF, AWS, there's tons of organizations who have really great courses and exams, and things that people can do to really level up their skills, which is fantastic right from a grassroots level, through to the most widely deployed global enterprise. I think we're seeing a lot of people are very excited, develop these skills. >> Mark, what's your take for the CSO, the CXO out there? They're scratching their head, they're going, "Okay, I need to invest. DevOps is happening. I see the open source, I'm now got to change over. Yeah, I lift and shift some stuff, now I got to refactor my business or I'm dead." What's your advice? >> I think the key is longer term thinking. So, I think where people fell down previously, was, okay, I've got money, I can buy tools, roll 'em out. Every tool you roll out, has not just an economic cost, but a people cost. As Liz said, those people with those skills are in high demand. And so, you want to make sure that you're getting the most value out of your people, but your tooling. So, as you're investing in your people, you will need to roll out tools. But they're not the answer. The answer is the people to get the value out of the tools. So, hold your tools to a higher standard, whether that's commercial, open source, or something from the CSP, to make sure that you're getting actionable insights and value out of them that your people can actually use to move forward. And it's that balance between the two. But I love the fact that we're finally rotating back to focus more on the people. Because really, at the end of the day, that's what's going to make it all work. >> Yeah. The hybrid work, people processes. The key, the supercloud brings up the conversation of where we're starting to see maturation into OPEX models where CapEx is a gift from the clouds. But it's not the end of bilk. Companies are still responsible for their own security. At the end of the day, you can't lean on AWS or Azure. They have infrastructure and software, but at the end of the day, every company has to maintain their own. Certainly, with hybrid and edge coming, it's here. So, this whole concept of IT, CXO, CIO, CSO, CSO, I mean, this is hotter than ever in terms of like real change. What's your reaction to that? >> I was just reading this morning that the cost of ensuring against data breaches is getting dramatically more expensive. So, organizations are going to have to take steps to implement security. You can't just sort of throw money at the problem, you're going to actually have to throw people and technology at the problem, and take security really seriously. There is this whole ecosystem of companies and folks who are really excited about security and here to help. There's a lot of people interested in having that conversation to help those CSOs secure their deployments. >> Mark, your reaction? >> Yeah. I think, anything that causes us to question what we're doing is always a positive thing. And I think everything you brought up really comes down to remembering that no matter what, and no matter where, your data is always your data. And so, you have some level of responsibility, and that just changes depending on what system you're using. And I think that's really shifting, especially in the CSO or the CSO mindset, to go back to the basics where it used to be information security and not just cyber security. So, whether that information and that data is sitting on my desk physically, in a system in our data center, or in the cloud somewhere. Looking holistically, and that's why we could keep coming back to people. That's what it's all about. And when you step back there, you start to realize there's a lot more trade offs. There's a lot more levers that you can work on, to deliver the outcome you want, to find that balance that works for you. 'Cause at the end of the day, security is just all about making sure that whatever you built and the systems you're working with, do what you want them to do, and only what you want them to do. >> Well, Liz and Mark, thank you so much for your expert perspective. You're in the trenches, and really appreciate your time and contributing with "theCUBE," and being part of our Showcase. For the last couple of minutes, let's dig into some of the things you're working on. I know network policies around Kubernetes, Liz, EKS anywhere has been fabulous with Lambda and Serverless, you seeing some cool things go on there. Mark, you're at Lacework, very successful company. And looking at a large scale observability, signaling and management, all kinds of cool things around native cloud services and microservices. Liz, give us an update. What's going on over there at Isovalent? >> Yeah. So, Isovalent is the company behind Cilium Networking Project. Its best known as a Kubernetes networking plugin. But we've seen huge amount of adoption of cilium, it's really skyrocketed since we became an incubating project in the CNCF. And now, we are extending to using eBPF to not just do networking, but incredibly in depth observability and security observability have a new sub project called Tetragon, that gives you this amazing ability to see out of policy behavior. And again, because it's using eBPF, we've got the perspective of everything that's happening across the whole machine. So, I'm really excited about the innovations that are happening here. >> Well, they're lucky to have you. You've been a great contributor to the community. We've been following your career for very, very long time. And thanks for everything that you do, really appreciate it. Thanks. >> Thank you. >> Mark, Lacework, we we've following you guys. What are you up to these days? You know, we see you're on Twitter, you're very prolific. You're also live tweeting all the events, and with us as well. What's going on over there at Lacework? And what's going on in your world? >> Yeah. Lacework, we're still focusing on the customer, helping deliver good outcomes across cloud when it comes to security. Really looking at their environments and helping them understand, from their data that they're generating off their systems, and from the cloud usage as to what's actually happening. And that pairs directly into the work that I'm doing, the community looking at just security as a practice. So, a lot of that pulling people out of the technology, and looking at the process and saying, "Hey, we have this tech for a reason." So, that people understand what they need in place from a skill set, to take advantage of the great work that folks like Liz and the community are doing. 'Cause we've got these great tools, they're outputting all this great insights. You need to be able to take actions on top of that. So, it's always exciting. More people come into security with a security mindset, love it. >> Well, thanks so much for this great conversation. Every board should watch this video, every CSO, CIO, CSO. Great conversation, thanks for unpacking and making something very difficult, clear to understand. Thanks for your time. >> Pleasure. >> Thank you. >> Okay, this is the AWS Startup Showcase, Season Two, Episode Four of the ongoing series covering the exciting startups from the AWS ecosystem. We're talking about cybersecurity, this segment. Every quarter episode, we do a segment around a category and we go deep, we feature some companies, and talk to the best people in the industry to help you understand that. I'm John Furrier your host. Thanks for watching. (upbeat music)

(upbeat music) >> Good morning, everyone. Welcome back to "theCUBE." Lisa Martin here with John Furrier. This is day three of our wall-to-wall coverage of VMware Explore. John and I are pleased to welcome back one of our alumni, Muddu Sudhakar, the CEO of AISERA. Welcome to the program, Muddu. It's great to meet you. >> Thank you, Lisa. Thanks for having me. Thank you, John. >> Great to see you again. You're like an industry analyst coming on "theCUBE". You should be like a guest analyst, breaking down. I know you got your own company to run, and by the way, the recent funding you had, congratulations. >> Thank you. >> In a market that's not getting a lot of funding. You get an up around. Congratulations on that. >> Thank you. >> Business is good? >> Very good, thank you. Look, Goldman Sachs Investing, along with Zoom and Thoma Bravo, it was great for us. >> Great stuff. Well, I'm glad we could get you in. This day three, Lisa and I and Dave Vellante and Dave Nicholson have all been talking to everyone for two days here at VMware Explore, formerly VMworld, our 12th year covering their annual conference, as you know, and we've been telling the executives, but day three is more of, we're going to mix it up. We're going to bring people in and get their opinions about Supercloud, does VMware go post-Broadcom? Obviously, that's going to happen. Looks like nothing's going to stop that from happening. What's next? What's the impact? Who wins? Who loses? VMware certainly not acting like they're going to get gutted. They're all full throttle ahead. They're laying down some announcements, vSphere 8, you got vSAN 8, they got cloud-native, they're talking multi-cloud. VMware's not looking like they're flinching. What's going on, in your view, outside of the bubble that we're here in San Francisco, out in the real world, in the trenches. What are people talking about? What do you see? >> Lot to unpack. (all laugh) >> Start at wherever you want. >> Yes. You know, I was a VMware alumni too. >> Yes >> You sold the company to VMware. You know the inside. Okay, So then, even then- >> I worked with Paul and Pat and Raghu. It's great to be back at VMware now. I think there's a lot going on in VMware. VMware is here to stay. The brand will stay. The VMware customers will stay for years to come. I think Broadcom and VMware, I think it's a great industry consolidation, the way in which I see it. And it is going to help all the customers too, right? Broadcom, having such a large foot play into both CA, the software business, the hardware business. I think what will happen is that Broadcom will try to create a hybrid cloud of their own with VMware. So there'll be a fourth player in the cloud industry. And then back to John, your Supercloud. The Supercloud by definition, there'll be private clouds, public clouds, hybrid clouds. I think Broadcom with VMware will help your vision of the Supercloud and what your customers are asking. >> Yeah, one of the things I want to get your thoughts on, Lisa and I were talking yesterday with the executives, AJ Patel in particular, he's a middleware guy. >> Right. >> So what he did was Oracle. He did a lot of the fusion stuff at Oracle. He now runs Modern Apps. And you came in at the time, I think, when they were just getting that app vision going, and Paul Moritz actually had it early with his 2010 vision, but too early on the app side. But that ended up happening too. So the question is, is Broadcom going to be this middleware layer, and treat the cloud like hardware. And then, apps or apps. Companies are apps. In a digital transformation, technology is the company. >> Right >> So the company is the app. >> That's right, >> Is an application. So apps and hardware, middle, a middleware model emerging. Do you think they're going for that? Or am I just making this up in my head? >> No, I think to me, I see Broadcom as much more, they're like a peer company at the high level. So they're funded by- >> Like a private equity company. >> Private equity company. >> You mean from a dollar standpoint. >> From a dollar standpoint. So Broadcom is going to fund companies. They're going to buy companies. They bought CA, they bought all the other assets. So Broadcom will have always hardware. The middle level could be VMware, but they also have CA, right? They have a bunch of apps here. So I see the Broadcom is also using VMware to run applications. So the consolidation will be they'll create a Supercloud using VMware. They're going to own their own apps. I don't think Broadcom's story is stopped. Its journey to come. They're going to buy more acquisitions, more apps companies. I won't be surprised, in the future, they buy Zendesk. I won't be surprised, in the future, they buy other apps companies, SaaS companies and cloud enterprise companies. Right? So that's where the P is coming. So the broad conversion is, I need a base middleware, like you're saying. There's no other middleware on top of hardware better than VMware. >> So do you think that they'll keep the stuff that's coming out of the other? 'Cause we've been speculating on "theCUBE" this week. They have the core business, but there's all this stuff that's kind of coming out of the oven that's not EBITDA-oriented yet. Do you think they keep that or they let it go? >> I think that's a great question to hang their CEO of Broadcom. But to me, I think, knowing them, they're going to keep, and if you look at Symantec, they kept parts of Symantec, this whole parts of it. So I think all options are on the table for them, right? They'll do whatever it is. But I think it has to be the ones that high growth companies they may give it. It all goes back to is it a profitability to it or not? But his vision is very good. I want to own the middleware, right? He will own the middleware using VMware to your vision, create a Supercloud and own the apps. So I think you'll see Broadcom is the fourth vendor in the cloud race. You have Microsoft, AWS, Google, and Broadcom is actually going to compete with this four. >> So you think there'll be a hyper scale? They'll be in the top three or four. >> There'll be top four. >> Okay. >> Along with Oracle. So now, we are talking about the five vendors will be Amazon, Azure, Google, Oracle, and Broadcom. >> We had Amazon guy on, Steve Jones. I should have asked him that question. I just don't see that happening yet. They have to have the full hardware side. How do you see that coming in? 'Cause Amazon's innovating at the atom level and they're working on stuff that's physical, transit, physics stuff, like down to the root level. >> I think Broadcom figure, look, they own the chips out right, at the end of the day. They also have a lot of chips such to supply to both mobile and this. So if there's anybody who can figure out the hardware, it will be Broadcom. That is their core of area. They didn't have the core in the software and the middleware. VMware is going to give them the OS, the Kubernetes, the VMs. Once you have that layer, I think you can innovate both up and below, right? So I think, John, I think Broadcom VMware will be a force to reckon with and I think these guys are going to get into healthcare space though. So if you see the way they battle, you and me are talking Lisa, like Microsoft bought new ones, Oracle bought Cerner. So they all paid 30 billion each. So the next battle ground will be, they'll start in the healthcare industry. Somebody's going to go look at the healthcare apps like Epic, right? They're going to look at how we can do the hospitals. They're going to look at hospital healthcare professionals. That area will be disrupted a lot in the same. >> What other industries do you think, besides healthcare, are ripe for disruption with Broadcom VMware? >> I think endpoint management, like remember VMware bought AirWatch when I was there back then, right? That whole area is called digital experience management. So that endpoint mainly will be disrupted. So Broadcom with VMware will go again into endpoint. I'm talking endpoint could be the servers, desktops, VMware Max, right? Virtual Desktop VDI. So that whole management of mobile devices to desktop, that whole industry will be disrupted. A lot of players are there trying to do more consulting services. I think VMware is a great assets and tools. If I'm Broadcom, my chip sets are going into the endpoint. So that area will be disrupted a lot with Broadcom in VMware. >> Yeah, one of the things that VMware, people have been talking about, is that the CA acquisition that Broadcom did was the playbooks public. Everyone saw what they did. They killed sales and market and they killed all the execs, metaphorically speaking. They fired them. VMware's got a different vibe here. I'm feeling like it could go one way or the other. I think they should keep them, personally. But you don't know. If they're a PE company, they EBIDA driven, maybe it's just simply numbers. >> Right. >> If that's the case, then I'm worried. But VMware's got pride, they got mojo, and they've got expertise in software. Maybe a little bit different circumstance? What's take on this? Or do you think it's going to be black and white to the numbers? >> I think, knowing Hank's playbook, if he knows what he's going to do, right? His playbook will be consistent with Symantec. >> You think he already knows what he wants to do? >> I think so. I think at that level, both with Simulink and Broadcom, they already know the playbook. At this stage the games, people already know their game. It's like a chess move. They already know. They'll look at VMware and see which assets to keep, which one not to keep, which organization, but I think Hank is a master at this one. To me, I'm personally excited with the VMware Broadcom combination. It's a great thing for the industry. It's great for VMware and VMware customers and partners. >> Well, John, you and Dave had a chance to sit down with Raghu. What were some of the things that he unpacked about the Broadcom acquisition? >> He was on talking points. He was on message. He was saying the things that any CEO was going to make a lot of cash on this deal. And he's proud. I think it wasn't about the money for him. I sensed that he's certainly going to make a lot of cash on this deal as an executive, but he's a long time VMware employee and a well loved and revered person. He's done a lot of great work, technically set the agenda. So I think their mindset is we're going to just continue to do an amazing job as VMware as we are and then let Broadcom, let the chips fall where they may, and hopefully, if they do a good job, maybe they'll either refactor some of their base plans or they laid it all out in the field, so to speak. So that's my vibe. Now specifically, he made some comments, like, "Yeah, we're really proud." And he staying technical. He's still like, "This is really happening." So I think he's going to, essentially, to the very end, be like, "Cross cloud and hybrid cloud. This is our third generation." So there he's hanging onto the VMware third act that they're saying, and he hopes that it comes home. And I think he's going to just deal with it. He didn't seem flustered and he didn't seem overly confident. >> Okay. >> I guess that's my opinion. What do you think? >> Personally worked with Raghu, worked for Raghu, so I think of him as the greatest CEO for VMware ever could have, right? It's a journey. It was Paul Maritz, then Pat Gelsinger, now Raghu. I think he's in the right place, right time to lead VMware, and Raghu's doing a fantastic job. And personally, getting these two companies married, I think Raghu did the right partnership with Broadcom. >> Well, I think if this event's any indication if they're just sitting back and waiting, they're not, and this event was well done, it was pulled off. The branding's amazing. I thought they did a good job with the name change. And then in light of all the Broadcom issues, the execution was great. It was not a bad show here. It was a good show. It wasn't terrible at all. People were excited. I think the ecosystem also felt that Broadcom, like an electronic shock to the system, like something's going to happen. Let's wait and see. I'm going to go to the event to see if it's going to be around and kind of getting a feel first party, in person, what's happening. Again, remember VMware didn't have an event since 2019. This is a community that thrives on physical, face to face camaraderie, community. And so, I think the show was a success. And I think that's a result of Raghu and his team. >> Because we have a booth there for AISERA, my company, we have a booth. We are offering coffee and donuts. You guys should come by and tell people. You'll get a free coffee and a donut, but it's one of the best shows I've seen. Well, I think people after pandemic are back, people are interacting. We have 500 people in one day at our booth. So for a startup company like us, getting that much crowd is unheard of. So it's great. We're very excited. >> The vibe from the partner community, I had a chance to talk with a lot of partners, AWS, NetApp, Rackspace, really seems like the partnerships side of VMware is very, very strong and the partners are excited about what's next for VMware. Did you have a chance to talk with any of the partners? >> Actually, look. I'm actually meeting with Karen. So Karen Egan is my contact at VMware too, and Sumit, (indistinct) a bunch of the customer success organization. We talk to people in their digital experience management team. We are very excited to be partner with both VMware's customer, partner, and all experts, right? I'll need the VMware ecosystem for my company to thrive. So for us, VMware customers are my customers and leveraging VMware APIs into VMware, that's that's important for us. >> Lisa, that's a great question because that brings us to the question of, okay, clearly this show also proves to us from our conversations and exploring the floor, the wave is coming. This next cloud wave is here. We're calling it Supercloud, whatever you want to call it, it's coming and it's real, and people know it. And also the lines of sight into economics around where people can fit in this next level ecosystem is becoming clear. So I think people kind of know what's the right side of the street to be on in this next shift. So that's coming. That's independent of Broadcom. So the floor represents to me the excitement for not only the VMware workload powering software, with or without Broadcom, but the next wave. So the question is if Broadcom goes down their path and Hank does what he does, who wins and who loses on where things flow? Because this energy is going to flow somewhere. Is it going to flow to AWS? Is it going to flow to Microsoft? Is it going to flow to HPE with Green Lake getting some great traction? NetApp's doing great. We just heard from them. So the partners aren't hurting. It's only going to get better. re:Invent's right around the corner. That's a packed house. Their ecosystem's growing like a weed. Who wins? 'Cause the customers at VMware are enterprise customers. They're used to being serviced. They have sales reps from Microsoft, they got sales reps from Hewlett Packard Enterprise, real senior enterprise stakeholders there. So someone's going to end up filling in as VMware settles into their broad composition. Who wins and who loses, in your mind? >> A Very good question. So my thing is, I think it's... Well, I put Microsoft and Amazon the winners. In that way, actually mean Microsoft will win because in a true Supercloud, your vision, back to hybrid cloud on-prem and public cloud, VMware disruption with Broadcom, as if there's any bridge in the market, Microsoft will take advantage of it. Azure, right? Amazon VMware is there. Then, you have Google and VMware. So I think Azure will probably try to take advantage of this, but very next will be Amazon, right away there. That leaves you with Google Cloud, right? Google Cloud is the one. So they're the people that are able to figure out what to do in this equation. And then, obviously, the other one is Oracle. Oracle has no hearts in this game. So to me, the people who are going to probably lose impact model will be Oracle if the Broadcom and VMware will happen. So it's Azure, Amazon winning the race, probably Google is right behind them. Oracle will be distinct. Other side is Dell. Actually, Dell has no game in this. Our Broadcom and VMware, Dell should be the one. >> Dell might have a little secret sauce on the table with Michael Dell. >> That's true. >> If he convert his shares, he might be the largest shareholder at Broadcom. >> That's true. >> He could end up owning all the back. >> So he may be the winner all the time. (all laugh) >> Don't count him out. Well, this is a good question. I want to just double click on this. So you get customer dynamic. Where do they go? You get the community, which is a big force multiplier in this world, and if you had to bet on community between Microsoft and Amazon Web Services, Amazon trumps Microsoft on force multiplier community. Ecosystem, AWS beats Microsoft on that one. So it's interesting because it's now multiple dimensions we're talking about here. It's customers. That's the top order, right? The customers. But also, you got community, the people who put on sessions, the people in the community that are the influencers that are leading the trends, and developers are very trending, relative to what kind of code they use, what's their environments? So the developers is changing that landscape and, ultimately, the ecosystem of partners, right? 'Cause there's a lot more overlap between AWS and VMware's ecosystem than there is between Microsoft and that. And HPE is just starting an ecosystem. So it's going to be very interesting. >> It is. It is. I think Broadcom and VMware cannot be any best time for the industry, right? As you said. HP is coming in. Oracle is coming in. And to your point, VMware and AWS are another best partners. Now, this going to create any gap for Microsoft to enter for Azure? I think that's where the market is saying that it's going to open up a hybrid cloud player for Microsoft to enter what is to be a tight relationship with VMware and Amazon. Right? So people will rethink through their apps. And more importantly, the end point to me. See, the key is, like you talk about with Supercloud, nobody's talking about Supercloud for the endpoint. >> You mean Edge or security? >> Not an Edge endpoint. Endpoint could be your devices, laptop, desktop. >> Or a building or a light bulb or whatever. >> Desktop or VDI desktop services servers, right? So we call it endpoint cloud. There's no endpoint Supercloud. John, that's an area that you should double click on. Super cloud for the servers is different from Supercloud for endpoint. >> Well, SuperCloud.World is the URL out there. If you're interested in Supercloud, we are adding tracks to that body of work. So we had our event on August 9th. It was virtual event, where Dave and I are going to add a data track, we're going to add a security track, and we should add, maybe, an endpoint workspace, work. >> That's a VMware brand, Workspace and Horizon. So that whole workspace endpoint for Supercloud is going to happen. >> Yes. >> Right. That kind of deviates from- >> Do you like Supercloud? Are you bullish on Supercloud? >> I'm very bullish on Supercloud because I, myself, is running on-prem in VPCs, public clouds, private clouds. Supercloud kind of composites it so app should be designed. 'Cause I don't want to design an app for one cloud. It's not going to work. So it's like how Java came and I can run it on any platform. The ideas you build it on Supercloud, run it, whatever you want. Right? >> That's exactly it. So what would you want to see in Supercloud as it evolves? And we were part of this open conversation. This is our point for today. We're going to have a great panel come up later today. We're going to have the influencers come on to debate what Supercloud should or shouldn't be. If you want to add to the contribution, we'll add this into the work, what should what's needed in Supercloud? What's table stakes. >> I think we need a Java compiler that will happen for Supercloud. I build it once, execute in any place I want, right? Using the Terraform, HashiCorp (indistinct) So what I don't want is keep building this thing for every cloud. I want to abstract that out. The whole idea of Supercloud is how Java gave me the abstraction for hardware 20 years back or 30 years back, we need the same abstraction for the cloud today. Otherwise, I'm customizing for VM Cloud, I'm customizing for AWS, Azure, Google Cloud. We, as an application vendor, it's too hard to keep doing it. I have now thousand tuners. I don't need thousand DevOps people. I need maybe 10 DevOps people. So there's a clear abstraction complexity that industry should develop, and your concept Supercloud with everybody thinking that, and it has to start from the grassroots with ecosystem. >> What do you think about the participants in this abstraction layer? Because someone said on "theCUBE" here this week, the people in the abstraction layer shouldn't be participants in the below or above the abstraction. >> I think it should be everybody, right? It's all inclusive. You need the apps guys to come in. You need the OS players to come in. You need the cloud vendors to come in, infrastructure. So you need everybody. >> Okay, let's just say that you were the spokesperson for the Supercloud organization, Supercloud.World. How would you sell AWS on why it's important for them? >> It's because they can build it and sell it in AWS and multiple AWS Gov Cloud, AWS On-prem, VPCs. It's even important for them, their expansion, their market time upfront. If I'm (indistinct), if I'm built on Supercloud, I can increase my time share. Otherwise I'm bringing only to public cloud. >> Okay, so I'll say, I'm Amazon and we have a concept called "One Way Doors." We don't want to go through a one way door. Is Supercloud a one way door for them? What's in it for them? Do they make more? Does it help their ecosystem? And the same question from Microsoft Azure and Google cloud. >> They're make more money. They're making their apps run in multiple places. It's a natural expansion. You are solving your customer problems for Amazon and DGC, right? My job is give people choices. I give choice to Lisa. Lisa can run it on public cloud. John, you can run it on VPC, AWS. >> So you're saying, so you think customers are asking for this right now? >> Everybody's asking. >> But don't really know how to say it? >> Customers are asking. Partners are asking. All of us are asking. >> Okay, what's the ask? >> Ask is give me a one place to build applications and run it anywhere without adding the complexity. >> Okay. Done. That's Supercloud. It'll ship tomorrow. (Lisa laughs) Well done. (John laughs) All right, well done. Final question for you. Lisa and I have been talking with folks here. What advice would you give the folks that are in here? 'Cause we have a lot of activity, people with marketing their solutions and products. They're trying to put a voice out there around thought leadership and trying to figure out what side of the street they should be on relative to the next 10 years as they're here at VMware Explore, as the next gen cloud comes around. What's the right narrative? What's the right positioning for companies to be on right now to be the most relevant and in the flow? >> I don't know about 10 years, but right now we are in difficult economic times, right? Markets are down. Inflation is up. So I think the fastest cost, people should focus on cost. How can it take cost? Automation is the key, right? Whether you use AI or automation , like you and me talking, John, last week, right? That's important. Every CEO I talk to is focused on cost. How do I cut my cost? How can I do with fewer resources? How can I do with fewer people, right? So the new budget right now is cut your budget in half. So every company, every exec should think about how can you be a good citizen? How can I get growth and scale? How can I do more with less? And that should be the next 12 months. >> That was a lot of the theme of conversations that I had with the VMware ecosystem, doing more with less. So that's definitely on everyone's minds. >> Right, and that's what my company is fully focused on. AISERA is all about AI automation. How can we solve your thing? We want to be solving customer problem. We are like your automation engine for your enterprise, right? We are a platform of platform. That's why I like the Supercloud. I can run AISERA as a platform on top of Supercloud. >> Excellent. >> Wow! If only we had more time! I know that you guys could really dig into Supercloud and take it even further. So you have to come back, Muddu. >> I will. >> He always wants to come back. >> I will be back. >> He's on the team. He's has contributed to the open source effort of Supercloud. Thank you. >> Yes. >> All right, thank you so much for joining John and me and kind of breaking down your vision on VMware Broadcom and the future. Next step, we've got to get some customers on here. I really want to understand what the customer experience is going to be like, but we'll have to another segment on that one. >> We will do that. Thank you, Lisa, for having me. >> My pleasure. >> John. >> Thank you very much. Thank you. >> For our guest and John Furrier, I'm Lisa Martin. You're watching "theCUBE" live on day three of our coverage of VMware Explore. We'll be back after a short break. (upbeat corporate music)