>> Live from Washington DC, it's theCUBE. Covering AWS Public Sector Summit 2018. Brought to you by Amazon Web Services and it's ecosystem partners. >> Hey, welcome back everyone. This is theCUBE's exclusive coverage live in Washington DC at Amazon Web Services AWS Public Sector Summit. I mean, it's so jam-packed you can't even move. This is like the re:Invent for Public Sector even though it's a summit for Amazon Web Services. I'm here with Dave Vellante, my co-host. Our next guest is John Wood, Chairman and CEO of Telos, and Rick Tracy, Chief Security Officer and the co-inventor of Xacta, it's hot technology. John, great to see you, welcome to theCUBE. >> Thanks guys. >> Thanks for having us. >> I love to get the brain trust here, John you're, like, probably one of the most experienced cyber security gurus in the DC area still standing. (laughing) As we said last time on theCUBE. >> Always, always. >> Okay. (laughing) And you've got some patents here, with some core technology, so first of all, I want to, before we get into some of the cool features of the products, talk about the dynamic of public sector, because Amazon has these summits, and they're kind of like a recycled re:Invent. Small scale, still packed. Talk about what Public Sector Summit is, because this is a completely different ballgame in this world. >> Sure, it's a perfect age for the cloud, and what this summit does, is it provides a great venue for people to come, learn about what works, get best practices, find use cases and just see what the ecosystem's all about in terms of how to make it work with the cloud. >> Rick, so what's your take? >> Well, if there's any doubt about it, what, is it double the size of last year? I think there were 7,000 people here last year and Teresa said today 14,500. So, yeah, I mean, it suits us perfectly because this is our sweet spot. >> So, Dave and I are always amazed by Amazon in general, the slew of announcements, Teresa Carlson picking the reins up where Andy Jassy does that Amazon re:Invent which is just tons of content, so many new announcements. What's your guys take on the hot news for you guys, because you guys are a major sponsor and you're in the ecosystem, you've been doing a lot of business with Amazon. >> Sure. >> What's going on in the business? What's happening with Telos? Why is it so booming right now for you guys? >> Well, I think people realize that there is a way to use automation where security can help drive cloud adoption. So, Rick and I co-authored an article back in 2011 that talked about why the cloud was more secure and it went over kind of like a lead ballon. And then back in 2014 the agency made the decision, the CIA made the decision, arguably the most security conscious organization in the world, to go to the cloud. And so that was a big, big, big, deal. But what we do is we help drive the security automation and orchestration stuff so you can reduce the time it takes to get what's called your authority to operate. And so I think that's a big deal now. The use of automation is being used to enhance the mission, so that the mission owners can get to their mission using the cloud, much more quickly. >> And we heard from the most powerful sentence in the keynote this morning was, "The cloud on it's weakest day is more secure than Client Service Solutions." This is a practitioner saying that, a leader of an agency saying that, not Amazon or not Telos. >> Absolutely. >> And it's because of that automation, right? I mean, that's really a key factor. >> It's because of the automation. It's also because the cloud providers are making sure that they lock down their physical infrastructure. Guards, gates, guns. All of the physical infrastructure and the virtual infrastructure, they do a really good job of that. If you think about it, the US government, unfortunately, 80% of their spend is around maintaining old systems. Well, the cloud providers are keeping modern. Those old systems have a lot of weaknesses from a standpoint of cyber security flaws. So, with a modern technology like the cloud, there's a lot more you can do around automation to lock down much more quickly. >> And the standardization that you get with a cloud makes it's easier as well, because there's not so many variations of things that you have to figure out how to protect. So, the standardized services that everything's built on really helps. >> Yeah, and people are adopting cloud in kind of different ways, which makes it harder, too. But you get the benefits of scale and speed, certainly. But I got to just pick up on some big news that's happened just last night and today. Microsoft Azure suffered an 11 hour downtime across Europe. 11 hours Azure's down, Microsoft Azure. This is a huge concern. Downtime, security, these are issues, I mean, this is just like, so, what's going on with this? >> Well, the truth of the matter is, if you think about where Amazon is today, Amazon is light years ahead of the rest of the cloud guys. The reason for that is they made the decision early on to take the risk around cloud. As a result of that, they have so many lessons learned that are beyond all of the other cloud providers, that that wouldn't happen to Amazon today, because they'll be able to back up, replication and duplication if they have, and their environments. >> How big do you think that lead is? You know, there's a lot of debate in the industry that other guys are catching up. The other side of the coin is, no, actually the flywheel effect is a lot like Secretariat in the stretch run of the Belmont, you were talking about racing before. What's your sense of that lead, even subjectively. >> I think it's between 5 and 10 years. There was a, it was crickets in this world, in the public sector world for cloud up until, literally, the agency decided to adopt. So the CIA made that decision, that was, sort of, the shot heard around the world as it relates to cloud adoption. Not just for public sector but for commercial as well, 'cause if you look at Amazon's ramp up, right after that decision was made, their ramp up has been amazing. >> That was a watershed event, for sure. >> It was, and it was very well documented, I mean, I read the judges ruling on that when IBM tried to stop them and the judge eviscerated IBM. And of course IBM had no cloud at the time, they had to go out and spend two billion dollars on software. John has lots of opinions on that, but okay, so that leaves-- >> I'm on the right side of history on that call. >> I think you are, it was a pretty good call. What about, what should be practitioners be thinking about? You talked about the standardization. Where should they be focused? Is it on response, is it on analytics, is it on training? What should it be? >> Well, from our perspective it is, a lot of the focus is on analytics, right? So, a lot of data that we've helped our customers collect over time for this ATO process that John previously mentioned, our goal with IO, Xacta IO, is to help organizations leverage that data to do more through analytics, so there's this dashboard with ad hoc reporting and analytic capability that's going to allow them to blend asset data with risk-to-threat data, with other sorts of data that they're collecting for ATO, specifically for the ATO process, that they can use now for more robust cyber risk management. So, for me, analytics is huge moving forward. >> And that's a prioritization tool so they can focus on the things that matter, or maybe double-click on that? >> It could be, it could be a prioritization tool, but it could also be a tool that you use to anticipate what might happen, right? So, some analytics will help you determine this asset is vulnerable for these variety of reasons, therefore it has to go to the top of the sack for remediation. But also, using that data over time might help you understand that this plus this plus this is an indication that this bad thing is going to happen. And so, analytics, I think, falls into both categories. Probably it's more the forecasting and predictive is something that's going to come later but as you unmask more data and understand how to apply rules to that data, it will naturally come. So, Rick and I have worked together for many, many years and, over a quarter of a century, so the way I would say it is like this. Xacta 360 helps you to accelerate your authority to operate, but that's a point in time. The holy grail for us as security practitioners is all around continuous monitoring of your underlying risk. So, the data analytics that he's talking about, is where we come about and looking at Xacta IO. So, Xacta IO helps fulfill that mission of continuous compliance, which means that the ATO is no longer just relevant at that moment in time because we can do continuous monitoring now at scale, in hybrid environments, in the cloud, on prem. 'Cause our clients are huge, so they're going to be a combination of environments that they're sitting in, and they need to understand their underlying risk posture. They need to have, they're going to have all kinds of scanners, so we don't really care, we can ingest any kind of scanner that you have with Exact IO. As a result of that, the security professional can spend their time on the analysis and not the pedestrian stuff that's just kind of wasting time, like documentation and all that stuff. >> Yeah, for us, data's a means to an end, right? It's either to get an ATO or to help you understand where you need to be focusing your resources to remediate issues. So, for us, leveraging the data that's produced by many companies that are at this show. Their data is a means to help us get our job done. >> Were you able to have, one follow up, if I may, were you able to have an impact, to me, even, again, subjectively, on that number, whatever that number is, that we get infiltrated, the customer gets infiltrated, it's 300 days before they even realize it. Are you seeing an impact on that as a result of analytics, or is it too early days? >> I would say it's still early. But it's reasonable to expect that there will be benefits in terms of faster detection. And maybe it's not even detection at some point, hopefully, it's anticipating so that you're not detecting something bad already happened, it's avoiding it before it happens. >> Yeah, and let me say it this way, too. You know, if you listen to John Edwards, the CIO from the CIA, he talks about how the reason he loves the cloud is because it used to take the agency about a year to provision a server, now it's a few minutes, right? Well that's great, but if you can't get your authority to operate, 'cause that can take another 18 months, you're not going to get the benefit of the cloud, right? So what we do, is we help accelerate how fast you can get to that ATO so that guys like the agency and anybody else that wants to use the cloud can use it much more quickly, right? >> Yeah, and the continuous integration and all that monitoring is great for security but I've got to ask you a question. Analytics are super important, we all know data analysis now is in the center of the value proposition across the board, horizontally. Not just data warehousing, analytics that are used as instrumentation and variables into critical things like security. So, with that being said, if you believe that, the question is, how does that shape the architecture, if I'm in an agency or I'm a customer, I want to build a cloud architecture that's going to scale and do all those things, be up, not go down, and have security. How does the architecture change with the cloud formula for the decision maker? Because right now they're like, "Oh, should I do multi-cloud, should I just Amazon" So, the data is a critical architectural decision point. How do you guys see that shaping, what's your advice to practitioners around designing the cloud architecture for data in mind. Just use Amazon? (laughs) >> Well, yes. (laughs) Just use Amazon. I mean, all the tools that you need exist here, right, and so-- >> If all the tools you need in the cloud exist here. >> Alright, so rephrase another way. >> But John, the issue is you're not going to have all your stuff in the cloud if you're the air force or if you're the army, because you have 75 years of data that you got to push in. So over the next 10 years there's going to be this "hybrid" environment where you'll have some stuff in the cloud, some stuff in a hybrid world, some stuff on prem, right? >> How I secured that, so that's a great point. So, data's everywhere, so that means you're going to need to collect it and then measure certain things. What's the best way to secure it and then is that where Xacta fits in? I'm trying to put that together if I'm going to design my architecture and then go to procurement, whether it's on premise or multi-cloud. >> Well, there are lots of security products that people use to secure, whether you're on prem or whether you're in the cloud and our platform leverages that information to determine whether things are secure enough. So there's a distinction between cyber risk management and actually securing a database, right? So, there's so many granular point products that exist for different points along the security chain, lifecycle chain, if you will, that our objective is to ingest as much of that information and purpose it in a way that allows someone to understand whether they're actually secure or not. And so it's understanding your security posture, transforming that security information to risk so that you can prioritize, as you were talking about before. >> You're taking a platform mentality as opposed to a point product. >> We're taking an enterprise view of risk. So, the enterprise is, remember, it's on prem, and hybrid and cloud. If all your stuff is in the cloud, Amazon has the answer for you. None of our customers are in that situation. If you're a start up, Amazon's the way to go, period. But all of our customers have legacy. As a result of that it's an enterprise view of risk. That's why companies like Telos partner so well with Amazon because they're all about being close to the customer, they're all about using automation. We are as well. >> Alright, talk about the news you guys have, Xacta IO, you're the co-inventor of it, Jack. Talk about this product. What's the keys, what does it do, where's it applied to, you mentioned a little bit of getting past the authority time point there. What's the product about? The product is about ingesting massive amounts of information to facilitate the ATO process, one, but managing cyber risk more generically because not everybody has an ATO requirement. So, you asked a few seconds ago about, so you're taking a platform approach. Yes, we're blending three separate products that we currently have, taking that functionality and putting it on a very, very, robust platform that can exist on prem, it can exist in the cloud. To enable organizations to manage their cyber risk and if they choose, or they have a requirement, to deal with things like FedRAMP and risk management framework and cyber security framework and iso certification and things of that nature. The point is, not everyone has an ATO requirement but everyone has a need to manage their risk posture. So we're using our ability to ingest lots and lots of data from lots and lots of different sources. We're organizing that data in ways that allow an organization to understand compliance and/or risk and/or security, and visualize all that through some dashboard with ad hoc reporting that let's them blend that data across each other to get better insights about risk posture. >> And to visualize it in a way that makes sense to the user. >> Yes, so, if you're the CEO, you're going to want to see it a certain way. If you're the IT manager, you're going to want to see it a certain way. If you're a risk assessor, you're going to want to see it a different way. So that's kind of what we're talking about. >> I got to ask you one question, I know we got to go, but, a hardcore security practitioner once said to me that hardcore security practitioners, like you guys, when they were kids they used to dream about saving the world. So, I want to know, who's your favorite superhero? >> Superman. >> Superman? >> Spiderman. >> Alright, awesome. (laughing) >> That was a basic question for you guys. >> Thank you very much >> Yeah, that's the hardest question, see they're fast, they know. Star Trek or Star Wars? (laughing) >> Depends on the generation. >> We won't go there. theCUBE have 15 more minutes today. Okay, final question, what's this going to do for your business now you have new, opened up new windows with the new product integration. How's that going to change Telos, what does it do for you guys from a capabilities standpoint? >> Well, the big thing I'd suggest your listeners and your watchers to consider is, there's a new case study that just came out, it's published jointly by the CIA, Amazon and Telos, talking about why working together is really, really, really groundbreaking in terms of this movement to the cloud. 'Cause your public sector listeners and viewers are going to want to know about that because this ATO thing is really a problem. So this addresses a massive issue inside of the public sector. >> And final question, while you're here, just to get your thoughts, obviously there's a big change of the guard, if you will, from old guard to new guard, that's an Amazon term Andy Jassy uses. Also, we all saw the DOD deal, JEDI's right there on the table, a lot of people jockeying, kind of old school policy, lobbying, sales is changing. How is the landscape, from a vendor-supplies to the agencies changed and/or changing with this notion of how things were done in the past and the new school? So, three points, legislatively there's top cover, they understand the need to modernize, which is great. The executive branch understands the need to modernize through the IT modernization act as well as the cyber security executive order. And then lastly, there are use cases now that can show the way forward. Here's the problem. The IT infrastructure out there, the IT guys out there that do business in the government, many of them are not paid to be efficient, they're paid cost plus, they're paid time and material, that's no way to modernize. So, fundamentally, I think our customers understand that and they're going to revolutionize the move forward. >> And the rules are changing big time. Sole source, multi-source, I mean, Amazon's on record, I've got Teresa on record saying, "Look, if we don't want a sole source requirement, let everyone bid fairly." Let's see who wins. Who can bring a secret cloud to the table? No one else has that. >> In terms of past performance and customer use cases they're pretty much in the head, for sure. >> Great, Amazon kicking butt here, Telos, congratulations for a great event, thanks for coming on. >> Thanks a lot guys. >> I appreciate it. >> Alright, CUBE coverage here in DC, this is theCUBE, I'm John Furrier with Dave Vellante. Stay with us, we have more great interviews stacked up all day and all day tomorrow. Actually you have half day tomorrow until two 'o clock Eastern. Stay with us for more, we'll be right back. (upbeat music)

(dramatic music) >> Narrator: Live from Washington D.C., it's cube conversations with John Furrier. >> Hello everyone, welcome to this special cube conversation, I'm John Furrier, the host of The Cube, co-founder of SiliconANGLE media Inc. We are here in the Washington D.C. Beltway area. We're actually at Amazon web services' public sector headquarters in Arlington, Virginia. My next guest is John Wood, he's the CEO and chairman of the board at Telos, a big provider of some of the big contracts, certainly with Amazon CIA, among others, welcome. >> Thank you very much. >> Thanks for joining me. >> I'm glad to be here. >> So, you guys have been pretty instrumental and we were talking to Teresa Carlson earlier, with an exclusive interview with her, and we talked about the shot heard around the Cloud. That was the CIA, Amazon win, four years ago. >> Yes. >> Kind of infiltrated the government area. It's almost a gestation period and now you got DOD action, a ton of other opportunities, but it really is an architectural mindset changeover from the old way. >> Yes You're involved in this, with Telos. What's your take, how are you guys involved, what's going on? >> Yeah, so it was groundbreaking, when the CIA made the determination that they were going to move to the Cloud, for sure. It kind of made everybody stand up and take notice, if the most security conscience organization in the world was considering it, why aren't I? And here we are, four years later, so where is the CIA now? Well now, the CIA is able to provision a server in a couple minutes, whereas the past, it used to take them almost a year. Now, with the use of automation tools like we have with Telos and the Xacta suite, the CIA is able to get their authority to operate in less than a week, when it used to take 18 months. So, I basically think what's happening is, the Cloud is providing an access point to IT modernization and the agency is showing that there is a blueprint that the rest of the government can also follow if they want to. >> One of the things we're involved in a lot of Blockchain covers, as well as kind of kicking the tires on Blockchain. You're in the middle of a Cloud gain with identity. Identity is the secret to having good scalable systems, because when you have good identity, good things happen. In Blockchain, some people say a theory about those. In IT, it's what identity you're going to use. How does the authority to operate challenge, you mentioned, become so important, because you're talking about massive amounts of time, I mean time savings. >> Wood: Yeah, so-- >> Just tease out the nuances of why it's so important to have that identity solution. >> So, in the past, there was no common language within which our cyber security professionals could engage with each other. Now, with the signing of the President's executive order on cyber security, the White House really is mandating the adoption if the NIST framework. What's relevant there is that on the one hand it provides you with a common language, but on the other hand, it's 11 hundred controls. So, as a result, automation is going to be key, to making sure that people can work with each other and making sure that, actually, the adoption actually takes off. >> They're safe, they know the trusted party. Is trust a big part of this and how does that--? >> I think what's happening, because the intelligence community has been working so closely together, and when I say the intelligence community, it's not just the traditional CIA, NSA, NRO, et cetera, it's also the military component of the intelligence community. So, you've got almost 38 assessors that are assessing C2S and SC2S. You know, the secret, if you will, Cloud, and the top secret Cloud, and those assessors all have been working in the same community under this framework and I think that has given them the confidence that the data is protected and as a result, they're heading much closer to reciprocity than ever before. >> There's been observations certainly on the Cube, we've said this many times with the past few years in tracking IT over the years, IT transformation, digital transformation, whatever you want to call it, buzz word. The reality is you had some progressives that would move faster and kick the tires, certainly financial services, in some areas you see that. Really, no problem. Then you had the folks who have just been consolidated down, didn't have a lot of budget and were lagging, waiting to adopt. Now there's no excuses, with cyber security, top of mind, with hacking, malware, ransomware, cyber warfare from nation states, sponsored states, an open source it's out of control. >> It is. >> So the security equations is forcing IT to move. The action has to be taken. What are you guys seeing in this area, because this is a big story and it's really putting a fire under everyone to move. >> And it's long over due. I co-wrote and article with our chief security officer in 2011, talking about why the Cloud was the way to go for federal, state, local, and education customers and at the end of the day, I think what's happening from a top cover perspective, the legislative community understands that. Obviously the Executive branch understands that, and now with editions like C2S the rest of the environment, the rest of the government can see what's possible. So, I believe the leadership within the government is ready for this change. They're seeing the benefit as it relates to C2S and SC2S and ultimately, the key is, the guys who run the contracts themselves, you got to make sure that those guys want that, to embrace that change too. >> Furrier: Yeah, so you have the-- >> And right now, 80, if you look across the government, 80% IT span is going back into maintenance. If you look at all my commercial customers, it's somewhere between 20 and 25%. What does that mean? It basically means that the government has a lot of legacy systems, which means that there's a lot of threats, and, which means there's a real cyber security problem. I believe fundamentally that by moving work loads to the Cloud, you'll be eliminating a lot of those cyber security problems. >> Yeah, it just means security is going to be the driver. The other thing I wanted to bring up, especially here in D.C., in public sector, is transparency. Now everyone can see everything. We're in a data-driven world, you can't hide either. The light is on, it's right there on the table. No more hiding. How has transparency been impacted in the procurement process, in the sales motions, the overall engagements with gov and public sector customers? >> I think, truth be told, there have been a lot of ideas that were sort of short-term and not really thoughtful, but the good news, as I said, is that the policy makers are really thinking and considering, trying to figure out how to make changes. Take for example, LPTA, low price technically acceptable. When I went to the congress and talked to both the House and the Senate side, and talked about how if I have one customer whose gotten hacked and the other customer has the same hack, but one happens to be a government customer and one's a commercial customer, the resources that we have are really trained, highly skilled, highly sought-after resources. Well, my commercial customers are willing to pay three to four hundred percent more than my government customers are. So when you have scarce resources, where are you going to apply them? You're going to apply them where the people are who are going to pay you. So my point to the Congress was simply to say, hey man, you get what you pay for. So ultimately, the good news is that, both on the House and the Senate side, that they elimanted LTPA, as it relates to cyber security, goods and services. So I believe, again, that there's a lot of, not just transparency happening, but there's a lot of people realizing that there are things that we can do. Procurement is kind of the last frontier for me. I have seen recently, I saw one of our government customers, where we were subcontracted, they went with something called an OTA, which stands for an other transaction agreement. Big problem in the government these days is everybody protest everything and there's really no downside to the protesting. With an OTA it's not protest-able. So I am seeing our government customers beginning to think about other means of actually doing things like procurement, and so that you can actually acquire. >> Are they going to have instant replay? (laughter) It sounds like the NFL, that call's not reversible. I mean, this is kind of, we're getting into all these rules and regulations where you've got protest, it seems that policy injection is not healthy at some level, because that point about what cost more on the commercial side, because of demand there, they understand the consequences and resource availability. To the government you just eliminated a policy that wasn't really helping. >> Right. >> So policy is a real consideration in here. >> I think so. Again though, it's a different environment than it was five or six years ago and I do think that there are some real positive things that are happening. I agree with you that there's a ground-swell of support behind the Cloud and certainly, players like us see the benefit associated with that shared security model. >> One of the things we've been observing and tracking on Sillaconangle and the Cube is this notion of public-private collaberation. Sharing data is a huge deal. Certainly, in Cyber people realize that data is valuable. Certainly, at Scale, you see patterns you might not see, customers on workloads, here and there, need to be identified. You're not sharing the data you don't know. So data sharing is a big deal, but also, collaborations between the private and public sector. Can you comment on what's going on there, because we're seeing some movement where, you're seeing some security agencies saying, "We'll share some stuff." >> Yeah. >> Furrier: You share some stuff with me, so you're seeing a little bit of the community developing heavily around data-sharing, what's you're take on that? >> So, I think we have a ways to go to make it work right, because if it was working right, you wouldn't see the very published, publicized hacks that have gone on. One of the things that the Congress can do is to provide incentives for the private sector to share more information, more quickly. When the Yahoo hacks occurred, it wasn't discovered until two or three years later. As a result, like I said, there's really no incentive and there's a perceived amount of liability. One of the things I'm asking some of our Congress people to consider is if you do share information, maybe, there's a limitation on liability and that provides, if you will, a mechanism and that provides an incentive for the private organization to work with the public organizations. >> So not to bury it, like Yahoo tried to bury that thing. >> Exactly. There's no sense in burying it. There should be no reason to bury. >> Okay, take a minute to talk about Telos, what you guys are doing, the chief executive. What's going on with the company, talk about the successes, where you guys are winning, your challenges and opportunities. >> Sure, we're in the business of, we do cyber security, we do identity and we do secure mobility. In the area of cyber security, I'm very proud about the fact that we're the database of record for intelligence community, many department of defense agencies use us, homeland security, a whole, department of safe-- There's a whole bunch of organizations that tend to work with us. I think that the issue for me has always been around investing in things that make our customers more efficient. So whether it's cyber security, it's one thing to provide the authority to operate, but I like to provide that authority to operate on a continuous basis. When we talk about identity, it's one thing to say that I am who I say I am, but it's another thing to let you know that I'm actually somebody that's trust worthy. So, we have a special relationship with the FBI that allows us to do real-time data look-ups on their people. We're the integrator of record for the common access card, the military ID card, we have been for a long time. From that, we built a business relationship with the TSA and now we have about 70 airports around America that use our service to do identity as a service for all their employees. >> Can you get me to cut the line at Pre? (laughter) >> You know, if you want to cut the line at TSA pre-- >> Quality of service opportunity and people will pay more for that. >> Absolutely. And plus, I think TSA pre-check wants to have a lot more people in that ecosystem too. No different than when the Easy Pass came into play years and years ago. I remember just zooming through the Easy Pass and wondering why people would want to stand in line, why would you, right? And then if you think about it, we're also involved with secure mobility, so we have a capability called Telos ghost that allows you to basically hide on a network. You're familiar with the notion of signal hopping? In World War two that's how we avoided detection by the enemy, so this is what we invented here with something around IP hopping. So as a result of that, whether you're a server-facing thing or a client-facing thing or a mobile device, you can't be seen on the network and if you can't be seen on the network, you can't be hacked. >> Well, that's awesome stuff. Your relationship with Amazon Web Services, talk about that, some of the things you're involved in. >> Yeah. >> The deals, the momentum. What's the relationship look like between you guys? >> So we have an enormous relationship with Amazon, most important part that we have, it started with the agency and I was in a meeting with Teresa Carlson, one of the senior people in the agency, and we wondered whether or not we could do for, we Telos, can do for the Cloud that which we've been doing for the enterprise for the better part of 15 to 17 years now, which is basically providing that authority to operate in an automated way. So we invested together and we were able to prove that we could absolutely do that. Now, what we're doing is we're basically copying and pasting that model to our customers across the government. >> And you guys put a stake in the ground, 2011. You were early. I mean 2008 was the beginning of the DevOps movement, you were in the heart of it in 2011. >> Wood: Yep. What's the biggest thing you've learned or observed or experienced over those years, since 2011? >> The biggest thing? >> Or just the most important. >> Wood: That is an enormous question. >> It could be the most important, the most relevant, most surprising-- >> Well the most important thing was I got married in 2012. (laughter) I have a four year old and two year old and a 14-year old, those are the most important. >> Was it really you who got married, was it your identity? >> Wood: It was really me and it was my identity. I will say, I think that the government is embracing efficiency. The government is embracing change. I think it started around 2014 or 15, and now it's really moving out. I think there's a lot of top cover, both from a policy side and an executive side and I'm seeing a lot of leadership from within the government itself of people who want to make the change happen. >> And there's also the competitive fairness question we're hearing, just here in town, yesterday, rumblings of one-source Cloud, multi-Cloud. Amazon is technically a one-source Cloud, but they've got an ecosystem. Should they have multi-Cloud in their requirements? All these things almost feel like that protest model is going on, like there's a little fud going everywhere from the other vendors. Do we expect to see more of that in your mind or less of it? (laughter) >> I think at the end of the day-- >> The chips are taken off the table. >> The people who don't want change are the ones, who are, if you will, very invested in the legacy. If those people are paid, time, material or cost blessed, they're not paid to be efficient. So there's going to be push back. On the other hand we've seen by the gigantic growth of the adoption of the Cloud and by the Cloud infrastructure and the Cloud ecosystem itself, there are enomorous opportunities for organizations out there. So I think people should embrace the change, I really do. I think, fundamentally, it's going to be a really big positive to this industry and into this region. >> I always say to Dave Vellante and my co-hosts, it's like no brainer, you look at the main frame, that was the generation when I was growing in the industry. I was the young gun, like main frame co-ball, who the hell wants that? Mini computer, eh, I want the client server. It's pretty obvious when you're in it. So I got to ask you with that in mind, Cloud is pretty obvious. Folks will understand DevOps and automation and those efficiences. You mentioned authority to operate as an example. Some of these numbers are pretty significant. So let's go down the problems that are important, what are the consequences, how do you quantify it, right? So the problem that people are trying to solve is how do I get resources, computing, software, whatever. Pretty important, because now you've got security, you've got all kinds of stuff. What are some of the consequences and you mentioned some benchmarks that you've quantified. You mentioned provisioning a server in a year. Is that really true? >> Wood: That's true! >> So give me some data on some of consequences, kind of the old way and new way. >> Well the old way if you're using the traditional procurement, it's like I said, one of the big issues is whether it was the culture or it's procurement roles or just the process to get an approval, it would take a year to get a server provisioned. Now, it's literally, you push a button and one to two minutes later you have a server, a new server. So you get ultimate scale, you get ultimate throughput, you pay as you go, you pay what you use. What's not to like? So that's all good. From the standpoint of security, because it's the NIST framework we can automate about 90% of that. That's 11 hundred controls, right? So we automate about 90% of those 11 hundred controls. Now, you get a whole bunch of auto inheritance, a whole bunch of things that can be automated are, and as a result, when NIST goes from one version of NIST to another version, all that happens automatically, and more importantly, as a cyber security professional, and I've only been at it since 1994. (laughter) I've been in it for relatively a long time as a CEO. As a cyber security professional, what I see is, as long as I can show a continuous monitoring of your current status, that's very relevant to the operational security professional. That's really good. So for us, we know that our customers are going to be a combination of Cloud, hybrid, and on-prem. These large organizations are going to take years and years and years to move to the Cloud, but they got to start, because now is the time. >> So automation and having that nice stack where it automatically updates and auto-provisioning, auto scaling, but the operational provisioning piece is really where the rubber meets the road, right? Is that what you're getting at? >> Well it's that. It's also you're consolidating your data centers. You don't need lots of them anymore. You can just focus on one, that's another big area. Another big area is, you can lift and shift your legacy IT infrastructure into the Cloud and then put the big investment into the new application as it's siting in there in the Cloud. >> Awesome, John, thanks for joining us here in the cube conversation. Here at Amazon Web Services Headquarters, breaking down the trends in GovCloud public sector as Cloud computing really levels the playing field, opens up new doors, new solutions, faster time to operate, in vi of other things, here in Washington, D.C., in Arlington, Virginia, I'm John Furrier. Thanks for watching. (dramatic music)