(upbeat music) >> Welcome back to Boston, Massachusetts. We're here at the Seaport. You're watching theCUBE's coverage of Red Hat Summit 2022. My name is Dave Vellante and Paul Gillin is here. He's my cohost for the next day. We are going to dig in to the famous RHEL, Red Hat Enterprise Linux. Gunnar Hellekson is here, he's the Vice President and General Manager of Red Hat Enterprise Linux. Gunnar, welcome to theCUBE. Good to see you. >> Thanks for having me. Nice to be here, Dave, Paul. >> RHEL 9 is, wow, nine, Holy cow. It's been a lot of iterations. >> It's the highest version of RHEL we've ever shipped. >> And now we're talking edge. >> Yeah, that's right. >> And so, what's inside, tell us. to keep happy with a new RHEL release. to keep happy with a new RHEL release. The first is the hardware partners, right, because they rely on RHEL to light up all their delicious hardware that they're making, then you got application developers and the ISVs who rely on RHEL to be that kind of stable platform for innovation, and then you've got the operators, the people who are actually using the operating system itself and trying to keep it running every day. So we've got on the, I'll start with the hardware side, So we've got on the, I'll start with the hardware side, which is something, as you know, RHEL success, and I think you talked about this with Matt, just in a few sessions earlier that the success of RHEL is really, hinges on our partnerships with the hardware partners and in this case, we've got, let's see, in RHEL 9 we've got all the usual hardware suspects and we've added, just recently in January, we added support for ARM servers, as general ARM server class hardware. And so that's something customers have been asking for, delighted to be shipping that in RHEL 9. So now ARM is kind of a first-class citizen, right? Alongside x86, PowerZ and all the other usual suspects. And then of course, working with our favorite public cloud providers. So making sure that RHEL 9 is available at AWS and Azure and GCP and all our other cloud friends, right? >> Yeah, you mentioned ARM, we're seeing ARM in the enterprise. We're obviously seeing ARM at the edge. You guys have been working with ARM for a long time. You're working with Intel, you're working with NVIDIA, you've got some announcements this week. Gunnar, how do you keep Linux from becoming Franken OS with all these capabilities? >> This is a great question. First is, the most important thing is to be working closely with, I mean, the whole point of Linux and the reason why Linux works is because you have all these people working together to make the same thing, right? And so fighting that is a bad idea. Working together with everyone, leaning into that collaboration, that's an important part of making it work over time. The other one is having, just like in any good relationship, having healthy boundaries. And so making sure that we're clear about the things that we need to keep stable and the places where we're allowed to innovate and striking the right balance between those two things, that allows us to continue to ship one coherent operating system while still keeping literally thousands of platforms happy. >> So you're not trying to suck in all the full function, you're trying to accommodate that function that the ecosystem is going to develop? >> Yeah, that's right. So the idea is that what we strive for is consistency across all of the infrastructures and then allowing for kind of optimizations and we still let ourselves take advantage of whatever indigenous feature might appear on, such an ARM chip or thus in a such cloud platform. But really, we're trying to deliver a uniform platform experience to the application developers, right? Because they can't be having, like there can't be kind of one version of RHEL over here and another version of RHEL over here, the ecosystem wouldn't work. The whole point of Linux and the whole point of Red Hat Enterprise Linux is to be the same so that everything else can be different. >> And what incentives do you use to keep customers current? >> To keep customers current? Well so the best thing to do I found is to meet customers where they are. So a lot of people think we release RHEL 9 at the same time we have Red Hat Enterprise Linux 8, we have Red Hat Enterprise Linux 7, all these are running at the same time, and then we also have multiple minor release streams inside those. So at any given time, we're running, let's say, a dozen different versions of RHEL are being maintained and kept up-to-date, and we do this precisely to make sure that we're not force marching people into the new version and they have a Red Hat Enterprise Linux subscription, they should just be able to sit there and enjoy the minor version that they like. And we try and keep that going for as long as possible. >> Even if it's 10 years out of date? >> So, 10 years, interesting you chose that number because that's the end of life. >> That's the end of the life cycle. >> Right. And so 10 years is about, that's the natural life of a given major release, but again inside that you have several 10-year life cycles kind of cascading on each other, right? So nine is the start of the next 10-year cycle while we're still living inside the 10-year cycle of seven and eight. So lots of options for customers. >> How are you thinking about the edge? how do you define, let's not go to the definition, but at high level. (Gunnar laughing) Like I've been in a conference last week. It was Dell Tech World, I'll just say it. They were sort of the edge to them was the retail store. >> Yeah. >> Lowe's, okay, cool, I guess that's edgy, I guess, But I think space is the edge. (Gunnar chuckling) >> Right, right, right. >> Or a vehicle. How do you think about the edge? All the above or but the exciting stuff to me is that far edge, but I wonder if you can comment. >> Yeah, so there's all kinds of taxonomies out there for the edge. For me, I'm a simple country product manager at heart and so, I try to keep it simple, right? And the way I think about the edge is, here's a use case in which somebody needs a small operating system that deploys on probably a small piece of hardware, usually varying sizes, but it could be pretty small. That thing needs to be updated without any human touching it, right? And it needs to be reliably maintained without any human touching it. Usually in the edge cases, actually touching the hardware is a very expensive proposition. So we're trying to be as hands off as possible. >> No truck rolls. >> No truck rolls ever, right, exactly. (Dave chuckling) And then, now that I've got that stable base, I'm going to go take an application. I'll probably put it in a container for simplicity's sake and same thing, I want to be able to deploy that application. If something goes wrong, I need to build a roll back to a known good state and then I need to set of management tools that allow me to touch things, make sure that everything is healthy, make sure that the updates roll out correctly, maybe do some AB testing, things like that. So I think about that as, that's the, when we talk about the edge case for RHEL, that's the horizontal use case and then we can do specializations inside particular verticals or particular industries, but at bottom that's the use case we're talking about when we talk about the edge. >> And an assumption of connectivity at some point? >> Yeah. >> Right, you didn't have to always be on. >> Intermittent, latent, eventual connectivity. >> Eventual connectivity. (chuckles) That's right in some tech terms. >> Red Hat was originally a one trick pony. I mean, RHEL was it and now you've got all of these other extensions and different markets that you expanded into. What's your role in coordinating what all those different functions are doing? >> Yes, you look at all the innovations we've made, whether it's in storage, whether it's in OpenShift and elsewhere, RHEL remains the beating heart, right? It's the place where everything starts. And so a lot of what my team does is, yes, we're trying to make all the partners happy, we're also trying to make our internal partners happy, right? So the OpenShift folks need stuff out of RHEL, just like any other software vendor. And so I really think about RHEL is yes, we're a platform, yes, we're a product in our own right, but we're also a service organization for all the other parts of the portfolio. And the reason for that is we need to make sure all this stuff works together, right? Part of the whole reasoning behind the Red Hat Portfolio at large is that each of these pieces build on each other and compliment each other, right? I think that's an important part of the Red Hat mission, the RHEL mission. >> There's an article in the journal yesterday about how the tech industry was sort of pounding the drum on H-1B visas, there's a limit. I think it's been the same limit since 2005, 65,000 a year. We are facing, customers are facing, you guys, I'm sure as well, we are, real skills shortage, there's a lack of talent. How are you seeing companies deal with that? What are you advising them? What are you guys doing yourselves? >> Yeah, it's interesting, especially as everybody went through some flavor of digital transformation during the pandemic and now everybody's going through some, and kind of connected to that, everybody's making a move to the public cloud. They're making operating system choices when they're making those platform choices, right? And I think what's interesting is that, what they're coming to is, "Well, I have a Linux skills shortage and for a thousand reasons the market has not provided enough Linux admins." I mean, these are very lucrative positions, right? With command a lot of money, you would expect their supply would eventually catch up, but for whatever reason, it's not catching up. So I can't solve this by throwing bodies at it so I need to figure out a more efficient way of running my Linux operation. People are making a couple choices. The first is they're ensuring that they have consistency in their operating system choices, whether it's on premise or in the cloud, or even out on the edge, if I have to juggle three, four different operating systems, as I'm going through these three or four different infrastructures, that doesn't make any sense, 'cause the one thing is most precious to me is my Linux talent, right? And so I need to make sure that they're consistent, optimized and efficient. The other thing they're doing is tooling and automation and especially through tools like Ansible, right? Being able to take advantage of as much automation as possible and much consistency as possible so that they can make the most of the Linux talent that they do have. And so with Red Hat Enterprise Linux 9, in particular, you see us make a big investment in things like more automation tools for things like SAP and SQL server deployments, you'll see us make investments in things like basic stuff like the web console, right? We should now be able to go and point and click and go basic Linux administration tasks that lowers the barrier to entry and makes it easier to find people to actually administer the systems that you have. >> As you move out onto these new platforms, particularly on the edge, many of them will be much smaller, limited function. How do you make the decisions about what features you're going to keep or what you're going to keep in RHEL when you're running on a thermostat? >> Okay, so let me be clear, I don't want RHEL to run on a thermostat. (everybody laughing) >> I gave you advantage over it. >> I can't handle the margins on something like that, but at the end. >> You're running on, you're running on the GM. >> Yeah, no that's, right? And so the, so the choice at the, the most important thing we can do is give customers the tools that they need to make the choice that's appropriate for their deployment. I have learned over several years in this business that if I start choosing what content a customer decide wants on their operating system I will always guess it wrong, right? So my job is to make sure that I have a library of reliable, secure software options for them, that they can use as ingredients into their solution. And I give them tools that allow them to kind of curate the operating system that they need. So that's the tool like Image Builder, which we just announced, the image builder service lets a customer go in and point and click and kind of compose the edge operating system they need, hit a button and now they have an atomic image that they can go deploy out on the edge reliably, right? >> Gunnar can you clarify the cadence of releases? >> Oh yeah. >> You guys, the change that you made there. >> Yeah. >> Why that change occurred and what what's the standard today? >> Yeah, so back when we released RHEl 8, so we were just talking about hardware and you know, it's ARM and X86, all these different kinds of hardware, the hardware market is internally. I tell everybody the hardware market just got real weird, right? It's just got, the schedules are crazy. We got so many more entrance. Everything is kind of out of sync from where it used to be, it used to be there was a metronome, right? You mentioned Moore's law earlier. It was like a 18 month metronome. Everybody could kind of set their watch to. >> Right. >> So that's gone, and so now we have so much hardware that we need to reconcile. The only way for us to provide the kind of stability and consistency that customers were looking for was to set a set our own clock. So we said three years for every major release, six months for every minor release and that we will ship a new minor release every six months and a new major release every three years, whether we need it or not. And that has value all by itself. It means that customers can now plan ahead of time and know, okay, in 36 months, the next major release is going to come on. And now that's something I can plan my workload around, that something I can plan a data center migration around, things like that. So the consistency of this and it was a terrifying promise to make three years ago. I am now delighted to announce that we actually made good on it three years later, right? And plan two again, three years from now. >> Is it follow up, is it primarily the processor, optionality and diversity, or as I was talking to an architect, system architect the other day in his premise was that we're moving from a processor centric world to a connect centric world, not just the processor, but the memories, the IO, the controllers, the nics and it's just keeping that system in balance. Does that affect you or is it primarily the processor? >> Oh, it absolutely affects us, yeah. >> How so? >> Yeah, so the operating system is the thing that everyone relies on to hide all that stuff from everybody else, right? And so if we cannot offer that abstraction from all of these hardware choices that people need to make, then we're not doing our job. And so that means we have to encompass all the hardware configurations and all the hardware use cases that we can in order to make an application successful. So if people want to go disaggregate all of their components, we have to let 'em do that. If they want to have a kind of more traditional kind of boxed up OEM experience, they should be able to do that too. So yeah, this is what I mean is because it is RHEL responsibility and our duty to make sure that people are insulated from all this chaos underneath, that is a good chunk of the job, yeah. >> The hardware and the OS used to be inseparable right before (indistinct) Hence the importance of hardware. >> Yeah, that's right. >> I'm curious how your job changes, so you just, every 36 months you roll on a new release, which you did today, you announced a new release. You go back into the workplace two days, how is life different? >> Not at all, so the only constant is change, right? And to be honest, a major release, that's a big event for our release teams. That's a big event for our engineering teams. It's a big event for our product management teams, but all these folks have moved on and like we're now we're already planning. RHEL 9.1 and 9.2 and 8.7 and the rest of the releases. And so it's kind of like brief celebration and then right back to work. >> Okay, don't change so much. >> What can we look forward to? What's the future look like of RHEL, RHEL 10? >> Oh yeah, more bigger, stronger, faster, more optimized for those and such and you get, >> Longer lower, wider. >> Yeah, that's right, yeah, that's right, yeah. >> I am curious about CentOS Stream because there was some controversy around the end of life for CentOS and the move to CentOS Stream. >> Yeah. >> A lot of people including me are not really clear on what stream is and how it differs from CentOS, can you clarify that? >> Absolutely, so when Red Hat Enterprise Linux was first created, this was back in the days of Red Hat Linux, right? And because we couldn't balance the needs of the hobbyist market from the needs of the enterprise market, we split into Red Hat Enterprise Linux and Fedora, okay? So then for 15 years, yeah, about 15 years we had Fedora which is where we took all of our risks. That was kind of our early program where we started integrating new components, new open source projects and all the rest of it. And then eventually we would take that innovation and then feed it into the next version of Red Hat Enterprise Linux. The trick with that is that the Red Hat Enterprise Linux work that we did was largely internal to Red Hat and wasn't accessible to partners. And we've just spent a lot of time talking about how much we need to be collaborating with partners. They really had, a lot of them had to wait until like the beta came out before they actually knew what was going to be in the box, okay, well that was okay for a while but now that the market is the way that it is, things are moving so quickly. We need a better way to allow partners to work together with us further upstream from the actual product development. So that's why we created CentOS Stream. So CentOS Stream is the place where we kind of host the party and people can watch the next version of Red Hat Enterprise get developed in real time, partners can come in and help, customers can come in and help. And we've been really proud of the fact that Red Hat Enterprise Linux 9 is the first release that came completely out of CentOS Stream. Another way of putting that is that Red Hat Enterprise Linux 9 is the first version of RHEL that was actually built, 80, 90% of it was built completely in the open. >> Okay, so that's the new playground. >> Yeah, that's right. >> You took a lot of negative pushback when you made the announcement, is that basically because the CentOS users didn't understand what you were doing? >> No, I think the, the CentOS Linux, when we brought CentOS Linux on, this was one of the things that we wanted to do, is we wanted to create this space where we could start collaborating with people. Here's the lesson we learned. It is very difficult to collaborate when you are downstream of the product you're trying to improve because you've already shipped the product. And so once you're for collaborating downstream, any changes you make have to go all the way up the water slide and before they can head all the way back down. So this was the real pivot that we made was moving that partnership and that collaboration activity from the downstream of Red Hat Enterprise Linux to putting it right in the critical path of Red Hat Enterprise Linux development. >> Great, well, thank you for that Gunnar. Thanks for coming on theCUBE, it's great to, >> Yeah, my pleasure. >> See you and have a great day tomorrow. Thanks, and we look forward to seeing you tomorrow. We start at 9:00 AM. East Coast time. I think the keynotes, we will be here right after that to break that down, Paul Gillin and myself. This is day one for theCUBE's coverage of Red Hat Summit 2022 from Boston. We'll see you tomorrow, thanks for watching. (upbeat music)

(upbeat music) >> Welcome to this CUBE conversation. I am Lisa Martin, excited to welcome back one of our distinguished alumni, Derek Manky joins me next. Chief security Insights and Global Threat Alliances at Fortinet's FortiGuard Labs. Derek, welcome back to the program. >> Yes, it's great to be here and great to see you again, Lisa. Thanks for having me. >> Likewise, yeah, so a lot has happened. I know we've seen you during this virtual world, but so much has happened with ransomware in the last year. It's unbelievable, we had this dramatic shift to a distributed workforce, you had personal devices on in network perimeters and non-trusted devices or trusted devices on home networks and lots of change there. Talk to me about some of the things that you and FortiGuard Labs have seen with respect to the evolution of ransomware. >> Yeah, sure, so it's becoming worse, no doubt. We highlighted this in our Threat Landscape Report. If we just take a step back looking at ransomware itself, it actually started in the late 1980s. And it didn't, that was very, they relied on snail mail. It was obviously there was no market for it at the time. It was just a proof of concept, a failed experiment if you will. But it really started getting hot a decade ago, 10 years ago but the technology back then wasn't the cryptography they're using, the technique wasn't as strong as easily reversed. And so they didn't really get to a lot of revenue or business from the cyber criminal perspective. That is absolutely not the case today. Now they have very smart cryptography they're experts when say they, the cyber criminals at their game. They know there's a lot of the attack surfaces growing. There's a lot of vulnerable people out there. There's a lot of vulnerable devices. And this is what we saw in our threat landscape group. What we saw at seven times increase in ransomware activity in the second half of 2020. And that momentum is continuing in 2021. It's being fueled by what you just talked about. By the work from anywhere, work from home environment a lot of vulnerable devices unpatched. And these are the vehicles that the ransomware is the payload of course, that's the way that they're monetizing this. But the reality is that the attack surface has expanded, there's more vulnerable people and cyber criminals are absolutely capitalizing on that. >> Right, we've even seen cyber criminals capitalizing on the pandemic fears with things that were around the World Health Organization or COVID-19 or going after healthcare. Did you see an uptick in healthcare threats and activities as well in the last year? >> Yeah, definitely, so I would start to say that first of all, the... Nobody is immune when it comes to ransomware. This is such again, a hot target or a technique that the cybercriminals are using. So when we look at the verticals, absolutely healthcare is in the top five that we've seen, but the key difference is there's two houses here, right? You have what we call the broad blanketed ransomware attacks. So these aren't going after any particular vertical. They're really just trying to spray as much as they can through phishing campaigns, not through... there's a lot of web traffic out there. We see a lot of things that are used to open playing on that COVID-19 theme we got, right? Emails from HR or taxes and scams. It's all related to ransomware because these are how they're trying to get the masses to open that up, pay some data sorry, pay some cryptocurrency to get access to their data back. Oftentimes they're being held for extortions. They may have photos or video or audio captures. So it's a lot of fear they're trying to steal these people but probably the more concern is just what you talked about, healthcare, operational technology. These are large business revenue streams. These are take cases of targeted ransoms which is much different because instead of a big volumetric attack, these are premeditated. They're going after with specific targets in mind specific social engineering rules. And they know that they're hitting the corporate assets or in the case of healthcare critical systems where it hurts they know that there's high stakes and so they're demanding high returns in terms of ransoms as well. >> With respect to the broad ransomware attacks versus targeted a couple of questions to kind of dissect that. Are the targeted attacks, are they in like behind the network firewall longer and faster, longer and getting more information? Are they demanding higher ransom versus the broader attacks? What's what are some of the distinctions there besides what you mentioned? >> Yeah, absolutely so the targeted texts are more about execution, right? So if we look at the attack chain and they're doing more in terms of reconnaissance, they're spending more cycles and investment really on their end in terms of weaponization, how they can actually get into the system, how they can remain undetected, collecting and gathering information. What we're seeing with groups like Ragnar Locker as an example, they're going in and they're collecting in some cases, terabytes of information, a lot, they're going after definitely intellectual property, things like source code, also PII for customers as an example, and they're holding them. They have a whole business strategy and plan in mind on their place, right? They hold them for ransom. They're often, it's essentially a denial of service in some cases of taking a revenue stream or applications offline so a business can't function. And then what they're doing is that they're actually setting up crime services on their end. They, a lot of the the newest ransom notes that we're seeing in these targeted attacks are setting up channels to what they call a live chat support channel that the victim would log into and actually talk directly live to the cybercriminal or one of their associates to be able to negotiate the ransom. And they're trying to have in their point of view they're trying frame this as a good thing and say, we're going to show you that our technology works. We can decrypt some of the files on your system as an example just to prove that we are who we say we are but then they go on to say, instead of $10 million, we can negotiate down to 6 million, this is a good deal, you're getting 30% off or whatever it is but the fact is that they know by the time they've gotten to this they've done all their homework before that, right? They've done the targets, they've done all the things that they can to know that they have the organization in their grasp, right? >> One of the things that you mentioned just something I never thought about as ransomware as a business, the sophistication level is just growing and growing and growing and growing. And of course, even other bad actors, they have access to all the emerging technologies that the good guys do. But talk to me about this business of ransomware because that's what it seems like it really has become. >> Absolutely, it is massively sad. If you look at the cybercrime ecosystem like the way that they're actually pulling this off it's not just one individual or one cyber crime ring that, let's say five to 10 people that are trying to orchestrate this. These are big rings, we actually work closely as an example to, we're doing everything from the FortiGuard Labs with following the latest ransomware trends doing the protection and mitigation but also working to find out who these people are, what are their tactics and really attribute it and paint a picture of these organizations. And they're big, we worked on some cases where there's over 50 people just in one ransomware gang. One of the cases we worked on, they were making over $60 million US in three months, as an example. And in some cases, keep in mind one of these targeted attacks like in terms of ransom demands and the targeted cases they can be an excess of $10 million just for one ransom attack. And like I said, we're seeing a seven times increase in the amount of attack activity. And what they're doing in terms of the business is they've set up affiliate marketing. Essentially, they have affiliates in the middle that will actually distribute the ransomware. So they're basically outsourcing this to other individuals. If they hit people with their ransomware and the people pay then the affiliate in the middle will actually get a commission cut of that, very high, typically 40 to 50%. And that's really what's making this lucrative business model too. >> Wow, My jaw is dropping just the sophistication but also the different levels to which they've put a business together. And unfortunately, for every industry it sounds very lucrative, so how then Derek do organizations protect themselves against this, especially knowing that a lot of this work from home stuff is going to persist. Some people want to stay home, what not. The proliferation of devices is only going to continue. So what are organizations start and how can you guys help? >> Start with the people, so we'll talk about three things, people, technology and processes. The people, unfortunately, this is not just about ransomware but definitely applies to ransomware but any attack, humans are still often the weakest link in terms of education, right? A lot of these ransomware campaigns will be going after people using nowadays seems like tax themes purporting to be from the IRS as an example or human resources departments or governments and health authorities, vaccination scams all these things, right? But what they're trying to do is to get people to click on that link, still to open up a malicious attachment that will then infect them with the ransomware. This of course, if an employee is up to date and hones their skills so that they know basically a zero trust mentality is what I like to talk about. You wouldn't just invite a stranger into your house to open a package that you didn't order but people are doing this a lot of the times with email. So really starting with the people first is important. There's a lot of free training information and security. There is awareness training, we offer that at Fortinet. There's even advanced training we do through our NSC program as an example. But then on top of that there's things like phishing tests that you can do regularly, penetration testing as well, exercises like that are very important because that is really the first line of defense. Moving past that you want to get into the technology piece. And of course, there's a whole, this is a security fabric. There's a whole array of solutions. Like I said, everything needs to be integrated. So we have an EDR and XDR as an example sitting on the end point, cause oftentimes they still need to get that ransomware payload to run on the end point. So having a technology like EDR goes a long way to be able to detect the threat, quarantine and block it. There's also of course a multi-factor authentication when it comes to identifying who's connecting to these environments. Patch management, we talk about all the time. That's part of the technology piece. The reality is that we highlight in the threat landscape report the software vulnerabilities that these rats more gangs are going after are two to three years old. They're not breaking within the last month they're two to three years old. So it's still about the patch management cycle, having that holistic integrated security architecture and the fabric is really important. NAC network access control is zero trust, network access is really important as well. One of the biggest culprits we're seeing with these ransom attacks is using IOT devices as launchpads as an example into networks 'cause they're in these work from home environments and there's a lot of unsecured or uninspected devices sitting on those networks. Finally process, right? So it's always good to have it all in your defense plan training and education, technology for mitigation but then also thinking about the what if scenario, right? So incident response planning, what do we do if we get hit? Of course we never recommend to pay the ransom. So it's good to have a plan in place. It's good to identify what your corporate assets are and the likely targets that cyber-criminals are going to go after and make sure that you have rigid security controls and threat intelligence like FortiGuard Labs applied to that. >> Yeah, you talk about the weakest link they are people I know you and I talked about that on numerous segments. It's one of the biggest challenges but I've seen some people that are really experts in security read a phishing email and almost fall for it. Like it looked so legitimately from like their bank for example. So in that case, what are some of the things that businesses can do when it looks so legitimate that it probably is going to have a unfortunately a good conversion rate? >> Yeah, so this is what I was talking about earlier that these targeted attacks especially when it comes to spear, when it comes to the reconnaissance they got so clever, it can be can so realistic. That's the, it becomes a very effective weapon. That's why the sophistication and the risk is rising like I said but that's why you want to have this multilayered approach, right? So if that first line of defense does yield, if they do click on the link, if they do try to open the malicious attachment, first of all again through the next generation firewall Sandboxing solutions like that, this technology is capable of inspecting that, acting like is this, we even have a FortiAI as an example, artificial intelligence, machine learning that can actually scan this events and know is this actually an attack? So that element goes a long way to actually scrub it like content CDR as well, content disarm as an example this is a way to actually scrub that content. So it doesn't actually run it in the first place but if it does run again, this is where EDR comes in like I said, at the end of the day they're also trying to get information out of the network. So having things like a Platinum Protection through the next generation firewall like with FortiGuard security subscription services is really important too. So it's all about that layered approach. You don't want just one single point of failure. You really want it, this is what we call the attack chain and the kill chain. There's no magic bullet when it comes to attackers moving, they have to go through a lot of phases to reach their end game. So having that layer of defense approach and blocking it at any one of those phases. So even if that human does click on it you're still mitigating the attack and protecting the damage. Keep in mind a lot of damages in some cases kind of a million dollars plus. >> Right, is that the average ransom, 10 million US dollars. >> So the average cost of data breaches that we're seeing which are often related to ransom attacks is close to that in the US, I believe it's around just under $9 million about 8.7 million, just for one data breach. And often those data breaches now, again what's happening is that the data it's not just about encrypting the data, getting access because a lot of organizations part of the technology piece and the process that we recommend is backups as well of data. I would say, organizations are getting better at that now but it's one thing to back up your data. But if that data is breached again, cybercriminals are now moving to this model of extorting that saying, unless you pay us this money we're going to go out and make this public. We're going to put it on paste and we're going to sell it to nefarious people on the dark web as well. >> One more thing I want to ask you in terms of proliferation we talked about the distributed workforce but one of the things, and here we are using Zoom to talk to each other, instead of getting to sit together in person we saw this massive proliferation in collaboration tools to keep people connected, families businesses. I talked a bit a lot of businesses who initially will say, oh we're using Microsoft 365 and they're protecting the data while they're not or Salesforce or Slack. And that shared responsibility model is something that I've been hearing a lot more about lately that businesses needing to recognize for those cloud applications that we're using and in which there's a lot of data traversing it could include PII or IP. We're responsible for that as the customer to protect our data, the vendor's responsible for protecting the integrity of the infrastructure. Share it with us a little bit about that in terms of your thoughts on like data protection and backup for those SaaS applications. >> Yeah, great question, great question tough one. It is so, I mean ultimately everybody has to have, I believe it has to have their position in this. It's not, it is a collaborative environment. Everyone has to be a stakeholder in this even down to the end users, the employees being educated and up-to-date as an example, the IT departments and security operation centers of vendors being able to do all the threat intelligence and scrubbing. But then when you extend that to the public cloud what is the cloud security stack look at, right? How integrated is that? Are there scrubbing and protection controls sitting on the cloud environments? What data is being sent to that, should it be cited center as an example? what's the retention period? How long does the data live on there? It's the same thing as when you go out and you buy one of these IOT devices as an example from say, a big box store and you go and just plug it into your network. It's the same questions we should be asking, right? What's the security like on this device model? Who's making it, what data is it going to ask for me? The same thing when you're installing an application on your mobile phone, this is what I mean about that zero trust environment. It should be earned trust. So it's a big thing, right? To be able to ask those questions and then only do it on a sort of need to know and medium basis. The good news is that a lot of CloudStack now and environments are integrating security controls. We integrated quite well with Fortinet as an example but this is an issue of supply chain. It's really important to know what lives upstream and how they're handling the data and how they're protecting it absolutely. >> Such interesting information and it's a topic ransomware that we could continue talking about, Derek, thank you for joining me on the program today updating us on what's going on, how it's evolving and ultimately what organizations in any industry need to do with protecting people and technology and processes to really start reducing their risks. I thank you so much for joining me today. >> All right it's a pleasure, thank you. >> Likewise Derek Manky I'm Lisa Martin. You're watching this CUBE conversation. (upbeat music)

(upbeat music) >> Welcome to this CUBE conversation. I am Lisa Martin, excited to welcome back one of our distinguished alumni, Derek Manky joins me next. Chief security Insights and Global Threat Alliances at Fortinet's FortiGuard Labs. Derek, welcome back to the program. >> Yes, it's great to be here and great to see you again, Lisa. Thanks for having me. >> Likewise, yeah, so a lot has happened. I know we've seen you during this virtual world, but so much has happened with ransomware in the last year. It's unbelievable, we had about 14 months ago, this dramatic shift to a distributed workforce, you had personal devices on in network perimeters and non-trusted devices or trusted devices on home networks and lots of change there. Talk to me about some of the things that you and FortiGuard Labs have seen with respect to the evolution of ransomware. >> Yeah, sure, so it's becoming worse, no doubt. We highlighted this in our Threat Landscape Report. If we just take a step back looking at ransomware itself, it actually started in the late 1980s. And it didn't, that was very, they relied on snail mail. It was obviously there was no market for it at the time. It was just a proof of concept, a failed experiment if you will. But it really started getting hot a decade ago, 10 years ago but the technology back then wasn't the cryptography they're using, the technique wasn't as strong as easily reversed. And so they didn't really get to a lot of revenue or business from the cyber criminal perspective. That is absolutely not the case today. Now they have very smart cryptography they're experts when say they, the cyber criminals at their game. They know there's a lot of the attack surfaces growing. There's a lot of vulnerable people out there. There's a lot of vulnerable devices. And this is what we saw in our threat landscape group. What we saw at seven times increase in ransomware activity in the second half of 2020. And that momentum is continuing in 2021. It's being fueled by what you just talked about. By the work from anywhere, work from home environment a lot of vulnerable devices unpatched. And these are the vehicles that the ransomware is the payload of course, that's the way that they're monetizing this. But the reality is that the attack surface has expanded, there's more vulnerable people and cyber criminals are absolutely capitalizing on that. >> Right, we've even seen cyber criminals capitalizing on the pandemic fears with things that were around the World Health Organization or COVID-19 or going after healthcare. Did you see an uptick in healthcare threats and activities as well in the last year? >> Yeah, definitely, so I would start to say that first of all, the... Nobody is immune when it comes to ransomware. This is such again, a hot target or a technique that the cybercriminals are using. So when we look at the verticals, absolutely healthcare is in the top five that we've seen, but the key difference is there's two houses here, right? You have what we call the broad blanketed ransomware attacks. So these aren't going after any particular vertical. They're really just trying to spray as much as they can through phishing campaigns, not through... there's a lot of web traffic out there. We see a lot of things that are used to open playing on that COVID-19 theme we got, right? Emails from HR or taxes and scams. It's all related to ransomware because these are how they're trying to get the masses to open that up, pay some data sorry, pay some cryptocurrency to get access to their data back. Oftentimes they're being held for extortions. They may have photos or video or audio captures. So it's a lot of fear they're trying to steal these people but probably the more concern is just what you talked about, healthcare, operational technology. These are large business revenue streams. These are take cases of targeted ransoms which is much different because instead of a big volumetric attack, these are premeditated. They're going after with specific targets in mind specific social engineering rules. And they know that they're hitting the corporate assets or in the case of healthcare critical systems where it hurts they know that there's high stakes and so they're demanding high returns in terms of ransoms as well. >> With respect to the broad ransomware attacks versus targeted a couple of questions to kind of dissect that. Are the targeted attacks, are they in like behind the network firewall longer and faster, longer and getting more information? Are they demanding higher ransom versus the broader attacks? What's what are some of the distinctions there besides what you mentioned? >> Yeah, absolutely so the targeted texts are more about execution, right? So if we look at the attack chain and they're doing more in terms of reconnaissance, they're spending more cycles and investment really on their end in terms of weaponization, how they can actually get into the system, how they can remain undetected, collecting and gathering information. What we're seeing with groups like Ragnar Locker as an example, they're going in and they're collecting in some cases, terabytes of information, a lot, they're going after definitely intellectual property, things like source code, also PII for customers as an example, and they're holding them. They have a whole business strategy and plan in mind on their place, right? They hold them for ransom. They're often, it's essentially a denial of service in some cases of taking a revenue stream or applications offline so a business can't function. And then what they're doing is that they're actually setting up crime services on their end. They, a lot of the the newest ransom notes that we're seeing in these targeted attacks are setting up channels to what they call a live chat support channel that the victim would log into and actually talk directly live to the cybercriminal or one of their associates to be able to negotiate the ransom. And they're trying to have in their point of view they're trying frame this as a good thing and say, we're going to show you that our technology works. We can decrypt some of the files on your system as an example just to prove that we are who we say we are but then they go on to say, instead of $10 million, we can negotiate down to 6 million, this is a good deal, you're getting 30% off or whatever it is but the fact is that they know by the time they've gotten to this they've done all their homework before that, right? They've done the targets, they've done all the things that they can to know that they have the organization in their grasp, right? >> One of the things that you mentioned just something I never thought about as ransomware as a business, the sophistication level is just growing and growing and growing and growing. And of course, even other bad actors, they have access to all the emerging technologies that the good guys do. But talk to me about this business of ransomware because that's what it seems like it really has become. >> Absolutely, it is massively sad. If you look at the cybercrime ecosystem like the way that they're actually pulling this off it's not just one individual or one cyber crime ring that, let's say five to 10 people that are trying to orchestrate this. These are big rings, we actually work closely as an example to, we're doing everything from the FortiGuard Labs with following the latest around some of the trends doing the protection and mitigation but also working to find out who these people are, what are their tactics and really attribute it and paint a picture of these organizations. And they're big, we're working some cases where there's over 50 people just in one ransomware gang. One of the cases we worked on, they were making over $60 million US in three months, as an example. And in some cases, keep in mind one of these targeted attacks like in terms of ransom demands and the targeted cases they can be an excess of $10 million just for one ransom attack. And like I said, we're seeing a seven times increase in the amount of attack activity. And what they're doing in terms of the business is they've set up affiliate marketing. Essentially, they have affiliates in the middle that will actually distribute the ransomware. So they're basically outsourcing this to other individuals. If they hit people with their ransomware and the people pay then the affiliate in the middle will actually get a commission cut of that, very high, typically 40 to 50%. And that's really what's making this lucrative business model too. >> Wow, My jaw is dropping just the sophistication but also the different levels to which they've put a business together. And unfortunately, for every industry it sounds very lucrative, so how then Derek do organizations protect themselves against this, especially knowing that a lot of this work from home stuff is going to persist. Some people want to stay home, what not. The proliferation of devices is only going to continue. So what are organizations start and how can you guys help? >> Start with the people, so we'll talk about three things, people, technology and processes. The people, unfortunately, this is not just about ransomware but definitely applies to ransomware but any attack, humans are still often the weakest link in terms of education, right? A lot of these ransomware campaigns will be going after people using nowadays seems like tax themes purporting to be from the IRS as an example or human resources departments or governments and health authorities, vaccination scams all these things, right? But what they're trying to do is to get people to click on that link, still to open up a malicious attachment that will then infect them with the ransomware. This of course, if an employee is up to date and hones their skills so that they know basically a zero trust mentality is what I like to talk about. You wouldn't just invite a stranger into your house to open a package that you didn't order but people are doing this a lot of the times with email. So really starting with the people first is important. There's a lot of free training information and security. There is awareness training, we offer that at Fortinet. There's even advanced training we do through our NSC program as an example. But then on top of that there's things like phishing tests that you can do regularly, penetration testing as well, exercises like that are very important because that is really the first line of defense. Moving past that you want to get into the technology piece. And of course, there's a whole, this is a security fabric. There's a whole array of solutions. Like I said, everything needs to be integrated. So we have an EDR and XDR as an example sitting on the end point, cause oftentimes they still need to get that ransomware payload to run on the end point. So having a technology like EDR goes a long way to be able to detect the threat, quarantine and block it. There's also of course a multi-factor authentication when it comes to identifying who's connecting to these environments. Patch management, we talk about all the time. That's part of the technology piece. The reality is that we highlight in the threat landscape report the software vulnerabilities that these rats more gangs are going after are two to three years old. They're not breaking within the last month they're two to three years old. So it's still about the patch management cycle, having that holistic integrated security architecture and the fabric is really important. NAC network access control is zero trust, network access is really important as well. One of the biggest culprits we're seeing with these ransom attacks is using IOT devices as launchpads as an example into networks 'cause they're in these work from home environments and there's a lot of unsecured or uninspected devices sitting on those networks. Finally process, right? So it's always good to have it all in your defense plan training and education, technology for mitigation but then also thinking about the what if scenario, right? So incident response planning, what do we do if we get hit? Of course we never recommend to pay the ransom. So it's good to have a plan in place. It's good to identify what your corporate assets are and the likely targets that cyber-criminals are going to go after and make sure that you have rigid security controls and threat intelligence like FortiGuard Labs applied to that. >> Yeah, you talk about the weakest link they are people I know you and I talked about that on numerous segments. It's one of the biggest challenges but I've seen some people that are really experts in security read a phishing email and almost fall for it. Like it looked so legitimately from like their bank for example. So in that case, what are some of the things that businesses can do when it looks so legitimate that it probably is going to have a unfortunately a good conversion rate? >> Yeah, so this is what I was talking about earlier that these targeted attacks especially when it comes to spear, when it comes to the reconnaissance they got so clever, it can be can so realistic. That's the, it becomes a very effective weapon. That's why the sophistication and the risk is rising like I said but that's why you want to have this multilayered approach, right? So if that first line of defense does yield, if they do click on the link, if they do try to open the malicious attachment, first of all again through the next generation firewall Sandboxing solutions like that, this technology is capable of inspecting that, acting like is this, we even have a FortiAI as an example, artificial intelligence, machine learning that can actually scan this events and know is this actually an attack? So that element goes a long way to actually scrub it like content CDR as well, content disarm as an example this is a way to actually scrub that content. So it doesn't actually run it in the first place but if it does run again, this is where EDR comes in like I said, at the end of the day they're also trying to get information out of the network. So having things like a Platinum Protection through the next generation firewall like with FortiGuard security subscription services is really important too. So it's all about that layered approach. You don't want just one single point of failure. You really want it, this is what we call the attack chain and the kill chain. There's no magic bullet when it comes to attackers moving, they have to go through a lot of phases to reach their end game. So having that layer of defense approach and blocking it at any one of those phases. So even if that human does click on it you're still mitigating the attack and protecting the damage. Keep in mind a lot of damages in some cases kind of a million dollars plus. >> Right, is that the average ransom, 10 million US dollars. >> So the average cost of data breaches ever seen which are often related to ransom attacks is close to that in the US, I believe it's around just under $9 million about 8.7 million, just for one data breach. And often those data breaches now, again what's happening is that the data it's not just about encrypting the data, getting access because a lot of organizations part of the technology piece and the process that we recommend is backups as well of data. I would say, organizations are getting better at that now but it's one thing to back up your data. But if that data is breached again, cybercriminals are now moving to this model of extorting that saying, unless you pay us this money we're going to go out and make this public. We're going to put it on piece and we're going to sell it to nefarious people on the dark web as well. >> One more thing I want to ask you in terms of proliferation we talked about the distributed workforce but one of the things, and here we are using Zoom to talk to each other, instead of getting to sit together in person we saw this massive proliferation in collaboration tools to keep people connected, families businesses. I talked a bit a lot of businesses who initially will say, oh we're using Microsoft 365 and they're protecting the data while they're not or Salesforce or Slack. And that shared responsibility model is something that I've been hearing a lot more about lately that businesses needing to recognize for those cloud applications that we're using and in which there's a lot of data traversing it could include PII or IP. We're responsible for that as the customer to protect our data, the vendor's responsible for protecting the integrity of the infrastructure. Share it with us a little bit about that in terms of your thoughts on like data protection and backup for those SaaS applications. >> Yeah, great question, great question tough one. It is so, I mean ultimately everybody has to have, I believe it has to have their position in this. It's not, it is a collaborative environment. Everyone has to be a stakeholder in this even down to the end users, the employees being educated and up-to-date as an example, the IT departments and security operation centers of vendors being able to do all the threat intelligence and scrubbing. But then when you extend that to the public cloud what is the cloud security stack look at, right? How integrated is that? Are there scrubbing and protection controls sitting on the cloud environments? What data is being sent to that, should it be cited center as an example? what's the retention period? How long does the data live on there? It's the same thing as when you go out and you buy one of these IOT devices as an example from say, a big box store and you go and just plug it into your network. It's the same questions we should be asking, right? What's the security like on this device model? Who's making it, what data is it going to ask for me? The same thing when you're installing an application on your mobile phone, this is what I mean about that zero trust environment. It should be earned trust. So it's a big thing, right? To be able to ask those questions and then only do it on a sort of need to know and medium basis. The good news is that a lot of CloudStack now and environments are integrating security controls. We integrated quite well with Fortinet as an example but this is an issue of supply chain. It's really important to know what lives upstream and how they're handling the data and how they're protecting it absolutely. >> Such interesting information and it's a topic ransomware that we could continue talking about, Derek, thank you for joining me on the program today updating us on what's going on, how it's evolving and ultimately what organizations in any industry need to do with protecting people and technology and processes to really start reducing their risks. I thank you so much for joining me today. >> All right it's a pleasure, thank you. >> Likewise Derek Manky I'm Lisa Martin. You're watching this CUBE conversation. (upbeat music)

>>Hi and thanks for joining us today. I'm Arwa Qadoura, vice president of Goto Market for HP Green Lake. In this session, we're going to explore a few of the ways we're bringing the cloud to your data center and co locations, especially for your most demanding workloads. We'll show a few examples of how we do this and how we can help you with HP. Green Lake with HP Green Lake were leading the market for on premises and hybrid cloud. With a decade of experience and over 1000 customers, we've been able to continue enriching our portfolio of services, leveraging the vast input from our customers. And what we're hearing now is they want us to take on the apse and data that are most critical to run their business on our customers. Love the cloud experience and wanted available everywhere, including their data center and Coehlo H. P E. Green Lake is the cloud that comes to you. We deliver a cloud experience for your >>infrastructure and workloads in your data center or co location and at the edge. HP Greenlee Cloud Services offer consumption based economics and scalability for a wide range of platforms. All managed for you by HP or by a rich ecosystem of partners. In June, we brought the Self service point and click experience of the cloud to our new services for containers, virtual machines and ml apps, and dramatically sped up the delivery of our infrastructure services with standardized building blocks T shirt sized that you can get in ASL. It'll us 14 days and a few weeks ago we added V. D. I as a service to meet the strong demand to help your employees around the globe work securely wherever they may be. Today we will look at four examples of how we provide the cloud experience for the workloads that are most critical to run your business, and we'll give a few industry examples. First, we'll talk about helping financial institutions manage risk and compliance. We'll talk about improving health care with a secure, flexible electronic health records platform, optimizing production and delivery for manufacturing with S A P Hana and answering your biggest questions with high performance computing. When we talk about thes demanding workloads, whether we're talking about inventory management, payment processing, medical imaging or any additional ones you see here, two things typically hold true. First, they're very difficult to move to the public cloud due to the challenges around Leighton See and Performance data Gravity I P. And Privacy Protection and the data entanglement with many other APS. And secondly, they require app specific expertise to implement and integrate continual performance optimization, strong resiliency, security and compliance management. And container is a shin to achieve mobility. These air tough to meet but essential toe have. If you're betting your business on these workloads, we've helped our customers meet these challenges and requirements in the data center. Let's start our discussion about these workloads with managing risk and compliance. Risk and compliance management require analyzing huge amounts of data streaming in real time through the organization, and Splunk is widely used for this as the scales. We have found that often infrastructure is the bottleneck and organizations develop blind spots. Due to this, this means they could only see some of the data. Scaling and making changes is also a slow process with such a complex set of infrastructure, and I T resources often don't have the skills to manage new platforms such as container based implementations. We've looked at the situation and built a differentiated architecture er to solve this challenge. The solution is container based, using the HP as moral container platform. It's an infrastructure that is tuned for Splunk and resulted in a big reduction in the total servers needed. It's delivered as a service through HP Green Lake on premises fully managed to make adoption fast and to cover the skill gaps, I t may have the outcomes. We tested our approach and found the dramatic improvements you see here. Infrastructure efficiency improved dramatically, with 17 times increase in throughput and 12 Splunk indexers per host, up from one. Compliance and insights into risks improved from removing the blind spots with a 10 times reduction and infrastructure needed to ingest up to 8.7 terabytes per host per day. And customers have a greatly simplified I T operating model by moving to HP Green Lake fully managed so that HP takes care of the container and infrastructure management. Next, let's talk about improving health >>care with a secure, flexible e HR platform. The global pandemic is putting an extraordinary burden on an industry whose budgets and resources are already stretched to the limits and H P can help health systems in medical research institutions around the globe recognize the value of HP Green Lake for our infrastructure as a service needs scalable storage for high resolution medical imaging, high performance compute for medical research and v. D. I. For the digital workplace. Today we are pleased to introduce the platform for epics E H R System. This is a full platform. As a service offering for Elektronik Health Records, the service supports the epic software stack with validated HP infrastructure and epic certified expertise to run the full environment for you. This enables health care institutions toe offload the complexities of moving to and operating a modern epic platform, reducing cost risk and time with a fully managed paper use cloud service in their own data center or cola facility. Now our customers could focus on delivering life affecting healthcare outcomes and not on the nuances of daily technical operations and upgrades. So how is HP qualified? Think back to the requirements we talked about for expertise. We have a 25 year partnership with EPIC, and over 65% of epic customers use RHP infrastructure, including storage servers, software and networking. We know epic and are trusted by epic customers. We have a dedicated program management office with focused epic resources to help health care systems make the most of their epic platform improving their quality of care, financial performance, work, low efficiency and, most importantly, their patient outcomes. The next workload I'd like to cover is S a P Hana s A P Hannah runs many if not most manufacturing organizations, including our very own. Here in h P s A P finds that 70% of customers are looking to remain on premises with S A P Hana as they migrate toe s four For the reasons we discussed earlier performance, resiliency, security, I protection and control. And we're proud to be one of Aesop's most critical technology partners, running approximately 40% of the on Prem s a p customer base. Thes customers trust HP infrastructure to run their critical s a p environment and we're excited to extend the value into a fully managed on Prem Cloud service. Today we bring the cloud benefits of HP Green Lake toe s a P Hannah customers on premises in two ways. Standard hp Green Lake uses S a P certified technology from HP with the scalable paper use model with H P's outstanding support and management services ready to meet the demanding requirements of S A P. Hana. And now we are working with S a P for the S A P Hana Enterprise Cloud Customer Edition which is powered by HP Green Lake and fully managed by S A P for you, which is the sap cloud in your data center. HPD point next services are essential to our customers. One of the reasons that customers choose HP for workloads such as SAP is our expertise from strategy all the way to operation with advisory and professional services specific to your application. We help you succeed. HP understands migration toe s A. P s four hana and as the leading technology vendor of S a P Hannah Infrastructure and a large s a p Hannah customer ourself, we have the expertise within our advisory and professional services. To ensure your success as you move to s four, HP has delivered over 1500 s, a p Hana consulting projects and HP point Next services has the expertise globally to accelerate time to value and mitigate your risk. And lastly, HP offers a center of excellence Experience for S a P. Hannah providing specialized support from our experts Toe optimize operations for S a p environments The last and maybe the most demanding workload that will cover today is HPC high performance computing. Today we are announcing H p e Green Lake for HPC. This is an exciting time as we bring our cloud services to HPC wherever you need it. As the leader in HPC, we have significant i p To give HPC customers. We offer the speed and scalability that you need with components such as high speed interconnect, high density compute platforms and software to manage HPC operations and performance. And unlike other technology companies, thes are all from HP, fully integrated, fully supported and can be fully managed by HP. And we've built an ecosystem of I S V applications that we closely collaborate with to make HPC run seamlessly high. Performance computing can get complex with HP. Green Lake for HPC will simplify the approach without taking away any of the power. Pick the starting point that fits your use case small, medium or large, and get started. These building blocks are HPC optimized, meaning you could bring the technology that we use to predict weather or decode the human genome to your everyday APS. No capital up front, pay for what you use and the implementation is managed for you. With our building block approach, we can eliminate the long design and implementation phase, which could take months or even a year over time as your clusters grow, modernize and change H p e Green Lake Capacity management helps you always have capacity ready ahead of your needs. What is the experience with H. P Green Lake for HPC, you order, we deliver in as little as 14 days. We install your systems and you can quickly deploy your HPC APS. With the new point and click service experience, researchers and analysts can get access to their HPC cluster resources from the self service portal without putting. I t in the middle of every request we manage the clusters for you. Take care of upgrades, performance and growth, and you pay based on what you use. Simplifying HPC economics and operations. This is how we bring a cloud to your most demanding workloads. So we've covered a lot, and the big question is, so what? How do you benefit analysts have found that with HP Green Lake, you save 30 to 40% on total cost of ownership by eliminating over provisioning, which on its own is huge. But the additional benefits are equally important to our customers. You can speed deployments of projects by 75% cut your risk with 85% less unplanned downtime and improve ICTY productivity by 40% due to the services, including that greatly simplify I t operations. What's next? If you want to learn more about how we bring cloud services for your most demanding workloads, whether they're for risk management, E H. R s, a, p or HPC, or for other workloads you depend on us for Please engage your HP account team or your HP partner. If you're already are a customer for HP Green Lake, thank you. And we're ready to globally help you with your next project. And, of course, please visit us at p e dot com. Backslash Green Lake Thanks for joining me today.

>> Narrator: From the Cube studios in Palo Alto and Boston, this is and episode in the Remote Works Citrix virtual series. >> Hello everybody, my name is Dave Vellante, and welcome to this cube conversation. You know, for the last several weeks, we've been interviewing key executives to really try to understand how they're responding to the COVID-19 crisis. And one of the key areas that we've been reporting on is the so called work from home offset, and I'll explain that in a little bit. But there are two great executives from Citrix that I'm really pleased to have on Donna Kimmel is the Executive Vice President and Chief chief people officer. Donna, great to see you. Thanks for coming on. >> Thank you. >> And she she's joined by Meerah Rajavel, who's the CIO of Citrix. Meerah, thank you as well. >> Thank you. >> So, I mean, this thing has been amazing. We've been doing a lot of research and it just obviously came out of the blue guys, if you would actually bring up that that chart. I want to set up the conversation here. This is something that we've been reporting on for a while. This is an ETR survey from about 1300 CIOs and IT practitioners that we asked them, how is your budget going to change in 2020 as a result of COVID? And you can see the red, we all know the story in the red, it's ugly. But surprisingly, about 35% of the respondents said no change. They're actually going to plow ahead. But what's even more surprising was 20 plus percent, about 21% said we're actually going to spend more. And so you can see from the data, that it's actually would be a lot worse, we're not for the green. Now, the reality is that green is a function really have worked from home infrastructure. And guys, that's something that I really want to talk to you about today. So, Donna, let me start with you. I mean, this is we're always talking about people, people process and technology. I mean, we went from put your toe in the water with work from home infrastructure, to all in. Your thoughts I mean, this is just overnight. >> Absolutely, you know, I think when I think about remote work and working from home, it is really not business as usual and probably was the biggest change that businesses have experienced, even in my career and many others. You know this was pretty much thrust upon us the work from home. And we realized that it requires new ways of thinking and behaving and operating. Our home offices quickly became kitchen tables and basements and bathrooms and bedrooms. And, in addition to it, not necessarily being set up the way that we would normally set it up if we knew we were going to work from home. It also didn't generally involve caring for family members at the same time. And so, most people thought for the first couple of weeks well, I can get through this. You know, for, it's not an extended period of time, but the reality is it's become an extended period of time. And I think ultimately, you know when we step back and think we're as humans, we're all survivors, and we're resilient. And there's a number of ways that, you know, we can help our employees as they make the adjustment that was really sort of pushed on them. >> Now, the executives that I've been talking to they, to a person start with, look, the safety and health of our team is the most important. So you obviously had to communicate that. Donna, I wonder if you could talk about sort of the priorities, you know what is it the cadence of your communication? The transparency of your communication? What really was your kind of first move, if you will? >> Yeah, absolutely. I think for us, one of the first things we had to step back and think about is, who are we what is what is our culture, what's important to us and we recognize it Citrix, it's our talent that makes the business successful. So we to show understand as much of the experience as possible that are that our employees are having, and really come at it from, I think a place of, of empathy. Listening to what's important to them, thinking about what's going to enable them to be successful because when our employees are successful, they truly drive success and a great experience for our customers. They're the ones out there helping to support our customers to support our sales partners, and certainly, ultimately, our communities. But when we think about this, we're thinking about the challenges, the opportunities, trying to develop plans and programs, and making sure that we have continuous information that is provided to our employees. And I think part of it you know we'll have an opportunity to talk with Meerah as well. When we step back, we think about kind of three things from a future of work perspective, we always think about the culture of the organization. Which is the embodiment of the values, the who we are and what we do. All of this clearly is grounded in the business objectives. So the first piece is our is our culture. The second piece is our physical space. So what is our environment like that enables us to be as productive as possible. And then the third piece is our digital space. If you can think about all of those almost as a Venn diagram, and that really puts the employee at the center. When we think about what's going to enable our employees to be successful, we think about that in a very holistic way. And so culture is sorry, did you want to-- >> Oh no please. >> Yeah. Culture for us is really grounded in our ability to drive trust in the organization. It's about that human connection. Because the more we can be connected with each other's managers to employees and peers to employees, the better off we are, people will feel less isolated. Because without that face to face, it makes it, and face to face and I'll say in person makes it a lot more difficult. The second piece that we focus on is that physical environment. And I think for many employees because they were thrust into the situation when they compare it to the work environment, when you're in the office, there's almost a professional feel, in that work environment and so employees feel a fair amount of pressure to try to create that same professionalism in their home. And the reality is, it's hard to do that. So it puts a lot of pressure on employees when they recognize that the whole family is quarantined with them, right? There's homeschooling going on. There's no childcare or eldercare. There's interruptions at inopportune times, barking dogs and cats walking across keyboards and family members doing drive-bys while the video cameras on and I think one of the things that we've been able to do is to help employees feel comfortable with that's who you are, that's our humanity. And the more we can help people feel comfortable about creating that physical space that's open and welcoming. That really helps drive that experience. And then the third piece, as I mentioned, is the digital space. And that's really where the partnership with Meerah comes in is so, so important, do they have the right tools and technology at home to be able to drive that experience? And for us, you know as Meerah and I have talked that partnership between IT and HR is critical. We're almost like the new BFFs in order to drive variance to enable our employees to be as productive as possible in this work from home. >> All right, so Meerah, let's let's get into that. So once you've established the safety, the health of your your employees, obviously financial flexibility and runway and the like their physical digital space. Now, you're really under a microscope with the tech. Now, of course, Citrix has been in this business for decades. So you know a lot about this, but nonetheless, this is really new. You were thrust into it overnight. Your thoughts on on how you responded and you know kind of where we're at in that journey. >> Absolutely, absolutely. So one other thing Donna mentioned, right, the three aspects when we moved to work from home, the biggest piece of this aspect that made it like for example, she was telling, I mean, I myself, we are in transition. I'm moving from Austin, Texas to Florida when it is all in the middle. I'm right now in the middle of my transition, I'm not settled my new house. And literally I'm doing this interview with the sitting my laptop on top of cereal boxes right now. That's actually something that I empathize clearly with my employees. So the physical space when we are in an office location is not any more that we can control. So the digital space need to really compensate for the physical space. The culture is something I think we are very lucky being in Citrix, the notion of what we have been always been talking about remote work, and employee experience, we have got that ingrained. So when we have to go into this remote workspace, work force culture, the culture is something that I would say we had some foundation to stand on. But IT has to come in, it's not an easy job because we want to give people the ability to do they what they want to do in a productive fashion. But now digital need to compensate for the physical, you know efficiencies that are possibly lacking in a home environment. So I looked at it from three C's, right? It starts with connectivity, right? Connectivity being are we providing the right kind of connectivity, which is to a secure connection. At the end of the day my job here is to make the employee productive and secure at the same time. It's not just about the productivity, but also wrap it up with a greater experience. So we start looking at connectivity from a security point of view, from performance point of view, using you know technologies like SDVAN and maximizing their performance to the nearest, how we can, you know break out the circuits to maximize performance for our employees. We also need to take into account that there are countries we went into the last mile to understand where the true problem is. Because if you go to Asia, there are so many countries, you know even if we can provide superior experience, their experience is very dependent on the local connectivity. So we need to look at, okay, how do we ensure our heavy duty applications are in a way optimized so it doesn't become a productivity tip for the employee. The second is if you think about productivity for employees, and it's all about information sharing and content sharing, right? So I call the second C is the content. The ability for the employee to have the right data at the right place. So they can make decisions and they can be productive. So using things like whether it is your ShareFile or your OneDrive or your collaboration platform JIRA, it doesn't matter, but you have to really make sure that data and information are available. And we focused on making sure that we are streamlined that and communicating about that very vocally like to Donna's point. The third C we looked at was collaboration, right? I mean, that's actually where, we are now compensating for the physical touch with a digital touch. So that includes things like your audio conferencing platform, your video conferencing platform, your ability to bring these different facets together, right? I mean, the ability to share, a ability to whiteboard I had last week, three days off site, and it was a complete virtual off site with nine hours of working session. And we used all kinds of tools that literally we had digital stickies to move around that integrated into our video conferencing platform that integrated into our conference sharing platform. So whatever we are doing, these are all connected. At the end of the day I truly felt like you know what i can contribute to not you know adding to the carbon footprint of the globe, because we have people from all over the globe, all of a sudden, I'm getting feedback from employees saying now the playing field is completely level down, people who have been remote users before they felt they had a short stick. Now everybody's same. In fact, my staff actually talked to one of my permanent remote employees and say, hey, what is the tips that I can use from you to make sure I'm productive, right? So I see the culture aspect is super important. That's actually bringing us together, but it is from a technology and digital point of view, bringing your, you know connectivity, content and collaboration in a way that it's going to be secure and in a way that we are looking at it with the aspect of your culture and from the employee shoes is a super important thing from a technology point of view. >> So Donna, you mentioned the sort of BFF between between HR and IT now, of course, HR IT have always had a relationship but it really has been around that Human Capital Managers Software, whether it was simplified and efficient onboarding or certain, change management functions. What have you been able to learn from that relationship and apply and what's new? >> You know, I think, what we're doing together what Meerah and I and the IT in the HR organizations are really doing together is truly understanding what it means to enable productivity for employees. And when you think about having the right tools to enable employees to be productive, doing that in alignment with the culture of the organization, what is it that drives our sense of meaning and accomplishment? And then being able to do it in a way both in a physical environment whether that physical environment is in the office or if it is remote. We do Look collectively together at the change management, how do you get employees to adopt new ways of doing things? And utilize that and learn from it. So we experiment with certain types of productivity tools, as Meerah was, was talking about, which ones worked, which ones needed to change, what worked for some teams and didn't work for others, when she and I can do that together, and our departments can do that together that enables us to truly drive productivity across the organization. >> Yeah, I would probably add one more thing to what Donna said. I mean, one of the thing is, also if you think about it, you know the human resource, the talent organization has a much better understanding of the culture of the subcultures, right? I mean, I've never been in a company even when it's 1000 people company, you have subcultures. And HR is in involved in the culture of those subcultures as we are going through. From IT point of view, we look at it from user personas, okay? So a salesperson who's actually always on road or always like more of a remote worker versus an engineering person. I mean, we are a software company and R&D persona requires a different set of productivity tools, compared to a salesperson compared to an executive compared to an executive assistant, right? So for us, it's actually bringing that different functional line of business. And that type of personas. And HR is absolutely crucial because as we are looking at it, we're saying, hey, what is the success for this organization, and what's the culture of that organization and one of the primary job roles and we don't do just with HR but HR gives us so much you know content to get jumpstart, then when we engage with the real users, we are not going with a blank sheet of paper we are going with something that they can react to and they can add to it. So we are doing a design thinking with them with something they can begin start together rather than you know white canvas and telling, tell me what do you want? I mean, he's asked, what do you want, you'll be getting, you know finding the sky on the moon. >> Well, it's a good thing you have those virtual stickies to help with that design thinking, right? You know, one of the things that I've been been saying is that, you know we've never seen obviously anything like this before a forced shutdown to the economy, which is why we're going to remember it. And like 911, you know post 911 we are going to see some things here that that have permanence, bad post GDPR for example, it required, certain changes. So, Donna, I want to begin start with you. Just it's ironic that, you know we're starting a new decade with this crisis. We're not just going to go back and revert the 2019 there's not just going to be some, you know all of a sudden, everything is rosy again, it's not. There's going to be certain permanent changes. How much have you thought about that? And do you have any visibility on what those are going to be? >> Yeah, you know when I stepped back and I think about this, and I think a large part of it has to do with much of what Meerah was just talking about in terms of design thinking. It's really, I think, for all of us, it's coming back to recognize that this became almost a forced opportunity to focus on business continuity. And how do we think about what's right for us as we move forward? But the design of that is based on what is right? What's the context for that particular business? What's the culture of that organization? What are the products and services that, you know that business provides? What are the subcultures in the organization? So, for me, it really does step back to say, look, we need to focus on business continuity. And now we have a couple of new models where you know in the past, it would be really easy for managers to say, you know I don't think my team can work remotely or your job isn't possible to do remotely. And now what we're finding in many businesses is that many jobs can actually be done remotely if they're provided the right tools and the right resources. So for me it, I step back and say, as we think about the business continuity going forward, there is a new way to work. It is a combination of finding that flexibility between working in the office and remote work and providing the right tools that enable employees to be able to do it successfully. >> You know, Meerah, this notion that Don is bringing up of business continuance, I've sort of been noodling on this and thinking that going forward, one of the things that will change is that companies might be willing to sub optimize near term performance to put in better business resiliency. Now at the same time, I know how CEOs thing and they say, okay great, we're going to make that investment. Yeah, fine. We'll maybe sacrifice some short term performance, but I had a really interesting conversation recently with a chief data officer said you don't have to sacrifice necessarily, with with data in this new era, there actually are ways in which you can both drive business resilience and drive productivity and ultimately profitability. What's your thinking on on that sort of imbalance or balance, if you will? >> I agree with that statement. Because to me, you know today's business we need to look at I mean, especially with the cloud and some of the new technologies that we have, I mean, even I see this thing coming out of COVID there's going to be industries that are going to come out new business models that are going to emerge, right? I mean, think about telemedicine, we have been very, very hesitant about telemedicine for decades now. I mean, that's not a new concept, but we have been very hesitant. we said, I have to see the doctor. But today, pretty much everybody except for if you're seriously injured, you're getting telemedicine. That industry is going to work, right? So to me the statement you made is absolutely, absolutely, and for me, it's actually an opportunity coming out of an adversity that's going to come out. When I think about it, the most important thing I see is the businesses that are going to be successful. That's why even HR, you know partnership is even more greater. The businesses that has talent with digital dexterity are the ones that are going to win, right? I mean, regardless, you know whether you're in HR, whether you're in finance, whether you're in IT, you're in R&D, you're in manufacturing doesn't matter. Your digital dexterity of your company really makes you whether you win in the market, or you're you're one of those dinosaurs in the market, right? And how do you bring those together? That's a cultural change. That's actually educating, right? I mean, we don't want to leave, we already have talent shortage, and we don't want Want to leave a generation of population behind and focused on only the millennials and others because I mean, recently I've been going through the scaled agile framework, which is a lean agile and I really love the word of lean agile, lean has a lot of economies of scale. Agile brings a lot of agility. When you bring them together, you get both. And that's exactly what we need to do with our talent, bring the vision and bring this digital dexterity that we need to bring there. How we get it from a productivity? Of course, we want to be respectful of privacy. But as we have been going through we have been looking at different productivity metrics looking at, you know what is the usage pattern of our employees, how much code checking they've done? How was my MTTR being, I mean, in my organization, I've been looking at the velocity of our transaction processing and our issue resolution SLA times. And we also even, you know had a little because I think at the end of the day, we human we actually We are social animals, we need that patch. And we cannot forget, we are not mechanical, we are human. So we need that empathy and we need that emotional side of it. So we have been both qualitatively and quantitatively checking with our workforce, how they're feeling about it, and also looking at the data to see if the productivity is telling the story, what people are talking about. And to our surprise, you know 66% of our population, when we did this pulse survey said, they feel more productive in this situation, because many of them commented that, you know the time they save from not commuting, or the feel, just the sense of spending a little bit more time with the family is actually giving them that extra boost. And they can really do a work life integration, not like a work life balance they need to do. And we also heard about 11% felt pretty much they're in the same range. And but I also want to recognize it's not for everyone, right? I mean, we do have folks who are in manufacturing, they need to patch the physical things. And those jobs in certain days need to be, more physical. So there's about 3-5%, depending on your job function said, you know what I need access to the lab because I really deal with changing my connectivity, changing my or a dislike for the customer, I'm repairing their board, I really need to see that, those are the ones where we find kind of, you know absolute physical touch is required. >> You know, in a way, I mean, we're kind of lucky in the technology business talk about the digital transformation. I've been saying this is going to accelerate a lot of digital transformations. But for us, you look at the Cube, we've been up remote studios, no problem. You're a software company, you've already really transitioned largely to a subscription model so you can code remotely, but there are some industries in particular industries, where you guys sell a lot of product, I think about healthcare, you mentioned telemedicine, Meerah, financial services, defense, big users of VDI, they're highly regulated and secure industries. And while it's not, you know your main thrust, you talk to your peers and in those industries. So, and I've always said, you know some of these industries really haven't digitally transformed, they're actually kind of complacent. My feeling is that this is going to really accelerate, you know some of those-- >> Absolutely. Industries that haven't transformed and haven't been disrupted. I wonder if you could both comment from both a technology perspective and a people perspective. >> You know, I think, I think from the people perspective, it's really about mindset. And it and recognizing that how we approach these new problems and needs new ways of thinking about getting work done, is all about what our minds block us from thinking. And this pushed us into a situation where we've been able to demonstrate roles that we did not think could ever be done remotely, can actually be done remotely. And so for me, it is about a mindset shift. It's about enabling the dialogue sort of having the courage to have that dialogue inside of the organization to understand, again, what's the business context? What can we do in a more flexible way? And how do we continue to serve our customers the best that we can? >> I think for me, it comes down to you know protection is always an extinction, right? I mean, if you're trying to protect a current model, and if you're trying to be saying, you know, you don't want to be the dinosaur. Things are going to change and being proactive about the change and embracing the change will let you to some extent influence and control that change versus being the change being done to you. In this particular case, to me looking at it to see especially with today's technology around, you know manufacturing industry is probably going to see a lot of remote hands as well with IoT and robotics coming in. And I see that is going to be one area, you may see a drip down on type of talent that's getting extinct. On the other side, we are going to continue to see the demand on technology is going to continue to go up and especially which is already shortage. I mean, if I remember the last survey from KPMG, in December, the CIO survey said 60% of the CIOs responded, they are having challenges with the you know filling the roles and I also remember the other one is around Korn Ferry survey of technology talent shortage. By 2030, the expectation is we're going to leave around 8.7 billion or $7 trillion of revenue on the table and 85% will be unfulfilled. I mean, this is a time for, you know really how do you ensure there are industries that are going to transform which means there are certain skills, people need to reskill. I mean, even in technology that reskill and upskill is going to be a constant thing that's actually it's nobody is there, you know spark from that one, in my opinion in today's world. so that reskill and upskill is going to be the ones who are going to embrace that they're going to be in a bigger way and taking advantage of these transitions and transformations. I also think there are areas that we may see what we call the hype may have a broader adoption. So you'd mentioned about the chief data officer talking about how data can come in, I mean, I see automation accelerating and data is going to be a core component of acceleration. And you will see more and more you know things around how measurements becomes important as a start that leads to you know more data modeling that leads to more automation, that cycle is going to accelerate the influence of AI is going to accelerate even further than when we have said. I mean, I just wish some of the areas where, you know we have been slow in that option if you would have accelerated some of the challenges we are dealing with now with capacity, we wouldn't have been having problems. I mean, then I did a reflection with my team. The one of the highest one ranked by my leadership was we should have accelerated accelerated automation more. >> Well, I think what are some really, really interesting and deep points, but really no industry is safe, from disruption and in really Meerah to your points. If you're just paving the cow path, you're going to be in trouble. If you're trying to protect the past from the future, you're going to get disrupted. And I feel like you guys really have a good handle on this. And it's our pleasure to be able to post an interview such experts like yourselves, really appreciate you sharing your insights and your experience with with our audience. I mean, we're kind of all in this together. So thank you, Donna, Meerah, thanks so much for coming on the Cube. >> Thank you so much. >> Thank you for having us. >> You're welcome and thank you for watching everybody. This is Dave Vellante for the Cube. For my CXO series we will see you next time. (upbeat music)

>> From the Cube studios in Palo Alto in Boston, this is a Citrix Virtual Series examining the realities of a remote work world. >> Hello everybody, my name is Dave Vellante, and welcome to this cube conversation. You know, for the last several weeks, we've been interviewing key executives to really try to understand how they're responding to the COVID-19 crisis. And one of the key areas that we've been reporting on is the so called work from home offset, and I'll explain that in a little bit. But there are two great executives from Citrix that I'm really pleased to have on Donna Kimmel is the Executive Vice President and Chief chief people officer. Donna, great to see you. Thanks for coming on. >> Thank you. >> And she she's joined by Meerah Rajavel, who's the CIO of Citrix. Meerah, thank you as well. >> Thank you. >> So, I mean, this thing has been amazing. We've been doing a lot of research and it just obviously came out of the blue guys, if you would actually bring up that that chart. I want to set up the conversation here. This is something that we've been reporting on for a while. This is an ETR survey from about 1300 CIOs and IT practitioners that we asked them, how is your budget going to change in 2020 as a result of COVID? And you can see the red, we all know the story in the red, it's ugly. But surprisingly, about 35% of the respondents said no change. They're actually going to plow ahead. But what's even more surprising was 20 plus percent, about 21% said we're actually going to spend more. And so you can see from the data, that it's actually would be a lot worse, we're not for the green. Now, the reality is that green is a function really have worked from home infrastructure. And guys, that's something that I really want to talk to you about today. So, Donna, let me start with you. I mean, this is we're always talking about people, people process and technology. I mean, we went from put your toe in the water with work from home infrastructure, to all in. Your thoughts I mean, this is just overnight. >> Absolutely, you know, I think when I think about remote work and working from home, it is really not business as usual and probably was the biggest change that businesses have experienced, even in my career and many others. You know this was pretty much thrust upon us the work from home. And we realized that it requires new ways of thinking and behaving and operating. Our home offices quickly became kitchen tables and basements and bathrooms and bedrooms. And, in addition to it, not necessarily being set up the way that we would normally set it up if we knew we were going to work from home. It also didn't generally involve caring for family members at the same time. And so, most people thought for the first couple of weeks well, I can get through this. You know, for, it's not an extended period of time, but the reality is it's become an extended period of time. And I think ultimately, you know when we step back and think we're as humans, we're all survivors, and we're resilient. And there's a number of ways that, you know, we can help our employees as they make the adjustment that was really sort of pushed on them. >> Now, the executives that I've been talking to they, to a person start with, look, the safety and health of our team is the most important. So you obviously had to communicate that. Donna, I wonder if you could talk about sort of the priorities, you know what is it the cadence of your communication? The transparency of your communication? What really was your kind of first move, if you will? >> Yeah, absolutely. I think for us, one of the first things we had to step back and think about is, who are we what is what is our culture, what's important to us and we recognize it Citrix, it's our talent that makes the business successful. So we to show understand as much of the experience as possible that are that our employees are having, and really come at it from, I think a place of, of empathy. Listening to what's important to them, thinking about what's going to enable them to be successful because when our employees are successful, they truly drive success and a great experience for our customers. They're the ones out there helping to support our customers to support our sales partners, and certainly, ultimately, our communities. But when we think about this, we're thinking about the challenges, the opportunities, trying to develop plans and programs, and making sure that we have continuous information that is provided to our employees. And I think part of it you know we'll have an opportunity to talk with Meerah as well. When we step back, we think about kind of three things from a future of work perspective, we always think about the culture of the organization. Which is the embodiment of the values, the who we are and what we do. All of this clearly is grounded in the business objectives. So the first piece is our is our culture. The second piece is our physical space. So what is our environment like that enables us to be as productive as possible. And then the third piece is our digital space. If you can think about all of those almost as a Venn diagram, and that really puts the employee at the center. When we think about what's going to enable our employees to be successful, we think about that in a very holistic way. And so culture is sorry, did you want to-- >> Oh no please. >> Yeah. Culture for us is really grounded in our ability to drive trust in the organization. It's about that human connection. Because the more we can be connected with each other's managers to employees and peers to employees, the better off we are, people will feel less isolated. Because without that face to face, it makes it, and face to face and I'll say in person makes it a lot more difficult. The second piece that we focus on is that physical environment. And I think for many employees because they were thrust into the situation when they compare it to the work environment, when you're in the office, there's almost a professional feel, in that work environment and so employees feel a fair amount of pressure to try to create that same professionalism in their home. And the reality is, it's hard to do that. So it puts a lot of pressure on employees when they recognize that the whole family is quarantined with them, right? There's homeschooling going on. There's no childcare or eldercare. There's interruptions at inopportune times, barking dogs and cats walking across keyboards and family members doing drive-bys while the video cameras on and I think one of the things that we've been able to do is to help employees feel comfortable with that's who you are, that's our humanity. And the more we can help people feel comfortable about creating that physical space that's open and welcoming. That really helps drive that experience. And then the third piece, as I mentioned, is the digital space. And that's really where the partnership with Meerah comes in is so, so important, do they have the right tools and technology at home to be able to drive that experience? And for us, you know as Meerah and I have talked that partnership between IT and HR is critical. We're almost like the new BFFs in order to drive variance to enable our employees to be as productive as possible in this work from home. >> All right, so Meerah, let's let's get into that. So once you've established the safety, the health of your your employees, obviously financial flexibility and runway and the like their physical digital space. Now, you're really under a microscope with the tech. Now, of course, Citrix has been in this business for decades. So you know a lot about this, but nonetheless, this is really new. You were thrust into it overnight. Your thoughts on on how you responded and you know kind of where we're at in that journey. >> Absolutely, absolutely. So one other thing Donna mentioned, right, the three aspects when we moved to work from home, the biggest piece of this aspect that made it like for example, she was telling, I mean, I myself, we are in transition. I'm moving from Austin, Texas to Florida when it is all in the middle. I'm right now in the middle of my transition, I'm not settled my new house. And literally I'm doing this interview with the sitting my laptop on top of cereal boxes right now. That's actually something that I empathize clearly with my employees. So the physical space when we are in an office location is not any more that we can control. So the digital space need to really compensate for the physical space. The culture is something I think we are very lucky being in Citrix, the notion of what we have been always been talking about remote work, and employee experience, we have got that ingrained. So when we have to go into this remote workspace, work force culture, the culture is something that I would say we had some foundation to stand on. But IT has to come in, it's not an easy job because we want to give people the ability to do they what they want to do in a productive fashion. But now digital need to compensate for the physical, you know efficiencies that are possibly lacking in a home environment. So I looked at it from three C's, right? It starts with connectivity, right? Connectivity being are we providing the right kind of connectivity, which is to a secure connection. At the end of the day my job here is to make the employee productive and secure at the same time. It's not just about the productivity, but also wrap it up with a greater experience. So we start looking at connectivity from a security point of view, from performance point of view, using you know technologies like SDVAN and maximizing their performance to the nearest, how we can, you know break out the circuits to maximize performance for our employees. We also need to take into account that there are countries we went into the last mile to understand where the true problem is. Because if you go to Asia, there are so many countries, you know even if we can provide superior experience, their experience is very dependent on the local connectivity. So we need to look at, okay, how do we ensure our heavy duty applications are in a way optimized so it doesn't become a productivity tip for the employee. The second is if you think about productivity for employees, and it's all about information sharing and content sharing, right? So I call the second C is the content. The ability for the employee to have the right data at the right place. So they can make decisions and they can be productive. So using things like whether it is your ShareFile or your OneDrive or your collaboration platform JIRA, it doesn't matter, but you have to really make sure that data and information are available. And we focused on making sure that we are streamlined that and communicating about that very vocally like to Donna's point. The third C we looked at was collaboration, right? I mean, that's actually where, we are now compensating for the physical touch with a digital touch. So that includes things like your audio conferencing platform, your video conferencing platform, your ability to bring these different facets together, right? I mean, the ability to share, a ability to whiteboard I had last week, three days off site, and it was a complete virtual off site with nine hours of working session. And we used all kinds of tools that literally we had digital stickies to move around that integrated into our video conferencing platform that integrated into our conference sharing platform. So whatever we are doing, these are all connected. And the end of the day I truly felt like you know what i can contribute to not you know adding to the carbon footprint of the globe, because we have people from all over the globe, all of a sudden, I'm getting feedback from employees saying now the playing field is completely level down, people who have been remote users before they felt they had a short stick. Now everybody's same. In fact, my staff actually talked to one of my permanent remote employees and say, hey, what is the tips that I can use from you to make sure I'm productive, right? So I see the culture aspect is super important. That's actually bringing us together, but it is from a technology and digital point of view, bringing your, you know connectivity, content and collaboration in a way that it's going to be secure and in a way that we are looking at it with the aspect of your culture and from the employee shoes is a super important thing from a technology point. >> So Donna, you mentioned the sort of BFF between between HR and IT now, of course, HR IT have always had a relationship but it really has been around that Human Capital Managers Software, whether it was simplified and efficient onboarding or certain, change management functions. What have you been able to learn from that relationship and apply and what's new? >> You know, I think, what we're doing together what Meerah and I and the IT in the HR organizations are really doing together is truly understanding what it means to enable productivity for employees. And when you think about having the right tools to enable employees to be productive, doing that in alignment with the culture of the organization, what is it that drives our sense of meaning and accomplishment? And then being able to do it in a way both in a physical environment whether that physical environment is in the office or if it is remote. We do Look collectively together at the change management, how do you get employees to adopt new ways of doing things? And utilize that and learn from it. So we experiment with certain types of productivity tools, as Meerah was, was talking about, which ones worked, which ones needed to change, what worked for some teams and didn't work for others, when she and I can do that together, and our departments can do that together that enables us to truly drive productivity across the organization. >> Yeah, I would probably add one more thing to what Donna said. I mean, one of the thing is, also if you think about it, you know the human resource, the talent organization has a much better understanding of the culture of the subcultures, right? I mean, I've never been in a company even when it's 1000 people company, you have subcultures. And HR is in involved in the culture of those subcultures as we are going through. From IT point of view, we look at it from user personas, okay? So a salesperson who's actually always on road or always like more of a remote worker versus an engineering person. I mean, we are a software company and R&D persona requires a different set of productivity tools, compared to a salesperson compared to an executive compared to an executive assistant, right? So for us, it's actually bringing that different functional line of business. And that type of personas. And HR is absolutely crucial because as we are looking at it, we're saying, hey, what is the success for this organization, and what's the culture of that organization and one of the primary job roles and we don't do just with HR but HR gives us so much you know content to get jumpstart, then when we engage with the real users, we are not going with a blank sheet of paper we are going with something that they can react to and they can add to it. So we are doing a design thinking with them with something they can begin start together rather than you know white canvas and telling, tell me what do you want? I mean, he's asked, what do you want, you'll be getting, you know finding the sky on the moon. >> Well, it's a good thing you have those virtual stickies to help with that design thinking, right? You know, one of the things that I've been been saying is that, you know we've never seen obviously anything like this before a forced shutdown to the economy, which is why we're going to remember it. And like 911, you know post 911 we are going to see some things here that that have permanence, bad post GDPR for example, it required, certain changes. So, Donna, I want to begin start with you. Just it's ironic that, you know we're starting a new decade with this crisis. We're not just going to go back and revert the 2019 there's not just going to be some, you know all of a sudden, everything is rosy again, it's not. There's going to be certain permanent changes. How much have you thought about that? And do you have any visibility on what those are going to be? >> Yeah, you know when I stepped back and I think about this, and I think a large part of it has to do with much of what Meerah was just talking about in terms of design thinking. It's really, I think, for all of us, it's coming back to recognize that this became almost a forced opportunity to focus on business continuity. And how do we think about what's right for us as we move forward? But the design of that is based on what is right? What's the context for that particular business? What's the culture of that organization? What are the products and services that, you know that business provides? What are the subcultures in the organization? So, for me, it really does step back to say, look, we need to focus on business continuity. And now we have a couple of new models where you know in the past, it would be really easy for managers to say, you know I don't think my team can work remotely or your job isn't possible to do remotely. And now what we're finding in many businesses is that many jobs can actually be done remotely if they're provided the right tools and the right resources. So for me it, I step back and say, as we think about the business continuity going forward, there is a new way to work. It is a combination of finding that flexibility between working in the office and remote work and providing the right tools that enable employees to be able to do it successfully. >> You know, Meerah, this notion that Don is bringing up of business continuance, I've sort of been noodling on this and thinking that going forward, one of the things that will change is that companies might be willing to sub optimize near term performance to put in better business resiliency. Now at the same time, I know how CEOs thing and they say, okay great, we're going to make that investment. Yeah, fine. We'll maybe sacrifice some short term performance, but I had a really interesting conversation recently with a chief data officer said you don't have to sacrifice necessarily, with with data in this new era, there actually are ways in which you can both drive business resilience and drive productivity and ultimately profitability. What's your thinking on on that sort of imbalance or balance, if you will? >> I agree with that statement. Because to me, you know today's business we need to look at I mean, especially with the cloud and some of the new technologies that we have, I mean, even I see this thing coming out of COVID there's going to be industries that are going to come out new business models that are going to emerge, right? I mean, think about telemedicine, we have been very, very hesitant about telemedicine for decades now. I mean, that's not a new concept, but we have been very hesitant. we said, I have to see the doctor. But today, pretty much everybody except for if you're seriously injured, you're getting telemedicine. That industry is going to work, right? So to me the statement you made is absolutely, absolutely, and for me, it's actually an opportunity coming out of an adversity that's going to come out. When I think about it, the most important thing I see is the businesses that are going to be successful. That's why even HR, you know partnership is even more greater. The businesses that has talent with digital dexterity are the ones that are going to win, right? I mean, regardless, you know whether you're in HR, whether you're in finance, whether you're in IT, you're in R&D, you're in manufacturing doesn't matter. Your digital dexterity of your company really makes you whether you win in the market, or you're you're one of those dinosaurs in the market, right? And how do you bring those together? That's a cultural change. That's actually educating, right? I mean, we don't want to leave, we already have talent shortage, and we don't want Want to leave a generation of population behind and focused on only the millennials and others because I mean, recently I've been going through the scaled agile framework, which is a lean agile and I really love the word of lean agile, lean has a lot of economies of scale. Agile brings a lot of agility. When you bring them together, you get both. And that's exactly what we need to do with our talent, bring the vision and bring this digital dexterity that we need to bring there. How we get it from a productivity? Of course, we want to be respectful of privacy. But as we have been going through we have been looking at different productivity metrics looking at, you know what is the usage pattern of our employees, how much code checking they've done? How was my MTTR being, I mean, in my organization, I've been looking at the velocity of our transaction processing and our issue resolution SLA times. And we also even, you know had a little because I think at the end of the day, we human we actually We are social animals, we need that patch. And we cannot forget, we are not mechanical, we are human. So we need that empathy and we need that emotional side of it. So we have been both qualitatively and quantitatively checking with our workforce, how they're feeling about it, and also looking at the data to see if the productivity is telling the story, what people are talking about. And to our surprise, you know 66% of our population, when we did this pulse survey said, they feel more productive in this situation, because many of them commented that, you know the time they save from not commuting, or the feel, just the sense of spending a little bit more time with the family is actually giving them that extra boost. And they can really do a work life integration, not like a work life balance they need to do. And we also heard about 11% felt pretty much they're in the same range. And but I also want to recognize it's not for everyone, right? I mean, we do have folks who are in manufacturing, they need to patch the physical things. And those jobs in certain days need to be, more physical. So there's about 3-5%, depending on your job function said, you know what I need access to the lab because I really deal with changing my connectivity, changing my or a dislike for the customer, I'm repairing their board, I really need to see that, those are the ones where we find kind of, you know absolute physical touch is required. >> You know, in a way, I mean, we're kind of lucky in the technology business talk about the digital transformation. I've been saying this is going to accelerate a lot of digital transformations. But for us, you look at the Cube, we've been up remote studios, no problem. You're a software company, you've already really transitioned largely to a subscription model so you can code remotely, but there are some industries in particular industries, where you guys sell a lot of product, I think about healthcare, you mentioned telemedicine, Meerah, financial services, defense, big users of VDI, they're highly regulated and secure industries. And while it's not, you know your main thrust, you talk to your peers and in those industries. So, and I've always said, you know some of these industries really haven't digitally transformed, they're actually kind of complacent. My feeling is that this is going to really accelerate, you know some of those-- >> Absolutely. Industries that haven't transformed and haven't been disrupted. I wonder if you could both comment from both a technology perspective and a people perspective. >> You know, I think, I think from the people perspective, it's really about mindset. And it and recognizing that how we approach these new problems and needs new ways of thinking about getting work done, is all about what our minds block us from thinking. And this pushed us into a situation where we've been able to demonstrate roles that we did not think could ever be done remotely, can actually be done remotely. And so for me, it is about a mindset shift. It's about enabling the dialogue sort of having the courage to have that dialogue inside of the organization to understand, again, what's the business context? What can we do in a more flexible way? And how do we continue to serve our customers the best that we can? >> I think for me, it comes down to you know protection is always an extinction, right? I mean, if you're trying to protect a current model, and if you're trying to be saying, you know, you don't want to be the dinosaur. Things are going to change and being proactive about the change and embracing the change will let you to some extent influence and control that change versus being the change being done to you. In this particular case, to me looking at it to see especially with today's technology around, you know manufacturing industry is probably going to see a lot of remote hands as well with IoT and robotics coming in. And I see that is going to be one area, you may see a drip down on type of talent that's getting extinct. On the other side, we are going to continue to see the demand on technology is going to continue to go up and especially which is already shortage. I mean, if I remember the last survey from KPMG, in December, the CIO survey said 60% of the CIOs responded, they are having challenges with the you know filling the roles and I also remember the other one is around Korn Ferry survey of technology talent shortage. By 2030, the expectation is we're going to leave around 8.7 billion or $7 trillion of revenue on the table and 85% will be unfulfilled. I mean, this is a time for, you know really how do you ensure there are industries that are going to transform which means there are certain skills, people need to reskill. I mean, even in technology that reskill and upskill is going to be a constant thing that's actually it's nobody is there, you know spark from that one, in my opinion in today's world. so that reskill and upskill is going to be the ones who are going to embrace that they're going to be in a bigger way and taking advantage of these transitions and transformations. I also think there are areas that we may see what we call the hype may have a broader adoption. So you'd mentioned about the chief data officer talking about how data can come in, I mean, I see automation accelerating and data is going to be a core component of acceleration. And you will see more and more you know things around how measurements becomes important as a start that leads to you know more data modeling that leads to more automation, that cycle is going to accelerate the influence of AI is going to accelerate even further than when we have said. I mean, I just wish some of the areas where, you know we have been slow in that option if you would have accelerated some of the challenges we are dealing with now with capacity, we wouldn't have been having problems. I mean, then I did a reflection with my team. The one of the highest one ranked by my leadership was we should have accelerated accelerated automation more. >> Well, I think what are some really, really interesting and deep points, but really no industry is safe, from disruption and in really Meerah to your points. If you're just paving the cow path, you're going to be in trouble. If you're trying to protect the past from the future, you're going to get disrupted. And I feel like you guys really have a good handle on this. And it's our pleasure to be able to post an interview such experts like yourselves, really appreciate you sharing your insights and your experience with with our audience. I mean, we're kind of all in this together. So thank you, Donna, Meerah, thanks so much for coming on the Cube. >> Thank you so much. >> Thank you for having us. >> You're welcome and thank you for watching everybody. This is Dave Vellante for the Cube. For my CXO series we will see you next time. (upbeat music)

>> Announcer: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world this is theCUBE conversation. >> Hello everybody, my name is Dave Vellante welcome to this CUBE conversation. You know for the last several weeks, we've been interviewing key executives to really try to understand how they're responding to the COVID-19 crisis. And one of the key areas that we've been reporting on is the so-called work from home offset. And I'll explain that in a little bit, but there are two great executives from Citrix that I'm really please to have on. Donna Kimmel, the Executive Vice-President and Chief People Officer. Donna, great to see ya', thanks for comin' on. >> Thank you. >> And she's joined by Meerah Rajavel who's the CIO of Citrix. Meerah, thank you as well. >> Thank you. >> So I mean this thing, it's been amazing. We've been doing a lot of research and it just obviously came out of the blue. Guys, if you would actually bring up that chart, I want to sort of set up the conversation here. This is something that we've been reporting on for a while. This is an ETR survey from about 1300 CIO's and IT practitioners that, we asked them how is your budget going to change in 2020 as a result of COVID? And you can see the red. We all know the story in the red, it's ugly. But surprisingly about 35% of the respondents said, no change. They're actually going to plow ahead, but what's even more surprising was 20 plus percent, about 21% said, we're actually going to spend more. And so you can see from the data that it's actually would be a lot worse were it not for the green. Now the reality is, that green is a function really of work from home infrastructure and guys that's something that I really want to talk to you about today. So, Donna let me start with you. I mean we always talk about people, process and technology. I mean we went from put your toe in the water with work from home infrastructure to all in. (chuckles) Your thoughts, I mean this is just overnight. >> Absolutely. You know I think when I think about remote work and working from home, it is really not business as usual. And probably was the biggest change that businesses have experienced, even in my career and many others. This was pretty much thrust upon us, the work from home. And we realize that it requires new ways of thinking and behaving and operating. Our home offices quickly became kitchen tables and basements and bathrooms and bedrooms. And in addition to it not neccesarily being setup the way we would normally set it up if we knew we were going to work from home. It also didn't generally involve caring for family members at the same time. And so most people thought for the first couple of weeks, well I can get through this you know for it's not an extended period of time, but the reality it's become an extended period of time. And I think ultimately, you know when we step back and think we're, as humans, we're all survivors and we're resilient. And there's a number of ways that we can help our employees as they make the adjustment that was really sort of pushed on them. >> Now, the executives that I've been talking to, they to a person start with look, the safety and health of our team is the most important. So you obviously had to communicate that, Donna. I wonder if you could talk about sort of the priorities, how you, you know what is it the cadence of your communication, the transparency of your communication, what really was your, sort of first move if you will? >> Yeah, absolutely, I think for us, one of the first things we had to step back and think about is, who are we, what is our culture, what's important to us? And we recognize at Citrix, that it's our talent that makes the business successful, so we need to show, understand as much of the experience as possible that our employees are having. And really come at it from, I think a place of empathy. Listening to what's important to them, thinking about what's going to enable them to be successful. Because when are employees are successful, they truly drive success and a great experience for our customers. They're the ones out there helping to support our customers to support our sales partners, and certainly ultimately our community. But when we think about this, we're thinking about the challenges, the opportunities, trying to developing plans and programs and making sure that we have continuous information that is provided to our employees. And I think part of it, we'll have an opportunity to talk with Meerah as well. When we step back, we think about kind of three things from a future of work perspective. We always think about the culture of the organization, which is the embodiment of the values, the who we are and what we do. All of this clearly is grounded in the business objectives. So the first piece is our culture. The second piece is our physical space. So what is our environment like that enables us to be as productive as possible? And then the third piece is our digital space. If you can think about all of those almost as a Venn diagram, that really puts the employee at the center. When we think about what's going to enable our employees to be successful, we think about that in a very holistic way. And so, culture is, sorry did you want to, I'm, >> Oh no, please, keep on talking, go ahead. >> Yeah, I was just going to say culture for us is really grounded in our ability to drive trust in the organization. It's about that human connection. Because the more we can be connected with each other as managers to employees and peers to employees, the better off we are. People will feel less isolated, because without that face to face it makes it, and face to face and I'll say in person makes it a lot more difficult. The second piece that we focus on is that physical environment. And I think for many employees, because they were thrust into the situation. When they compare it to the work environment, when you're in the office there's almost a professional feel, in that work environment. And so employees feel a fair amount of pressure to try to create that same professionalism at their home. And the reality is, it's hard to do that. So it puts a lot of pressure on employees when they recognize that the whole family is quarantined with them. Right there's home schooling going on, there's no child care or elder care, there's interruptions at inopportune times, barking dogs and cats walking across keyboards and family members doing drive-bys while the video camera's on. And I think one of the things that we've been able to do is to help employees feel comfortable with, that's who you are, that's our humanity. And the more we can help people feel comfortable about creating that physical space that's open and welcoming, that really helps drive that experience. And then the third piece as I mentioned, is the digital space. And that's really where the partnership with Meerah comes in and is so, so important. Do they have the right tools and technology at home to be able to drive that experience? And for us, you know as Meerah and I have talked that partnership between IT and HR is critical. We're almost like the new BFF. In order to drive the right experience to enable our employees to be as productive as possible in this work from home. >> All right, so Meerah let's get into that. So once you've established though the self, the safety, the health, of your employees obviously financial flexibility, and Runway and the like, their physical digital space. Now you're really under a microscope with the tech. Now, of course Citrix has been in this business for decades. So you know a lot about this, but nonetheless, this is really new. You were thrust into it overnight. Your thoughts on how you responded and you know kind of where we're at in that journey. >> Absolutely, absolutely. So one of the things Donna mentioned right, the three aspects. When we move to work from home the biggest piece of this aspect that made it, like for example she was telling, like myself, we are in transition. I'm moving from Austin, Texas to Florida when it is all in the middle, I'm right now in the middle of my transition, I'm not settled in my new house and literally I'm doing this interview with the, sitting my laptop on top of cereal boxes, right now. That's actually something that I empathize clearly with my employees. So the physical space, when you are in an office location it's not anymore that we can control. So the digital space needs to really compensate for the physical space. The culture is something, I think we are very lucky being in Citrix, the notion of what we have always been talking about remote work and employee experience, we have got that ingrained so when we have to go into this remote work space in a work force culture, the culture is something that I would say we had some foundation to stand on. But IT has to come in. It's not an easy job, because we want to give people the ability to do what they want in a productive fashion, but now digital needs to compensate for the physical, you know efficiency that are possibly lacking in a home environment. So I looked at it from three C's. It starts with connectivity, right. Connectivity being, are we providing the right kind of connectivity which is through a secure connection. At the end of the day, my job here is to make the employee productive and secure at the same time. It's not just about the productivity, but wrap it up with the greater experience. So we start looking at connectivity from a security point of view, from a performance point of view, using technologies like Sdram and maximizing their performance to their nearest, how we can break out the security to maximize performance for our employees. We also need to take into account that there are countries we went into the last way understand where the true problem, because if you go to Asia, there are so many countries, you know even if we can provide experience, they're experience is very dependent on the local connectivity. So we need to look at, okay how do we ensure our heavy duty applications are in a very optimized so it doesn't become a productivity hit for the employee. The second is you think about productivity for employees, and it's all about information sharing and content sharing right. So I call the second C is the content. The ability for the employee to have the right data, the right place and so they can make decisions and they can be productive. So using things like, whether it is your share file or your OneDrive or your vision platform, G-Drive, it doesn't matter, but you have to really make sure the data and information are available and be focused on making sure that they are streamlined and communicating about that very openly, like to Donna's point. The third C we looked at was collaboration, right. I mean that's actually with, you know we are now compensating for the physical touch with a digital touch. So that includes things like your audio conferencing platform, your videoconferencing platform, your ability to bring these different facets together right. I mean the ability to share, the ability to white board. I had last week, three days offsite and it was a complete virtual offsite with nine hours of working sessions and we used all kinds of tools that literally we had digital sticky's to move around that integrated into our videoconferencing platform that integrated into our conference sharing platform. So that whatever they are doing, those are all connected. At the end of the day, I truly felt like you know what? I can contribute to not adding to the carbon footprint of the globe. Because truly we had people from all over the globe, all of us set in. I'm getting feedback from employees saying, now the playing field is completely leveled down. People who were being remote users before, they felt they had a short stick. Now everybody's same, in fact my staff actually talked to one of my permanent remote employee and say, "Hey what is some tips that I can use from you "to make sure I'm productive, right?" So I see the culture aspect is super important that's actually bringing us together, but it is from a technology and digital point of view, bringing your you know connectivity, content and collaboration in a way that it's going to be secure and innovative. We are looking at it with the aspect of your culture and from the employee shoes is a super important thing from a technology point of view. >> So Donna you mentioned the sort of BFF between HR and IT. Now of course, HR and IT have always had a relationship, but it really has been around, like you know Human Capital Management software, whether it was simplified and efficient, onboarding, or certain you know change management functions. What have you been able to learn from that relationship and apply and what's new? >> You know, I think, what we're doing together, what Meerah and I and the IT and the HR organizations are really doing together is truly understanding what it means to enable productivity for employees. And when you think about having the right tools to enable employees to be productive, doing that in alignment with the culture of the organization. What is it that drives our sense of meaning and accomplishment? And then being able to do it in a way, both in a physical environment, whether that physical environment is in the office or if it is remote, we do look collectively together at the change management. How do you get employees to adopt new ways of doing things? And utilize that and learn from it. So if we experiment with certain types of productivity tools as Meerah was talking about. Which ones work, which ones needed a change, what works for some teams and didn't work for others? When she and I can do that together and our departments can do that together, that enables us to truly drive productivity across the organization. >> I would probably add one more thing to what Donna said. I mean the thing is, also if you think about it, you know the human resources, the talent organization has a much better understanding of the culture, of the sub-cultures, right. I mean I've never been in a company even when it's a thousand people company, you have sub-cultures. And HR you know involved in the culture of those sub-cultures. As we are going through from IT point of view, we look at it from user persona, okay. So a salesperson who's actually always on the road or always like more remote worker versus an engineering person. I mean we are a software company, an R & D persona quite a different set of productivity tools compared to a sales person, compared to an executive, compared to an executive assistant right. So for us, it's actually bringing that different functional line of business and the type of persona. And HR is absolutely crucial because as we are looking at it they're saying, what is a success for this organization? And what the culture of the organization and what are the primary job roles? And we don't do it just with HR, but HR uses so much content to get jump start and then we engage with the real users. We are not going with a blank sheet of paper. We are going with something that they can react to and they add to it. So we're doing a design thinking with them that something they can be in start to get rather than you know white canvas and telling, tell me what do you want? I mean, you know ask what you want, you'll be getting pie in the sky and the moon. >> Well it's a good thing you have those virtual sticky's too. That'll help with that design thinking right? You know, one of the things that I've been saying is that you know, we've never seen obviously anything like this before, a forced shut down of the economy which is why we're going to remember it. And like 911, you know post 911, we are going to see some things here that have permanence. And post GDPR for example, it required certain changes. So Donna, I wonder if we could start with you, just and it's ironic that we're starting a new decade with this crisis. We're not just going to go back and revert to 2019. There's not just going to be some you know all of a sudden everything is rosy again, it's not. It's going to, there's going to be certain permanent changes. How much have you thought about that and do you have any visibility on what those are going to be? >> Yeah, you know when I step back and I think about this and I think a large part of it has to do with much of what Meerah was just talking about in terms of design thinking. It's really, I think for all of us, it's coming back to recognize that this became almost a forced opportunity to focus on business continuity. And how do we think about what's right for us as we move forward? But the design of that is based on what is right, what's the context for that particular business? What's the culture of that organization? What are the products and services that that business provides? What are the sub-cultures in the organization? So for me, it really does step back to say, look we need to focus on business continuity. And now we have a couple of new models, where in the past it would be really easy for managers to say, you know I don't think my team can work remotely, or your job isn't possible to do remotely. And now what we're finding in many businesses is that many jobs can actually be done remotely, if they're provided the right tools and the right resources. So for me, I step back and say, as we think about the business continuity going forward, there is a new way to work. It is a combination of finding that flexibility between working in the office and remote work. And providing the right tools that enable employees to be able to do it successfully. >> You know, Meerah this notion that Donna's bringing up of business continuance, I've sort of been noodling on this and thinking that going forward, one of the things that will change is that companies might be willing to sub-optimize near term performance to put in better business resiliency. Now at the same time, I know how CEO's think. And they say okay great, we're going to make that investment yeah, fine we'll maybe sacrifice some short term performance. But and I had a really interesting conversation recently with a chief data officer who said, you don't have to sacrifice necessarily with data in this new era. There actually are ways in which you can both drive business resilience and drive productivity and ultimately profitability. What's your thinking on that sort of imbalance or balance, if you will? >> I agree with that statement because to me, you know today's business we need to look at I mean especially with the cloud and some of the new technology that we have, I mean even, I seriously think coming out of COVID there's going to be industries that are going to come out new business models that are going to emerge, right. I mean think about Telemedicine. We have been very, very hesitant about Telemedicine for decades now. I mean that's not a new concept. But we have been very hesitant. We said, "I have to see the doctor." But today pretty much everybody, except for if your seriously injured you're getting Telemedicine. That industry is going to work right. So to me the statement you made is absolutely, absolutely for me it's actually an opportunity coming out of an adversity that's going to come out. When I think about it the most important thing I see is the businesses that are going to be successful, that's why even HR, you know partnership is even more greater. The businesses that have talent with digital dexterity are the ones that are going to win, right. I mean regardless you know, where you are in HR, whether you're in finance, whether you're in IT, you're in R & D, you're in manufacturing, doesn't matter. Your digital dexterity of your company really makes you, whether you win in the market or you're one of those dinosaurs in the market right. And how do you bring those together? That's a cultural change, that's actually educating right. I mean we don't want to leave, we already have talent shortage and we don't want to leave a generation of population behind and focused on only the millennials and others. Because I mean, recently I've been going through Scaled Agile Framework, which is a Lean-Agile. And I really love the board of Lean-Agile. Lean has a lot of economy's of scale. Agile brings a lot of volatility. When you bring them together you get both and that's exactly what we need to do with our talent. Bring the system and bring the digital dexterity that we need to bring to that. Can we get it from a productivity, of course we want to be respectful of privacy, but as we have been going through we have been looking at different productivity metrics, looking at you know, what is the usage pattern for employees? How much quotient they have done, how was my MTTR? I mean in my organization I've been looking at the velocity of all transaction processing, Azure, Allusion escalate time. And we also even you know kind of little, because I think at the end of the day we as humans, we actually are social animals. We need the touch and we can not forget, we are not mechanical, we are human. So we need that empathy and we need that emotional side of it. So we have been both qualitatively and quantitatively checking with our workforce, how they are feeling about it and also looking at the data to see if the productivity is telling the story what people are talking about. And quite surprised, 66% of our population when we did this culture survey, said they feel more productive in this situation, because many of them contribute it back to, the time they save from not commuting or they feel just the sense of spending a little bit more time with the family, is actually getting them an extra boost. And they can really do a work-life integration, not like a work-life balance they need to do and we also heard about 11% felt pretty much, they are in the same range. But I also want to recognize it's not for everyone, but I mean we do have folks who are in manufacturing, they need to touch the physical things. And those jobs in certain ways need to be, you know more physical. So there's about three to five percent depending on your job functions that, you know what I need access to the lab, because I really feel the changing my connectivity, changing my or just like for the customer I'm repairing their board. I really need to see that. Those are the ones where we find you know absolute physical touch is required. >> You know in a way I mean we're kind of lucky in the technology business, talk about the digital transformation and I've been saying this has been accelerate a lot of digital transformations. But for us, you look at theCUBE, we've been a remote studios, no problem. You're a software company. You've already really transitioned largely to a subscription model, so you can code remotely. But there are some industries and in particular industries where you guys sell a lot of product. I think about healthcare, you mentioned Telemedicine Meerah. Financial services, the Feds, big users of VDI, highly regulated and secure industries. While it's not you know your main thrust, you talk to your peers in those industries. So and I've always said you know some of these industries really haven't digitally transformed. They're actually kind of complacent. My feeling is that this is going to really accelerate you know some of those industries that haven't transformed and haven't been disrupted. I wonder if you could both, you know comment from both a technology perspective and a people perspective. >> You know I think from the people perspective it's really about mindset. And recognizing that how we approach these new problems and these new ways of thinking about getting work done is all about what our minds block us from thinking. And this pushed us into a situation where we've been able to demonstrate roles that we did not think could ever be done remotely, can actually be done remotely. And so for me it is about a mindset shift. It's about enabling the dialogue, sort of having the courage to have that dialogue inside of the organization to understand again what's the business context? What can we do in a more flexible way? And how do we continue to serve our customers the best that we can? >> I think for me it comes down to you know, protection is always in extinction, right, I mean if you're trying to protect a current model and you're trying to be, saying you know, you don't want to be the dinosaur. Things are going to change and being proactive about the change and embracing the change will let you, to some extent influence and control that change versus being the change being done to you. In this particular case, to me looking at it to see especially with today's technology around you know, manufacturing industry's probably going to see a lot of remote trends that while with IOT and robotics coming in. And I see there's going to be one area you may see a drift down on type of talent that's getting extinct. On the other side, we are going to continue to see the demand on technology is going to continue to go up. And especially which is already shortage I mean if I remember the last survey from KPMG in December, the CIO survey said 60% of the CIO's responded they are having challenges with you know filling the roles. And I also remember the other one is around country survey of technology talent shortage. By 2030 the expectation is we are going to leave something around 8.7 billion or seven trillion dollars of revenue on the table and 85% will be unfulfilled. I mean this is the time for you know, really how do you insure, there are industries that are going to transform which means there are certain skills people need re-skill. I mean, even in technology, the re-skill and the up-skill is good to be a constant thing that's actually it's, nobody is bit you know as far from that one in my opinion in today's world. So that re-skill and up-skill is going to, the one's who are going to embrace that, they're going to be in a bigger way, taking advantage of this transitions and transformation. I also think there are areas that we may see what we call the height may have a broader adoption. So you had mentioned about the chief data office, talking about how data can come in. I mean I see automation accelerating. And data is going to be a full component of acceleration and you will see more and more, you know things around how measurement becomes important as a start, that leads to you know more data modeling, that least to more automation. That cycle is going to accelerate. The influence of AI is going to actually even further than we have said. I just wish some of the areas with you know, we have been slow in adoption, a few have accelerated. Some of the challenges we are dealing with now with capacity, we wouldn't have been having problem. I mean when I did a reflection with my team, the one of the highest one ranked by my leadership was we should have accelerated automation more. >> Well I think was some really, really interesting and deep points. Really no industry is safe from disruption and really Meerah to your points, if you're just a paving the cow path, you're going to be in trouble. If you're trying to protect the past from the future you're going to get disrupted. And I feel like you guys really have a good handle on this and it's our pleasure to be able to host and interview such experts like yourselves. I really appreciate you're sharing your insights and your experience with our audience. I mean we're kind of all in this together. So thank you Donna, Meerah. Thanks so much for coming on theCUBE. >> Both: Thank you so much for having us. >> You're welcome and thank your for watching everybody. This is Dave Vellante for theCUBE for my CXO series. We will see you next time. (calm music)