(lively music) >> Welcome back to our coverage of Cloud Native Security Con. I'm Dave Vellante, here in our Boston studio. We're connecting today, throughout the day, with Palo Alto on the ground in Seattle. And right now I'm here with Michael Foster with Red Hat. He's on the ground in Seattle. We're going to discuss the trends and containers and security and everything that's going on at the show in Seattle. Michael, good to see you, thanks for coming on. >> Good to see you, thanks for having me on. >> Lot of market momentum for Red Hat. The IBM earnings call the other day, announced OpenShift is a billion-dollar ARR. So it's quite a milestone, and it's not often, you know. It's hard enough to become a billion-dollar software company and then to have actually a billion-dollar product alongside. So congratulations on that. And let's start with the event. What's the buzz at the event? People talking about shift left, obviously supply chain security is a big topic. We've heard a little bit about or quite a bit about AI. What are you hearing on the ground? >> Yeah, so the last event I was at that I got to see you at was three months ago, with CubeCon and the talk was supply chain security. Nothing has really changed on that front, although I do think that the conversation, let's say with the tech companies versus what customers are actually looking at, is slightly different just based on the market. And, like you said, thank you for the shout-out to a billion-dollar OpenShift, and ACS is certainly excited to be part of that. We are seeing more of a consolidation, I think, especially in security. The money's still flowing into security, but people want to know what they're running. We've allowed, had some tremendous growth in the last couple years and now it's okay. Let's get a hold of the containers, the clusters that we're running, let's make sure everything's configured. They want to start implementing policies effectively and really get a feel for what's going on across all their workloads, especially with the bigger companies. I think bigger companies allow some flexibility in the security applications that they can deploy. They can have different groups that manage different ones, but in the mid to low market, you're seeing a lot of consolidation, a lot of companies that want basically one security tool to manage them all, so to speak. And I think that the features need to somewhat accommodate that. We talk supply chain, I think most people continue to care about network security, vulnerability management, shifting left and enabling developers. That's the general trend I see. Still really need to get some hands on demos and see some people that I haven't seen in a while. >> So a couple things on, 'cause, I mean, we talk about the macroeconomic climate all the time. We do a lot of survey data with our partners at ETR, and their recent data shows that in terms of cost savings, for those who are actually cutting their budgets, they're looking to consolidate redundant vendors. So, that's one form of consolidation. The other theme, of course, is there's so many tools out in the security market that consolidating tools is something that can help simplify, but then at the same time, you see opportunities open up, like IOT security. And so, you have companies that are starting up to just do that. So, there's like these countervailing trends. I often wonder, Michael, will this ever end? It's like the universe growing and tooling, what are your thoughts? >> I mean, I completely agree. It's hard to balance trying to grow the company in a time like this, at the same time while trying to secure it all, right? So you're seeing the consolidation but some of these applications and platforms need to make some promises to say, "Hey, we're going to move into this space." Right, so when you have like Red Hat who wants to come out with edge devices and help manage the IOT devices, well then, you have a security platform that can help you do that, that's built in. Then the messaging's easy. When you're trying to do that across different cloud providers and move into IOT, it becomes a little bit more challenging. And so I think that, and don't take my word for this, some of those IOT startups, you might see some purchasing in the next couple years in order to facilitate those cloud platforms to be able to expand into that area. To me it makes sense, but I don't want to hypothesize too much from the start. >> But I do, we just did our predictions post and as a security we put up the chart of candidates, and there's like dozens, and dozens, and dozens. Some that are very well funded, but I mean, you've seen some down, I mean, down rounds everywhere, but these many companies have raised over a billion dollars and it's like uh-oh, okay, so they're probably okay, maybe. But a lot of smaller firms, I mean there's just, there's too many tools in the marketplace, but it seems like there is misalignment there, you know, kind of a mismatch between, you know, what customers would like to have happen and what actually happens in the marketplace. And that just underscores, I think, the complexities in security. So I guess my question is, you know, how do you look at Cloud Native Security, and what's different from traditional security approaches? >> Okay, I mean, that's a great question, and it's something that we've been talking to customers for the last five years about. And, really, it's just a change in mindset. Containers are supposed to unleash developer speed, and if you don't have a security tool to help do that, then you're basically going to inhibit developers in some form or another. I think managing that, while also giving your security teams the ability to tell the message of we are being more secure. You know, we're limiting vulnerabilities in our cluster. We are seeing progress because containers, you know, have a shorter life cycle and there is security and speed. Having that conversation with the C-suites is a little different, especially when how they might be used to virtual machines and managing it through that. I mean, if it works, it works from a developer's standpoint. You're not taking advantage of those containers and the developer's speed, so that's the difference. Now doing that and then first challenge is making that pitch. The second challenge is making that pitch to then scale it, so you can get onboard your developers and get your containers up and running, but then as you bring in new groups, as you move over to Kubernetes or you get into more container workloads, how do you onboard your teams? How do you scale? And I tend to see a general trend of a big investment needed for about two years to make that container shift. And then the security tools come in and really blossom because once that core separation of responsibilities happens in the organization, then the security tools are able to accelerate the developer workflow and not inhibit it. >> You know, I'm glad you mentioned, you know, separation of responsibilities. We go to a lot of shows, as you know, with theCUBE, and many of them are cloud shows. And in the one hand, Cloud has, you know, obviously made the world, you know, more interesting and better in so many different ways and even security, but it's like new layers are forming. You got the cloud, you got the shared responsibility model, so the cloud is like the first line of defense. And then you got the CISO who is relying heavily on devs to, you know, the whole shift left thing. So we're asking developers to do a lot and then you're kind of behind them. I guess you have audit is like the last line of defense, but my question to you is how can software developers really ensure that cloud native tools that they're using are secure? What steps can they take to improve security and specifically what's Red Hat doing in that area? >> Yeah, well I think there's, I would actually move away from that being the developer responsibility. I think the job is the operators' and the security people. The tools to give them the ability to see. The vulnerabilities they're introducing. Let's say signing their images, actually verifying that the images that's thrown in the cloud, are the ones that they built, that can all be done and it can be done open source. So we have a DevSecOps validated pattern that Red Hat's pushed out, and it's all open source tools in the cloud native space. And you can sign your builds and verify them at runtime and make sure that you're doing that all for free as one option. But in general, I would say that the hope is that you give the developer the information to make responsible choices and that there's a dialogue between your security and operations and developer teams but security, we should not be pushing that on developer. And so I think with ACS and our tool, the goal is to get in and say, "Let's set some reasonable policies, have a conversation, let's get a security liaison." Let's say in the developer team so that we can make some changes over time. And the more we can automate that and the more we can build and have that conversation, the better that you'll, I don't say the more security clusters but I think that the more you're on your path of securing your environment. >> How much talk is there at the event about kind of recent high profile incidents? We heard, you know, Log4j, of course, was mentioned in the Keynote. Somebody, you know, I think yelled out from the audience, "We're still dealing with that." But when you think about these, you know, incidents when looking back, what lessons do you think we've learned from these events? >> Oh, I mean, I think that I would say, if you have an approach where you're managing your containers, managing the age and using containers to accelerate, so let's say no images that are older than 90 days, for example, you're going to avoid a lot of these issues. And so I think people that are still dealing with that aspect haven't set up the proper, let's say, disclosure between teams and update strategy and so on. So I don't want to, I think the Log4j, if it's still around, you know, something's missing there but in general you want to be able to respond quickly and to do that and need the tools and policies to be able to tell people how to fix that issue. I mean, the Log4j fix was seven days after, so your developers should have been well aware of that. Your security team should have been sending the messages out. And I remember even fielding all the calls, all the fires that we had to put out when that happened. But yeah. >> I thought Brian Behlendorf's, you know, talk this morning was interesting 'cause he was making an attempt to say, "Hey, here's some things that you might not be thinking about that are likely to occur." And I wonder if you could, you know, comment on them and give us your thoughts as to how the industry generally, maybe Red Hat specifically, are thinking about dealing with them. He mentioned ChatGPT or other GPT to automate Spear phishing. He said the identity problem is still not fixed. Then he talked about free riders sniffing repos essentially for known vulnerabilities that are slow to fix. He talked about regulations that might restrict shipping code. So these are things that, you know, essentially, we can, they're on the radar, but you know, we're kind of putting out, you know, yesterday's fire. What are your thoughts on those sort of potential issues that we're facing and how are you guys thinking about it? >> Yeah, that's a great question, and I think it's twofold. One, it's brought up in front of a lot of security leaders in the space for them to be aware of it because security, it's a constant battle, constant war that's being fought. ChatGPT lowers the barrier of entry for a lot of them, say, would-be hackers or people like that to understand systems and create, let's say, simple manifests to leverage Kubernetes or leverage a misconfiguration. So as the barrier drops, we as a security team in security, let's say group organization, need to be able to respond and have our own tools to be able to combat that, and we do. So a lot of it is just making sure that we shore up our barriers and that people are aware of these threats. The harder part I think is educating the public and that's why you tend to see maybe the supply chain trend be a little bit ahead of the implementation. I think they're still, for example, like S-bombs and signing an attestation. I think that's still, you know, a year, two years, away from becoming, let's say commonplace, especially in something like a production environment. Again, so, you know, stay bleeding edge, and then make sure that you're aware of these issues and we'll be constantly coming to these calls and filling you in on what we're doing and make sure that we're up to speed. >> Yeah, so I'm hearing from folks like yourself that the, you know, you think of the future of Cloud Native Security. We're going to see continued emphasis on, you know, better integration of security into the DevSecOps. You're pointing out it's really, you know, the ops piece, that runtime that we really need to shore up. You can't just put it on the shoulders of the devs. And, you know, using security focused tools and best practices. Of course you hear a lot about that and the continued drive toward automation. My question is, you know, automation, machine learning, how, where are we in that maturity cycle? How much of that is being adopted? Sometimes folks are, you know, they embrace automation but it brings, you know, unknown, unintended consequences. Are folks embracing that heavily? Are there risks associated around that, or are we kind of through that knothole in your view? >> Yeah, that's a great question. I would compare it to something like a smart home. You know, we sort of hit a wall. You can automate so much, but it has to actually be useful to your teams. So when we're going and deploying ACS and using a cloud service, like one, you know, you want something that's a service that you can easily set up. And then the other thing is you want to start in inform mode. So you can't just automate everything, even if you're doing runtime enforcement, you need to make sure that's very, very targeted to exactly what you want and then you have to be checking it because people start new workloads and people get onboarded every week or month. So it's finding that balance between policies where you can inform the developer and the operations teams and that they give them the information to act. And that worst case you can step in as a security team to stop it, you know, during the onboarding of our ACS cloud service. We have an early access program and I get on-calls, and it's not even security team, it's the operations team. It starts with the security product, you know, and sometimes it's just, "Hey, how do I, you know, set this policy so my developers will find this vulnerability like a Log4Shell and I just want to send 'em an email, right?" And these are, you know, they have the tools and they can do that. And so it's nice to see the operations take on some security. They can automate it because maybe you have a NetSec security team that doesn't know Kubernetes or containers as well. So that shared responsibility is really useful. And then just again, making that automation targeted, even though runtime enforcement is a constant thing that we talk about, the amount that we see it in the wild where people are properly setting up admission controllers and it's acting. It's, again, very targeted. Databases, cubits x, things that are basically we all know is a no-go in production. >> Thank you for that. My last question, I want to go to the, you know, the hardest part and 'cause you're talking to customers all the time and you guys are working on the hardest problems in the world. What is the hardest aspect of securing, I'm going to come back to the software supply chain, hardest aspect of securing the software supply chain from the perspective of a security pro, software engineer, developer, DevSecOps Pro, and then this part b of that is, is how are you attacking that specifically as Red Hat? >> Sure, so as a developer, it's managing vulnerabilities with updates. As an operations team, it's keeping all the cluster, because you have a bunch of different teams working in the same environment, let's say, from a security team. It's getting people to listen to you because there are a lot of things that need to be secured. And just communicating that and getting it actionable data to the people to make the decisions as hard from a C-suite. It's getting the buy-in because it's really hard to justify the dollars and cents of security when security is constantly having to have these conversations with developers. So for ACS, you know, we want to be able to give the developer those tools. We also want to build the dashboards and reporting so that people can see their vulnerabilities drop down over time. And also that they're able to respond to it quickly because really that's where the dollars and cents are made in the product. It's that a Log4Shell comes out. You get immediately notified when the feeds are updated and you have a policy in action that you can respond to it. So I can go to my CISOs and say, "Hey look, we're limiting vulnerabilities." And when this came out, the developers stopped it in production and we were able to update it with the next release. Right, like that's your bread and butter. That's the story that you want to tell. Again, it's a harder story to tell, but it's easy when you have the information to be able to justify the money that you're spending on your security tools. Hopefully that answered your question. >> It does. That was awesome. I mean, you got data, you got communication, you got the people, obviously there's skillsets, you have of course, tooling and technology is a big part of that. Michael, really appreciate you coming on the program, sharing what's happening on the ground in Seattle and can't wait to have you back. >> Yeah. Awesome. Thanks again for having me. >> Yeah, our pleasure. All right. Thanks for watching our coverage of the Cloud Native Security Con. I'm Dave Vellante. I'm in our Boston studio. We're connecting to Palo Alto. We're connecting on the ground in Seattle. Keep it right there for more coverage. Be right back. (lively music)

>> Narrator: "TheCUBE" presents Ignite 22. Brought to you by Palo Alto Networks. >> Hey everyone. Welcome back to "TheCUBE's" live coverage of Palo Alto Network's Ignite 22 from the MGM Grand in beautiful Las Vegas. I am Lisa Martin here with Dave Vellante. Dave, we just had a great conversa- First of all, we got to hear the keynote, most of it. We also just had a great conversation with the CEO and chairman of Palo Alto Networks, Nikesh Arora. You know, this is a company that was founded back in 2005, he's been there four years, a lot has happened. A lot of growth, a lot of momentum in his tenure. You were saying in your breaking analysis, that they are on track to nearly double revenues from FY 20 to 23. Lots of momentum in this cloud security company. >> Yeah, I'd never met him before. I mean, I've been following a little bit. It's interesting, he came in as, sort of, a security outsider. You know, he joked today that he, the host, I forget the guy's name on the stage, what was his name? Hassan. Hassan, he said "He's the only guy in the room that knows less about security than I do." Because, normally, this is an industry that's steeped in deep expertise. He came in and I think is given a good compliment to the hardcore techies at Palo Alto Network. The company, it's really interesting. The company started out building their own data centers, they called it. Now they look back and call it cloud, but it was their own data centers, kind of like Salesforce did, it's kind of like ServiceNow. Because at the time, you really couldn't do it in the public cloud. The public cloud was a little too unknown. And so they needed that type of control. But Palo Alto's been amazing story since 2020, we wrote about this during the pandemic. So what they did, is they began to pivot to the the true cloud native public cloud, which is kind of immature still. They don't tell you that, but it's kind of still a little bit immature, but it's working. And when they were pivoting, it was around the same time, at Fortinet, who's a competitor there's like, I call 'em a poor man's Palo Alto, and Fortinet probably hates that, but it's kind of true. It's like a value play on a comprehensive platform, and you know Fortinet a little bit. And so, but what was happening is Fortinet was executing on its cloud strategy better than Palo Alto. And there was a real divergence in the valuations of these stocks. And we said at the time, we felt like Palo Alto, being the gold standard, would get through it. And they did. And what's happened is interesting, I wrote about this two weeks ago. If you go back to the pandemic, peak of the pandemic, or just before the peak, kind of in that tech bubble, if you will. Splunk's down 44% from that peak, Okta's down, sorry, not down 44%. 44% of the peak. Okta's 22% of their peak. CrowdStrike, 41%, Zscaler, 36%, Fortinet, 71%. Not so bad. Palo Altos maintained 93% of its peak value, right? So it's a combination of two things. One is, they didn't run up as much during the pandemic, and they're executing through their cloud strategy. And that's provided a sort of softer landing. And I think it's going to be interesting to see where they go from here. And you heard Nikesh, we're going to double, and then double again. So that's 7 billion, 14 billion, heading to 30 billion. >> Lisa: Yeah, yeah. He also talked about one of the things that he's done in his tenure here, as really a workforce transformation. And we talk all the time, it's not just technology and processes, it's people. They've also seemed to have done a pretty good job from a cultural transformation perspective, which is benefiting their customers. And they're also growing- The ecosystem, we talked a little bit about the ecosystem with Nikesh. We've got Google Cloud on, we've got AWS on the program today alone, talking about the partnerships. The ecosystem is expanding, as well. >> Have you ever met Nir Zuk? >> I have not, not yet. >> He's the founder and CTO. I haven't, we've never been on "theCUBE." He was supposed to come on one day down in New York City. Stu and I were going to interview him, and he cut out of the conference early, so we didn't interview him. But he's a very opinionated dude. And you're going to see, he's basically going to come on, and I mean, I hope he is as opinionated on "TheCUBE," but he'll talk about how the industry has screwed it up. And Nikesh sort of talked about that, it's a shiny new toy strategy. Oh, there's another one, here's another one. It's the best in that category. Okay, let's get, and that's how we've gotten to this point. I always use that Optive graphic, which shows the taxonomy, and shows hundreds and hundreds of suppliers in the industry. And again, it's true. Customers have 20, 30, sometimes 40 different tool sets. And so now it's going to be interesting to see. So I guess my point is, it starts at the top. The founder, he's an outspoken, smart, tough Israeli, who's like, "We're going to take this on." We're not afraid to be ambitious. And so, so to your point about people and the culture, it starts there. >> Absolutely. You know, one of the things that you've written about in your breaking analysis over the weekend, Nikesh talked about it, they want to be the consolidator. You see this as they're building out the security supercloud. Talk to me about that. What do you think? What is a security supercloud in your opinion? >> Yeah, so let me start with the consolidator. So Palo Alto obviously is executing on that strategy. CrowdStrike as well, wants to be a consolidator. I would say Zscaler wants to be a consolidator. I would say that Microsoft wants to be a consolidator, so does Cisco. So they're all coming at it from different angles. Cisco coming at it from network security, which is Palo Alto's wheelhouse, with their next gen firewalls, network security. What Palo Alto did was interesting, was they started out with kind of a hardware based firewall, but they didn't try to shove everything into it. They put the other function in there, their cloud. Zscaler. Zscaler is the one running around saying you don't need firewalls anymore. Just run everything through our cloud, our security cloud. I would think that as Zscaler expands its TAM, it's going to start to acquire, and do similar types of things. We'll see how that integrates. CrowdStrike is clearly executing on a similar portfolio strategy, but they're coming at it from endpoint, okay? They have to partner for network security. Cisco is this big and legacy, but they've done a really good job of acquiring and using services to hide some of that complexity. Microsoft is, you know, they probably hate me saying this, but it's the just good enough strategy. And that may have hurt CrowdStrike last quarter, because the SMB was a soft, we'll see. But to specifically answer your question, the opportunity, we think, is to build the security supercloud. What does that mean? That means to have a common security platform across all clouds. So irrespective of whether you're running an Amazon, whether you're running an on-prem, Google, or Azure, the security policies, and the edicts, and the way you secure your enterprise, look the same. There's a PaaS layer, super PaaS layer for developers, so that that the developers can secure their code in a common framework across cloud. So that essentially, Nikesh sort of balked at it, said, "No, no, no, we're not, we're not really building a super cloud." But essentially they kind of are headed in that direction, I think. Although, what I don't know, like CrowdStrike and Microsoft are big competitors. He mentioned AWS and Google. We run on AWS, Google, and in their own data centers. That sounds like they don't currently run a Microsoft. 'Cause Microsoft is much more competitive with the security ecosystem. They got Identity, so they compete with Okta. They got Endpoint, so they compete with CrowdStrike, and Palo Alto. So Microsoft's at war with everybody. So can you build a super cloud on top of the clouds, the hyperscalers, and not do Microsoft? I would say no. >> Right. >> But there's nothing stopping Palo Alto from running in the Microsoft cloud. I don't know if that's a strategy, we should ask them. >> Yeah. They've done a great job in our last few minutes, of really expanding their TAM in the last few years, particularly under Nikesh's leadership. What are some of the things that you heard this morning that you think, really they've done a great job of expanding that TAM. He talked a little bit about, I didn't write the number down, but he talked a little bit about the market opportunity there. What do you see them doing as being best of breed for organizations that have 30 to 50 tools and need to consolidate that? >> Well the market opportunity's enormous. >> Lisa: It is. >> I mean, we're talking about, well north of a hundred billion dollars, I mean 150, 180, depending on whose numerator you use. Gartner, IDC. Dave's, whatever, it's big. Okay, and they've got... Okay, they're headed towards 7 billion out of 180 billion, whatever, again, number you use. So they started with network security, they put most of the network function in the cloud. They moved to Endpoint, Sassy for the edge. They've done acquisitions, the Cortex acquisition, to really bring automated threat intelligence. They just bought Cider Security, which is sort of the shift left, code security, developer, assistance, if you will. That whole shift left, protect right. And so I think a lot of opportunities to continue to acquire best of breed. I liked what Nikesh said. Keep the founders on board, sell them on the mission. Let them help with that integration and putting forth the cultural aspects. And then, sort of, integrate in. So big opportunities, do they get into Endpoint and compete with Okta? I think Okta's probably the one sort of outlier. They want to be the consolidator of identity, right? And they'll probably partner with Okta, just like Okta partners with CrowdStrike. So I think that's part of the challenge of being the consolidator. You're probably not going to be the consolidator for everything, but maybe someday you'll see some kind of mega merger of these companies. CrowdStrike and Okta, or Palo Alto and Okta, or to take on Microsoft, which would be kind of cool to watch. >> That would be. We have a great lineup, Dave. Today and tomorrow, full days, two full days of cube coverage. You mentioned Nir Zuk, we already had the CEO on, founder and CTO. We've got the chief product officer coming on next. We've got chief transformation officer of customers, partners. We're going to have great conversations, and really understand how this organization is helping customers ultimately achieve their SecOps transformation, their digital transformation. And really moved the needle forward to becoming secure data companies. So I'm looking forward to the next two days. >> Yeah, and Wendy Whitmore is coming on. She heads Unit 42, which is, from what I could tell, it's pretty much the competitor to Mandiant, which Google just bought. We had Kevin Mandia on at September at the CrowdStrike event. So that's interesting. That's who I was poking Nikesh a little bit on industry collaboration. You're tight with Google, and then he had an interesting answer. He said "Hey, you start sharing data, you don't know where it's going to go." I think Snowflake could help with that problem, actually. >> Interesting. >> Yeah, little Snowflake and some of the announcements ar Reinvent with the data clean rooms. Data sharing, you know, trusted data. That's one of the other things we didn't talk about, is the real tension in between security and regulation. So the regulators in public policy saying you can't move the data out of the country. And you have to prove to me that you have a chain of custody. That when you say you deleted something, you have to show me that you not only deleted the file, then the data, but also the metadata. That's a really hard problem. So to my point, something that Palo Alto might be able to solve. >> It might be. It'll be an interesting conversation with Unit 42. And like we said, we have a great lineup of guests today and tomorrow with you, so stick around. Lisa Martin and Dave Vellante are covering Palo Alto Networks Ignite 22 for you. We look forward to seeing you in our next segment. Stick around. (light music)

(upbeat music) >> Welcome back to theCUBE's live coverage of AWS re:Invent. Friends, it's good to see you. Lisa Martin here with Dave Vellante. This is our fourth day of CUBE wall-to-wall coverage, Dave. I can't believe it. And the expo hall is still going incredibly strong. >> Yeah, it is. It feels like the biggest re:Invent ever. I'm told it's almost as big as 2019. I don't know, maybe I was half asleep at 2019. That's very possible. But I'm excited because in 2017 Andy Jassy came on theCUBE and he said if Amazon had to do it all over again, if it knew then what it had now, we would've done the whole thing in containers or using Lambda, using serverless and using containers. Didn't have that opportunity back then. And I'm excited 'cause Rafay Systems is someone we've worked with a lot as an innovator in this space. >> Yep, and we're going to be talking with Rafay again. I think it's your 10th time Haseeb on the show >> Like once or twice. >> And a great customer who's going to talk about their serverless journey. Haseeb Budhani joins us once again, the CEO of Rafay. Great to see you. Rakesh Singh is here as well, the Head of Cloud and DevOps at Regeneron. Guys, it's great to have you on the program. How you feeling on day four of re:Invent? >> Excitement is as high as ever basically. >> Isn't it amazing? >> Rakesh: That's true. >> Haseeb: I just need some sleep. >> I'm with you on that. Caffeine and sleep. >> So many parties. So many meetings, oh my God. >> But the great thing is, Haseeb, that people want to engage with you. They're loving what Rafay is doing. You guys are a great testament to that, which we're going to uncover on the show. What are some of the things that you're hearing in the booth from customers? What's been some of the feedback? >> So firstly, as I said, it feels like the biggest one ever. I've been coming to re:Invent a long time and I mean, I know the numbers say it's not, but oh my God, this is a lot of people. Every time we've spoken over the last year and the point I always make to you, and we've spoken enough time about this is that enterprises are truly adopting this idea of Kubernetes containers, serverless, et cetera. And they're all trying to figure out what is the enterprise strategy for these things? They're thinking beyond technology and thinking operationalization of these technologies. And that's not the same thing. There's a toy and then there's the real thing. And that's not the same thing. And that's the gap that every enterprise customer I talked to and the booth traffic has been just amazing. I mean, but coming here I was thinking, my God, this is really expensive. And I'm thinking, wow, this is a great investment. Because we met such amazing companies who all essentially are saying exactly the same thing, which is as we go and productize and bring our high value applications to the modern infrastructure space, like Kubernetes, Lambda, et cetera, solving for the automation governance is really, really hard because, well, at one point, I guess when the economy was doing crazy well, I could keep hiring people, but I can't do that anymore either. So they're out looking for automation strategies that allow them to do more with the teams they have. And that's exactly what Rafay is here for. >> Yeah. Lisa, Adam Selipsky in his keynote, I love the, he said, "If you want to save money, the cloud is the place to do it." >> Exactly. Yep. Let's talk about Regeneron. Everyone knows it's a household word especially over the last couple of years, but talk about, Rakesh, Regeneron as a technology company that delivers life-saving pharmaceuticals. And where does cloud and Rafay fit into your strategy? >> So cloud has been a backbone of our compute strategy within Regeneron for a very long time now. The evolution from a traditional compute structure to more serverless compute has been growing at a rapid pace. And I would say like we are seeing exponential growth within the adaption of the compute within containers and Kubernetes world. So we've been on this journey for a long time and I think it's not stopping anytime soon. So we have more and more workload, which is running on Kubernetes containers and we are looking forward to our partnership with Rafay to further enhance it, as Haseeb mentioned, the efficiency is the key. We need to do more with less. Resourcing is critical and cloud is evolved from that journey that do more things in a more efficient manner. >> That was the original catalyst as we got to help our development team, be more productive. >> That's correct. >> Eliminate the heavy lifting. And then you started presumably doing some of the less heavy, but still heavy lifting and we talked off camera and then you're increasingly moving toward serverless. >> Rakesh: That's correct. >> Can you describe that journey? What that's like? >> So I think like with the whole adoption that things are taking a much faster pace. Basically we are putting more compute onto containers and the DevOps journey is increasingly getting more, more faster. >> Go ahead. 'Cause I want to understand where Rafay sits in this whole equation. I was talking about, I'm not a developer, but I was talking to developer yesterday trying to really understand the benefits of containers and serverless and I said, take me through what you have to do when you're using containers. He said, I got to build the container image then I got to deploy an EC2 instance where I got to choose and I got to allocate memory of the fence the app in a VM then I got to run the computing instance against the app. And then, oh by the way, I got to pay 'cause all that EC2 that whole time. Depending on how you approach serverless you're going to eliminate a lot of those steps. >> That is correct. So what we do is basically like in a traditional sense, the computer is sitting idle at quite a lot basically. >> But you're paying. >> And you're still paying for that. Serverless technologies allows us to use the compute as needed basis. So whenever you need it, it is available. You run your workload on that and after that it shuts down or goes to minimal state and you don't need to pay as much as your paying. >> And then where do you guys fit in that whole equation? >> Look, serverless has a paradigm. If you step back from the idea of containers versus Lambda or whatever functions. The idea should be that the list you just read out of what developers have to do. Here's what they really should do. They should write their code, they should check it in, and they never have to think about it again. That should be the case. If they want to debug their application, there should be a nice front end where they go and they interact with their application and that's it. What is Kubernetes? I don't care. That's the right answer. And we did not start this journey as an industry there because usually the initial adopters are developers who do the heavy lifting. Developers want to learn, they want to solve these problems. But then eventually the expectation is that the platform organization and an enterprise is going to own this platform for me so I can go back to doing my job, which is writing code. And that's where Rakesh's team comes in. So Rakesh team is building the standard at Regeneron. Whether you're writing a long-lasting app, which is going to run in a container or you're going to write an event-driven application, which is going to be a function, whatever. You write your app, we will give you the necessary tooling and plumbing to take care of all these things. And this is my problem. My being Rakesh. Rakesh is my customer. He has his customers. We as Rafay, A, we have to make Rakesh's system successful because we have to give them right automation to do all these things so that he can service hundred, or in his case, thousands and thousands of different individuals. But then collectively, we have to make sure that the developer experience is optimal so that truly they just write their code and EC2, they don't want to deal with this. In fact, on Monday evening, in the Kubernetes keynote by Barry Cooks, one of the things he said was that in a CIO sort of survey they did, CIO said, 80% of the time of developers is wasted on infrastructure stuff and not on innovation. We need to bring that 80% back so that a hundred percent of the work is on innovation and today it's not. >> And that's what you do. >> That's what we do. >> In your world as a developer, I only have to worry about my writing my code and what functions I'm going to call. >> That is correct. And it is important because the efficiencies of a developer need to be focused on doing the things which business is asking for. The 80% of the work like to make sure the things are secure, they're done the right way, the standards are followed, scanning part of it, that work if we can offload to a platform, for example, Rafay, saves a lot of works, a lot of work cycles from the developers perspective. >> Thank you for that. It was nice little tutorial on the benefits. >> Absolutely. So you transform the developer experience. >> That's correct. >> How does that impact Regeneron overall business? We uplevel that. Give me that view. >> So with that, like what happens, the key thing is the developers productivity increases. We are able to do more with less. And that is the key thing to our strategy that like with the increase in business demand, with the increase in lot of compute things, which we are doing, we need to do and hiring resources is getting more difficult than ever. And we need to make sure that we are leveraging platforms and tools basically to do, enable our developers to focus on key business activity rather than doing redundant things and things which we can leverage some other tooling and platform for that business. >> Is this something in terms of improving the developer experience and their productivity faster time to market? Is this accelerating? >> That's correct. >> Is this even like accelerating drug discovery in some cases? >> So COVID is like a great example for that. Like we were able to fast track our drug discovery and like we were able to turn it into an experience where we were able to discover new drugs and get it to the market in a much faster pace. That whole process was expedited using these tools and processes basically. So we are very proud of that. >> So my understanding is you're running Rafay with EKS. A lot of choices out there. Why? Why did you choose to go in that direction? >> So Regeneron has heavily invested in cloud recently, over the years basically. And then we are focusing on hybrid cloud now that we we are like, again, these multiple cloud providers of platforms which are coming in are strategies to focus on hybrid cloud and Rafay is big leader in that particular space where we felt that we need to engage or partner with Rafay to enable those capabilities, not just on AWS, but across the board. One single tool, one single process, one single knowledge base helps us achieve more efficiencies. >> Less chaos, less complexity. >> That's correct. Let's say when you're in customer conversations, which I know you've had many this week, but you probably do that all the time. Regeneron is a great use case for Rafay. It's so tangible, life sciences. We all get that, especially coming out of the pandemic. What do you say to customers are the top three differentiators of Rafay and why they should go Rafay on top of EKS? >> What's really interesting about these conversations is that, look, we have some pretty cool features in our product. Obviously we must have something interesting otherwise nobody would buy our product. And we have access management and zero trust models and cluster provisioning, all these very nice things. But it always comes down to exactly the same thing, which is every large enterprise that started a journey, independent or Rafay because they didn't know who we were, it's fine. Last year we were a young company, now we are a larger company and they all are basically building towards a roadmap which Rafay truly understands. And in my opinion, and I'm confident when I say this, we understand their life, their journey better than any other company in the market. The reason why we have the flurry of customers we have, the reason why the product has the capacity that it does is because for whatever reason, look, it's scale lock. That's for the history books. But we have complete clarity on what a pharmaceutical company or financial customers company or a high tech company the journey they will take to the cloud and automation for modern infrastructure, we get it. And what I'm selling them is the is the why, not the what. There's a lot of great answers for the what? What do we do? Rakesh doesn't care. I mean, he's trying to solve a bigger problem. He's trying to get his researchers to go faster. So then when they want to run a model, they should be able to do it right now. That's what he cares about. Then he looks for a tool to solve the business problem. And we figured out how to have that conversation and explain why Rafay helps him, essentially multiply the bandwidth that he has in his organization. And of course to that end we have some great technology/ But that's a secondary issue, the first, to me the why is more important than the what. And then we talk about how, which he has to pay us money. That's the how. But yeah, we get there too. But look, this is the important thing. Every enterprise is on exactly the same journey, Lisa. And that if you think about it from just purely economic efficiencies perspective that is not a good investment for our industry. If everybody's solving the same problem that's a waste of resources. Let's find a way to do, what is the point of the cloud? We used to all build data centers. That was not efficient. We all went to the cloud because it's more efficient to have somebody else, AWS, solve this problem for us so we can now focus on the next level problem. And then Rafay solving that problem so that he can focus on his drug discovery, not on Kubernetes. >> That's correct. It's all about efficiencies. Like doing things, learn from each other's experience and build upon it. So the things have been solved. One way you need to leverage that, reuse it. So the principles are the same. >> So then what's next? You had done an amazing job transforming the company. You're facilitating drug discovery faster than ever before. From an infrastructure perspective, what's next on your journey? >> So right now the roadmap what we have is basically talking about making sure that the workload are running more efficient, they're more secure. As we go into these expandable serverless technology, there are more challenging opportunities for us to solve. Those challenges are coming up. We need to make sure that with the new, the world we are living in, we are more securely doing stuff what we were doing previously. More efficiencies is also the key and more distributed. Like if we can leverage the power of cloud in doing more things on demand is on our roadmap. And I think that is where we are all driving. >> And when you said hybrid, you're talking about connecting to your on-prem tools and data? How about cross cloud? >> We are invested in multiple cloud platform itself and we are looking forward to leveraging a technology, which is truly cloud native and we can leverage things together on that. >> And I presume you're helping with that, obviously. >> Last question for both of you. We're making an Instagram reel. Think of this as a sizzle reel, like a 32nd elevator pitch. Question, first one goes to you, Rakesh. If you had a bumper sticker, you put it on, I don't know, say a DeLorean, I hear those are coming back. What would it say about Regeneron as a technology company that's delivering therapeutics? >> It's a tough question, but I would try my best. The bumper sticker would say, discover drug more faster, more efficient. >> Perfect. Haseeb, question about Rafay. What's the bumper sticker? If you had a billboard in on Highway 101 in Redwood City about Rafay and what it's enabling organizations enterprises across the globe to achieve, what would it say? >> I'll tell you what our customers say. So our customers call us the vCenter for Kubernetes and we all know what a vCenter is. We all know why vCenter's so amazingly successful because it takes IT engineers and gives them superpowers. You can run a data center. What is the vCenter for this new world? It us. So vCenter is obviously a trademark with our friends at VMware, so that's why I'm, but our customers truly call us the vCenter for Kubernetes. And I think that's an incredible moniker because that truly codifies our roadmap. It codifies what we are selling today. >> There's nothing more powerful and potent in the voice of the customer. Thank you both for coming on. Thank you for sharing the Regeneron story. Great to have you back on, Haseeb. You need a pin for the number of times you've been on theCUBE. >> At least a gold star. >> We'll work on that. Guys, thank you. We appreciate your time. >> Haseeb: Thank you very much. >> For our guests and for Dave Vellante, I'm Lisa Martin. You're watching theCUBE, the leader in live enterprise and emerging tech coverage. (upbeat music)

(upbeat music) >> Good morning everybody. Welcome back to Las Vegas. This is day four of theCUBE's wall-to-wall coverage of our Super Bowl, aka AWS re:Invent 2022. I'm here with my co-host, Paul Gillin. My name is Dave Vellante. Sanjay Poonen is in the house, CEO and president of Cohesity. He's sitting in as our guest market watcher, market analyst, you know, deep expertise, new to the job at Cohesity. He was kind enough to sit in, and help us break down what's happening at re:Invent. But Paul, first thing, this morning we heard from Werner Vogels. He was basically given a masterclass on system design. It reminded me of mainframes years ago. When we used to, you know, bury through those IBM blue books and red books. You remember those Sanjay? That's how we- learned back then. >> Oh God, I remember those, Yeah. >> But it made me think, wow, now you know IBM's more of a systems design, nobody talks about IBM anymore. Everybody talks about Amazon. So you wonder, 20 years from now, you know what it's going to be. But >> Well- >> Werner's amazing. >> He pulled out a 24 year old document. >> Yup. >> That he had written early in Amazon's evolution about synchronous design or about essentially distributed architectures that turned out to be prophetic. >> His big thing was nature is asynchronous. So systems are asynchronous. Synchronous is an illusion. It's an abstraction. It's kind of interesting. But, you know- >> Yeah, I mean I've had synonyms for things. Timeless architecture. Werner's an absolute legend. I mean, when you think about folks who've had, you know, impact on technology, you think of people like Jony Ive in design. >> Dave: Yeah. >> You got to think about people like Werner in architecture and just the fact that Andy and the team have been able to keep him engaged that long... I pay attention to his keynote. Peter DeSantis has obviously been very, very influential. And then of course, you know, Adam did a good job, you know, watching from, you know, having watched since I was at the first AWS re:Invent conference, at time was President SAP and there was only a thousand people at this event, okay? Andy had me on stage. I think I was one of the first guest of any tech company in 2011. And to see now this become like, it's a mecca. It's a mother of all IT events, and watch sort of even the transition from Andy to Adam is very special. I got to catch some of Ruba's keynote. So while there's some new people in the mix here, this has become a force of nature. And the last time I was here was 2019, before Covid, watched the last two ones online. But it feels like, I don't know 'about what you guys think, it feels like it's back to 2019 levels. >> I was here in 2019. I feel like this was bigger than 2019 but some people have said that it's about the same. >> I think it was 60,000 versus 50,000. >> Yes. So close. >> It was a little bigger in 2019. But it feels like it's more active. >> And then last year, Sanjay, you weren't here but it was 25,000, which was amazing 'cause it was right in that little space between Omicron, before Omicron hit. But you know, let me ask you a question and this is really more of a question about Amazon's maturity and I know you've been following them since early days. But the way I get the question, number one question I get from people is how is Amazon AWS going to be different under Adam than it was under Andy? What do you think? >> I mean, Adam's not new because he was here before. In some senses he knows the Amazon culture from prior, when he was running sales and marketing prior. But then he took the time off and came back. I mean, this will always be, I think, somewhat Andy's baby, right? Because he was the... I, you know, sent him a text, "You should be really proud of what you accomplished", but you know, I think he also, I asked him when I saw him a few weeks ago "Are you going to come to re:Invent?" And he says, "No, I want to leave this to be Adam's show." And Adam's going to have a slightly different view. His keynotes are probably half the time. It's a little bit more vision. There was a lot more customer stories at the beginning of it. Taking you back to the inspirational pieces of it. I think you're going to see them probably pulling up the stack and not just focused in infrastructure. Many of their platform services are evolved. Many of their, even application services. I'm surprised when I talk to customers. Like Amazon Connect, their sort of call center type technologies, an app layer. It's getting a lot. I mean, I've talked to a couple of Fortune 500 companies that are moving off Ayer to Connect. I mean, it's happening and I did not know that. So it's, you know, I think as they move up the stack, the platform's gotten more... The data centric stack has gotten, and you know, in the area we're working with Cohesity, security, data protection, they're an investor in our company. So this is an important, you know, both... I think tech player and a partner for many companies like us. >> I wonder the, you know, the marketplace... there's been a big push on the marketplace by all the cloud companies last couple of years. Do you see that disrupting the way softwares, enterprise software is sold? >> Oh, for sure. I mean, you have to be a ostrich with your head in the sand to not see this wave happening. I mean, what's it? $150 billion worth of revenue. Even though the growth rates dipped a little bit the last quarter or so, it's still aggregatively between Amazon and Azure and Google, you know, 30% growth. And I think we're still in the second or third inning off a grand 1 trillion or 2 trillion of IT, shifting not all of it to the cloud, but significantly faster. So if you add up all of the big things of the on-premise world, they're, you know, they got to a certain size, their growth is stable, but stalling. These guys are growing significantly faster. And then if you add on top of them, platform companies the data companies, Snowflake, MongoDB, Databricks, you know, Datadog, and then apps companies on top of that. I think the move to the Cloud is inevitable. In SaaS companies, I don't know why you would ever implement a CRM solution on-prem. It's all gone to the Cloud. >> Oh, it is. >> That happened 15 years ago. I mean, begin within three, five years of the advent of Salesforce. And the same thing in HR. Why would you deploy a HR solution now? You've got Workday, you've got, you know, others that are so some of those apps markets are are just never coming back to an on-prem capability. >> Sanjay, I want to ask you, you built a reputation for being able to, you know, forecast accurately, hit your plan, you know, you hit your numbers, you're awesome operator. Even though you have a, you know, technology degree, which you know, that's a two-tool star, multi-tool star. But I call it the slingshot economy. This is like, I mean I've seen probably more downturns than anybody in here, you know, given... Well maybe, maybe- >> Maybe me. >> You and I both. I've never seen anything like this, where where visibility is so unpredictable. The economy is sling-shotting. It's like, oh, hurry up, go Covid, go, go go build, build, build supply, then pull back. And now going forward, now pulling back. Slootman said, you know, on the call, "Hey the guide, is the guide." He said, "we put it out there, We do our best to hit it." But you had CrowdStrike had issues you know, mid-market, ServiceNow. I saw McDermott on the other day on the, on the TV. I just want to pay, you know, buy from the guy. He's so (indistinct) >> But mixed, mixed results, Salesforce, you know, Octa now pre-announcing, hey, they're going to be, or announcing, you know, better visibility, forward guide. Elastic kind of got hit really hard. HPE and Dell actually doing really well in the enterprise. >> Yep. >> 'Course Dell getting killed in the client. But so what are you seeing out there? How, as an executive, do you deal with such poor visibility? >> I think, listen, what the last two or three years have taught us is, you know, with the supply chain crisis, with the surge that people thought you may need of, you know, spending potentially in the pandemic, you have to start off with your tech platform being 10 x better than everybody else. And differentiate, differentiate. 'Cause in a crowded market, but even in a market that's getting tougher, if you're not differentiating constantly through technology innovation, you're going to get left behind. So you named a few places, they're all technology innovators, but even if some of them are having challenges, and then I think you're constantly asking yourselves, how do you move from being a point product to a platform with more and more services where you're getting, you know, many of them moving really fast. In the case of Roe, I like him a lot. He's probably one of the most savvy operators, also that I respect. He calls these speedboats, and you know, his core platform started off with the firewall network security. But he's built now a very credible cloud security, cloud AI security business. And I think that's how you need to be thinking as a tech executive. I mean, if you got core, your core beachhead 10 x better than everybody else. And as you move to adjacencies in these new platforms, have you got now speedboats that are getting to a point where they are competitive advantage? Then as you think of the go-to-market perspective, it really depends on where you are as a company. For a company like our size, we need partners a lot more. Because if we're going to, you know, stand on the shoulders of giants like Isaac Newton said, "I see clearly because I stand on the shoulders giants." I need to really go and cultivate Amazon so they become our lead partner in cloud. And then appropriately Microsoft and Google where I need to. And security. Part of what we announced last week was, last month, yeah, last couple of weeks ago, was the data security alliance with the biggest security players. What was I trying to do with that? First time ever done in my industry was get Palo Alto, CrowdStrike, Wallace, Tenable, CyberArk, Splunk, all to build an alliance with me so I could stand on their shoulders with them helping me. If you're a bigger company, you're constantly asking yourself "how do you make sure you're getting your, like Amazon, their top hundred customers spending more with that?" So I think the the playbook evolves, and I'm watching some of these best companies through this time navigate through this. And I think leadership is going to be tested in enormously interesting ways. >> I'll say. I mean, Snowflake is really interesting because they... 67% growth, which is, I mean, that's best in class for a company that's $2 billion. And, but their guide was still, you know, pretty aggressive. You know, so it's like, do you, you know, when it when it's good times you go, "hey, we can we can guide conservatively and know we can beat it." But when you're not certain, you can't dial down too far 'cause your investors start to bail on you. It's a really tricky- >> But Dave, I think listen, at the end of the day, I mean every CEO should not be worried about the short term up and down in the stock price. You're building a long-term multi-billion dollar company. In the case of Frank, he has, I think I shot to a $10 billion, you know, analytics data warehousing data management company on the back of that platform, because he's eyeing the market that, not just Teradata occupies today, but now Oracle occupies or other databases, right? So his tam as it grows bigger, you're going to have some of these things, but that market's big. I think same with Palo Alto. I mean Datadog's another company, 75% growth. >> Yeah. >> At 20% margins, like almost rule of 95. >> Amazing. >> When they're going after, not just the observability market, they're eating up the sim market, security analytics, the APM market. So I think, you know, that's, you look at these case studies of companies who are going from point product to platforms and are steadily able to grow into new tams. You know, to me that's very inspiring. >> I get it. >> Sanjay: That's what I seek to do at our com. >> I get that it's a marathon, but you know, when you're at VMware, weren't you looking at the stock price every day just out of curiosity? I mean listen, you weren't micromanaging it. >> You do, but at the end of the day, and you certainly look at the days of earnings and so on so forth. >> Yeah. >> Because you want to create shareholder value. >> Yeah. >> I'm not saying that you should not but I think in obsession with that, you know, in a short term, >> Going to kill ya. >> Makes you, you know, sort of myopically focused on what may not be the right thing in the long term. Now in the long arc of time, if you're not creating shareholder value... Look at what happened to Steve Bomber. You needed Satya to come in to change things and he's created a lot of value. >> Dave: Yeah, big time. >> But I think in the short term, my comments were really on the quarter to quarter, but over a four a 12 quarter, if companies are growing and creating profitable growth, they're going to get the valuation they deserve. >> Dave: Yeah. >> Do you the... I want to ask you about something Arvind Krishna said in the previous IBM earnings call, that IT is deflationary and therefore it is resistant to the macroeconomic headwinds. So IT spending should actually thrive in a deflation, in a adverse economic climate. Do you think that's true? >> Not all forms of IT. I pay very close attention to surveys from, whether it's the industry analysts or the Morgan Stanleys, or Goldman Sachs. The financial analysts. And I think there's a gluc in certain sectors that will get pulled back. Traditional view is when the economies are growing people spend on the top line, front office stuff, sales, marketing. If you go and look at just the cloud 100 companies, which are the hottest private companies, and maybe with the public market companies, there's way too many companies focused on sales and marketing. Way too many. I think during a downsizing and recession, that's going to probably shrink some, because they were all built for the 2009 to 2021 era, where it was all about the top line. Okay, maybe there's now a proposition for companies who are focused on cost optimization, supply chain visibility. Security's been intangible, that I think is going to continue to an investment. So I tell, listen, if you are a tech investor or if you're an operator, pay attention to CIO priorities. And right now, in our business at Cohesity, part of the reason we've embraced things like ransomware protection, there is a big focus on security. And you know, by intelligently being a management and a security company around data, I do believe we'll continue to be extremely relevant to CIO budgets. There's a ransomware, 20 ransomware attempts every second. So things of that kind make you relevant in a bank. You have to stay relevant to a buying pattern or else you lose momentum. >> But I think what's happening now is actually IT spending's pretty good. I mean, I track this stuff pretty closely. It's just that expectations were so high and now you're seeing earnings estimates come down and so, okay, and then you, yeah, you've got the, you know the inflationary factors and your discounted cash flows but the market's actually pretty good. >> Yeah. >> You know, relative to other downturns that if this is not a... We're not actually not in a downturn. >> Yeah. >> Not yet anyway. It may be. >> There's a valuation there. >> You have to prepare. >> Not sales. >> Yeah, that's right. >> When I was on CNBC, I said "listen, it's a little bit like that story of Joseph. Seven years of feast, seven years of famine." You have to prepare for potentially your worst. And if it's not the worst, you're in good shape. So will it be a recession 2023? Maybe. You know, high interest rates, inflation, war in Russia, Ukraine, maybe things do get bad. But if you belt tightening, if you're focused in operational excellence, if it's not a recession, you're pleasantly surprised. If it is one, you're prepared for it. >> All right. I'm going to put you in the spot and ask you for predictions. Expert analysis on the World Cup. What do you think? Give us the breakdown. (group laughs) >> As my... I wish India was in the World Cup, but you can't get enough Indians at all to play soccer well enough, but we're not, >> You play cricket, though. >> I'm a US man first. I would love to see one of Brazil, or Argentina. And as a Messi person, I don't know if you'll get that, but it would be really special for Messi to lead, to end his career like Maradonna winning a World Cup. I don't know if that'll happen. I'm probably going to go one of the Latin American countries, if the US doesn't make it far enough. But first loyalty to the US team, and then after one of the Latin American countries. >> And you think one of the Latin American countries is best bet to win or? >> I don't know. It's hard to tell. They're all... What happens now at this stage >> So close, right? >> is anybody could win. >> Yeah. You just have lots of shots of gold. I'm a big soccer fan. It could, I mean, I don't know if the US is favored to win, but if they get far enough, you get to the finals, anybody could win. >> I think they get Netherlands next, right? >> That's tough. >> Really tough. >> But... The European teams are good too, but I would like to see US go far enough, and then I'd like to see Latin America with team one of Argentina, or Brazil. That's my prediction. >> I know you're a big Cricket fan. Are you able to follow Cricket the way you like? >> At god unearthly times the night because they're in Australia, right? >> Oh yeah. >> Yeah. >> I watched the T-20 World Cup, select games of it. Yeah, you know, I'm not rapidly following every single game but the World Cup games, I catch you. >> Yeah, it's good. >> It's good. I mean, I love every sport. American football, soccer. >> That's great. >> You get into basketball now, I mean, I hope the Warriors come back strong. Hey, how about the Warriors Celtics? What do we think? We do it again? >> Well- >> This year. >> I'll tell you what- >> As a Boston Celtics- >> I would love that. I actually still, I have to pay off some folks from Palo Alto office with some bets still. We are seeing unprecedented NBA performance this year. >> Yeah. >> It's amazing. You look at the stats, it's like nothing. I know it's early. Like nothing we've ever seen before. So it's exciting. >> Well, always a pleasure talking to you guys. >> Great to have you on. >> Thanks for having me. >> Thank you. Love the expert analysis. >> Sanjay Poonen. Dave Vellante. Keep it right there. re:Invent 2022, day four. We're winding up in Las Vegas. We'll be right back. You're watching theCUBE, the leader in enterprise and emerging tech coverage. (lighthearted soft music)

>>Hey everyone, welcome back. It's the Cube live in Las Vegas. We've been here since Monday covering the event wall to coverage on the cube at AWS Reinvent 22, Lisa Martin here with Dave Ante. Dave, we're hearing consistently north of 50,000 people here. I'm hearing close to 300,000 online. People are back. They are ready to hear from AWS and its ecosystem. Yeah, >>I think 55 is the number I'm hearing. I've been using 50 for 2019, but somebody the other day told me, no, no, it was way more than that. Right, right. Well this feels bigger in >>2019. It does feel bigger. It does feel bigger. And we've had such great conversations as you know, because you've been watching the Cube since Monday night. We're pleased to welcome from Sumo Logic. Lynn Doherty, the president of Worldwide Field Operations. Lynn, welcome to the program. >>Thank you for having me. I'm glad to be here. Talk >>To us about what's going on at Sumo Logic. We cover them. We've been following them for a long time, but what's what's new? >>We have a lot going on at Sumo Logic. What we do is provide solutions for both observability and security. And if you think about the challenges that our customers are facing today, everybody as they're doing this digital transformation is in a situation where the data and the digital exhausts that they have is growing faster than their budgets and especially in what looks like potentially uncertain economic times. And so what we do is enable them to bring that together on a platform so that they can solve both of those problems in a really cost effective way. >>What are some of the things that you're hearing from customers in the field where it relates to Sumo logic and aws? What are they asking for? >>They continue to ask for security and, and I think as everybody goes on that journey of digital transformation and, and I think what's going on now is that there are people who are kind of in wave two of that digital transformation, but security continues to be top of mind. And again, as as our customers are moving into potentially uncertain economic times and they're saying, Hey, I've gotta shore up and, and maybe do smarter things with my budget, cybersecurity is one piece of that that is not falling off the table. That their requirements around security, around audits, around compliance don't go away regardless of what else happens. >>How do you fit in the cloud ecosystem generally? AWS specifically? I think AWS is generally perceived as a more friendly environment for the ecosystem partners. We saw CrowdStrike yesterday, you know, stock got crushed. They had a great quarter, but not as great as they thought it could be. Yeah. And one, some of the analysts were saying, well, it could be Microsoft competition at the low end of the market. Okay. AWS is like the ecosystem partners are really strong in security, lot of places to add value. Where does Sumo Logic >>Fit? Yeah, we are all in with aws. So AWS is our platform of choice. It's the platform that we're built on. It's the only platform that we use. And so we work incredibly closely with aws. In fact, last year we were the first ever AWS ISV partner of the year for as Sumo Logic, which we're not as big as some of the other players, but it just is a testament to the partnership that we have with aws. >>When you're out in the field talking with customers, we talked about some of the challenges there, but where are your customer conversations? You talked about security and cyber as is not falling off the table. In fact, it's, it's rising up the stock, it's a board level conversation. So where are the customer conversations that you're having? Are they, are they at the developer level? Are they higher? Are they at the C-suite? What does that look like? >>Yeah, it's, it's actually at both the developer and the C-suite. And so there's really two motions. The first is around developers and practitioners and people that run security operation centers. And they need tools that are easy to use that integrate in their environment. And so we absolutely work with them as a starting point because if, if they aren't happy with the tools that they have, you know, the customer can't go on that digital transformation, can't have effective application usage. But we also need to talk to C-Suite and that to CIO or a CISO who's really thinking often more broadly about how do we do things as a platform and how do we consolidate some of our tools to rationalize what we're using and really make the most of the budget that we have. And so we come at it from both angles. We call it selling above the line and below the line because both of those are really important people for us to work with. >>Above the line being sort of the business executives, >>Business executives and C-suite executives. And then, but below the line are the actual people who are using the product and using a day to day interacting with the tools. >>So how are those above the line and below the line conversations, you know, different? What, what are the, what are the above the line conversations? What are the sort of keywords that, you know, that resonate? Let's start there. >>Yeah, above the line, there's a lot that's around how do we make the most of the investments that we're making. And so there are no shortage of tools, right? You can look around this AWS floor and see that there are no shortage of tools and software products out there. And so above the line it's how do we make use of the budget that we have and get the most out of the investments we've made and do that in a really smart way. Often thinking about platforms and consolidating tools and, and using the tools and getting full value of what they have below the line. I think it's really how do they have really strong ease of use? How do they get the fastest time to value? Because time to value is really important when you're a practitioner, when you're developing an application, when you're migrating and modernizing an application, having tools that are easy to use and not just give you data but give you insights. And so that's what a conversation with a practitioner for us is, is taking data and turning it into insights that they can use. >>You know, and it seems like we never get rid of stuff in it, but there's a big conversation now when you talk to practitioners, okay, well you got some budget pressures, your sales cycles are elongating. What are you doing about, a lot of 'em are saying, well, we're consolidating and nowhere is that more needed probably than insecurity. So how, how are you seeing that play out in the market? Are you able to take advantage of that as Sumo? >>I think there's the old joke that says there is no ciso. Whoever says, if I just had one more tool, I'd be secure. >>And >>Nobody ever says that it's not one more tool. It's having effective tools and having tools that integrate. And so when I think of Sumo Logic in that space, it's number one, we really integrate with so many different tools out there that give, again, not just security information, but security insights. And so that becomes a really important part of the conversation. What, when you talk about tool consolidation, that's absolutely, I think something that has been a journey that a lot of our customers have been on and probably will be on for the foreseeable future. And so that's a place that we can really help because we have a platform that you can leverage our tool on the DevOps side and on the security side. And that's a conversation that we have a lot with our customers. Are >>You helping bridge those two, the security folks, the dev folks? Cause we talk about Shift left and CISO being involved now. Is Sumo Logic helping from a cultural perspective to bridge those two? >>Yeah, well I think it's a really good point that you make. It's, there's part of it that's a technology challenge and then there's part of it that's a cultural challenge and an organization silo challenge that happens. And so it is something that we try to bring our customers together and often start in one area of the business and help move into other areas and bring them together. It, it also comes down to that data growing faster than budgets and customers can no longer afford to keep multiple copies of the same data, the same metrics, and all of that digital exhaust that comes as they move to the cloud and modernize their applications. And so we bring that together and help them get the most use out of it. >>There are a lot of, we've been talking all week in the cube about sort of adjacencies to security. We've talking about data protections now becoming an adjacency. You know, you talk about resilience within an organization, everybody was sort of caught off guard, obviously with the pandemic, not as resilient as they could have been. So it seems like the scope of security is really expanding. You know, they always say it's, it's a team sport, okay, it's a pro mine, but it's true. Right? Whereas it used to be that guy's problem. Yeah. What are you seeing in terms of that evolution? >>Yeah, I think you're absolutely right. I think the pandemics force some of that faster than was happening, but it's absolutely something that is going on that cybersecurity is now built in from the ground up and I've been in cyber security for years and it's moved from an afterthought or something that comes after the fact, Hey, let's build the application and then we'll worry about security to, it needs to be a secure application from the ground up. And so that is bringing together that dev and SEC ops a lot because it needs to be built in, the security piece needs to be built in from the ground up on the development side. >>Absolutely. The, the threat landscape has changed so much in the last couple of years. Has the fraudsters, bad actors, whatever you wanna call 'em, are getting far more sophisticated. Yeah. So security can't be an afterthought. Can't be a built on. Yeah, it's gotta be integrated, built in from the ground up for organizations to be able to be, as they've said, resilient. We're hearing a lot about resiliency and the importance of it. For any business. >>For any business, it's important for every business. And if you think about how we interact with companies now, our view of a bank isn't the branch, it's the app, our view of office, it's this, right? It's, it's on the phone, it's on digital devices, it's on a website. And so that is your interaction, that is your experience. And so that plays into, is it up, is it running, is it responsive? That application performance piece, but also the security piece of is it secure? Is my data protected? You know, do I have any vulnerability? >>Yeah, you must have, being in field operations, a favorite customer story that you really think defines the value proposition beautifully of Sumo Logic. What story is that? >>Wow, that's a good question. I have a lot of favorite stories. You know, we have customers, for example, gaming customers that maybe aren't able to predict what their usage looks like. And that's something that we really help our customers with is the peaks and valleys. And so we have gaming customers or retail customers that we're able to take their data sources and they may be at one level and go to 10 x in a day without any notice. And we're able to handle that for them. And I think that's something that I'm really proud of is that we don't make that the customer's problem. They're, they're peaks and valleys, they're spikes that may happen seasonally in retail. It's Black Friday sales that are coming up. It's a new game that gets released. It's a new music piece that gets released and they are going to see that, but they don't have to worry about that because of us. And so that really makes me proud that we handle that and take that problem off of their shoulders. I >>See Pokemon on the website, that's a hugely popular >>Game, Pokemon now. Yes. >>Last question for you, we've got about 30 seconds left. If you had a billboard to put up in Denver where you live about Sumo Logic and its impact like an elevator pitch or a phrase that you think really summarizes the impact, what would it >>Say? Yeah, well it's a really good question. I've got it on my shirt. I dunno, it's not for the G-rated, but we fix things faster. Fix shit faster. And so for us that's really, ultimately, it's not just about having information, it's not just about having the data, it's about being able to resolve your problems quickly. And whether that's an application or a security issue, we've gotta be able to fix it faster for our customers and that's what we enable them to do. >>Fix bleep faster. Lynn, it's been a pleasure having you on the program. Thank you so much. Thank you for joining us. Awesome step at Sumo Logic. For our guest and for Dave Ante. I'm Lisa Martin. You're watching The Cube Live from Las Vegas, the leader in live enterprise and emerging tech coverage.

(bright upbeat music) >> Hello, wonderful Cloud community and welcome back to our wall-to-wall coverage of AWS re:Invent here in Las Vegas, Nevada. I'm Savannah Peterson, joined by the brilliant John Furrier. John, how you doing this afternoon? >> Doing great, feeling good. We've got day three here, another day tomorrow. Wall-to-wall coverage we're already over a hundred something videos, live getting up. >> You're holding up well. >> And then Cloud show is just popping. It's back to pre-pandemic levels. The audience is here, what recession? But there is one coming but apparently doesn't seem to be an unnoticed with the Cloud community. >> I think, we'll be talking a little bit about that in our next interview in the state of the union. Not just our union, but the the general global economy and the climate there with some fabulous guests from Software One. Please welcome Neil and Bernd, welcome to the show, guys. How you doing? >> Great, thank you. >> Really good. >> Yeah, like you said, just getting over the jet lag. >> Yeah, yeah. Pretty good today, yeah, (laughing loudly) glad we did it today. >> I love that Neil, set your smiling and I can feel your energy. Tell us a little bit about Software One and what you all do. >> Yeah, so Software One we're a software and Cloud solutions provider. We're in 90 countries. We have 65,000 customers. >> Savannah: Just a few. >> Yeah, and we really focus on being close to the customers and helping customers through their software and Cloud journey. So we transact, we sell software in Cloud, 10,000 different ISVs. And then on top of that we a lot of services around the spend optimization FinOps we'll talk about as well, and lots of other areas. But yeah, we're really a large scale partner in this space. >> That's awesome. FinOps, cost optimization, pretty much all we've been talking about here on the give. It's very much a hot topic. I'm actually excited about this and Bernd I'm going to throw this one to you first. We haven't actually done a proper definition of what FinOps is at the show yet. What is FinOps? >> Well, largely speaking it's Cloud cost optimization but for us it's a lot more than for others. That's our superpower. We do it all. We do the technology side but we also do the licensing side. So, we have a differentiated offering. If you would look at the six Rs of application migration we do it all, not even an Accenture as it all. And that is our differentiation. >> You know, yesterday Adams left was on the Keynote. He's like waving his hands around. It's like, "Hey, we got if you want to tighten your belt, come to the Cloud." I'm like, wait a minute. In 2008 when the last recession, Amazon wasn't a factor. They were small. Now they're massive, they're huge. They're a big part of the economic equation. What does belt tightening mean? Like what does that mean? Like do customers just go to the marketplace? Do they go, do you guys, so a lot of moving parts now on how they're buying software and they're fine tuning their Cloud too. It's not just eliminate budget, it's fine tune the machine if you will... >> 'make a smarter Cloud. >> Explain this phenomenon, how people are tackling this cost optimization, Cloud optimization. 'Cause they're not going to stop building. >> No. >> This is right sizing and tuning and cutting. >> Yeah, we see, of course with so many customers in so many countries, we have a lot of different views on maturity and we see customers taking the FinOps journey at different paces. But fundamentally what we see is that it's more of an afterthought and coming in at a panic stage rather than building it and engaging with it from the beginning and doing it continuously. And really that's the huge opportunity and AWS is a big believer in this of continued optimization of the Cloud is a confident Cloud. A confident Cloud means you'll do more with it. If you lose confidence in that bill in what how much it's costing you, you're going to retract. And so it's really about making sure all customers know exactly what's in there, how it's optimized, restocking, reformatting applications, getting more out of the microservices and getting more value out the Cloud and that will help them tighten that belt. >> So the euphoric enthusiasm of previous years of building water just fallen the pipes leaving the lights on when you go to bed. I mean that's kind of the mentality. People were not literally I won't say they weren't not paying attention but there was some just keep going we're all good now it's like whoa, whoa. We turn that service off and no one's using it or do automation. So there's a lot more of that mindset emerging. We're hearing that for the first time price performance being mindful of what's on and off common sense basically. >> Yeah, but it's not just that the lights are on and the faucets are open it's also the air condition is running. So the FinOps foundation is estimating that about a third of Cloud spend is waste and that's where FinOps comes in. We can help customers be more efficient in the Cloud and lower their Cloud spend while doing the same or more. >> So, let's dig in a little bit there. How do you apply FinOps when migrating to the Cloud? >> Well, you start with the business case and you're not just looking at infrastructure costs like most people do you ought look at software licensing costs. For example, if you run SQL on-premise you have an enterprise agreement. But if you move it to the Cloud you may actually take a different more favorable licensing agreement and save a lot of money. And these things are hidden. They're not to be seen but they need to be part of the business case. >> When you look at the modernization trend we had an analyst on our session with David Vellante and Zs (indistinct) from ZK Consulting. He had an interesting comment. He said, "Spend more in Cloud to save more." Which is a mindset that doesn't come across right. Wait a minute, spend more, save more. You can do bet right now with the Clouds kind of the the thesis of FinOps, you don't have to cut. Just kind of cut the waste out but still spend and build if you're smart, there's a lot more of that going on. What does that mean? >> I mean, yeah I've got a good example of this is, we're the largest Microsoft provider in the world. And when of course when you move Microsoft workloads to the Cloud, you don't... Maybe you don't want a server, you can go serverless, right? So you may not win a server. Bernd said SQL, right? So, it's not just about putting applications in the Cloud and workloads in the Cloud. It's about modernizing them and then really taking advantage of what you can really do in the Cloud. And I think that's where the customers are still pretty immature. They're still on that journey of throwing stuff in there and then realizing actually they can take way more advantage of what services are in there to reduce the amount and get even more in there. >> Yeah, and so the... You want to say, something? >> How much, just building on the stereotypical image of Cloud customer is the marketing person with a credit card, right? And there are many of them and they all buy their own Cloud and companies have a hard time consolidating the spend pulling it together, even within a country. But across countries across the globe, it's really, really hard. If you pull it all together, you get a better discount. You spend more to save more. >> Yeah, and also there's a human piece. We had an intern two summers ago playing with our Cloud. We're on a Cloud with our media plus stack left a service was playing around doing some tinkering and like, where's this bill? What is this extra $20,000 came from. It just, we left a service on... >> It's a really good point actually. It's something that we see almost every day right now which is customers also not understanding what they've put in the Cloud and what the implications of spikes are. And also therefore having really robust monitoring and processes and having a partner that can look after that for them. Otherwise we've got customers where they've been really shocked about not doing things the right way because they've empowered the business but also not with the maturity that the business needs to have that responsibility. >> And that's a great point. New people coming in and or people being platooned through new jobs are getting used to the Cloud. That's a great point. I got that brings up my security question 'cause this comes up a lot. So that's what's a lot of spend of people dialing up more security. Obviously people try everything with security, every tool, every platform, and throw everything at the problem. How does that impact the FinOps equation? 'Cause Dev SecOps is now part of everything. Okay, moving security at the CICD pipeline, that's cool. Check Cloud native applications, microservices event-based services check. But now you've got more security. How does that factor into the cost side? What you guys look at that can you share your thoughts on how your customers are managing their security posture without getting kind of over the barrel, if you will? >> Since we are at AWS re:Invent, right? We can talk about the well architected framework of AWS and there's six components to it. And there's reliability, there's security cost, performance quality, operational quality and sustainability. And so when we think about migrating apps to the Cloud or modernizing them in the Cloud security is always a table stakes. >> And it has to be, yeah, go ahead. >> I really like what AWS is doing with us on that. We partner very closely on that area. And to give you a parallel example of Microsoft I don't feel very good about that at the moment. We see a lot of customers right now that get hacked and normally it's... >> 'yeah that's such a topic. >> You mean on Azure? >> Yeah, and what happens is that they normally it's a crypto mining script that the customer comes in they come in as the customer get hacked and then they... We saw an incident the other day where we had 2,100 security incidents in a minute where it all like exploded on the customer side. And so that's also really important is that the customer's understanding that security element also who they're letting in and out of their organization and also the responsibility they have if things go bad. And that's also not aware, like when they get hacked, are they responsible for that? Are they not responsible? Is the provider... >> 'shared responsibility? >> Yeah. >> 'well that security data lake the open cybersecurity schema framework. That's going to be very interesting to see how that plays out to your point. >> Absolutely, absolutely. >> Yeah, it is fascinating and it does require a lot of collaboration. What other trends, what other big challenges are you seeing? You're obviously working with customers at incredible scale. What are some of the other problems you're helping them tackle? >> I think we work with customers from SMB all the way up to enterprise and public sector. But what we see is more in the enterprise space. So we see a lot of customers willing to commit a lot to the Cloud based on all the themes that we've set but not commit financially for all the PNLs that they run in all the business units of all the different companies that they may own in different countries. So it's like, how can I commit but not be responsible on the hook for the bill that comes in. And we see this all the time right now and we are working closely with AWS on this. And we see the ability for customers to commit centrally but decentralized billing, decentralized optimization and decentralized FinOps. So that's that educational layer within the business units who owns the PNL where they get that fitness and they own what they're spending but the company is alone can commit to AWS. And I think that's a big trend that we are seeing is centralized commitment but decentralized ownership in that model. >> And that's where the marketplaces kind of fit in as well. >> Absolutely. >> Yeah, yeah. Do you want to add some more on that? >> I mean the marketplace, if you're going to cut your bill you go to the marketplace right there you want single dashboard or your marketplace what's the customer going to do when they're going to tighten their belts? What do they do? What's their workflow, marketplace? What's the process? >> Well, on marketplaces, the larger companies will have a private marketplace with dedicated pricing managed service they can call off. But that's for the software of the shelf. They still have the data centers they still have all the legacy and they need to do the which ones are we going to keep which ones are we going to retire, we repurchase, we license, rehouse, relocate, all of those things. >> That's your wheelhouse. >> It's a three, yes is our wheelhouse. It's a three to five year process for most companies. >> This could be a tailwind for you guys. This is like a good time. >> I mean FinOps is super cool and super hot right now. >> Not that you're biased? (all laughing loudly) >> But look, it's great to see it because well we are the magic quadrant leader in software asset management, which is a pedigree of ours. But we always had to convince customers to do that because they're always worried, oh what you're going to find do I have an audit? Do I have to give Oracles some more money or SAP some more money? So there's always like, you know... >> 'don't, (indistinct). >> How compliant do I really want? >> Is anyone paying attention to this? >> Well FinOps it's all upside. Like it's all upside. And so it's completely flipped. And now we speak to most customers that are building FinOps internally and then they're like, hold on a minute I'm a bank. Why do I have hundred people doing FinOps? And so that's the trend that we've seen because they just get more and more value out of it all the time. >> Well also the key mindset is that the consumption based model of Cloud you mentioned Oracle 'cause they're stuck in that whoa, whoa, whoa, how many servers license and they're stuck in that extortion. And now they got Cloud once you're on a variable, what's the downside? >> Exactly and then you can look at all the applications, see where you can go serverless see where you can go native services all that sort of stuff is all upside. >> And for the major workloads like SAP and Oracle and Microsoft defined that customers save in the millions. >> Well just on that point, those VMware, SAP, these workloads they're being rolled and encapsulated into containers and Kubernetes run times moved into the Cloud, they're being refactored. So that's a whole nother ballgame. >> Yes. Lift and shift usually doesn't save you any money. So that's relocation with containers may save you money but in some cases you have to... >> 'it's more in the Cloud now than ever before. >> Yeah >> Yeah, yeah. >> Before we take him to the challenge portion we have a little quiz for you, or not a quiz, but a little prop for you in a second. I want to talk about your role. You have a very important role at the FinOps Foundation and why don't you tell me more about that? You, why don't you go. >> All right, so yeah I mean we are a founding member of the Finops organization. You can tell I'm super passionate about it as well. >> I wanted to keep that club like a poster boy for FinOps right now. It's great, I love the energy. >> You have some VA down that is going to go up on the table and dance, (all laughing loudly) >> We're ready for it. We're waiting for that performance here on theCUBE this week. I promise I would keep everyone up an alert... >> 'and it's on the post. And our value to the foundation is first of all the feedback we get from all our customers, right? We can bring that back as an organization to that also as one of the founding members. We're one of the only ones that really deliver services and platforms. So we'll work with Cloud health, Cloud ability our own platform as well, and we'll do that. And we have over 200 practitioners completely dedicated to FinOps as well. So, it's a great foundation, they're doing an amazing job and we're super proud to be part of that. >> Yeah, I love that you're contributing to the community as well as supporting it, looking after your customers. All right, so our new tradition here on theCUBE at re:Invent 'cause we're looking for your 32nd Instagram reel hot take sizzle of thought leadership on the number one takeaway most important theme of the show this year Bernd do you want to go first? >> Of the re:Invent show or whatever? >> You can interpret that however you want. We've gotten some unique interpretations throughout the week, so we're probing. >> Everybody's looking for the superpower to do more with less in the Cloud. That will be the theme of 2023. >> Perfect, I love that. 10 seconds, your mic very efficient. You're clearly providing an efficient solution based on that answer. >> I won't that much. That's... (laughing loudly) >> It's the quiz. And what about you Neil? Give us your, (indistinct) >> I'm going to steal your comment. It's exactly what I was thinking earlier. Tech is super resilient and tech is there for customers when they want to invest and modernize and do fun stuff and they're also there for when they want to save money. So we are always like a constant and you see that here. It's like this is... It's always happening here, always happening. >> It is always happening. It really can feel the energy. I hope that the show is just as energetic and fun for you guys. As the last few minutes here on theCUBE has been thank you both for joining us. >> Thanks. >> Thank you very much. >> And thank you all so much for tuning in. I hope you enjoyed this conversation about FinOps, Cloud confidence and all things AWS re:Invent. We're here in Las Vegas, Nevada with John Furrier, my name is Savannah Peterson. You're watching theCUBE, the leader in high tech coverage. (bright upbeat music)

>>Good morning fellow nerds and welcome back to AWS Reinvent. We are live from the show floor here in Las Vegas, Nevada. My name is Savannah Peterson, joined with my fabulous co-host John Furrier. Day two keynotes are rolling. >>Yeah. What do you thinking this? This is the day where everything comes, so the core gets popped off the bottle, all the announcements start flowing out tomorrow. You hear machine learning from swee lot more in depth around AI probably. And then developers with Verner Vos, the CTO who wrote the seminal paper in in early two thousands around web service that becames. So again, just another great year of next level cloud. Big discussion of data in the keynote bulk of the time was talking about data and business intelligence, business transformation easier. Is that what people want? They want the easy button and we're gonna talk a lot about that in this segment. I'm really looking forward to this interview. >>Easy button. We all want the >>Easy, we want the easy button. >>I love that you brought up champagne. It really feels like a champagne moment for the AWS community as a whole. Being here on the floor feels a bit like the before times. I don't want to jinx it. Our next guest, Scott Castle, from Si Sense. Thank you so much for joining us. How are you feeling? How's the show for you going so far? Oh, >>This is exciting. It's really great to see the changes that are coming in aws. It's great to see the, the excitement and the activity around how we can do so much more with data, with compute, with visualization, with reporting. It's fun. >>It is very fun. I just got a note. I think you have the coolest last name of anyone we've had on the show so far, castle. Oh, thank you. I'm here for it. I'm sure no one's ever said that before, but I'm so just in case our audience isn't familiar, tell us about >>Soy Sense is an embedded analytics platform. So we're used to take the queries and the analysis that you can power off of Aurora and Redshift and everything else and bring it to the end user in the applications they already know how to use. So it's all about embedding insights into tools. >>Embedded has been a, a real theme. Nobody wants to, it's I, I keep using the analogy of multiple tabs. Nobody wants to have to leave where they are. They want it all to come in there. Yep. Now this space is older than I think everyone at this table bis been around since 1958. Yep. How do you see Siente playing a role in the evolution there of we're in a different generation of analytics? >>Yeah, I mean, BI started, as you said, 58 with Peter Lu's paper that he wrote for IBM kind of get became popular in the late eighties and early nineties. And that was Gen one bi, that was Cognos and Business Objects and Lotus 1 23 think like green and black screen days. And the way things worked back then is if you ran a business and you wanted to get insights about that business, you went to it with a big check in your hand and said, Hey, can I have a report? And they'd come back and here's a report. And it wasn't quite right. You'd go back and cycle, cycle, cycle and eventually you'd get something. And it wasn't great. It wasn't all that accurate, but it's what we had. And then that whole thing changed in about two, 2004 when self-service BI became a thing. And the whole idea was instead of going to it with a big check in your hand, how about you make your own charts? >>And that was totally transformative. Everybody started doing this and it was great. And it was all built on semantic modeling and having very fast databases and data warehouses. Here's the problem, the tools to get to those insights needed to serve both business users like you and me and also power users who could do a lot more complex analysis and transformation. And as the tools got more complicated, the barrier to entry for everyday users got higher and higher and higher to the point where now you look, look at Gartner and Forester and IDC this year. They're all reporting in the same statistic. Between 10 and 20% of knowledge workers have learned business intelligence and everybody else is just waiting in line for a data analyst or a BI analyst to get a report for them. And that's why the focus on embedded is suddenly showing up so strong because little startups have been putting analytics into their products. People are seeing, oh my, this doesn't have to be hard. It can be easy, it can be intuitive, it can be native. Well why don't I have that for my whole business? So suddenly there's a lot of focus on how do we embed analytics seamlessly? How do we embed the investments people make in machine learning in data science? How do we bring those back to the users who can actually operationalize that? Yeah. And that's what Tysons does. Yeah. >>Yeah. It's interesting. Savannah, you know, data processing used to be what the IT department used to be called back in the day data processing. Now data processing is what everyone wants to do. There's a ton of data we got, we saw the keynote this morning at Adam Lesky. There was almost a standing of vision, big applause for his announcement around ML powered forecasting with Quick Site Cube. My point is people want automation. They want to have this embedded semantic layer in where they are not having all the process of ETL or all the muck that goes on with aligning the data. All this like a lot of stuff that goes on. How do you make it easier? >>Well, to be honest, I, I would argue that they don't want that. I think they, they think they want that, cuz that feels easier. But what users actually want is they want the insight, right? When they are about to make a decision. If you have a, you have an ML powered forecast, Andy Sense has had that built in for years, now you have an ML powered forecast. You don't need it two weeks before or a week after in a report somewhere. You need it when you're about to decide do I hire more salespeople or do I put a hundred grand into a marketing program? It's putting that insight at the point of decision that's important. And you don't wanna be waiting to dig through a lot of infrastructure to find it. You just want it when you need it. What's >>The alternative from a time standpoint? So real time insight, which is what you're saying. Yep. What's the alternative? If they don't have that, what's >>The alternative? Is what we are currently seeing in the market. You hire a bunch of BI analysts and data analysts to do the work for you and you hire enough that your business users can ask questions and get answers in a timely fashion. And by the way, if you're paying attention, there's not enough data analysts in the whole world to do that. Good luck. I am >>Time to get it. I really empathize with when I, I used to work for a 3D printing startup and I can, I have just, I mean, I would call it PTSD flashbacks of standing behind our BI guy with my list of queries and things that I wanted to learn more about our e-commerce platform in our, in our marketplace and community. And it would take weeks and I mean this was only in 2012. We're not talking 1958 here. We're talking, we're talking, well, a decade in, in startup years is, is a hundred years in the rest of the world life. But I think it's really interesting. So talk to us a little bit about infused and composable analytics. Sure. And how does this relate to embedded? Yeah. >>So embedded analytics for a long time was I want to take a dashboard I built in a BI environment. I wanna lift it and shift it into some other application so it's close to the user and that is the right direction to go. But going back to that statistic about how, hey, 10 to 20% of users know how to do something with that dashboard. Well how do you reach the rest of users? Yeah. When you think about breaking that up and making it more personalized so that instead of getting a dashboard embedded in a tool, you get individual insights, you get data visualizations, you get controls, maybe it's not even actually a visualization at all. Maybe it's just a query result that influences the ordering of a list. So like if you're a csm, you have a list of accounts in your book of business, you wanna rank those by who's priorities the most likely to churn. >>Yeah. You get that. How do you get that most likely to churn? You get it from your BI system. So how, but then the question is, how do I insert that back into the application that CSM is using? So that's what we talk about when we talk about Infusion. And SI started the infusion term about two years ago and now it's being used everywhere. We see it in marketing from Click and Tableau and from Looker just recently did a whole launch on infusion. The idea is you break this up into very small digestible pieces. You put those pieces into user experiences where they're relevant and when you need them. And to do that, you need a set of APIs, SDKs, to program it. But you also need a lot of very solid building blocks so that you're not building this from scratch, you're, you're assembling it from big pieces. >>And so what we do aty sense is we've got machine learning built in. We have an LQ built in. We have a whole bunch of AI powered features, including a knowledge graph that helps users find what else they need to know. And we, we provide those to our customers as building blocks so that they can put those into their own products, make them look and feel native and get that experience. In fact, one of the things that was most interesting this last couple of couple of quarters is that we built a technology demo. We integrated SI sensee with Office 365 with Google apps for business with Slack and MS teams. We literally just threw an Nlq box into Excel and now users can go in and say, Hey, which of my sales people in the northwest region are on track to meet their quota? And they just get the table back in Excel. They can build charts of it and PowerPoint. And then when they go to their q do their QBR next week or week after that, they just hit refresh to get live data. It makes it so much more digestible. And that's the whole point of infusion. It's bigger than just, yeah. The iframe based embedding or the JavaScript embedding we used to talk about four or five years >>Ago. APIs are very key. You brought that up. That's gonna be more of the integration piece. How does embedable and composable work as more people start getting on board? It's kind of like a Yeah. A flywheel. Yes. What, how do you guys see that progression? Cause everyone's copying you. We see that, but this is a, this means it's standard. People want this. Yeah. What's next? What's the, what's that next flywheel benefit that you guys coming out with >>Composability, fundamentally, if you read the Gartner analysis, right, they, when they talk about composable, they're talking about building pre-built analytics pieces in different business units for, for different purposes. And being able to plug those together. Think of like containers and services that can, that can talk to each other. You have a composition platform that can pull it into a presentation layer. Well, the presentation layer is where I focus. And so the, so for us, composable means I'm gonna have formulas and queries and widgets and charts and everything else that my, that my end users are gonna wanna say almost minority report style. If I'm not dating myself with that, I can put this card here, I can put that chart here. I can set these filters here and I get my own personalized view. But based on all the investments my organization's made in data and governance and quality so that all that infrastructure is supporting me without me worrying much about it. >>Well that's productivity on the user side. Talk about the software angle development. Yeah. Is your low code, no code? Is there coding involved? APIs are certainly the connective tissue. What's the impact to Yeah, the >>Developer. Oh. So if you were working on a traditional legacy BI platform, it's virtually impossible because this is an architectural thing that you have to be able to do. Every single tool that can make a chart has an API to embed that chart somewhere. But that's not the point. You need the life cycle automation to create models, to modify models, to create new dashboards and charts and queries on the fly. And be able to manage the whole life cycle of that. So that in your composable application, when you say, well I want chart and I want it to go here and I want it to do this and I want it to be filtered this way you can interact with the underlying platform. And most importantly, when you want to use big pieces like, Hey, I wanna forecast revenue for the next six months. You don't want it popping down into Python and writing that yourself. >>You wanna be able to say, okay, here's my forecasting algorithm. Here are the inputs, here's the dimensions, and then go and just put it somewhere for me. And so that's what you get withy sense. And there aren't any other analytics platforms that were built to do that. We were built that way because of our architecture. We're an API first product. But more importantly, most of the legacy BI tools are legacy. They're coming from that desktop single user, self-service, BI environment. And it's a small use case for them to go embedding. And so composable is kind of out of reach without a complete rebuild. Right? But with SI senses, because our bread and butter has always been embedding, it's all architected to be API first. It's integrated for software developers with gi, but it also has all those low code and no code capabilities for business users to do the minority report style thing. And it's assemble endless components into a workable digital workspace application. >>Talk about the strategy with aws. You're here at the ecosystem, you're in the ecosystem, you're leading product and they have a strategy. We know their strategy, they have some stuff, but then the ecosystem goes faster and ends up making a better product in most of the cases. If you compare, I know they'll take me to school on that, but I, that's pretty much what we report on. Mongo's doing a great job. They have databases. So you kind of see this balance. How are you guys playing in the ecosystem? What's the, what's the feedback? What's it like? What's going on? >>AWS is actually really our best partner. And the reason why is because AWS has been clear for many, many years. They build componentry, they build services, they build infrastructure, they build Redshift, they build all these different things, but they need, they need vendors to pull it all together into something usable. And fundamentally, that's what Cient does. I mean, we didn't invent sequel, right? We didn't invent jackal or dle. These are not, these are underlying analytics technologies, but we're taking the bricks out of the briefcase. We're assembling it into something that users can actually deploy for their use cases. And so for us, AWS is perfect because they focus on the hard bits. The the underlying technologies we assemble those make them usable for customers. And we get the distribution. And of course AWS loves that. Cause it drives more compute and it drives more, more consumption. >>How much do they pay you to say that >>Keynote, >>That was a wonderful pitch. That's >>Absolutely, we always say, hey, they got a lot of, they got a lot of great goodness in the cloud, but they're not always the best at the solutions and that they're trying to bring out, and you guys are making these solutions for customers. Yeah. That resonates with what they got with Amazon. For >>Example, we, last year we did a, a technology demo with Comprehend where we put comprehend inside of a semantic model and we would compile it and then send it back to Redshift. And it takes comprehend, which is a very cool service, but you kind of gotta be a coder to use it. >>I've been hear a lot of hype about the semantic layer. What is, what is going on with that >>Semantec layer is what connects the actual data, the tables in your database with how they're connected and what they mean so that a user like you or me who's saying I wanna bar chart with revenue over time can just work with revenue and time. And the semantic layer translates between what we did and what the database knows >>About. So it speaks English and then they converts it to data language. It's >>Exactly >>Right. >>Yeah. It's facilitating the exchange of information. And, and I love this. So I like that you actually talked about it in the beginning, the knowledge map and helping people figure out what they might not know. Yeah. I, I am not a bi analyst by trade and I, I don't always know what's possible to know. Yeah. And I think it's really great that you're doing that education piece. I'm sure, especially working with AWS companies, depending on their scale, that's gotta be a big part of it. How much is the community play a role in your product development? >>It's huge because I'll tell you, one of the challenges in embedding is someone who sees an amazing experience in outreach or in seismic. And to say, I want that. And I want it to be exactly the way my product is built, but I don't wanna learn a lot. And so you, what you want do is you want to have a community of people who have already built things who can help lead the way. And our community, we launched a new version of the SES community in early 2022 and we've seen a 450% growth in the c in that community. And we've gone from an average of one response, >>450%. I just wanna put a little exclamation point on that. Yeah, yeah. That's awesome. We, >>We've tripled our organic activity. So now if you post this Tysons community, it used to be, you'd get one response maybe from us, maybe from from a customer. Now it's up to three. And it's continuing to trend up. So we're, it's >>Amazing how much people are willing to help each other. If you just get in the platform, >>Do it. It's great. I mean, business is so >>Competitive. I think it's time for the, it's time. I think it's time. Instagram challenge. The reels on John. So we have a new thing. We're gonna run by you. Okay. We just call it the bumper sticker for reinvent. Instead of calling it the Instagram reels. If we're gonna do an Instagram reel for 30 seconds, what would be your take on what's going on this year at Reinvent? What you guys are doing? What's the most important story that you would share with folks on Instagram? >>You know, I think it's really what, what's been interesting to me is the, the story with Redshift composable, sorry. No, composable, Redshift Serverless. Yeah. One of the things I've been >>Seeing, we know you're thinking about composable a lot. Yes. Right? It's, it's just, it's in there, it's in your mouth. Yeah. >>So the fact that Redshift Serverless is now kind becoming the defacto standard, it changes something for, for my customers. Cuz one of the challenges with Redshift that I've seen in, in production is if as people use it more, you gotta get more boxes. You have to manage that. The fact that serverless is now available, it's, it's the default means it now people are just seeing Redshift as a very fast, very responsive repository. And that plays right into the story I'm telling cuz I'm telling them it's not that hard to put some analysis on top of things. So for me it's, it's a, maybe it's a narrow Instagram reel, but it's an >>Important one. Yeah. And that makes it better for you because you get to embed that. Yeah. And you get access to better data. Faster data. Yeah. Higher quality, relevant, updated. >>Yep. Awesome. As it goes into that 80% of knowledge workers, they have a consumer great expectation of experience. They're expecting that five ms response time. They're not waiting 2, 3, 4, 5, 10 seconds. They're not trained on theola expectations. And so it's, it matters a lot. >>Final question for you. Five years out from now, if things progress the way they're going with more innovation around data, this front end being very usable, semantic layer kicks in, you got the Lambda and you got serverless kind of coming in, helping out along the way. What's the experience gonna look like for a user? What's it in your mind's eye? What's that user look like? What's their experience? >>I, I think it shifts almost every role in a business towards being a quantitative one. Talking about, Hey, this is what I saw. This is my hypothesis and this is what came out of it. So here's what we should do next. I, I'm really excited to see that sort of scientific method move into more functions in the business. Cuz for decades it's been the domain of a few people like me doing strategy, but now I'm seeing it in CSMs, in support people and sales engineers and line engineers. That's gonna be a big shift. Awesome. >>Thank >>You Scott. Thank you so much. This has been a fantastic session. We wish you the best at si sense. John, always pleasure to share the, the stage with you. Thank you to everybody who's attuning in, tell us your thoughts. We're always eager to hear what, what features have got you most excited. And as you know, we will be live here from Las Vegas at reinvent from the show floor 10 to six all week except for Friday. We'll give you Friday off with John Furrier. My name's Savannah Peterson. We're the cube, the the, the leader in high tech coverage.

>>Hey everyone, and welcome back to Las Vegas. Viva Las Vegas, baby. This is the Cube live at AWS Reinvent 2022 with tens of thousands of people. Lisa Martin here with Dave Valante. Dave, we've had some great conversations. This is day one of four days of wall to wall coverage on the cube. We've been talking data. Every company is a data company. Data protection, data resiliency, absolutely table stakes for organizations to, >>And I think ecosystem is the other big theme. And that really came to life last year. You know, we came out of the pandemic and it was like, wow, we are entering a new era. People no longer was the ecosystem worried about it, AWS competing with them. They were more worried about innovating and building on top of AWS and building their own value. And that's really, I think, the theme of the 2020s within the ecosystem. >>And we're gonna be talking about building on top of aws. Two guests join us, two alumni join us. Stephen Manley is here, the CTO of Druva. Welcome back. Jason crat as well is here. CIO and CTO of Summit Carbon Solutions. Guys, great to have you back on the program. >>Thank you. >>Let's start with you giving the audience an understanding of the company. What do you guys do? What do you deliver value for customers? All that good >>Stuff. Yeah, no, for sure. So Summit Carbon is the world's largest carbon capture and sequestration company capturing close to 15 million tons of carbon every year. So it doesn't go into the atmosphere. >>Wow, fantastic. Steven, the, the risk landscape today is crazy, right? There's, there's been massive changes. We've talked about this many times. What are some of the things, you know, ransomware is a, is, I know as you say, this is a, it's not a, if it's gonna happen, it's when it's how frequent, it's what's gonna be the damage. What are some of the challenges and concerns that you're hearing from customers out there today? >>Yeah, you know, it really comes down to three things. And, and everybody is, is terrified of ransomware and justifiably so. So, so the first thing that comes up is, how do I keep up? Because I have so much data in so many places, and the threats are evolving so quickly. I don't have enough money, I don't have enough people, I don't have enough skilled resources to be able to keep up. The second thing, and this ties in with what Dave said, is, is ecosystem. You know, it used to be that your, your backup was siloed, right? They'd sit in the basement and, and you wouldn't see, see them. But now they're saying, I've gotta work with my security team. So rather than hoping the security team stays away from me, how do I integrate with them? How do I tie together? And then the third one, which is on everybody's mind, is when that attack happens, and like you said, it's win and, and the bell rings and they come to me and they say, all right, it's time for you to recover. It's time for, for all this investment we've put in. Am I gonna be ready? Am I going to be able to execute? Because a ransom or recovery is so different than any other recovery they've ever done. So it's those three things that really are top of mind for >>How, so what is the, what are the key differences, if you could summarize? I mean, I >>Know it's so, so the first one is you can't trust the environment you're restoring into. Even with a disaster, it would finish and you'd say, okay, I'm gonna get my data center set up again and I'm gonna get things working. You know, when I try to recover, I don't know if everything's clean yet. I'm trying to recover while I'm still going through incident response. So that's one big difference. A second big difference is I'm not sure if the thing I'm recovering is good, I've gotta scan it. I've gotta make sure what's inside it is, is, is alright. And then the third thing is what we're seeing is the targets are usually not necessarily the crown jewels because those tend to be more protected. And so they're running into this, I need to recover a massive amount of what we might call tier two, tier three apps that I wasn't ready for because I've always been prepared for that tier one disaster. And so, so those three things they go, it's stuff I'm not prepared or covering. It's a flow. I'm not used to having to check things and I'm not sure where I'm gonna recover too when the, when the time comes. >>Yeah, just go ahead. Yeah, that's right. I mean, I think for me, the biggest concern is the blind spots of where did I actually back it up or not. You know, what did I get it? Cuz you, we always protect our e r p, we always protect these sort of classes of tiers of systems, but then it's like, oh, that user's email box didn't get it. Oh, that, you know, that one drive didn't get it. You know, or, or, or whatever it is. You know, the infrastructure behind it all. I forgot to back that up. That to me the blind spots are the scariest part of a ransomware attack. >>And, and if you think about it, some of the most high profile attacks, you know, on the, on the colonial pipeline, they didn't go after the core assets. They went after billing. That's right. But billing brought everything down so they're smart enough to say, right, I'm not gonna take the, the castle head on. Is there is they're that. Exactly. >>And so how do you, I get, I mean you can air gap and do things like that in terms of protecting the, the, the data, the corrupt data. How do you protect the corrupt environment? Like that's, that's a really challenging issue. Is >>It? I don't know. I mean, I'll, I'll you can go second here. I think that what's interesting to me about is that's what cloud's for. You can build as many environments as you want. You only pay for what you use, right? And so you have an opportunity to just reconstruct it. That's why things, everything is code matters. That's why having a cloud partner like Druva matters. So you can just go restore wherever you need to in a totally clean environment. >>So the answer is you gotta do it in the cloud. Yeah. What if it's on prem? >>So if it's on prem, what we see people do is, and, and, and this is where testing and, and where cloud can still be an asset, is you can look and say a lot of those assets I'm running in the data center, I could still recover in the cloud. And so you can go through DR testing and you can start to define what's in your on-prem so that you could make it, you know, so you can make it cloud recoverable. Now, a lot of the people that do that then say, well actually why am I even running this on prem anymore in the first place? I should just move this to the cloud now. But, but, but there are people in that interim step. But, but, but it's really important because you, you're gonna need a clean environment to play in. And it's so hard to have a clean environment set up in a data center cuz it basically means I'm not touching this, I'm just paying for something to sit idle. Whereas cloud, I can spin that up, right? Get a, a cloud foundation suite and, and just again, infrastructures code, spin things up, test it, spin it down. It doesn't cost me money on a daily basis. >>Jason, talk a little bit about how you are using Druva. Why Druva and give us a kind of a landscape of your IT environment with Druva. >>Yeah. You know, so when we first started, you know, we did have a competitor solution and, and, and it was only backing up, you know, we were a startup. It was only backing up our email. And so as you pointed out, the ecosystem really matters because we grew out of email pretty quick as a startup. And we had to have real use cases to protect and the legacy product just wouldn't support us. And so our whole direction, or my direction to my team is back it up wherever it is, you know, go get it. And so we needed somebody in the field, literally in the middle of Nebraska or Iowa to have their laptop backed up. We needed our infrastructure, our data center backed up and we needed our, our SaaS solutions backed up. We needed it all. And so we needed a partner like Druva to help us go get it wherever it's at. >>Talk about the value in, with Druva being cloud native. >>Yeah. To us it's a big deal, right? There's all sorts of products you could go by to go just do endpoint laptop protection or just do SAS backups. For us, the value is in learning one tool and mastering it and then taking it to wherever the data is. To me, we see a lot of value for that because we can have one team focus on one product, get good at it, and drive the value. >>That consolidation theme is big right now, you know, the economic headwinds and so forth. What was the catalyst for you? Was it, is that something you started, you know, years ago? Just it's good practice to do that? What's, >>Well, no, I mean luckily I'm in a very good position as a startup to do define it, you know, but I've been in those legacy organizations where we've got a lot of tech debt and then how do you consolidate your portfolio so that you can gain more value, right? Cause you only get one budget a year, right? And so I'm lucky in, in the learnings I've had in other enterprises to deal with this head on right now as we grow, don't add tech debt, put it in right. Today. >>Talk to us a little bit about the SaaS applications that you're backing up. You know, we, we talk a lot with customers, the shared, the shared responsibility model that a lot of customers aren't aware of. Where are you using that competing solution to protect SaaS applications before driven and talk about Yeah. The, the value in that going, the data protection is our responsibility and not the SA vendor. >>No, absolutely. I mean, and it is funny to go to, you know, it's like Office 365 applications and go to our, our CFO and a leadership and be like, no, we really gotta back it up to a third party. And they're like, but why? >>It's >>In the cloud, right? And so there's a lot of instruction I have to provide to my peers and, and, and my users to help them understand why these things matter. And, and, and it works out really well because we can show value really quick when anything happens. And now we get, I mean, even in SharePoint, people will come to us to restore things when they're fully empowered to do it. But my team's faster. And so we can just get it done for them. And so it's an extra from me, it's an extra SLA or never service level I can provide to my internal customers that, that gives them more faith and trust in my organization. >>How, how are the SEC op teams and the data protection teams, the backup teams, how are they coming together? Is is, is data protection backup just morphing into security? Is it more of an adjacency? What's that dynamic like? >>So I'd say right now, and, and I'll be curious to hear Jason's organization, but certainly what we see broadly is, you know, the, the teams are starting to work together, but I wouldn't say they're merging, right? Because, you know, you think of it in a couple of ways. The first is you've got a production environment and that needs to be secured. And then you've got a protection environment. And that protection environment also has to be secured. So the first conversation for a lot of backup teams is, alright, I need to actually work with the security team to make sure that, that my, my my backup environment, it's air gapped, it's encrypted, it's secured. Then I think the, the then I think you start to see people come together, especially as they go through, say, tabletop exercises for ransomware recovery, where it's, alright, where, where can the backup team add value here? >>Because certainly recovery, that's the basics. But as there log information you can provide, are there detection pieces that you can offer? So, so I think, you know, you start to see a partnership, but, but the reality is, you know, the, the two are still separate, right? Because, you know, my job as a a protection resiliency company is I wanna make sure that when you need your data, it's gonna be there for you. And I certainly want to, to to follow best secure practices and I wanna offer value to the security team, but there's a whole lot of the security ecosystem that I want to plug into. I'm not trying to replace them again. I want to be part of that broader ecosystem. >>So how, how do you guys approach it? Yeah, >>That's interesting. Yeah. So in my organization, we, we are one team and, and not to be too cheesy or you know, whatever, but as Amazon would say, security is job one. And so we treat it as if this is it. And so we never push something into production until we are ready. And ready to us means it's got a security package on it, it's backed up, the users have tested it, we are ready to go. It's not that we're ready just be to provide the service or the thing. It's that we are actually ready to productionize this. And so it's ready for production data and that slows us down in some cases. But that's where DevOps and this idea of just merging everything together into a central, how do we get this done together, has worked out really well for us. So, >>So it's really the DevOps team's responsibility. It's not a separate data protection function. >>Nope. Nope. We have specialists of course, right? Yeah, yeah. Because you need the extra level, the CISSPs and those people Yeah, yeah. To really know what they're doing, but they're just part of the team. Yeah. >>Talk about some of the business outcomes that you're achieving with Druva so far. >>Yeah. The business outcomes for me are, you know, I meet my SLAs that's promising. I can communicate that I feel more secure in the cloud and, and all of my workloads because I can restore it. And, and that to me helps everybody in my organization sleep well, sleep better. We are, we transport a lot of the carbon in a pipeline like Colonial. And so to us, we are, we are potential victims of, of a pipe, a non pipeline group, right? Attacking us, but it's carbon, you know, we're trying to get it outta atmosphere. And so by protecting it, no matter where it is, as long as we've got internet access, we can back it up. That provides tons of value to my team because we have hundreds of people in the field working for us every day who collect data and generate it. >>What would you say to a customer who's maybe on the fence looking at different technologies, why dva? >>You know, I think, you know, do the research in my mind, it'll win if you just do the research, right? I mean, there might be vendors that'll buy you nice dinners or whatever, and those are, those are nice things, but the, the reality is you have to protect your data no matter where it is. If it's in a SaaS application, if it's in a cloud provider, if it's infrastructure, wherever it is, you need it. And if you just go look at the facts, there it is, right? And so I, I'd say be objective. Look at the facts, it'll prove itself. >>Look at the data. There you go. Steven Druva recently announced a data resiliency guarantee with a big whopping financial sum. Talk to us a little bit about that, the value in it for your customers and for prospects, >>Right? So, so basically there's, there's really two parts to this guarantee. The first is, you know, across five different SLAs, and I'll talk about those, you know, if we violate those, the customers can get a payout of up to 10 million, right? So again, putting, putting our money where our mouth is in a pretty large amount. But, but for me, the exciting part, and this is, this is where Jason went, is it's about the SLAs, right? You know, one of Drew's goals is to say, look, we do the job for you, we do the service for you so you can offer that service to your company. And so the SLAs aren't just about ransomware, some of them certainly are, you know, that, that you're going to be able to recover your data in the event of a ransomware attack, that your data won't get exfiltrated as part of a ransomware attack. >>But also things like backup success rates, because as much as recovery matters a lot more than backup, you do need a backup if you're gonna be able to get that recovery done. There's also an SLA to say that, you know, if 10 years down the road you need to recover your data, it's still recoverable, right? So, so that kind of durability piece. And then of course the availability of the service because what's the point of a service if it's not there for you when you need it? And so, so having that breadth of coverage, I think really reflects who Druva is, which is we're doing this job for you, right? We want to make this this service available so you can focus on offering other value inside your business. And >>The insurance underwriters, if they threw holy water on >>That, they, they, they were okay with it. The legal people blessed it, you know, it, you know, the CEO signed off on it, the board of directors. So, you know, it, and it, it's all there in print, it's all there on the web. If you wanna look, you know, make sure, one of the things we wanted to be very clear on is that this isn't just a marketing gimmick that we're, we're putting, that we're putting substance behind it because a lot of these were already in our contracts anyway, because as a SAS vendor, you're signing up for service level agreements anyway. >>Yeah. But most of the service level agreements and SaaS vendors are crap. They're like, you know, hey, you know, if something bad happens, you know, we'll, we'll give you a credit, >>Right? >>For, you know, for when you were down. I mean, it's not, you never get into business impact. I mean, even aws, sorry, I mean, it's true. We're a customer. I read define print, I know what I'm signing up for. But, so that's, >>We read it a lot and we will not, we don't really care about the credits at all. We care about is it their force? Is it a partner? We trust, we fight that every day in our SLAs with our vendors >>In the end, right? I mean this, we are the last line of defense. We are the thing that keeps the business up and running. So if your business, you know, can't get to his data and can't operate, me coming to you and saying, Dave, I've got some credits for you after you, you know, after you declare bankruptcy, it'll be great. Yeah, that's not a win. >>It's no value, >>Not helpful. The goal's gotta be, your business is up and running cuz that's when we're both successful. So, so, so, you know, we view this as we're in it together, right? We wanna make sure your business succeeds. Again, it's not about slight of hand, it's not about, you know, just, just putting fine print in the contract. It's about standing up and delivering. Because if you can't do that, why are we here? Right? The number one thing we hear from our customers is Dr. Just works. And that's the thing I think I'm most proud of is Druva just works. >>So, speaking of Juva, just working, if there's a billboard in Santa Clara near the new offices about Druva, what's, what's the bumper sticker? What's the tagline? >>I, I, I think, I think that's it. I think Druva just works. Keeps your data safe. Simple as that. Safe and secure. Druva works to keep your data safe and secure. >>Saved me. >>Yeah. >>Truva just works. Guys, thanks so much for joining. David, me on the program. Great to have you back on the cube. Thank you. Talking about how you're working together, what Druva is doing to really putting, its its best foot forward. We appreciate your insights and your time. Thank >>You. Thanks guys. It's great to see you guys. Likewise >>The show for our guests and Dave Ante. I'm Lisa Martin, you're watching the Cube, the leader in enterprise and emerging tech coverage.

>>Good morning, everyone from Chicago Live. The Cube is live at Ansible Fast 2022. Lisa Martin and John Ferer are here for two days of multiple coverage on the cube. Very excited to be back in person. Ansible's 10th anniversary, the first in-person event. John, since 2019. Yeah, great to be perfect. One of the nuggets dropped this morning and I know you was Opss code. >>Yeah, we're gonna hear about that OPSIS code here in this segment. We're gonna get in, but the leader of the, the business unit at Ansible, part of Red Hat. So look forward >>To this. Exactly. Tom Anderson joins us, one of our alumni. Welcome back to the program. Thank you. The VP and general manager of Red Hat. First of all, how great is it to be back in person with live guests and an engaged audience and then robust community? >>It is amazing. It really is. I kind of question whether this day was ever gonna come again after three years of being apart, but to see the crowd here and to see, like you said, the energy in the room this morning and the keynotes, it's fantastic. So it's fa I just couldn't be happier. >>So opsis code nugget drop this morning. Yep. We wanna dissect that with you as, as that was mentioned in the keynote this morning. As Ansible is pushing into the cloud and and into the edge, what does OPSIS code mean for end users and how is it gonna help them to use a term that was used a lot in the keynote level up their automation? >>Yeah, so what we see is, look, the day zero, day one provisioning of infrastructure. There's lots of tools, there's lots of ways to do that. Again, it's just the company's ambition and dedication to doing it. The tools are there, they can do that. We see the next big opportunity for automation is in day two operations. And what's happening right now in ops is that you have multiple clouds, you've got multiple data centers and now you've got edge environments. The number of things to manage on a day-to-day basis is only increasing. The complexity is only increasing this idea of a couple years ago where we're gonna do shift everything left onto the developer. It's nice idea, but you still have to operate these environments on a day two basis. So we see this opportunity as opsis code, just like we did infrastructures code, just like we did configuration as code. We see the next frontier as operations code. >>Yeah, and this is really a big trend as you know with cube reporting a lot on the cloud native velocity of the modern application developer these days, they're under, they're, it's a great time to be a software developer because all the open source goodness is happening, but they're going faster. They want self-service, they want it built in secure, They need guardrails, they need, they need faster ops. So that seems to be the pressure point. Is ops as code going to be that solution? Because you have a lot of people talking about multi-cloud, multiple environments, which sounds great on paper, but when you try to execute it, Yeah, there's complexity. So you know, the goal of complexity management has really been one of the key things around ops. How do I keep speed up and how do I reduce the complexities? These are big. How does, how does ops code fit into that? >>Yeah, so look, we, we see Ansible as this common automation back plane, if you will, that goes across all of these environments. It provides a common abstraction layer so that whether you're running on Azure, whether you're a GCP or whether you're AWS or whether you're, you know, a PLC out on a shop industrial edge floor with a plc, each of those things need to be automated. If we can abstract that into a common automation language, then that allows these domain experts to be able to offer their services to developers in a way that promotes the acceleration, if you will, of those developers tasks. And that developer doesn't have to know about the underlying complexities of storage or database or cloud or edge. They can just do their >>Job. You know, Tom, one of the things I observed in Keynote, and it comes across every time I, we have an event and in person it's more amplified. Cause you see it, the loyalty of the customer base. You have great community. It's very not corporate like here. It's very no big flashy news. But there's some news, hard news, It's very community driven. Check the box there. So continuing on the roots, I wanna get your thoughts on how now the modern era we're in, in this world, the purchasing power, again, I mentioned multicloud looks good on paper, which every CX I wanna be multiple clouds. I want choice now. Now you talk to the people running things like, whoa, hold on, boss. Yeah, the bottoms up is big part of the selection process of how people select and buying consume technology with open source, you don't need to like do a full buy. You can use open source and then get Ansible. Yeah. This is gonna be a big part of how the future of buying product is and implementing it. So I think it's gonna be a groundswell, bottoms up market in this new cloud native with O in the ops world. What's your reaction to that? What's your thoughts? >>So here, here's my thoughts. The bulk of the people here are practitioners. They love Ansible, they use Ansible in their day to day job. It's how it helped, makes 'em successful. Almost every executive that I go out and talk to and our customers, they tell me one of their number one pro or their number one problem is attracting you talent and retaining the talent that they have. And so how can they do that? They can give them the tools to do their job, the tools that they actually like. So not a top down, you know, old fashioned systems management. You're gonna use this tool whether you like it or not. But that bottoms up swell of people adopting open source tools like Ansible to do their job and enjoy it. So I see it as a way of the bottoms up addressing the top down initiative of the organization, which is skills retention, skills enhancement. And that's what we focus on here at this event. Are the practitioners, >>Is that the biggest customer conversation topic these days? Is this the skills gap, retention, attraction talent? Would you say it's more expansive as the organizations are so different? >>Well, so a lot of the folks that I meet are, you know, maybe not sea level, but they're executives in the organization, right? So they're struggling with attract, you know, pretty much everywhere I go, I was in Europe this summer, conversation was always the same. We got two problems. Tracking people. We can't find people, people we find we can't afford. So we need to automate what they would do. And, and then the second piece is the complexity of our environment is growing, right? I'm being asked to do more and I can't find more people to do it. What's my solution? It's automation, you know, at the end of the day, that's what it comes down to. >>It's interesting, the people who are gonna be involved in the scaling horizontally with automation are gonna have the keys to the kingdom. The old joke when it was, you know, they run everything. They power the business now the business is digital. You gotta be hybrid. So we see hybrids a steady state right now, hybrid cloud. When you bring the edge into the equation, how do you see that developing? Because we think it's gonna be continually be hybrid and that's gonna extend out on the edge. What is the ansible's view on how the edge evolves? What's, what's going on there? Can you share your thoughts on the expansion to the edge? >>There's a, our experience is there's a rapid modernization happening out at the edge, industrial edge, you know, oil and gas platforms, retail locations, industrial floors, all that kind of stuff. We see this convergence of OT and IT happening right now where some of the disciplines that enterprises have used in the IT area are gonna expand out into ot. But some of the requirements of ot of not having skilled IT resources, you know, in the store, in the fast food restaurant, on the oil platform, needing to have the tools to be able to automate those changes remotely. We're seeing a real acceleration of that right now. And frankly, Ansible's playing a big role in that. And it's connecting a lot of the connective tissue is around network. What is the key piece that connects all of this environment as network and those number of endpoints that need to be managed. Ansible is, you know, >>It's way use case for Ansible because Ansible built their business on configuration automation, which was don't send someone out to that branch office back in the old days. Exactly. Do it. Manual versus automation. Hey, automation every time. Yes. This is at large scale. I mean the scale magnitude, can you scope the scale of what's different? I mean go even go back 10 years, okay, where we were and how we got here, where we are today. Scope the size of the scale that's happening here. >>You know, hundreds of thousands of endpoints and things. That's not even the API points, but that's the kind of compute points, the network points, the servers it's in. It's, it's, you know what we would've never thought, you know, 10 years ago, a thousand endpoints was a lot or 10,000 endpoints was a lot of things to manage when you start talking about network devices. Yeah, yeah. Home network devices for employees that are remote employees that need to be in a secured network. Just the order of magnitude, maybe two orders of magnitude larger than it has been in the past. And so again, coming home to the automation world, >>The world's spun in your front, your front door right now. >>Yeah, yeah, yeah, >>Absolutely. Talk about, you talked about the acceleration. If we think of about the proliferation of, of devices online, especially the last two years, when, to your point, so many people shifted to remote and are still there. What are some of the, the changes in automation that we've seen as businesses have had to pivot and change so frequently and so many times to be successful? >>Yeah, so here's what we've seen, which is it's no longer acceptable for the owner of the network team or the ownership of the database or of the storage facility to, you can't wait for them to offer their service to people. Self-service is now the rule of thumb, right? So how can those infrastructure owners be able to offer their services to non IT people in a way that manages their compliance and makes them feel that they can get those resources without having to come and ask. And they do that by automating with Ansible and then offering those as package services out to their developers, to their QE teams, to their end users, to be able to consume and subscribe to that infrastructure knowing that they are the ones who are controlling how it's being provisioned, how it's being used. >>What are some of the, there were some great customers mentioned this morning in the keynote, but do you have a favorite example of a customer, regardless of industry that you think really shows the value and, and the evolution of the Ansible platform in its first 10 years and that really articulates the business value that automation delivers to a company? >>Yeah, no, it's a great question. I would think that, you know, if you wound the clock back 10 years, Ansible was all about server configuration management, right? That's what it was about was per provisioning, provisioning, you know, VMware infrastructure, vSphere, and then loading on VMs on top of that as it's expanded into network, into security and to storage and to database into cloud. It's become a much broader platform, if you will. And a good example is we have a customer, large oil and gas customer who is modernizing their oil platforms. I can imagine I not, I've not been on one, but I imagine the people that are out working on that oil platforms have greasy hands that are pushing on things. And they had this platform that the technology modernization included Azure. So connecting to data on Azure, rolling out new application updates, has to have a firewall, has to have network capabilities, has to have underlying OS to be able to do that. And Ansible was the glue that brought all that together to be able to modernize that oil platform. And so for me, that's the kind of thing where it sort of makes it real. You know, the actual businesses, >>The common set of services, this is, this is where we're seeing multi-cloud. Yeah. You start to have that conversation where, okay, I got this edge, it kind of looks the same, I gotta make it work. I'm a developer, I want some compute, I want to put this together. I have containers and orchestration behind it and kind of seeing the same kind of pattern. Yeah. Evolving at scale. So you guys have the platform, okay, I'm an open source. I love the open source. I got the platform 2.3, I see supply chain management in there. You got trusted signatures. That's a supply chain. We've been hearing a lot about security in the code. What else is in the platform that's updated? Can you share the, the, the new things that people should pay attention to in the platform? >>Yeah, we're gonna talk about a couple of things smaller around event driven Ansible, which is bringing Ansible into that really day two ops world where it's sort of hands free automation and, and, and operations where rather than someone pushing a button to trigger or initiate a piece of, of automation, an event will take place. I've detected an outta space condition, I've detected a security violation, I've detected something. Go to a rule book. That rule book will kick off in automation close that remediate that problem and close the thing without anyone ever having to do anything with that. So that's kind of one big area. And we're gonna talk tomorrow. We've got a real special announcement tomorrow with our friends from IBM research that I'm gonna, >>We'll have you on 10 30 Martha Calendars. >>But there's some really great stuff going on on the platform as we start to expand these use cases in multiple directions and how we take Ansible out to more and more people, automation out to more and more people from the inside, experts out to the consumers of automation, make it easier to create automation. >>Yeah. And one of the things I wanted to follow up on that and the skill gap, tying that together is you seeing heard in the keynote today around Stephanie was talking about enterprise architecture. It's not, I won't say corner case answer. I mean it's not one niche or narrow focus. Expanding the scope was mentioned by Katie, expand your scope grow, you got a lot of openings. People are hire now, Now Ansible is part of the enterprise architecture. It's not just one thing, it's, it's a complete, Explain what that means for the folks out there. Yeah. >>So when you start to connect what I call the technology domains, so the network team uses Ansible to automate their network infrastructure and configure all their systems. And the compute team uses it to deploy new servers on aws. And the security ops team use it to go out and gather facts when they have a threat detection happening and the storage team is using it to provision storage. When you start to then say, Okay, we have all these different domains and we want to connect those together into a set of workflows that goes across all of those domains. You have this common language and we're saying, okay, so it's not just the language, it's also the underlying platform that has to be scalable. It's gotta be secure. We talked about signing content. I mean, people don't understand the risk of an automation gone wild. You can, you can do a lot of damage to your infrastructure real fast with automation, just like you can do repair, right? So is what's running in my environment secure? Is it performant and is it scalable? I mean, those are the two, those are the three areas that we're really looking at with the platform right >>Now. Automation gone wild, it sounds like the next reality TV show. Yeah, I >>May, I may regret saying that. >>Sounds >>Like great. Especially on live tv. Great, >>Great podcast title right there. I made a mental note. Automation Gone Wild episode one. Here we are >>Talk about Ansible as is really being the, the catalyst to allow organizations to truly democratize automation. Okay. You, you talked about the different domains there and it seems to me like it's, it's positioned to really be the catalyst that's the driver of that democratization, which is where a lot of people wanna get to. >>Yeah. I mean for us, and you'll see in our sessions at Ansible Fest, we talk a lot about the culture, the culture of automation, right? And saying, okay, how do you include more and more people in your organization in this process? How can you get them to participate? So we talk about these ideas of communities of practice. So we bring the open source, the concepts of open source communities down into enterprises to build their own internal communities of practice around Ansible, where they're sharing best practices, skills, reusable content. That is one of the kind of key factors that we see as a success in inside organizations is the scales, is sort of bringing everybody into that culture of automation and not being afraid of automation saying, Look, it's not gonna take my job, it's gonna help me do my job better. >>Exactly. That automation argument always went, went to me crazy. Oh yeah, automating is gonna take my job away. You know, bank teller example, there's more bank tellers now than ever before. More atm. So the, the job shifts, I mean the value shifts. Yeah. This is kind of where the, where the automation helps. What's real quick, final minute we have left. Where does that value shift? I'm the person being automated away or job. Yeah. Where do you see the value job? Cause it's still tons of openings for people's skills, >>You know? So we see the shift from, particularly in operations from, here's my job, I look at a ticket queue, I grab a ticket, it's got a problem, I go look at a log, I look for a string and a log, I find out the air and I go, configuration change that. That's not a really, I wouldn't call that a fund existence for eight or 10 hours a day, but the idea, if I can use automation to do that for me and then focus on innovating, creating new capabilities in my environment, then you start to attract a new, you know, the next generation of operations people into a much more exciting role. >>Yeah. Architects too, they turned into architects that turned into the multiple jobs scope. It's like multi-tool player. It's like >>A, you know, Yeah, yeah. The five tool player, >>Five tool player in baseball is the best of the best. But, but kind of that's what's >>Happening. That's exactly what's happening, right? That's exactly what's happening. And it helps address that skills challenge. Yeah. And the talent challenge that organizations have as well. >>And everybody wants to be able to focus on delivering value to the organization. I have to get the end of the day. That's a human component that we all want. So it sounds like Ansible is well on its way to helping more and more organizations across industries achieve just that. Tom, it's great to have you back on the program. Sounds like you're coming back tomorrow, so we get day two of Tom. All right, excellent. Look forward to it. Congratulations on the first in-person event in three years and we look forward to talking to you >>Tomorrow. Thank you so much. >>All right, for our guests and John Furrier, I'm Lisa Martin. You're watching The Cube Live from Chicago, Day one of our coverage of Ansible Fest 2022. Stick around. John and I welcome back another Cube alumni next.

>>The Cube Presents UI Path Forward five. Brought to you by UI Path. >>Hi everybody. We're back. David Ante with David Nicholson. This is UiPath Forward five from Las Vegas. We're live, you know, the customers here, they're automating all the time, sucking work and the cube. We're sucking all the information out of the experts and the customers. A bar Toban is here. He's the global business, Shared services, leading automation and AI at PepsiCo. And Para Colan is back is the chief, He's the chief product officer, UiPath longtime Cube alum. Great to see you guys. Thanks for coming on. Great to see us all day. So you guys keynote today, you know, excited to have PepsiCo on. I'm not sure I've ever interviewed PepsiCo in the Cube, but tell us about your role there. >>Absolutely. So I'm part of a PepsiCo global business shared services team. I lead automation and AI capabilities. GBS has, you know, we started GBS portfolio back about three and a half years ago, and we have a six hubs across PepsiCo. And as, as a part of my role, we deliver transformational capability across the PepsiCo. >>When did it all start? >>About three and a half years ago, 2019. So >>Prior to the pandemic. Yeah. You know, versus the pandemic was a catalyst for this. Yeah. But it was at the catalyst, but maybe it sped it up a bit. Yeah. >>PepsiCo journey started with, if, if you look at the PepsiCo, you know, the automation journey, it started back in 2017, but the GBS portfolio took shape back in 2019. So prior to that, you know, PepsiCo was definitely, you know, working on lot of, you know, the automation capabilities and automation product across, you know, PepsiCo. But with the introduction of PepsiCo global business shared services team, we are, you know, centralizing a lot of transformation capability, you know, across the functions that, that we support within the >>PepsiCo and, and UI path. Was going to part of that journey all along? Or was there sort of other activities beforehand or how >>No, no, absolutely. Starting from 2017, if I, you know, remembered, you know, with the vision of our, you know, some of our senior leadership team and recognizing the value of, you know, automation in the core, you know, capability as a transformation at that time, you know, we started with just like anybody else, right? We started with, you know, proof of concept, showed some, you know, early wins and the value back to the business, start setting up some, you know, business processes and capabilities, stood up the platform, build a complete, you know, ecosystem around that, you know, platform and partnership with, you know, UI bot team. And you know, from there, here we are five years. I mean, it's, it's a, it's a, it's a, it's a very critical component to our digital transformation capability and, and yes, leverage across >>Let's talk platform. So you, you guys have made some announcements this week. You talk about the business automation platform. I remember our first forward was, you know, RPA tool. Okay. Yeah. And then you guys made acquisitions. I was there for that. So the process process cold and then people started to really expand it and it's really come in amazingly long way in a short time. So what did you guys announce today? What'd you talk about on stage 20, 22, 10? Tell us more about it. >>Absolutely, Dave. So you've seen the journey, you've been with us since the early days. You know, we were in 2017 and RPA tool that could automate a representative task that happened over and over again in the environment. And then three years ago you were here when we announced the automation platform, we said, it's not just about a task, it's about involving humans in bots to manage end to end processes. It's about discovering what automation opportunities exist. It's about using ai. Pepsi Co was actually the pioneer of using AI along with automation. You know, we were in stage together with them in, in 2019. And where we are now is we're essentially seeing people want to take the next step with automation. They're saying that it's no longer just an automation tool, It's the way we operate. It's the way we innovate in the organization. So they're really making sure that it becomes a part of their digital transformation journey that they're on. >>And they're saying that we can do the digital transformation by consolidating multiple DRP systems and CRM systems. And that'll take us seven years to do, or we can go with UI path and we can leverage the core that we can leverage the GL system that exists today. We can leverage inventory tracking system that exists today and start to build processes on top of that that can adapt to what customers are trying to do in this digital age. And that's where, you know, we've made announcements today is, is really pivot the platform to be a business automation platform. And there's sort of three layers, you know, unique but you know, connected layers of the platform. The first one is discover. And Discover is all about finding your processes, identifying the opportunities, making sure that you are managing the return on investment. What is the process? You know, how are you getting ROI on it? >>The second one is automated, and that is really where we're applying semantic automation to identify the digital building blocks of an enterprise, which is your data, your document, your screens and communication. Like putting all of that together and saying you can automate our processes, leveraging a lot of intelligence that exist in how business processes are done. And the last one is operate, which is if you're trying to execute a business process at scale, you're processing not just, you know, a task thousand times, but you are fulfilling millions of transactions. You're, you know, you're looking at trillions of records to identify what processes you need. A scalable enterprise platform that's able to ingest a lot of data, report on metrics, reporting efficiency. So that's what we've announced today is an automation platform that companies can use to put at the center of the digital transformation >>Journey. So I about the interesting thing about PepsiCo, you guys started in 2017. Yeah. So kind of early, early on. Yeah. Yeah. And you kind of been there with the progression platform. So my question to you is end up, it was, you know, we've seen the e from primarily on-prem, now it's cloud first. Yeah. How disruptive or non disruptive was that for you? Did you have to rip and replace? Did you have to sort of retool or migrate? What was that like? >>No, I mean, significant disruption, right? I mean, I mean, as, as we started our journey back in 2017, just like, you know, PRM mentioned, right? With simple rule based, you know, the automation from then now to our journey where our continue to, you know, infuse, you know, AI capability, document understanding, conversation ai, right? As a part of our end to end portfolio. At the same time, I think the cloud is providing a fantastic opportunity for us to continue to scale, right? You know, scale at, at a large. So that I think is a fantastic, you know, fantastic platform and fantastic, you know, the opportunity that we are looking forward >>To know. So how do you affect adoption inside of the organization? Can you talk about that? What's working? What's, >>It's always value driven as you know, right? I mean, the business business has to see the value. It it, it was, I mean, I would, you know, admit it was not as easy as before, but as the mindsets have started to shift, right? As the people have started to realize the value that, you know, the automation brings to, you know, the, I mean, you know, not just the, the value for the business, but actually transforming the entire portfolio, right? And, and people have started to see now that not every automation project is going to be transformation product, but for every transformation project you will find the automation at the heart and the core of it. So I, I, I think that's what has started to shift the mindset of, of uniforms. >>So how do you know when you have end to end? What are you wake up one day and say, Wow, we've achieved it. You know, is it pieces that come together? Yeah. What do you say? >>Yeah, You know, we wanna look at customers from, you know, from an end to end perspective. It's not just about piecemealing mealing finding a problem, solving it, really what does it deliver from, from an end to end perspective. Did you actually, you know, because a lot of times companies will say, we wanna automate X number of processes, and, and they do that and they're like, Well, we've automated a lot of processes. We're not sure what value we're getting out of it. It's the ability to measure like, what impact is this automation having on your business from an operational metric, but from a business metric as built. But then going back and saying, Well, where is the biggest pain point? Where do we have the largest value that we can give to the business back? So one of the things we actually announced today is the ability to take at an look at an idea and look at what was the estimated benefits of that idea, and then map it all the way through execution to say, what are we getting? >>We estimated we were gonna save a million dollars by doing those automation, or what have we achieved till now? Have we achieved a million dollars? Have we achieved half a million dollars by having achieved? That's true. That never happens. That, and, and, and, and it's hard to do that, like the data existed, but it's really hard for people to pull that data out. So we build out the box dashboards that give you the ROI bag, and that's why it's really important to, to make sure that, you know, you look at it not just as a technology project, but more as a investment from a business side. And so you can making a business more efficient. Yeah, >>That's, I just, I know you were jumping in, but that's super important. Cause you know, you run a lot of projects. Yeah, absolutely. And each of those projects has zone roi, then you jam it into the application portfolio. Exactly. And then everybody sort of forgets about it. You can't really track what impact it had because there's always, you know, some things that are benefit, some things are sometimes a negative. And so it's that holistic picture that you >>Trying to achieve, extremely critical point, what you hit on, right? From it's measuring the benefit and measuring the continuous benefit across, and not just from start and end, Okay, what I promised I delivered or not, but, but you have to have this continuous mindset. And so I think Yeah, definitely that that's a very, very critical to our finance team and our cfo, >>They organic mechanisms. It's constantly >>Evidence. Absolutely. Yeah. So abar, yeah. Global business shared services. Yeah. When you think of PepsiCo, yeah, of course people immediately think of Sure, Pepsi. But PepsiCo is a multi tentacled absolutely beast of a company. Absolutely. In a good way. Yeah. For organizations that are in that same category, holding companies, companies that have all sorts of different entities that are working together under one umbrella, how shareable is this idea of automation and business automation process moving forward? How, how shareable is that on the share oter? Yeah. Yeah. As far as, as far as, as far as you're concerned, are you, are you talking to some people where you're saying, Hey, I'm here, I'm here from GBS and I'm here to help, and they look at you like you're crazy because you don't understand their business? Or is this something that relatively easily applies across businesses >>That No, to your point, I mean, very valid point, right? I mean, it's, that's, that's the gbs, global business shared services mindset, right? As you move the functional areas into the Pepsi, into the Pepsi, gbs, like hr, procurement, commercial sales, supply chain, right? That's where you wanna start to find those, you know, the optimization, you know, opportunity. You wanna start to ize your processes, and that's where you will, you know, as you transition this processes within the gbs, that's what create those, you know, opportunities for you. So >>What, >>What about automation opportunities? Not in the sh I know you're in the shared arena. Yeah, yeah. But each of those business units has processes that could probably be optimized and automated. Sure. Is that something that's under your purview? We've heard, we've heard a lot about citizen developers. Yeah. I don't know if that, if that >>Applies to No, that definitely. I mean, you cannot just have focus on end to end, you know, automation. I mean, that's, that's a huge portfolio for gps at the same time supporting, you know, automation through the citizen development capability. That that's where, once again, you know, you have not provided a lot of capability and solution tools that we use, right? To continue to empower the folks who are part of our, you know, GBS team inside or outside gbs, right? It, it, it's, I think it's very, very critical. It, it, it helps people transform their career even in one ways, right? And, and, and, and you have that muscle, you have that resource, and you have the power. You definitely want to utilize that. >>So let's talk about metrics for a minute. So more data, the better. Usually I like data. Yeah. But, but if you're trying to optimize for 15 metrics, I feel like you're not gonna optimize on any, So how do you deal with that from both, as par was saying, an operational standpoint and a business standpoint? What are the things about how do you sort of get the, the teams focused on the right things? >>B business, functional leadership team drive those alignment for us as a part of a global business, shared services, we, we are hip to have connected with our business, you know, functions, right? They, they have to help us prioritize those. And to your point, I mean, yeah, you cannot attack 15 metrics at once. You have to prioritize, you have to make sure that you bring the focus to the product, you know, project, right? So, so definitely, I mean, it's, it's, it's not often 15 metrics, but top three metrics, let's, let's focus, let's zoom in and ensure we are driving it. But, >>And if you think about the system, I mean, at the end of the day, the p and l manager, he or she cares about ebit, let's say. Sure, okay. But there are so many factors, you know, in that complicated organization that are gonna affect ebitda and they're gonna be different. But somebody's gotta figure out, okay, how do they fit together in a system? And can, can UiPath help me understand that, those relationships and those dependencies? >>Absolutely. I mean, I think there's a, there's an aspect of human relationships and, and making sure that you get the right level of sponsorship from the business and, and there's a business stakeholder and, and looking at every investment and, and outcomes that you're driving based on that. But, but that is something that we, from a tools perspective, we're trying to make sure that you can measure the value throughout the entire value chain. But then getting the business sponsorship, like where we've seen automation scale is always because there's a business sponsor that's essentially saying, Here's what I'm trying to achieve and here's the, here's my goal, here's a North star and go get it and let me know how you're tracking against it. And, and our job is to make sure that we can provide the visibility, the people that are operating the, the programs to make sure they get that level of visibility. >>What's the scope of automations in your, you know, organization? Is it dozens, hundreds, >>Huge. >>That is thousands. >>We are getting there. Okay. No, definitely. I mean, we have definitely, you know, realized that it's, it's a core component to our digital transformation, right? So, so there is no, there's no stopping on it. There, there, there, there's plenty of support from top down and you know, it's a fantastic time to be at PepsiCo. Right? Especially at the PepsiCo gbs. Right, >>Right. Thanks for sharing your story. Congratulations on all the progress you guys have made. It's actually quite remarkable to see where you guys have come from. So I really appreciate it. Thank you, Dave. Thanks. Thank you Dave. Okay. Thank you for watching. This is Dave Ante for Dave Nicholson. We are right middle of day two at forward five from Las Vegas. We're live, we're right back.

>>The Cube Presents UI Path Forward five. Brought to you by UI Path. >>Hi everybody. We're back. David Ante with David Nicholson. This is UiPath Forward five from Las Vegas. We're live, you know, the customers here, they're automating all the time, sucking work and the cube. We're sucking all the information out of the experts and the customers. A bar Toban is here. He's the global business, Shared services, leading automation and AI at PepsiCo. And Para Colan is back is the chief. He's the Chief product officer at UiPath, longtime Cube alum. Great to see you guys. Thanks for coming on. Great to see us all day. So you guys keynote today, you know, excited to have PepsiCo on. I'm not sure I've ever interviewed PepsiCo in the Cube, but tell us about your role there. >>Absolutely. So I'm part of a PepsiCo global business shared services team. I lead automation and AI capabilities. GBS has, you know, we started GBS portfolio back about three and a half years ago, and we have a six hubs across PepsiCo. And as, as a part of my role, we deliver transformational capability across the PepsiCo. >>When did it all start? >>About three and a half years ago, 2019. So >>Prior to the pandemic. Yeah. You know, versus the pandemic was the catalyst for this. Yeah. But it was at the catalyst, but maybe it sped it up a bit. >>Yeah. PepsiCo journey started with, if, if you look at the PepsiCo, you know, the automation journey, it started back in 2017, but the GBS portfolio took shape back in 2019. So prior to that, you know, PepsiCo was definitely, you know, working a lot of, you know, the automation capabilities and automation product across, you know, PepsiCo. But with the introduction of PepsiCo global business shared services team, we are, you know, centralizing a lot of transformation capability, you know, across the functions that, that we support within the >>PepsiCo and, and UI path was kind of part of that journey all along? Or was there sort of other activities beforehand or how did that >>No, no, absolutely. Starting from 2017, if I, you know, remembered, you know, with the vision of our, you know, some of our senior leadership team and recognizing the value of, you know, automation in the core, you know, capability as a transformation at that time, you know, we started with just like anybody else, right? We started with, you know, proof of concept, showed some, you know, early wins and the value back to the business, start setting up some, you know, business processes and capabilities, stood up the platform, build a complete, you know, ecosystem around that, you know, platform partnership with, you know, UI bot team. And you know, from there, here we are five years. I mean, it's, it's a, it's a, it's a, it's a very critical component to our digital transformation capability and, and yes, leverage across >>Let's talk platform probably. So you, you guys have made some announcements this week. You talk about the business automation platform. I remember our first forward was, you know, RPA tool. Okay. Yeah. And then you guys made acquisitions. I was there for that. So the process process cold and then people started to really expand it, and it's really come in amazingly long away in a short time. So what did you guys announce today? What'd you talk about on stage 2022 dot 10? Tell us more about it. >>Absolutely, Dave. So you've seen the journey, you've been with us since the early days. You know, we were in 2017 and RPA tool that could automate a representative task that happened over and over again in the environment. And then three years ago you were here when we announced the automation platform, we said, it's not just about a task, it's about involving humans in bots to manage end to end processes. It's about discovering what automation opportunities exist. It's about using ai. Pepsi Co was actually the pioneer of using AI along with automation. You know, we were in stage together with them in, in 2019. And where we are now is we're essentially seeing people want to take the next step with automation. They're saying that it's no longer just an automation tool, It's the way we operate. It's the way we innovate in the organization. So they're really making sure that it becomes a part of their digital transformation journey that they're on. >>And they're saying that we can to the digital transformation by consolidating multiple RP systems and CRM systems. And that'll take us seven years to do, or we can go with UI path and we can leverage the core that we can leverage the GL system that exists today. We can leverage the inventory tracking system that exists today and start to build processes on top of that that can adapt to what customers are trying to do in this digital age. And that's where, you know, we've made announcements today is, is really pivot the platform to be a business automation platform. And there's sort of three layers, you know, unique but you know, connected layers of the platform. The first one is discover. And Discover is all about finding your processes, identifying the opportunities, making sure that you are managing the return on investment. What is the process? >>You know, how are you getting ROI on it? The second one is automated, and that is really where we're applying semantic automation to identify the digital building blocks of an enterprise, which is your data, your document, your screens and communication. Like putting all of that together and saying you can automate in our processes, leveraging a lot of intelligence that exist in how business processes are done. And the last one is operate, which is if you're trying to execute a business process at scale, you're processing not just, you know, a task thousand times, but you are fulfilling millions of transactions. You're, you know, you're looking at trillions of records to identify what processes you need, a scalable enterprise platform that's able to ingest a lot of data report on metrics report and efficiency. So that's what we've announced today is an automation platform that companies can use to put at the center of the digital transformation journey. >>So like about the interesting thing about PepsiCo, you guys started in 2017. Yeah. So kind of early, early on. Yeah. Yeah. And you kind of been there with the progression of platform. So my question to you is, and it was, you know, Yeah, we've seen the e from primarily on-prem now it's cloud first. Yeah. How disruptive or non disruptive was that for you? Did you have to rip and replace? Did you have to sort of retool or migrate? What was that like? >>No, I mean, significant disruption, right? I mean, I mean, as, as we started our journey back in 2017, just like, you know, PRM mentioned, right? With simple rule based, you know, the automation from then now to our journey where our continue to, you know, infuse, you know, AI capability, document understanding, conversation ai, right? As a part of our end to end profile. At the same time, I think the cloud is providing a fantastic opportunity for us to continue to scale, right? You know, scale at, at large. So that I think is a fantastic op, you know, fantastic platform and fantastic, you know, the opportunity that we are looking forward >>To. So how do you affect adoption inside of the organization? Can you talk about that? What's working? What's, >>It's always value driven as you know, right? I mean, the business business has to see the value. It it, it was, I mean, I would, you know, admit it was not as easy as before, but as the mindsets have started to shift, right? As the people have started to realize the value that, you know, the automation brings to, you know, the, I mean, you know, not just the, the value for the business, but actually transforming the entire portfolio, right? And, and people have started to see now that not every automation project is going to be transformation product, but for every transformation project you will find the automation at the heart and the core of it. So I, I, I think that's what has started to shift the mindset of, of uniforms. >>So how do you know when you have end to end? What are you still wake up one day and say, Wow, we've achieved it. You know, is it pieces that come together? Yeah. What do you say? >>Yeah, You know, we wanna look at customers from, you know, from an end to end perspective. It's not just about piecemealing finding a problem, solving it, really what does it deliver from, from an end to end perspective. Did you actually, you know, because a lot of times companies will say, we wanna automate X number of processes, and, and they do that and they're like, Well, we've automated a lot of processes. We're not sure what value we're getting out of it. It's the ability to measure like, what impact is this automation having on your business from an operational metric, but from a business metric as well. But then going back and saying, Well, where is the biggest pain point? Where do we have the largest value that we can give to the business back? So one of the things we actually announced today is the ability to take at an look at an idea and look at what was the estimated benefits of an idea, and then map it all the way through execution to say, what are we getting? >>We estimated we were gonna save a million dollars by doing those automation, or what have we achieved till now? Have we achieved a million dollars? Have we achieved half a million dollars by having achieved? That's, that never happens. That, and, and, and, and it's hard to do that, like the data existed, but it's really hard for people to pull that data out. So we build out the box dashboards that give you the ROI bag. And that's why it's really important to, to make sure that, you know, you look at it not just as a technology project, but more as a investment from a business side. And so you can, making a business more efficient. You >>Know, that's, I just, I know you were jumping in, but that's super important. Cause you know, you run a lot of projects Absolutely. And each of those projects has zone roi, then you jam it into the application portfolio. Exactly. And then everybody sort of forgets about it. You can't really track what impact it had because there's always, you know, some things that are benefit, some things are sometimes a negative. And so it's that holistic picture that >>You trying >>To achieve, extremely critical point, what you hit on, right? From it's measuring the benefit and measuring the continuous benefit across, and not just from start and end, Okay, what I promised I delivered or not, but, but you have to have this continuous mindset. And, and so I think yeah, definitely that, that's a very, very critical to our finance team in our cfo, >>Organiza, they're organic mechanisms and it's constantly >>Absolutely. Yeah. So abar, yeah. Global business shared services. Yeah. When you think of PepsiCo, yeah, of course people immediately think of Sure, Pepsi. But PepsiCo is a multi tentacled absolutely beast of a company. Absolutely. In a good way. Yeah. For organizations that are in that same category, holding companies, companies that have all sorts of different entities that are working together under one umbrella, How shareable is this idea of automation and business automation process moving forward? How, how shareable is that on the share oter? Yeah. Yeah. >>As >>Far as, as far as, as far as you're concerned, are you, are you talking to some people where you're saying, Hey, I'm here, I'm here from gvs and I'm here to help, and they look at you like you're crazy because you don't understand their business? Or is this something that relatively easily applies across >>Businesses that No, to your point, I mean, very valid point, right? I mean, it's, that's, that's the gbs, global business shared services mindset, right? As you move the functional areas into the Pepsi, in, into the PepsiCo gbs like hr, procurement, commercial sales, supply chain, right? That's where you gonna start to find those, you know, the optimization, you know, opportunity. You wanna start to standardize your processes, and that's where you will, you know, as you transition this processes within the gbs, that's what create those, you know, opportunities for you. >>What, >>What, what about automation opportunities? Not in the, I know you're in the sharing arena. Yeah, yeah. But each of those business units has processes that could probably be optimized and automated. Sure. Is that something that's under your purview? We've heard, we've heard a lot about citizen developers. Yeah. I don't know if that, if that >>Applies to No, that definitely. I mean, you cannot just have focus on end to end, you know, automation. I mean, that's, that's a huge portfolio for gps at the same time supporting, you know, automation through the citizen development capability. That that's where, once again, you know, you have had, provides a lot of capability and solution tools that we use, right? To continue to empower the folks who are part of our, you know, GBS team inside or outside gbs, right? It, it's, I think it's very, very critical. It, it, it helps people transform their career even in one ways, right? And, and, and, and you have that muscle, you have that resource, and you have that power. You definitely want to utilize that. >>So let's talk about metrics for a minute. So more data the better. Usually I like data. Yeah. But, but if you're trying to optimize for 15 metrics, I feel like you're not gonna optimize on any, So how do you deal with that from both as Paramo saying an operational standpoint and a business standpoint? What are the things about how do you sort of get the, the teams focused on the right things, >>Bi business, functional leadership team drive those alignment for us as a part of a global business, shared services, we, we are hip to have connected with our business, you know, functions, right? They, they have to help us prioritize those. And to your point, I mean, yeah, you cannot attack 15 metrics at once. You have to prioritize, you have to make sure that you bring the focus to the product. You have a project, right? So, so definitely, I mean, it's, it's, it's not often 15 metrics, but top three metrics, let's, let's focus, let's zoom in and ensure we are driving it. But then >>If you think about the system, I mean, at the end of the day, the p and l manager, he or she cares about ebit, let's say. Sure, okay. But there are so many factors, you know, in that complicated organization that are gonna affect ebitda. Yeah. And they're gonna be different. Yeah. But somebody's gotta figure out, okay, how do they fit together in a system? And, and can, can UiPath help me understand that, those relationships and those dependencies? >>Absolutely. I mean, I think there's a, there's an aspect of human relationships and, and making sure that you get the right level of sponsorship from the business and, and there's a business stakeholder and, and looking at every investment and, and outcomes that you're driving based on that. But, but that is something that we, from a tools perspective, we're trying to make sure that you can measure the value throughout the entire value chain. But then getting the business sponsorship, like where we've seen automation scale is always because there's a business sponsor that's essentially saying, Here's what I'm trying to achieve and here's the, here's my goal, here's the North star and go get it and let me know how you're tracking against it. And, and our job is to make sure that we can provide the visibility, the people that are operating the, the programs to make sure they get that level of visibility. >>What's the scope of automations in your, you know, organization? Is it dozens, hundreds, huge. That is thousands. >>We are getting there. >>Okay. >>No, definitely. I mean, we have definitely, you know, realized that it's, it's a core component to our digital transformation, right? So, so there is no, there's no stopping. I mean there, there, there, there's plenty of support from top down and you know, it's a fantastic time to be at PepsiCo. Right? Especially at the PepsiCo ubs, Right. >>So, Right. Thanks for sharing your story, Pam. Congratulations on all the progress you guys have made. It's actually quite remarkable to see where you guys have come from. So I really appreciate it. Thank you Dave. Thank you Dave. Okay. Thank you for watching. This is Dave Ante for Dave Nicholson. We are right middle of day two at forward five from Las Vegas. We're live, we're right back.

(upbeat music) >> Hey everyone. Welcome to theCube's presentation of the AWS Startup Showcase. This is season two, episode four of our ongoing series featuring exciting startups in the AWS ecosystem. This theme is cyber security, detecting and protecting against threats. I'm your host, Lisa Martin and I'm pleased to be joined by Raghu Nadakumara the senior director of solutions marketing at Illumio. We're going to be talking about all things, cybersecurity, Raghu. it's great to have you on the program >> Lisa, it's fantastic to be here and the lovely to have the opportunity. Thank you >> Absolutely. So, so much changing in the threat landscape. We're seeing threat actors are booming, new threats customers having to solve really hard security problems across their organization. On-prem in the cloud, hybrid multi-cloud, et cetera. Talk to me about some of the ways in which Illumio is helping customers to address those massive challenges. >> Sure. I think like it's a sort of to pair off what you said to begin with. You said so much has changed, but equally and Kim Jetta made this point last week in her keynote at Black Hat and Chris Krebs former director of CISA also kind of reiterated this, so much has changed yet so much hasn't changed. And really from sort of Illumio's perspective the way we look at this is that as we are moving to a sort of a world of ever increasing connectivity I kind of almost pair off digital transformation which pretty much every organization talks about. They've got a digital transformation program. I really pair that off with what does that mean? It really means hyper connectivity because you've got your data center connecting into workloads, running in the cloud with users and user devices everywhere with a plethora of other connected devices. So we've got this massive hyper connected web. Well, what does that lead to? It leads to a massively increasing mushrooming attack surface. So from a threat actor perspective, just the the size of the opportunity is so much larger these days. But the problem then from a from a defender's perspective is that how do you even understand your, this complex very hybrid attack surface? So what we lack is the ability to get that consistent visibility of our actual exposure across the board, but, and then the ability to then deploy a consistent security control set across that estate to be able to manage that attack service and reduce that exposure risk. And these two problems, the challenge of consistent visibility and the challenge of consistent security from an Illumio perspective, we believe we solve both of those with our zero trust segmentation platform. So we are really looking at helping organizations helping our customers be resilient to the threats of today and the threats of tomorrow by giving them that consistent visibility and that consistent security through zero trust segmentation. >> Let's unpack zero trust segmentation. You know, when we look at some of the stats on ransom where it's been a while that it's a matter of when, not if for organizations so getting that visibility and consistent security policies across the estate, as you say is critical for businesses in every organization. How does zero trust segmentation, first of all define it and then tell us how that helps. >> Oh, happily. It's kind of one my favorite subjects to talk about. Right. So let start with zero trust segmentation and kind of, sort of to put it into a context that's probably more easy to understand, right? Is that we see sort of zero trust segmentation as being founded on two pillars, right? The first is an assumed breach mindset and I'll come onto what we mean by that in a second. And the second paired with that and what we see is kind of the natural progression from that is then the use of least privileged policies to go and control and protect your estate. So what does assume breach mean? Well, assume breach is really that approach that says work on the assumption that bad event that malicious actor, that anomalous action that unexpected behavior, and that could be intentional and the result of a malicious action or it could be completely unintentional. Think of that sort of someone, a misconfiguration in an application, for example, right? All of these things are essentially unexpected anomalous event. So start from that assumption that that's either happened or it's going to happen at some point, right? So when you make that assumption, right, and that assumption that that is happening on your internal network. So remember right. Assume that that thing is already happening on your internal network, not it's on outside of the perimeter and it's got to still find its way in. No, it's really about assuming that that initial sort of thing to get onto the network and some anomalous event has already happened. If you started from that premise then how would you design your security controls? Well, the natural reaction to that is, well if that's going to happen what I need to ensure is that the impact of that is as limited as possible is as restricted as possible. So how do I ensure that that is as limited as possible? Well, it's by ensuring that any access into the rest of my environment, the rest of the infrastructure and that could be that hybrid infrastructure, private cloud, public cloud, et cetera is built on a least privileged access model. And that way I can ensure that even if I have a compromise in one part of my environment or potentially there could be compromises in different parts of my environment that they're not going to impact the rest of the whole. So I'm containing the impact of that. And as a result I'm protecting the rest of the infrastructure and able to maintain my resilience for longer. So that's how zero trust segmentation, well, that's what zero trust segmentation is and how it delivers better security for an organization. >> So preventing that lateral spread is really critical especially as we've seen in the last couple of years this acceleration of cloud adoption, cloud migration for customers that are in transit, if you will, CTS why is it so fundamental? >> Well, I think you expressed it brilliantly, right? That if you look at any sort of malicious attack, right? Whether it's ransomware, whether it's an advanced attacker like APT style attack over the last sort of decade, right? A common part, a common tactic, those attackers used in order to proliferate and in order to move to either spread that attack as far and wide as possible in the case of ransomware or in the case of a very targeted attack to go and find that trophy target. One of the key tactics they leverage is lateral movement. So from a defender's perspective if you are able to better detect and ideally better prevent upfront that lateral movement and limit you are, you are defending yourself. You are proactively defending yourself from this threat. So what does that mean then from the perspective of organizations that are moving into cloud? So organizations that are say on that journey to transition into AWS, right? Whether from a right, I'm going all in an AWS and ultimately leaving my private data center behind or sort of more likely where my applications now in this hybrid deployment model where I have some on-prem some in the cloud. So there it's even more important because we know that things that are deployed in the cloud can very easily sort of get exposed to the internet. Right? We've seen that with a number of sort of different customers of cloud where a misconfigured security group suddenly gives access to all resources from the internet, right? Or gives access on high risk ports that you didn't want to have that you didn't want to be able to access. So here, zero trust segmentation is so important because if you come back to the fundamentals of it, it's around consistent visibility and consistent security policy. So what do we provide? Well, from an Illumio perspective and through our zero trust segmentation platform we ensure that as your application, as your key resources, as they transition from your private data center into the cloud, you can have exactly the same visibility and exactly the same granularity of visibility over those interactions between your resources as they move into the cloud. And the most important thing here is that it's not in cloud. We realize it's not just about adopting compute. It's not just infrastructure as a service organizations are now adopting the the more cloud native services whether that's managed databases or containers or serverless, et cetera, right. But all of these make up part of that new application and all of those need be included in that visibility, right? So visibility, isn't just about what your computer's doing where you've got this OS that you can manage but it's really about any component that is interacting as part of your organization as part of your applications. So we provide visibility across that and as it moves so that, that sort of, that granularity of visibility the ability to see those dependencies between applications we provide that consistently. And then naturally we then allow you to con consistently apply security policy as this application moves. So as you transition from on-prem where you have controls where you have your lateral movement controls your segmentation controls, and as you move resources into the cloud we allow you to maintain that security posture as you move into cloud, but not just that doesn't just stop there. So we spoke at the top about how least privileged is fundamental to zero trust from a policy perspective what we give you the ability to do give our customers the ability to do as they move into AWS is compare what they have configured on their security groups. So they way they think they've got the right security posture, we compare that to what the actual usage around those resources is. And we provide them recommendations to better secure those security groups. So essentially always tending them towards a more secure con configuration, such that they can maintain that least privileged access over the, around their critical resources. So this is the way our technology helps our customers move and migrate safely and securely from on-prem into AWS. >> That's a great description, very thorough in how you're talking about the benefits to organizations. You know, as we think about cloud adoption migration, cybersecurity these are clearly C-suite conversations. Are you seeing things like zero trust segmentation rise up to the C-suite and maybe even beyond to the board? Is this from a security perspective, a board level issue? >> Oh, absolutely. And, and Chris Krebs, former director of CISA last week set security must absolutely be a board level topic. It's not something that needs to be sort of in the weeds of IT or just sort of under the purview of what the chief security is doing. It needs to a board level issue. And what we see is while sort of talking about let's say zero trust segmentation or zero trust is very much a security function. What it typically ladders up to at the boardroom level is tying it into operational resilience, right? Because I think organizations now it's not just about the ability, given that sort of attacks are proliferating. And particularly the threat around ransomware is so high that the use of ransomware, not just as a way to steal data and extract money, but also ransomware as essentially a way to disrupt operations. And that is now what the concern is at that board level. Is that how is this attack going to impact me from a from a productivity perspective from an availability perspective, and depending on the type of organization, if it's, for example a financial organization there their worry is around their reputation because ultimately organizations are unable to trust that financial organization. We very quickly see that we have sort of that run on the bank, where customers, counterparties et cetera, quickly want to take their business elsewhere. If it's a manufacturing or healthcare provider, their concern is can we deliver our critical services? For example, healthcare can we deliver patient services? Manufacturing, can we continue to produce whatever it is we manufacture, even in the case of being under attack? So at the board level they're thinking about it from the perspective of resilience and operational resilience, and that then translates into cyber resilience when it comes to talking about where does zero trust segmentation fit in? Zero trust segmentation enables cyber resilience which ultimately enables operational resilience. So this is how we see it laddering up to boardroom issues. >> Got it. And of course, you know when you were talking about brand reputation, brand damage you think nobody wants to be the next headline where a breach is occurring. We've seen too many of those and we probably will see many more. So Raghu, when you're in customer conversations what are say the top three differentiators that you share with customers versus like CSPM tools what are those key core Illumio differentiators? >> Yeah. So like sort of CSPM tools, right? They're very focusing on assessing posture and sort of reporting on compliance in comparison to a baseline. So for example, it's okay here is what I think the security configuration should be. And here is how I'm actually configured in AWS. Here is the diff and here is where I'm out of compliance, right? That that's typically what, what CSPM products do, right? And there is a very important place for them in any organization's tool set. Now, what they don't do and where we provide the differentiation is that they're not set up to sort of monitor around lateral movement, right? They're not about providing you with that view about how your resources are interacting each other. They're not about providing guidance as to whether a security reconfiguration could be enhanced and could be tightened up. They also don't give you the view particularly around is this even relevant, right? And that that's really where we come in because the the visibility allows you to understand how resources are interacting with each other. That then allows you to determine whether those interactions are required or not. That then allows you to define a least privileged policy that controls access between these resources. But it also kind of as this sort of the feedback loop goes on is to ensure that least privileged policy is always tending towards what you actually need, right? So it's from what I think I need to what you actually need based on, based on usage. So this is how we differentiate what we do from what a CSPM type of technology does, right? We're always about providing visibility and maintaining least privileged access between your resources >> How many different security tools are you seeing that organizations have in place today? Those prospects that are coming to Illumio saying we've got challenges, we understand the threat landscape. The malicious actors are very incentivized, but what are the security tools in place and is Illumio able to replace, like, reduce that number replace some of those tools. So that simplification happens in this growingly complex environment. >> Yeah, I think that's a really good question. And I think that the answer to that is really, actually not so much about not necessarily about reducing though, of course, right. Organizations always, if they can reduce tools and replace one tool that does one thing with a tool that does multiple things, it's, it's always a it's always a benefit, but the the way we see it is that what is the value that we provide that complements existing tooling that an organization already has, right. Because what we think is important is that any technology that you bring in, shouldn't be just sit on its own island where it's value is kind of isolated from the value you are getting from everything else, right. It should be part of it should be able to be part of a sort of integrated ecosystem of complimentary technologies, right. And we believe that what we do firmly fits in to that type of technology ecosystem, right. So we in, so for example, to to give you examples, right, we enhance your asset discovery piece by providing a, the visibility that allows you to get the understanding of all your interactions. Why is that important? Because you can use that data to ensure that what you think is labeled or tagged in a particular way is in fact, that asset, right. And we benefit from that because we benefit from the asset information to allow us to build security policy that map those dependencies. We provide value to your detection and response capabilities, because we have that visibility around lateral movement. We are able to be reactive in terms of containing an attack. We can be used to proactively limit sort of pathways such that let's say things like common ransomware can't leverage things like open RDP and open SMB ports to spread. We can go and inform things like service maps. So if your organization is sort of heavily invested in like service mapping and feeding that back into sort of your IT tool sets. So ITSM tool sets, et cetera, right. We can provide data into that to enhance that particular experience. So there is lots of value beyond sort of what our own product value proposition is that we bring into your existing technology ecosystem. Which is why we think we kind of add value into any deployment over and beyond just sort of the things that we do around visibility and consistent security. >> Yeah. What you were just describing. So well with the first thought coming to my mind was value-add. There's a lot of synergy there. Synergies between other technologies. You mentioned that complimentary nature, that seems like a huge value impact for organizations across any industry. Last question from a go to market perspective where can prospects go to learn more? This is available in the AWS marketplace, but talk to us about where they can go to learn more. >> Yeah, sure, so you can, so if you're an AWS customer, right, you can purchase Illumio straight from the AWS marketplace. Just go and find it under sort of security products in, I think it's infrastructure software. So you can go and find that. You can obviously reach out to your AWS account team if you want sort of further information around Illumio and how to secure that through AWS. And of course you can come along to illumio.com where we have a whole raft of information about what we do, how we do it, the benefits that we provide to our customers and how it ladders up to some of the key sort of boardroom issues, right. Around whether it's around transformation or resilience or ransomware containment. So come along to our website and and find out all those things. And we're here to help >> Awesome Raghu. What a great conversation around such an important topic, cybersecurity, detecting and protecting against threats that we know is is an evolving landscape. We appreciate all of your insights. Great explanations into what Illumio is doing there. How you're helping organizations and where they can go to find more. Thank you so much for joining me today. >> It's been absolute, absolute pleasure, Lisa. Thank you very much for having me. >> All right. For Raghu Nadkumara. I'm Lisa Martin. We want to thank you for watching this episode of the AWS Startup Showcase. We'll see you soon. (soft music)

(upbeat music) >> Hello, welcome everyone to "theCUBE" presentation of the AWS Startup Showcase, this is Season Two, Episode Four of the ongoing series covering exciting startups from the AWS ecosystem. Here to talk about Cyber Security. I'm your host John Furrier here joined by two great "CUBE" alumnus, Liz Rice who's the chief open source officer at Isovalent, and Mark Nunnikhoven who's the distinguished cloud strategist at Lacework. Folks, thanks for joining me today. >> Hi. Pleasure. >> You're in the U.K. Mark, welcome back to the U.S, I know you were overseas as well. Thanks for joining in this panel to talk about set the table for the Cybersecurity Showcase. You guys are experts out in the field. Liz we've had many conversations with the rise of open source, and all the innovations coming from out in the open source community. Mark, we've been going and covering the events, looking at all the announcements we're kind of on this next generation security conversation. It's kind of a do over in progress, happening every time we talk security in the cloud, is what people are are talking about. Amazon Web Services had reinforced, which was more of a positive vibe of, Hey, we're all on it together. Let's participate, share information. And they talk about incidents, not breaches. And then, you got Black Hat just happened, and they're like, everyone's getting hacked. It's really interesting as we report that. So, this is a new market that we're in. People are starting to think differently, but still have to solve the same problems. How do you guys see the security in the cloud era unfolding? >> Well, I guess it's always going to be an arms race. Isn't it? Everything that we do to defend cloud workloads, it becomes a new target for the bad guys, so this is never going to end. We're never going to reach a point where everything is completely safe. But I think there's been a lot of really interesting innovations in the last year or two. There's been a ton of work looking into the security of the supply chain. There's been a ton of new tooling that takes advantage of technology that I'm really involved with and very excited about called eBPF. There's been a continuation of this new generation of tooling that can help us observe when security issues are happening, and also prevent malicious activities. >> And it's on to of open source activity. Mark, scale is a big factor now, it's becoming a competitive advantage on one hand. APIs have made the cloud great. Now, you've got APIs being hacked. So, all the goodness of cloud has been great, but now we've got next level scale, it's hard to keep up with everything. And so, you start to see new ways of doing things. What's your take? >> Yeah, it is. And everything that's old is new again. And so, as you start to see data and business workloads move into new areas, you're going to see a cyber crime and security activity move with them. And I love, Liz calling out eBPF and open source efforts because what we've really seen to contrast that sort of positive and negative attitude, is that as more people come to the security table, as more developers, as more executives are aware, and the accessibility of these great open source tools, we're seeing that shift in approach of like, Hey, we know we need to find a balance, so let's figure out where we can have a nice security outcome and still meet our business needs, as opposed to the more, let's say to be polite, traditional security view that you see at some other events where it's like, it's this way or no way. And so, I love to see that positivity and that collaboration happening. >> You know, Liz, this brings up a good point. We were talking at our Super Cloud Event we had here when we were discussing the future of how cloud's emerging. One of the conversations that Adrian Cockcroft brought up, who's now retired from AWS, former with Netflix. Adrian being open source fan as well. He was pointing out that every CIO or CISO will buy an abstraction layer. They love the dream. And vendors sell the dream, so to speak. But the reality it's not a lot of uptake because it's complex, And there's a lot of non-standard things per vendor. Now, we're in an era where people are looking for some standardization, some clean, safe ways to deploy. So, what's the message to CSOs, and CIOs, and CXOs out there around eBPF, things like that, that are emerging? Because it's almost top down, was the old way, now as bottoms up with open source, you're seeing the shift. I mean, it's complete flipping the script of how companies are buying? >> Yeah. I mean, we've seen with the whole cloud native movement, how people are rather than having like ETF standards, we have more of a defacto collaborative, kind of standardization process going on. So, that things like Kubernetes become the defacto standard that we're all using. And then, that's helping enterprises be able to run their workloads in different clouds, potentially in their own data centers as well. We see things like EKS anywhere, which is allowing people to run their workloads in their data center in exactly the same way as they're running it in AWS. That sort of leveling of the playing field, if you like, can help enterprises apply the same tooling, and that's going to always help with security if you can have a consistent approach wherever you are running your workload. >> Well, Liz's take a minute to explain eBPF. The Berkeley packet filtering technology, people know from Trace Dumps and whatnot. It's kind of been around for a while, but what is it specifically? Can you take a minute to explain eBPF, and what does that mean for the customer? >> Yeah. So, you mentioned the packet filtering acronym. And honestly, these days, I tell people to just forget that, because it means so much more for. What eBPF allows you to do now, is to run custom programs inside the kernel. So, we can use that to change the way that the kernel behaves. And because the kernel has visibility over every process that's running across a machine, a virtual machine or a bare metal machine, having security tooling and observability tooling that's written using eBPF and sitting inside the kernel. It has this great perspective and ability to observe and secure what's happening across that entire machine. This is like a step change in the capabilities really of security tooling. And it means we don't have to rely on things like kernel modules, which traditionally people have been quite worried about with good reason. eBPF is- >> From a vulnerability standpoint, you mean, right? From a reliability. >> From a vulnerability standpoint, but even just from the point of view that kernel modules, if they have bugs in them, a bug in the kernel will bring the machine to a halt. And one of the things that's different with eBPF, is eBPF programs go through a verification process that ensures that they're safe to run that, but happens dynamically and ensures that the program cannot crash, will definitely run to completion. All the memory access is safe. It gives us this very sort of reassuring platform to use for building these kernel-based tools. >> And what's the bottom line for the customer and the benefit to the organization? >> I think the bottom line is this new generation of really powerful tools that are very high performance. That have this perspective across the whole set of workloads on a machine. That don't need to rely on things like a CCAR model, which can add to a lot of complexity that was perfectly rational choice for a lot of security tools and observability tools. But if you can use an abstraction that lives in the kernel, things are much more efficient and much easier to deploy. So, I think that's really what that enterprise is gaining, simpler to deploy, easier to manage, lower overhead set of tools. >> That's the dream they want. That's what they want. Mark, this is whether the trade offs that comes up. We were talking about the supercloud, and all kinds. Even at AWS, you're going to have supercloud, but you got super hackers as well. As innovation happens on one side, the hackers are innovating on the other. And you start to see a lot of advances in the lower level, AWS with their Silicon and strategies are continuing to happen and be stronger, faster, cheaper, better down the lower levels at the network lay. All these things are innovating, but this is where the hackers are going too, right? So, it's a double edge sword? >> Yeah, and it always will be. And that's the challenge of technology, is sort of the advancement for one, is an advancement for all. But I think, while Liz hit the technical aspects of the eBPF spot on, what I'm seeing with enterprises, and in general with the market movement, is all of those technical advantages are increasing the confidence in some of this security tooling. So, the long sort of anecdote or warning in security has always been things like intrusion prevention systems where they will look at network traffic and drop things they think bad. Well, for decades, people have always deployed them in detect-only mode. And that's always a horrible conversation to have with the board saying, "Well, I had this tool in place that could have stopped the attack, but I wasn't really confident that it was stable enough to turn on. So, it just warned me that it had happened after the fact." And with the stability and the performance that we're seeing out of things based on technologies like eBPF, we're seeing that confidence increase. So, people are not only deploying this new level of tooling, but they're confident that it's actually providing the security it promised. And that's giving, not necessarily a leg up, but at least that level of parody with that push forward that we're seeing, similar on the attack side. Because attackers are always advancing as well. And I think that confidence and that reliability on the tooling, can't be underestimated because that's really what's pushing things forward for security outcomes. >> Well, one of the things I want get your both perspective on real quick. And you kind of segue into this next set of conversations, is with DevOps success, Dev and Ops, it's kind of done, right? We're all happy. We're seeing DevOps being so now DevSecOps. So, CSOs were like kind of old school. Buy a bunch of tools, we have a vendor. And with cloud native, Liz, you mentioned this earlier, accelerating the developers are even driving the standards more and more. So, shifting left is a security paradigm. So, tooling, Mark, you're on top of this too, it's tooling versus how do I organize my team? What are the processes? How do I keep the CICD pipeline going, higher velocity? How can I keep my app developers programming faster? And as Adrian Cockcroft said, they don't really care about locking, they want to go faster. It's the ops teams that have to deal with everything. So, and now security teams have to deal with the speed and velocity. So, you're seeing a new kind of step function, ratchet game where ops and security teams who are living DevOps, are still having to serve the devs, and the devs need more help here. So, how do you guys see that dynamic in security? Because this is clearly the shift left's, cloud native trend impacting the companies. 'Cause now it's not just shifting left for developers, it has a ripple effect into the organization and the security posture. >> We see a lot of organizations who now have what they would call a platform team. Which is something similar to maybe what would've been an ops team and a security team, where really their role is to provide that platform that developers can use. So, they can concentrate on the business function that they don't have to really think about the underlying infrastructure. Ideally, they're using whatever common definition for their applications. And then, they just roll it out to a cloud somewhere, and they don't have to think about where that's operating. And then, that platform team may have remit that covers, not just the compute, but also the networking, the common set of tooling that allows people to debug their applications, as well as securing them. >> Mark, this is a big discussion because one, I love the team, process collaboration. But where's the team? We've got a skills gap going on too, right? So, in all this, there's a lot of action happening. What's your take on this dynamic of tooling versus process collaboration for security success? >> Yeah, it's tough. And I think what we're starting to see, and you called it out spot on, is that the developers are all about dynamic change and rapid change, and operations, and security tend to like stability, and considered change in advance. And the business needs that needle to be threaded. And what we're seeing is sort of, with these new technologies, and with the ideas of finally moving past multicloud, into, as you guys call supercloud, which I absolutely love is a term. Let's get the advantage of all these things. What we're seeing, is people have a higher demand for the outputs from their tooling, and to find that balance of the process. I think it's acknowledged now that you're not going to have complete security. We've gotten past that, it's not a yes or no binary thing. It's, let's find that balance in risk. So, if we are deploying tooling, whether that's open source, or commercial, or something we built ourselves, what is the output? And who is best to take action on that output? And sometimes that's going to be the developers, because maybe they can just fix their architecture so that it doesn't have a particular issue. Sometimes that's going to be those platform teams saying like, "Hey, this is what we're going to apply for everybody, so that's a baseline standard." But the good news, is that those discussions are happening. And I think people are realizing that it's not a one size-fits-all. 10 years ago was sort of like, "Hey, we've got a blueprint and everyone does this." That doesn't work. And I think that being out in the open, really helps deliver these better outcomes. And because it isn't simple, it's always going to be an ongoing discussion. 'Cause what we decide today, isn't going to be the same thing in a week from now when we're sprint ahead, and we've made a whole bunch of changes on the platform and in our code. >> I think the cultural change is real. And I think this is hard for security because you got so much current action happening that's really important to the business. That's hard to just kind of do a reset without having any collateral damage. So, you kind of got to mitigate and manage all the current situation, and then try to build a blueprint for the future and transform into a kind of the next level. And it kind of reminds me of, I'm dating myself. But back in the days, you had open source was new. And the common enemy was proprietary, non-innovative old guard, kind of mainframe mini computer kind of proprietary analysis, proprietary everything. Here, there is no enemy. The clouds are doing great, right? They're leaning in open source is at all time high and not stopping, it's it's now standard. So, open is not a rebel. It's not the rebel anymore, it's the standard. So, you have the innovation happening in open source, Liz, and now you have large scale cloud. And this is a cultural shift, right? How people are buying, evaluating product, and implementing solutions. And I when I say new, I mean like new within the decades or a couple decades. And it's not like open source is not been around. But like we're seeing new things emerge that are pretty super cool in the sense that you have projects defining standards, new things are emerging. So, the CIO decision making process on how to structure teams and how to tackle security is changing. Why IT department? I mean, just have a security department and a Dev team. >> I think the fact that we are using so much more open source software is a big part of this cultural shift where there are still a huge ecosystem of vendors involved in security tools and observability tools. And Mark and I both represent vendors in those spaces. But the rise of open source tools, means that you can start with something pretty powerful that you can grow with. As you are experimenting with the security tooling that works for you, you don't have to pay a giant sum to get a sort of black box. You can actually understand the open source elements of the tooling that you are going to use. And then build on that and get the enterprise features when you need those. And I think that cultural change makes it much easier for people to work security in from the get go, and really, do that shift left that we've been talking about for the last few years. >> And I think one of the things to your point, and not only can you figure out what's in the open source code, and then build on top of it, you can also leave it too. You can go to something better, faster. So, the switching costs are a lot lower than a lock in from a vendor, where you do all the big POCs and the pilots. And, Mark, this is changing the game. I mean, I would just be bold enough to say, IT is going to be irrelevant in the sense of, if you got DevOps and it works, and you got security teams, do you really need IT 'cause the DevOps is the IT? So, if everyone goes to the cloud operations, what does IT even mean? >> Yeah, and it's a very valid point. And I think what we're seeing, is where IT is still being successful, especially in large companies, is sort of the economy of scale. If you have enough of the small teams doing the same thing, it makes sense to maybe take one tool and scale it up because you've got 20 teams that are using it. So, instead of having 20 teams run it, you get one team to run it. On the economic side, you can negotiate one contract if it's a purchase tool. There is still a place for it, but I think what we're seeing and in a very positive way, is that smaller works better when it comes to this. Because really what the cloud has done and what open source continues to do, is reduce the barrier to entry. So, a team of 10 people can build something that it took a 1000 people, a decade ago. And that's wonderful. And that opens up all these new possibilities. We can work faster. But we do need to rethink it at reinforce from AWS. They had a great track about how they're approaching it from people side of things with their security champion's idea. And it's exactly about this, is embedding high end security talent in the teams who are building it. So, that changes the central role, and the central people get called in for big things like an incident response, right? Or a massive auditor reviews. But the day-to-day work is being done in context. And I think that's the real key, is they've got the context to make smarter security decisions, just like the developers and the operational work is better done by the people who are actually working on the thing, as opposed to somebody else. Because that centralized thing, it's just communication overhead most of the time. >> Yeah. I love chatting with you guys because here's are so much experts on the field. To put my positive hat on around IT, remember the old argument of, "Oh, automation's, technology's going to kill the bank teller." There's actually more tellers now than ever before. So, the ATM machine didn't kill that. So, I think IT will probably reform from a human resource perspective. And I think this is kind of where the CSO conversation comes full circle, Liz and Mark, because, okay, let's assume that this continues the trajectory to open source, DevOps, cloud scale, hybrid. It's a refactoring of personnel. So, you're going to have DevOps driving everything. So, now the IT team becomes a team. So, most CSOs we talk to are CXOs, is how do I deploy my teams? How do I structure things, my investment in people, and machines and software in a way that I get my return? At the end of the day, that's what they live for, and do it securely. So, this is the CISO's kind of thought process. How do you guys react to that? What's the message to CISOs? 'Cause they have a lot of companies to look at here. And in the marketplace, they got to spend some money, they got to get a return, they got to reconfigure. What's your advice? Liz, what's your take? Then we'll go to Mark. >> That's a really great question. I think cloud skills, cloud engineering skills, cloud security skills have never been more highly valued. And I think investing in training people to understand cloud that there are tons of really great resources out there to help ramp people up on these skills. The CNCF, AWS, there's tons of organizations who have really great courses and exams, and things that people can do to really level up their skills, which is fantastic right from a grassroots level, through to the most widely deployed global enterprise. I think we're seeing a lot of people are very excited, develop these skills. >> Mark, what's your take for the CSO, the CXO out there? They're scratching their head, they're going, "Okay, I need to invest. DevOps is happening. I see the open source, I'm now got to change over. Yeah, I lift and shift some stuff, now I got to refactor my business or I'm dead." What's your advice? >> I think the key is longer term thinking. So, I think where people fell down previously, was, okay, I've got money, I can buy tools, roll 'em out. Every tool you roll out, has not just an economic cost, but a people cost. As Liz said, those people with those skills are in high demand. And so, you want to make sure that you're getting the most value out of your people, but your tooling. So, as you're investing in your people, you will need to roll out tools. But they're not the answer. The answer is the people to get the value out of the tools. So, hold your tools to a higher standard, whether that's commercial, open source, or something from the CSP, to make sure that you're getting actionable insights and value out of them that your people can actually use to move forward. And it's that balance between the two. But I love the fact that we're finally rotating back to focus more on the people. Because really, at the end of the day, that's what's going to make it all work. >> Yeah. The hybrid work, people processes. The key, the supercloud brings up the conversation of where we're starting to see maturation into OPEX models where CapEx is a gift from the clouds. But it's not the end of bilk. Companies are still responsible for their own security. At the end of the day, you can't lean on AWS or Azure. They have infrastructure and software, but at the end of the day, every company has to maintain their own. Certainly, with hybrid and edge coming, it's here. So, this whole concept of IT, CXO, CIO, CSO, CSO, I mean, this is hotter than ever in terms of like real change. What's your reaction to that? >> I was just reading this morning that the cost of ensuring against data breaches is getting dramatically more expensive. So, organizations are going to have to take steps to implement security. You can't just sort of throw money at the problem, you're going to actually have to throw people and technology at the problem, and take security really seriously. There is this whole ecosystem of companies and folks who are really excited about security and here to help. There's a lot of people interested in having that conversation to help those CSOs secure their deployments. >> Mark, your reaction? >> Yeah. I think, anything that causes us to question what we're doing is always a positive thing. And I think everything you brought up really comes down to remembering that no matter what, and no matter where, your data is always your data. And so, you have some level of responsibility, and that just changes depending on what system you're using. And I think that's really shifting, especially in the CSO or the CSO mindset, to go back to the basics where it used to be information security and not just cyber security. So, whether that information and that data is sitting on my desk physically, in a system in our data center, or in the cloud somewhere. Looking holistically, and that's why we could keep coming back to people. That's what it's all about. And when you step back there, you start to realize there's a lot more trade offs. There's a lot more levers that you can work on, to deliver the outcome you want, to find that balance that works for you. 'Cause at the end of the day, security is just all about making sure that whatever you built and the systems you're working with, do what you want them to do, and only what you want them to do. >> Well, Liz and Mark, thank you so much for your expert perspective. You're in the trenches, and really appreciate your time and contributing with "theCUBE," and being part of our Showcase. For the last couple of minutes, let's dig into some of the things you're working on. I know network policies around Kubernetes, Liz, EKS anywhere has been fabulous with Lambda and Serverless, you seeing some cool things go on there. Mark, you're at Lacework, very successful company. And looking at a large scale observability, signaling and management, all kinds of cool things around native cloud services and microservices. Liz, give us an update. What's going on over there at Isovalent? >> Yeah. So, Isovalent is the company behind Cilium Networking Project. Its best known as a Kubernetes networking plugin. But we've seen huge amount of adoption of cilium, it's really skyrocketed since we became an incubating project in the CNCF. And now, we are extending to using eBPF to not just do networking, but incredibly in depth observability and security observability have a new sub project called Tetragon, that gives you this amazing ability to see out of policy behavior. And again, because it's using eBPF, we've got the perspective of everything that's happening across the whole machine. So, I'm really excited about the innovations that are happening here. >> Well, they're lucky to have you. You've been a great contributor to the community. We've been following your career for very, very long time. And thanks for everything that you do, really appreciate it. Thanks. >> Thank you. >> Mark, Lacework, we we've following you guys. What are you up to these days? You know, we see you're on Twitter, you're very prolific. You're also live tweeting all the events, and with us as well. What's going on over there at Lacework? And what's going on in your world? >> Yeah. Lacework, we're still focusing on the customer, helping deliver good outcomes across cloud when it comes to security. Really looking at their environments and helping them understand, from their data that they're generating off their systems, and from the cloud usage as to what's actually happening. And that pairs directly into the work that I'm doing, the community looking at just security as a practice. So, a lot of that pulling people out of the technology, and looking at the process and saying, "Hey, we have this tech for a reason." So, that people understand what they need in place from a skill set, to take advantage of the great work that folks like Liz and the community are doing. 'Cause we've got these great tools, they're outputting all this great insights. You need to be able to take actions on top of that. So, it's always exciting. More people come into security with a security mindset, love it. >> Well, thanks so much for this great conversation. Every board should watch this video, every CSO, CIO, CSO. Great conversation, thanks for unpacking and making something very difficult, clear to understand. Thanks for your time. >> Pleasure. >> Thank you. >> Okay, this is the AWS Startup Showcase, Season Two, Episode Four of the ongoing series covering the exciting startups from the AWS ecosystem. We're talking about cybersecurity, this segment. Every quarter episode, we do a segment around a category and we go deep, we feature some companies, and talk to the best people in the industry to help you understand that. I'm John Furrier your host. Thanks for watching. (upbeat music)

(bright upbeat music) >> In 2011, early Facebook employee and Cloudera co-founder Jeff Hammerbacher famously said, "The best minds of my generation are thinking about how to get people to click on ads, and that sucks!" Let's face it. More than a decade later, organizations continue to be frustrated with how difficult it is to get value from data and build a truly agile and data-driven enterprise. What does that even mean, you ask? Well, it means that everyone in the organization has the data they need when they need it in a context that's relevant to advance the mission of an organization. Now, that could mean cutting costs, could mean increasing profits, driving productivity, saving lives, accelerating drug discovery, making better diagnoses, solving supply chain problems, predicting weather disasters, simplifying processes, and thousands of other examples where data can completely transform people's lives beyond manipulating internet users to behave a certain way. We've heard the prognostications about the possibilities of data before and in fairness we've made progress, but the hard truth is the original promises of master data management, enterprise data warehouses, data marts, data hubs, and yes even data lakes were broken and left us wanting for more. Welcome to The Data Doesn't Lie... Or Does It? A series of conversations produced by theCUBE and made possible by Starburst Data. I'm your host, Dave Vellante, and joining me today are three industry experts. Justin Borgman is the co-founder and CEO of Starburst, Richard Jarvis is the CTO at EMIS Health, and Teresa Tung is cloud first technologist at Accenture. Today, we're going to have a candid discussion that will expose the unfulfilled, and yes, broken promises of a data past. We'll expose data lies: big lies, little lies, white lies, and hidden truths. And we'll challenge, age old data conventions and bust some data myths. We're debating questions like is the demise of a single source of truth inevitable? Will the data warehouse ever have feature parity with the data lake or vice versa? Is the so-called modern data stack simply centralization in the cloud, AKA the old guards model in new cloud close? How can organizations rethink their data architectures and regimes to realize the true promises of data? Can and will an open ecosystem deliver on these promises in our lifetimes? We're spanning much of the Western world today. Richard is in the UK, Teresa is on the West Coast, and Justin is in Massachusetts with me. I'm in theCUBE studios, about 30 miles outside of Boston. Folks, welcome to the program. Thanks for coming on. >> Thanks for having us. >> Okay, let's get right into it. You're very welcome. Now, here's the first lie. The most effective data architecture is one that is centralized with a team of data specialists serving various lines of business. What do you think Justin? >> Yeah, definitely a lie. My first startup was a company called Hadapt, which was an early SQL engine for IDU that was acquired by Teradata. And when I got to Teradata, of course, Teradata is the pioneer of that central enterprise data warehouse model. One of the things that I found fascinating was that not one of their customers had actually lived up to that vision of centralizing all of their data into one place. They all had data silos. They all had data in different systems. They had data on prem, data in the cloud. Those companies were acquiring other companies and inheriting their data architecture. So despite being the industry leader for 40 years, not one of their customers truly had everything in one place. So I think definitely history has proven that to be a lie. >> So Richard, from a practitioner's point of view, what are your thoughts? I mean, there's a lot of pressure to cut cost, keep things centralized, serve the business as best as possible from that standpoint. What does your experience show? >> Yeah, I mean, I think I would echo Justin's experience really that we as a business have grown up through acquisition, through storing data in different places sometimes to do information governance in different ways to store data in a platform that's close to data experts people who really understand healthcare data from pharmacies or from doctors. And so, although if you were starting from a greenfield site and you were building something brand new, you might be able to centralize all the data and all of the tooling and teams in one place. The reality is that businesses just don't grow up like that. And it's just really impossible to get that academic perfection of storing everything in one place. >> Teresa, I feel like Sarbanes-Oxley have kind of saved the data warehouse, right? (laughs) You actually did have to have a single version of the truth for certain financial data, but really for some of those other use cases I mentioned, I do feel like the industry has kind of let us down. What's your take on this? Where does it make sense to have that sort of centralized approach versus where does it make sense to maybe decentralize? >> I think you got to have centralized governance, right? So from the central team, for things like Sarbanes-Oxley, for things like security, for certain very core data sets having a centralized set of roles, responsibilities to really QA, right? To serve as a design authority for your entire data estate, just like you might with security, but how it's implemented has to be distributed. Otherwise, you're not going to be able to scale, right? So being able to have different parts of the business really make the right data investments for their needs. And then ultimately, you're going to collaborate with your partners. So partners that are not within the company, right? External partners. We're going to see a lot more data sharing and model creation. And so you're definitely going to be decentralized. >> So Justin, you guys last, jeez, I think it was about a year ago, had a session on data mesh. It was a great program. You invited Zhamak Dehghani. Of course, she's the creator of the data mesh. One of our fundamental premises is that you've got this hyper specialized team that you've got to go through if you want anything. But at the same time, these individuals actually become a bottleneck, even though they're some of the most talented people in the organization. So I guess, a question for you Richard. How do you deal with that? Do you organize so that there are a few sort of rock stars that build cubes and the like or have you had any success in sort of decentralizing with your constituencies that data model? >> Yeah. So we absolutely have got rockstar data scientists and data guardians, if you like. People who understand what it means to use this data, particularly the data that we use at EMIS is very private, it's healthcare information. And some of the rules and regulations around using the data are very complex and strict. So we have to have people who understand the usage of the data, then people who understand how to build models, how to process the data effectively. And you can think of them like consultants to the wider business because a pharmacist might not understand how to structure a SQL query, but they do understand how they want to process medication information to improve patient lives. And so that becomes a consulting type experience from a set of rock stars to help a more decentralized business who needs to understand the data and to generate some valuable output. >> Justin, what do you say to a customer or prospect that says, "Look, Justin. I got a centralized team and that's the most cost effective way to serve the business. Otherwise, I got duplication." What do you say to that? >> Well, I would argue it's probably not the most cost effective, and the reason being really twofold. I think, first of all, when you are deploying a enterprise data warehouse model, the data warehouse itself is very expensive, generally speaking. And so you're putting all of your most valuable data in the hands of one vendor who now has tremendous leverage over you for many, many years to come. I think that's the story at Oracle or Teradata or other proprietary database systems. But the other aspect I think is that the reality is those central data warehouse teams, as much as they are experts in the technology, they don't necessarily understand the data itself. And this is one of the core tenets of data mesh that Zhamak writes about is this idea of the domain owners actually know the data the best. And so by not only acknowledging that data is generally decentralized, and to your earlier point about Sarbanes-Oxley, maybe saving the data warehouse, I would argue maybe GDPR and data sovereignty will destroy it because data has to be decentralized for those laws to be compliant. But I think the reality is the data mesh model basically says data's decentralized and we're going to turn that into an asset rather than a liability. And we're going to turn that into an asset by empowering the people that know the data the best to participate in the process of curating and creating data products for consumption. So I think when you think about it that way, you're going to get higher quality data and faster time to insight, which is ultimately going to drive more revenue for your business and reduce costs. So I think that that's the way I see the two models comparing and contrasting. >> So do you think the demise of the data warehouse is inevitable? Teresa, you work with a lot of clients. They're not just going to rip and replace their existing infrastructure. Maybe they're going to build on top of it, but what does that mean? Does that mean the EDW just becomes less and less valuable over time or it's maybe just isolated to specific use cases? What's your take on that? >> Listen, I still would love all my data within a data warehouse. I would love it mastered, would love it owned by a central team, right? I think that's still what I would love to have. That's just not the reality, right? The investment to actually migrate and keep that up to date, I would say it's a losing battle. Like we've been trying to do it for a long time. Nobody has the budgets and then data changes, right? There's going to be a new technology that's going to emerge that we're going to want to tap into. There's going to be not enough investment to bring all the legacy, but still very useful systems into that centralized view. So you keep the data warehouse. I think it's a very, very valuable, very high performance tool for what it's there for, but you could have this new mesh layer that still takes advantage of the things I mentioned: the data products in the systems that are meaningful today, and the data products that actually might span a number of systems. Maybe either those that either source systems with the domains that know it best, or the consumer-based systems or products that need to be packaged in a way that'd be really meaningful for that end user, right? Each of those are useful for a different part of the business and making sure that the mesh actually allows you to use all of them. >> So, Richard, let me ask you. Take Zhamak's principles back to those. You got the domain ownership and data as product. Okay, great. Sounds good. But it creates what I would argue are two challenges: self-serve infrastructure, let's park that for a second, and then in your industry, one of the most regulated, most sensitive, computational governance. How do you automate and ensure federated governance in that mesh model that Teresa was just talking about? >> Well, it absolutely depends on some of the tooling and processes that you put in place around those tools to centralize the security and the governance of the data. And I think although a data warehouse makes that very simple 'cause it's a single tool, it's not impossible with some of the data mesh technologies that are available. And so what we've done at EMIS is we have a single security layer that sits on top of our data mesh, which means that no matter which user is accessing which data source, we go through a well audited, well understood security layer. That means that we know exactly who's got access to which data field, which data tables. And then everything that they do is audited in a very kind of standard way regardless of the underlying data storage technology. So for me, although storing the data in one place might not be possible, understanding where your source of truth is and securing that in a common way is still a valuable approach, and you can do it without having to bring all that data into a single bucket so that it's all in one place. And so having done that and investing quite heavily in making that possible has paid dividends in terms of giving wider access to the platform, and ensuring that only data that's available under GDPR and other regulations is being used by the data users. >> Yeah. So Justin, we always talk about data democratization, and up until recently, they really haven't been line of sight as to how to get there, but do you have anything to add to this because you're essentially doing analytic queries with data that's all dispersed all over. How are you seeing your customers handle this challenge? >> Yeah, I mean, I think data products is a really interesting aspect of the answer to that. It allows you to, again, leverage the data domain owners, the people who know the data the best, to create data as a product ultimately to be consumed. And we try to represent that in our product as effectively, almost eCommerce like experience where you go and discover and look for the data products that have been created in your organization, and then you can start to consume them as you'd like. And so really trying to build on that notion of data democratization and self-service, and making it very easy to discover and start to use with whatever BI tool you may like or even just running SQL queries yourself. >> Okay guys, grab a sip of water. After the short break, we'll be back to debate whether proprietary or open platforms are the best path to the future of data excellence. Keep it right there. (bright upbeat music)

>>In 2011, early Facebook employee and Cloudera co-founder Jeff Ocker famously said the best minds of my generation are thinking about how to get people to click on ads. And that sucks. Let's face it more than a decade later organizations continue to be frustrated with how difficult it is to get value from data and build a truly agile data-driven enterprise. What does that even mean? You ask? Well, it means that everyone in the organization has the data they need when they need it. In a context that's relevant to advance the mission of an organization. Now that could mean cutting cost could mean increasing profits, driving productivity, saving lives, accelerating drug discovery, making better diagnoses, solving, supply chain problems, predicting weather disasters, simplifying processes, and thousands of other examples where data can completely transform people's lives beyond manipulating internet users to behave a certain way. We've heard the prognostications about the possibilities of data before and in fairness we've made progress, but the hard truth is the original promises of master data management, enterprise data, warehouses, data marts, data hubs, and yes, even data lakes were broken and left us wanting from more welcome to the data doesn't lie, or doesn't a series of conversations produced by the cube and made possible by Starburst data. >>I'm your host, Dave Lanta and joining me today are three industry experts. Justin Borgman is this co-founder and CEO of Starburst. Richard Jarvis is the CTO at EMI health and Theresa tongue is cloud first technologist at Accenture. Today we're gonna have a candid discussion that will expose the unfulfilled and yes, broken promises of a data past we'll expose data lies, big lies, little lies, white lies, and hidden truths. And we'll challenge, age old data conventions and bust some data myths. We're debating questions like is the demise of a single source of truth. Inevitable will the data warehouse ever have featured parody with the data lake or vice versa is the so-called modern data stack, simply centralization in the cloud, AKA the old guards model in new cloud close. How can organizations rethink their data architectures and regimes to realize the true promises of data can and will and open ecosystem deliver on these promises in our lifetimes, we're spanning much of the Western world today. Richard is in the UK. Teresa is on the west coast and Justin is in Massachusetts with me. I'm in the cube studios about 30 miles outside of Boston folks. Welcome to the program. Thanks for coming on. Thanks for having us. Let's get right into it. You're very welcome. Now here's the first lie. The most effective data architecture is one that is centralized with a team of data specialists serving various lines of business. What do you think Justin? >>Yeah, definitely a lie. My first startup was a company called hit adapt, which was an early SQL engine for hit that was acquired by Teradata. And when I got to Teradata, of course, Teradata is the pioneer of that central enterprise data warehouse model. One of the things that I found fascinating was that not one of their customers had actually lived up to that vision of centralizing all of their data into one place. They all had data silos. They all had data in different systems. They had data on prem data in the cloud. You know, those companies were acquiring other companies and inheriting their data architecture. So, you know, despite being the industry leader for 40 years, not one of their customers truly had everything in one place. So I think definitely history has proven that to be a lie. >>So Richard, from a practitioner's point of view, you know, what, what are your thoughts? I mean, there, there's a lot of pressure to cut cost, keep things centralized, you know, serve the business as best as possible from that standpoint. What, what is your experience show? >>Yeah, I mean, I think I would echo Justin's experience really that we, as a business have grown up through acquisition, through storing data in different places sometimes to do information governance in different ways to store data in, in a platform that's close to data experts, people who really understand healthcare data from pharmacies or from, from doctors. And so, although if you were starting from a Greenfield site and you were building something brand new, you might be able to centralize all the data and all of the tooling and teams in one place. The reality is that that businesses just don't grow up like that. And, and it's just really impossible to get that academic perfection of, of storing everything in one place. >>Y you know, Theresa, I feel like Sarbanes Oxley kinda saved the data warehouse, you know, right. You actually did have to have a single version of the truth for certain financial data, but really for those, some of those other use cases, I, I mentioned, I, I do feel like the industry has kinda let us down. What's your take on this? Where does it make sense to have that sort of centralized approach versus where does it make sense to maybe decentralized? >>I, I think you gotta have centralized governance, right? So from the central team, for things like star Oxley, for things like security for certainly very core data sets, having a centralized set of roles, responsibilities to really QA, right. To serve as a design authority for your entire data estate, just like you might with security, but how it's implemented has to be distributed. Otherwise you're not gonna be able to scale. Right? So being able to have different parts of the business really make the right data investments for their needs. And then ultimately you're gonna collaborate with your partners. So partners that are not within the company, right. External partners, we're gonna see a lot more data sharing and model creation. And so you're definitely going to be decentralized. >>So, you know, Justin, you guys last, geez, I think it was about a year ago, had a session on, on data mesh. It was a great program. You invited Jamma, Dani, of course, she's the creator of the data mesh. And her one of our fundamental premises is that you've got this hyper specialized team that you've gotta go through. And if you want anything, but at the same time, these, these individuals actually become a bottleneck, even though they're some of the most talented people in the organization. So I guess question for you, Richard, how do you deal with that? Do you, do you organize so that there are a few sort of rock stars that, that, you know, build cubes and, and the like, and, and, and, or have you had any success in sort of decentralizing with, you know, your, your constituencies, that data model? >>Yeah. So, so we absolutely have got rockstar, data scientists and data guardians. If you like people who understand what it means to use this data, particularly as the data that we use at emos is very private it's healthcare information. And some of the, the rules and regulations around using the data are very complex and, and strict. So we have to have people who understand the usage of the data, then people who understand how to build models, how to process the data effectively. And you can think of them like consultants to the wider business, because a pharmacist might not understand how to structure a SQL query, but they do understand how they want to process medication information to improve patient lives. And so that becomes a, a consulting type experience from a, a set of rock stars to help a, a more decentralized business who needs to, to understand the data and to generate some valuable output. >>Justin, what do you say to a, to a customer or prospect that says, look, Justin, I'm gonna, I got a centralized team and that's the most cost effective way to serve the business. Otherwise I got, I got duplication. What do you say to that? >>Well, I, I would argue it's probably not the most cost effective and, and the reason being really twofold. I think, first of all, when you are deploying a enterprise data warehouse model, the, the data warehouse itself is very expensive, generally speaking. And so you're putting all of your most valuable data in the hands of one vendor who now has tremendous leverage over you, you know, for many, many years to come. I think that's the story at Oracle or Terra data or other proprietary database systems. But the other aspect I think is that the reality is those central data warehouse teams is as much as they are experts in the technology. They don't necessarily understand the data itself. And this is one of the core tenants of data mash that that jam writes about is this idea of the domain owners actually know the data the best. >>And so by, you know, not only acknowledging that data is generally decentralized and to your earlier point about SAR, brain Oxley, maybe saving the data warehouse, I would argue maybe GDPR and data sovereignty will destroy it because data has to be decentralized for, for those laws to be compliant. But I think the reality is, you know, the data mesh model basically says, data's decentralized, and we're gonna turn that into an asset rather than a liability. And we're gonna turn that into an asset by empowering the people that know the data, the best to participate in the process of, you know, curating and creating data products for, for consumption. So I think when you think about it, that way, you're going to get higher quality data and faster time to insight, which is ultimately going to drive more revenue for your business and reduce costs. So I think that that's the way I see the two, the two models comparing and contrasting. >>So do you think the demise of the data warehouse is inevitable? I mean, I mean, you know, there Theresa you work with a lot of clients, they're not just gonna rip and replace their existing infrastructure. Maybe they're gonna build on top of it, but what does that mean? Does that mean the E D w just becomes, you know, less and less valuable over time, or it's maybe just isolated to specific use cases. What's your take on that? >>Listen, I still would love all my data within a data warehouse would love it. Mastered would love it owned by essential team. Right? I think that's still what I would love to have. That's just not the reality, right? The investment to actually migrate and keep that up to date. I would say it's a losing battle. Like we've been trying to do it for a long time. Nobody has the budgets and then data changes, right? There's gonna be a new technology. That's gonna emerge that we're gonna wanna tap into. There's going to be not enough investment to bring all the legacy, but still very useful systems into that centralized view. So you keep the data warehouse. I think it's a very, very valuable, very high performance tool for what it's there for, but you could have this, you know, new mesh layer that still takes advantage of the things. I mentioned, the data products in the systems that are meaningful today and the data products that actually might span a number of systems, maybe either those that either source systems for the domains that know it best, or the consumer based systems and products that need to be packaged in a way that be really meaningful for that end user, right? Each of those are useful for a different part of the business and making sure that the mesh actually allows you to use all of them. >>So, Richard, let me ask you, you take, take Gemma's principles back to those. You got to, you know, domain ownership and, and, and data as product. Okay, great. Sounds good. But it creates what I would argue are two, you know, challenges, self-serve infrastructure let's park that for a second. And then in your industry, the one of the high, most regulated, most sensitive computational governance, how do you automate and ensure federated governance in that mesh model that Theresa was just talking about? >>Well, it absolutely depends on some of the tooling and processes that you put in place around those tools to be, to centralize the security and the governance of the data. And I think, although a data warehouse makes that very simple, cause it's a single tool, it's not impossible with some of the data mesh technologies that are available. And so what we've done at emus is we have a single security layer that sits on top of our data match, which means that no matter which user is accessing, which data source, we go through a well audited well understood security layer. That means that we know exactly who's got access to which data field, which data tables. And then everything that they do is, is audited in a very kind of standard way, regardless of the underlying data storage technology. So for me, although storing the data in one place might not be possible understanding where your source of truth is and securing that in a common way is still a valuable approach and you can do it without having to bring all that data into a single bucket so that it's all in one place. And, and so having done that and investing quite heavily in making that possible has paid dividends in terms of giving wider access to the platform and ensuring that only data that's available under GDPR and other regulations is being used by, by the data users. >>Yeah. So Justin, I mean, Democrat, we always talk about data democratization and you know, up until recently, they really haven't been line of sight as to how to get there. But do you have anything to add to this because you're essentially taking, you know, do an analytic queries and with data that's all dispersed all over the, how are you seeing your customers handle this, this challenge? >>Yeah. I mean, I think data products is a really interesting aspect of the answer to that. It allows you to, again, leverage the data domain owners, people know the data, the best to, to create, you know, data as a product ultimately to be consumed. And we try to represent that in our product as effectively a almost eCommerce like experience where you go and discover and look for the data products that have been created in your organization. And then you can start to consume them as, as you'd like. And so really trying to build on that notion of, you know, data democratization and self-service, and making it very easy to discover and, and start to use with whatever BI tool you, you may like, or even just running, you know, SQL queries yourself, >>Okay. G guys grab a sip of water. After this short break, we'll be back to debate whether proprietary or open platforms are the best path to the future of data excellence, keep it right there. >>Your company has more data than ever, and more people trying to understand it, but there's a problem. Your data is stored across multiple systems. It's hard to access and that delays analytics and ultimately decisions. The old method of moving all of your data into a single source of truth is slow and definitely not built for the volume of data we have today or where we are headed while your data engineers spent over half their time, moving data, your analysts and data scientists are left, waiting, feeling frustrated, unproductive, and unable to move the needle for your business. But what if you could spend less time moving or copying data? What if your data consumers could analyze all your data quickly? >>Starburst helps your teams run fast queries on any data source. We help you create a single point of access to your data, no matter where it's stored. And we support high concurrency, we solve for speed and scale, whether it's fast, SQL queries on your data lake or faster queries across multiple data sets, Starburst helps your teams run analytics anywhere you can't afford to wait for data to be available. Your team has questions that need answers. Now with Starburst, the wait is over. You'll have faster access to data with enterprise level security, easy connectivity, and 24 7 support from experts, organizations like Zolando Comcast and FINRA rely on Starburst to move their businesses forward. Contact our Trino experts to get started. >>We're back with Jess Borgman of Starburst and Richard Jarvis of EVAs health. Okay, we're gonna get to lie. Number two, and that is this an open source based platform cannot give you the performance and control that you can get with a proprietary system. Is that a lie? Justin, the enterprise data warehouse has been pretty dominant and has evolved and matured. Its stack has mature over the years. Why is it not the default platform for data? >>Yeah, well, I think that's become a lie over time. So I, I think, you know, if we go back 10 or 12 years ago with the advent of the first data lake really around Hudu, that probably was true that you couldn't get the performance that you needed to run fast, interactive, SQL queries in a data lake. Now a lot's changed in 10 or 12 years. I remember in the very early days, people would say, you you'll never get performance because you need to be column there. You need to store data in a column format. And then, you know, column formats we're introduced to, to data apes, you have Parque ORC file in aro that were created to ultimately deliver performance out of that. So, okay. We got, you know, largely over the performance hurdle, you know, more recently people will say, well, you don't have the ability to do updates and deletes like a traditional data warehouse. >>And now we've got the creation of new data formats, again like iceberg and Delta and Hodi that do allow for updates and delete. So I think the data lake has continued to mature. And I remember a, a quote from, you know, Kurt Monash many years ago where he said, you know, know it takes six or seven years to build a functional database. I think that's that's right. And now we've had almost a decade go by. So, you know, these technologies have matured to really deliver very, very close to the same level performance and functionality of, of cloud data warehouses. So I think the, the reality is that's become a line and now we have large giant hyperscale internet companies that, you know, don't have the traditional data warehouse at all. They do all of their analytics in a data lake. So I think we've, we've proven that it's very much possible today. >>Thank you for that. And so Richard, talk about your perspective as a practitioner in terms of what open brings you versus, I mean, look closed is it's open as a moving target. I remember Unix used to be open systems and so it's, it is an evolving, you know, spectrum, but, but from your perspective, what does open give you that you can't get from a proprietary system where you are fearful of in a proprietary system? >>I, I suppose for me open buys us the ability to be unsure about the future, because one thing that's always true about technology is it evolves in a, a direction, slightly different to what people expect. And what you don't want to end up is done is backed itself into a corner that then prevents it from innovating. So if you have chosen a technology and you've stored trillions of records in that technology and suddenly a new way of processing or machine learning comes out, you wanna be able to take advantage and your competitive edge might depend upon it. And so I suppose for us, we acknowledge that we don't have perfect vision of what the future might be. And so by backing open storage technologies, we can apply a number of different technologies to the processing of that data. And that gives us the ability to remain relevant, innovate on our data storage. And we have bought our way out of the, any performance concerns because we can use cloud scale infrastructure to scale up and scale down as we need. And so we don't have the concerns that we don't have enough hardware today to process what we want to do, want to achieve. We can just scale up when we need it and scale back down. So open source has really allowed us to maintain the being at the cutting edge. >>So Jess, let me play devil's advocate here a little bit, and I've talked to Shaak about this and you know, obviously her vision is there's an open source that, that the data meshes open source, an open source tooling, and it's not a proprietary, you know, you're not gonna buy a data mesh. You're gonna build it with, with open source toolings and, and vendors like you are gonna support it, but to come back to sort of today, you can get to market with a proprietary solution faster. I'm gonna make that statement. You tell me if it's a lie and then you can say, okay, we support Apache iceberg. We're gonna support open source tooling, take a company like VMware, not really in the data business, but how, the way they embraced Kubernetes and, and you know, every new open source thing that comes along, they say, we do that too. Why can't proprietary systems do that and be as effective? >>Yeah, well, I think at least with the, within the data landscape saying that you can access open data formats like iceberg or, or others is, is a bit dis disingenuous because really what you're selling to your customer is a certain degree of performance, a certain SLA, and you know, those cloud data warehouses that can reach beyond their own proprietary storage drop all the performance that they were able to provide. So it is, it reminds me kind of, of, again, going back 10 or 12 years ago when everybody had a connector to Haddo and that they thought that was the solution, right? But the reality was, you know, a connector was not the same as running workloads in Haddo back then. And I think similarly, you know, being able to connect to an external table that lives in an open data format, you know, you're, you're not going to give it the performance that your customers are accustomed to. And at the end of the day, they're always going to be predisposed. They're always going to be incentivized to get that data ingested into the data warehouse, cuz that's where they have control. And you know, the bottom line is the database industry has really been built around vendor lockin. I mean, from the start, how, how many people love Oracle today, but our customers, nonetheless, I think, you know, lockin is, is, is part of this industry. And I think that's really what we're trying to change with open data formats. >>Well, that's interesting reminded when I, you know, I see the, the gas price, the tees or gas price I, I drive up and then I say, oh, that's the cash price credit card. I gotta pay 20 cents more, but okay. But so the, the argument then, so let me, let me come back to you, Justin. So what's wrong with saying, Hey, we support open data formats, but yeah, you're gonna get better performance if you, if you keep it into our closed system, are you saying that long term that's gonna come back and bite you cuz you're gonna end up, you mentioned Oracle, you mentioned Teradata. Yeah. That's by, by implication, you're saying that's where snowflake customers are headed. >>Yeah, absolutely. I think this is a movie that, you know, we've all seen before. At least those of us who've been in the industry long enough to, to see this movie play over a couple times. So I do think that's the future. And I think, you know, I loved what Richard said. I actually wrote it down. Cause I thought it was an amazing quote. He said, it buys us the ability to be unsure of the future. Th that that pretty much says it all the, the future is unknowable and the reality is using open data formats. You remain interoperable with any technology you want to utilize. If you want to use spark to train a machine learning model and you want to use Starbust to query via sequel, that's totally cool. They can both work off the same exact, you know, data, data sets by contrast, if you're, you know, focused on a proprietary model, then you're kind of locked in again to that model. I think the same applies to data, sharing to data products, to a wide variety of, of aspects of the data landscape that a proprietary approach kind of closes you in and locks you in. >>So I, I would say this Richard, I'd love to get your thoughts on it. Cause I talked to a lot of Oracle customers, not as many te data customers, but, but a lot of Oracle customers and they, you know, they'll admit, yeah, you know, they're jamming us on price and the license cost they give, but we do get value out of it. And so my question to you, Richard, is, is do the, let's call it data warehouse systems or the proprietary systems. Are they gonna deliver a greater ROI sooner? And is that in allure of, of that customers, you know, are attracted to, or can open platforms deliver as fast in ROI? >>I think the answer to that is it can depend a bit. It depends on your businesses skillset. So we are lucky that we have a number of proprietary teams that work in databases that provide our operational data capability. And we have teams of analytics and big data experts who can work with open data sets and open data formats. And so for those different teams, they can get to an ROI more quickly with different technologies for the business though, we can't do better for our operational data stores than proprietary databases. Today we can back off very tight SLAs to them. We can demonstrate reliability from millions of hours of those databases being run at enterprise scale, but for an analytics workload where increasing our business is growing in that direction, we can't do better than open data formats with cloud-based data mesh type technologies. And so it's not a simple answer. That one will always be the right answer for our business. We definitely have times when proprietary databases provide a capability that we couldn't easily represent or replicate with open technologies. >>Yeah. Richard, stay with you. You mentioned, you know, you know, some things before that, that strike me, you know, the data brick snowflake, you know, thing is, oh, is a lot of fun for analysts like me. You've got data bricks coming at it. Richard, you mentioned you have a lot of rockstar, data engineers, data bricks coming at it from a data engineering heritage. You get snowflake coming at it from an analytics heritage. Those two worlds are, are colliding people like PJI Mohan said, you know what? I think it's actually harder to play in the data engineering. So I E it's easier to for data engineering world to go into the analytics world versus the reverse, but thinking about up and coming engineers and developers preparing for this future of data engineering and data analytics, how, how should they be thinking about the future? What, what's your advice to those young people? >>So I think I'd probably fall back on general programming skill sets. So the advice that I saw years ago was if you have open source technologies, the pythons and Javas on your CV, you commander 20% pay, hike over people who can only do proprietary programming languages. And I think that's true of data technologies as well. And from a business point of view, that makes sense. I'd rather spend the money that I save on proprietary licenses on better engineers, because they can provide more value to the business that can innovate us beyond our competitors. So I think I would my advice to people who are starting here or trying to build teams to capitalize on data assets is begin with open license, free capabilities, because they're very cheap to experiment with. And they generate a lot of interest from people who want to join you as a business. And you can make them very successful early, early doors with, with your analytics journey. >>It's interesting. Again, analysts like myself, we do a lot of TCO work and have over the last 20 plus years. And in world of Oracle, you know, normally it's the staff, that's the biggest nut in total cost of ownership, not an Oracle. It's the it's the license cost is by far the biggest component in the, in the blame pie. All right, Justin, help us close out this segment. We've been talking about this sort of data mesh open, closed snowflake data bricks. Where does Starburst sort of as this engine for the data lake data lake house, the data warehouse fit in this, in this world? >>Yeah. So our view on how the future ultimately unfolds is we think that data lakes will be a natural center of gravity for a lot of the reasons that we described open data formats, lowest total cost of ownership, because you get to choose the cheapest storage available to you. Maybe that's S3 or Azure data lake storage, or Google cloud storage, or maybe it's on-prem object storage that you bought at a, at a really good price. So ultimately storing a lot of data in a deal lake makes a lot of sense, but I think what makes our perspective unique is we still don't think you're gonna get everything there either. We think that basically centralization of all your data assets is just an impossible endeavor. And so you wanna be able to access data that lives outside of the lake as well. So we kind of think of the lake as maybe the biggest place by volume in terms of how much data you have, but to, to have comprehensive analytics and to truly understand your business and understand it holistically, you need to be able to go access other data sources as well. And so that's the role that we wanna play is to be a single point of access for our customers, provide the right level of fine grained access controls so that the right people have access to the right data and ultimately make it easy to discover and consume via, you know, the creation of data products as well. >>Great. Okay. Thanks guys. Right after this quick break, we're gonna be back to debate whether the cloud data model that we see emerging and the so-called modern data stack is really modern, or is it the same wine new bottle? When it comes to data architectures, you're watching the cube, the leader in enterprise and emerging tech coverage. >>Your data is capable of producing incredible results, but data consumers are often left in the dark without fast access to the data they need. Starers makes your data visible from wherever it lives. Your company is acquiring more data in more places, more rapidly than ever to rely solely on a data centralization strategy. Whether it's in a lake or a warehouse is unrealistic. A single source of truth approach is no longer viable, but disconnected data silos are often left untapped. We need a new approach. One that embraces distributed data. One that enables fast and secure access to any of your data from anywhere with Starburst, you'll have the fastest query engine for the data lake that allows you to connect and analyze your disparate data sources no matter where they live Starburst provides the foundational technology required for you to build towards the vision of a decentralized data mesh Starburst enterprise and Starburst galaxy offer enterprise ready, connectivity, interoperability, and security features for multiple regions, multiple clouds and everchanging global regulatory requirements. The data is yours. And with Starburst, you can perform analytics anywhere in light of your world. >>Okay. We're back with Justin Boardman. CEO of Starbust Richard Jarvis is the CTO of EMI health and Theresa tongue is the cloud first technologist from Accenture. We're on July number three. And that is the claim that today's modern data stack is actually modern. So I guess that's the lie it's it is it's is that it's not modern. Justin, what do you say? >>Yeah. I mean, I think new isn't modern, right? I think it's the, it's the new data stack. It's the cloud data stack, but that doesn't necessarily mean it's modern. I think a lot of the components actually are exactly the same as what we've had for 40 years, rather than Terra data. You have snowflake rather than Informatica you have five trend. So it's the same general stack, just, you know, a cloud version of it. And I think a lot of the challenges that it plagued us for 40 years still maintain. >>So lemme come back to you just, but okay. But, but there are differences, right? I mean, you can scale, you can throw resources at the problem. You can separate compute from storage. You really, you know, there's a lot of money being thrown at that by venture capitalists and snowflake, you mentioned it's competitors. So that's different. Is it not, is that not at least an aspect of, of modern dial it up, dial it down. So what, what do you say to that? >>Well, it, it is, it's certainly taking, you know, what the cloud offers and taking advantage of that, but it's important to note that the cloud data warehouses out there are really just separating their compute from their storage. So it's allowing them to scale up and down, but your data still stored in a proprietary format. You're still locked in. You still have to ingest the data to get it even prepared for analysis. So a lot of the same sort of structural constraints that exist with the old enterprise data warehouse model OnPrem still exist just yes, a little bit more elastic now because the cloud offers that. >>So Theresa, let me go to you cuz you have cloud first in your, in your, your title. So what's what say you to this conversation? >>Well, even the cloud providers are looking towards more of a cloud continuum, right? So the centralized cloud, as we know it, maybe data lake data warehouse in the central place, that's not even how the cloud providers are looking at it. They have news query services. Every provider has one that really expands those queries to be beyond a single location. And if we look at a lot of where our, the future goes, right, that that's gonna very much fall the same thing. There was gonna be more edge. There's gonna be more on premise because of data sovereignty, data gravity, because you're working with different parts of the business that have already made major cloud investments in different cloud providers. Right? So there's a lot of reasons why the modern, I guess, the next modern generation of the data staff needs to be much more federated. >>Okay. So Richard, how do you deal with this? You you've obviously got, you know, the technical debt, the existing infrastructure it's on the books. You don't wanna just throw it out. A lot of, lot of conversation about modernizing applications, which a lot of times is a, you know, a microservices layer on top of leg legacy apps. How do you think about the modern data stack? >>Well, I think probably the first thing to say is that the stack really has to include the processes and people around the data as well is all well and good changing the technology. But if you don't modernize how people use that technology, then you're not going to be able to, to scale because just cuz you can scale CPU and storage doesn't mean you can get more people to use your data, to generate you more, more value for the business. And so what we've been looking at is really changing in very much aligned to data products and, and data mesh. How do you enable more people to consume the service and have the stack respond in a way that keeps costs low? Because that's important for our customers consuming this data, but also allows people to occasionally run enormous queries and then tick along with smaller ones when required. And it's a good job we did because during COVID all of a sudden we had enormous pressures on our data platform to answer really important life threatening queries. And if we couldn't scale both our data stack and our teams, we wouldn't have been able to answer those as quickly as we had. So I think the stack needs to support a scalable business, not just the technology itself. >>Well thank you for that. So Justin let's, let's try to break down what the critical aspects are of the modern data stack. So you think about the past, you know, five, seven years cloud obviously has given a different pricing model. De-risked experimentation, you know that we talked about the ability to scale up scale down, but it's, I'm, I'm taking away that that's not enough based on what Richard just said. The modern data stack has to serve the business and enable the business to build data products. I, I buy that. I'm a big fan of the data mesh concepts, even though we're early days. So what are the critical aspects if you had to think about, you know, paying, maybe putting some guardrails and definitions around the modern data stack, what does that look like? What are some of the attributes and, and principles there >>Of, of how it should look like or, or how >>It's yeah. What it should be. >>Yeah. Yeah. Well, I think, you know, in, in Theresa mentioned this in, in a previous segment about the data warehouse is not necessarily going to disappear. It just becomes one node, one element of the overall data mesh. And I, I certainly agree with that. So by no means, are we suggesting that, you know, snowflake or Redshift or whatever cloud data warehouse you may be using is going to disappear, but it's, it's not going to become the end all be all. It's not the, the central single source of truth. And I think that's the paradigm shift that needs to occur. And I think it's also worth noting that those who were the early adopters of the modern data stack were primarily digital, native born in the cloud young companies who had the benefit of, of idealism. They had the benefit of it was starting with a clean slate that does not reflect the vast majority of enterprises. >>And even those companies, as they grow up mature out of that ideal state, they go buy a business. Now they've got something on another cloud provider that has a different data stack and they have to deal with that heterogeneity that is just change and change is a part of life. And so I think there is an element here that is almost philosophical. It's like, do you believe in an absolute ideal where I can just fit everything into one place or do I believe in reality? And I think the far more pragmatic approach is really what data mesh represents. So to answer your question directly, I think it's adding, you know, the ability to access data that lives outside of the data warehouse, maybe living in open data formats in a data lake or accessing operational systems as well. Maybe you want to directly access data that lives in an Oracle database or a Mongo database or, or what have you. So creating that flexibility to really Futureproof yourself from the inevitable change that you will, you won't encounter over time. >>So thank you. So there, based on what Justin just said, I, my takeaway there is it's inclusive, whether it's a data Mar data hub, data lake data warehouse, it's a, just a node on the mesh. Okay. I get that. Does that include there on Preem data? O obviously it has to, what are you seeing in terms of the ability to, to take that data mesh concept on Preem? I mean, most implementations I've seen in data mesh, frankly really aren't, you know, adhering to the philosophy. They're maybe, maybe it's data lake and maybe it's using glue. You look at what JPMC is doing. Hello, fresh, a lot of stuff happening on the AWS cloud in that, you know, closed stack, if you will. What's the answer to that Theresa? >>I mean, I, I think it's a killer case for data. Me, the fact that you have valuable data sources, OnPrem, and then yet you still wanna modernize and take the best of cloud cloud is still, like we mentioned, there's a lot of great reasons for it around the economics and the way ability to tap into the innovation that the cloud providers are giving around data and AI architecture. It's an easy button. So the mesh allows you to have the best of both worlds. You can start using the data products on-prem or in the existing systems that are working already. It's meaningful for the business. At the same time, you can modernize the ones that make business sense because it needs better performance. It needs, you know, something that is, is cheaper or, or maybe just tap into better analytics to get better insights, right? So you're gonna be able to stretch and really have the best of both worlds. That, again, going back to Richard's point, that is meaningful by the business. Not everything has to have that one size fits all set a tool. >>Okay. Thank you. So Richard, you know, talking about data as product, wonder if we could give us your perspectives here, what are the advantages of treating data as a product? What, what role do data products have in the modern data stack? We talk about monetizing data. What are your thoughts on data products? >>So for us, one of the most important data products that we've been creating is taking data that is healthcare data across a wide variety of different settings. So information about patients' demographics about their, their treatment, about their medications and so on, and taking that into a standards format that can be utilized by a wide variety of different researchers because misinterpreting that data or having the data not presented in the way that the user is expecting means that you generate the wrong insight. And in any business, that's clearly not a desirable outcome, but when that insight is so critical, as it might be in healthcare or some security settings, you really have to have gone to the trouble of understanding the data, presenting it in a format that everyone can clearly agree on. And then letting people consume in a very structured, managed way, even if that data comes from a variety of different sources in, in, in the first place. And so our data product journey has really begun by standardizing data across a number of different silos through the data mesh. So we can present out both internally and through the right governance externally to, to researchers. >>So that data product through whatever APIs is, is accessible, it's discoverable, but it's obviously gotta be governed as well. You mentioned you, you appropriately provided to internally. Yeah. But also, you know, external folks as well. So the, so you've, you've architected that capability today >>We have, and because the data is standard, it can generate value much more quickly and we can be sure of the security and, and, and value that that's providing because the data product isn't just about formatting the data into the correct tables, it's understanding what it means to redact the data or to remove certain rows from it or to interpret what a date actually means. Is it the start of the contract or the start of the treatment or the date of birth of a patient? These things can be lost in the data storage without having the proper product management around the data to say in a very clear business context, what does this data mean? And what does it mean to process this data for a particular use case? >>Yeah, it makes sense. It's got the context. If the, if the domains own the data, you, you gotta cut through a lot of the, the, the centralized teams, the technical teams that, that data agnostic, they don't really have that context. All right. Let's send Justin, how does Starburst fit into this modern data stack? Bring us home. >>Yeah. So I think for us, it's really providing our customers with, you know, the flexibility to operate and analyze data that lives in a wide variety of different systems. Ultimately giving them that optionality, you know, and optionality provides the ability to reduce costs, store more in a data lake rather than data warehouse. It provides the ability for the fastest time to insight to access the data directly where it lives. And ultimately with this concept of data products that we've now, you know, incorporated into our offering as well, you can really create and, and curate, you know, data as a product to be shared and consumed. So we're trying to help enable the data mesh, you know, model and make that an appropriate compliment to, you know, the, the, the modern data stack that people have today. >>Excellent. Hey, I wanna thank Justin Theresa and Richard for joining us today. You guys are great. I big believers in the, in the data mesh concept, and I think, you know, we're seeing the future of data architecture. So thank you. Now, remember, all these conversations are gonna be available on the cube.net for on-demand viewing. You can also go to starburst.io. They have some great content on the website and they host some really thought provoking interviews and, and, and they have awesome resources, lots of data mesh conversations over there, and really good stuff in, in the resource section. So check that out. Thanks for watching the data doesn't lie or does it made possible by Starburst data? This is Dave Valante for the cube, and we'll see you next time. >>The explosion of data sources has forced organizations to modernize their systems and architecture and come to terms with one size does not fit all for data management today. Your teams are constantly moving and copying data, which requires time management. And in some cases, double paying for compute resources. Instead, what if you could access all your data anywhere using the BI tools and SQL skills your users already have. And what if this also included enterprise security and fast performance with Starburst enterprise, you can provide your data consumers with a single point of secure access to all of your data, no matter where it lives with features like strict, fine grained, access control, end to end data encryption and data masking Starburst meets the security standards of the largest companies. Starburst enterprise can easily be deployed anywhere and managed with insights where data teams holistically view their clusters operation and query execution. So they can reach meaningful business decisions faster, all this with the support of the largest team of Trino experts in the world, delivering fully tested stable releases and available to support you 24 7 to unlock the value in all of your data. You need a solution that easily fits with what you have today and can adapt to your architecture. Tomorrow. Starbust enterprise gives you the fastest path from big data to better decisions, cuz your team can't afford to wait. Trino was created to empower analytics anywhere and Starburst enterprise was created to give you the enterprise grade performance, connectivity, security management, and support your company needs organizations like Zolando Comcast and FINRA rely on Starburst to move their businesses forward. Contact us to get started.