>> theCUBE's live coverage is made possible by funding from Dell Technologies, creating technologies that drive human progress. (upbeat music) >> Hey everyone, guys and gals, good to see you. It's theCUBE live in Barcelona at MWC23. Lisa Martin here with Dave Vellante on day one of four days of wall to wall CUBE coverage. Dave, today is ecosystem day. We've had some great conversations about why the open ecosystem is so important and some of the key players in it. >> Well and I'm in search of disruptors, so I'm looking for, okay, who are the network operators that are going to actually lean into the future and drive it and challenge the existing incumbents. We'll talk about that today. >> And we're going to be talking about that next. We've got one of our alumni back with us. Satish Iyer is here, the Vice President of Emerging Services at Dell. Great to have you back on the program. >> Thank you. >> Richard Leitao is with us as well, the Vice President of National Development at DISH Network. Welcome. >> Pleasure to be here. >> So, lots of, this is day one, the theme is velocity. I feel like the day has gone by so quickly. But Dell and DISH have partnered together on a multi-year initiative to build your nationwide cloud-native 5G network that's going to cover a lot of the US. Talk a little bit about that partnership, we'll get both of your perspectives. Richard, we'll start with you. >> Sure. So thank you again for having me. So DISH had the opportunity of, of going through this experience, of innovating once more. For the ones that know DISH, DISH is a company that was founded in 1980 by an innovator, a disruptor. Of course, in the course of the next 40 years, we had the opportunities of even disrupting ourselves. We launched our first satellite TV service. We then launched the first streaming, video streaming platform, disrupting our own satellite business. And since 2008, we have been acquiring Spectrum and, you know, Spectrum, the most valuable asset of a wireless operator. We felt that this was the right opportunity, having 5G , having O-RAN, and we decided to go full in in a greenfield project building national network, 5G O-RAN cloud-based network, one of a kind network in in the US and, and most of all, using O-RAN, it's very important to us, what, what it can bring and it can bring to DISH but to the entire ecosystem of, of this sector in the US. >> Satish, talk a little bit about the partnership from Dell's perspective and some of the unique advantages that Dell is delivering to DISH. >> Oh absolutely. Again, like Richard was saying, I mean the telecom network is being desegregated as we speak. You know, companies like DISH and everybody else is looking at what are the best-in-class technologies we can bring to the table. I would like to say that, you know, the cloud is coming to the telco world, right? A lot of us have seen the tremendous transformation in the cloud world in the last few years. Now, you know, DISH is a big enterprise company. As you know, you know, we are pretty strong within the cloud space and enterprise space. So what we try to work with DISH is Dell, is to bring to DISH is, you know, that notion of cloud scale and the cloud ecosystem into telecom, right? By means best-in-class infrastructure products, best-in-class software products, to allow somebody like DISH to innovate and incre, you know, basically expand and build their O-RAN network. So it's absolutely important for us as we build and get into the telecom space to work with somebody like DISH who's also disrupting as a carrier in that space. >> So it's early days for Open RAN but you've decided, "okay, we're all in". >> Yeah. >> Right? So (chuckling) you burn the bridge, as they say, "go for it". (Lisa chuckles) So when you talk to most people, they say, "okay, it's, it's, it's, it's immature." It's got to be able to get to the levels of, of the, the the hardened stack reliability. But of course it brings the advantage of flexibility and speed. Are you optimizing for one or the other right now? How are you dealing with that balance? >> Well, it, it's, it's not mature in the sense that most of operators that think about it, they have a legacy network. And in order to go full in on the O-RAN side, they need to scrap a lot of things that they have and honestly, they don't want, and it doesn't make sense. So being a greenfield operator, give us that advantage. Give us the advantage and, and desegregation, it's all about chip sets, boxes and software and the chip sets part and what I like the most in desegregation is the time of innovation. The time that we can use new chip sets coming into the market, the size of the boxes that we are using. Obviously our footprint onsite is much smaller than traditional carriers or proprietary systems. So all of that Dell has been critical in supporting us. Supporting us having the best chip sets, having the smallest footprint and, you know, the software, the cycle of innovation is much faster than in proprietary systems. So ma-, it's maturing. I'm glad to say that probably two years ago here O-RAN was more like a, a pilot type of technology. It is not, we are live, we are live for more than 30 million customers in the US and, you know, the performance levels are very similar to traditional networks. >> So you don't just buy a nationwide cloud-native 5G network out of the box, you got to- >> No, you don't. >> You got to build it. So I'm curious as to what Dell's role is in that, in that build out. >> Right? >> How and how, I'm really curious how to, how you would grade Dell but we'll get there. >> Yeah, I mean, look, yes, you don't. So I think the, the, the first and foremost is again, as, as we, Dell, comes into the telco space, one of the things we have to look at is to understand what makes Dell better in the enterprise space, right? It is the best-in-class infrastructure. It is the software ties together. As you talk about desegregated networks, it's important to understand lot of these piece parts have to still be touched together, right? So I think the integration and integration aspects becomes really key which is really Dell is very good at. So one of the things we are working really closely with DISH Tech, you know Richard was alluding to, is bringing all, not just bringing all the software and hardware assets together, but how do you continuously innovate and keep fixing things faster, right? So in the old days, traditional ways, you have a software stack, it takes you 18 months, 20 months to actually get an upgrade done. Here we have continuously CI/CD pipelines where if you want to a change done within, within a week's or within a few days, where we can actually go and test and make sure these things work. So I think a lot of the best enterprise software practices, cloud practices, combined with whatever needs for telco, actually is what makes it very unique. >> I, I saw that this started out as an FCC compliance initiative that turned into a partnership, obviously a very successful one. Richard, talk about what DISH saw in Dell that really made it the right choice, knowing you have choices, you have options. >> You know, we saw the capability to execute, but we also saw the capability to innovate. From an execution level, at the end of the day, like we were talking, we started the project in the middle of COVID, and we had the first mandate to cover 20% of the US population by June, 2022. And now we have a second one, 70% of US population by June 2023. At the beginning of the project, it was all about availability of materials, logistics, how to distribute, how to transport material. So Dell has a world-class supply chain, we felt that working with Dell through all these challenges made things easier. So from an execution perspective, whenever you need to build a network and you, you are building thousands of sites, you need to have materials, you need to distribute them and you need to install them. Dell helped us across the board. Our expectations obviously will change. We have a network, we want to cooperate with Dell in many other areas. We want to, you know, leverage on Dell ability to reach the enterprise market, to have private 5G offers. So hopefully this collaboration will endure in time and, and, you know, will change and evolve in time. >> And it's a big bet. I mean, it's not like a single, it's not like a little transaction that you guys are doing. I feel like, you know Michael Dell and Eric Carlson had dinner and they said, "okay, we're going to, we're going to partner up and this is going to be a multi-decade partnership. You had to be transparent, "Hey, we're new at this, even though we're really good at enterprise tech and so you're going to, obviously if you take a chance on us, here's what we promise you." >> Absolutely. >> And vice versa, you guys had to say, "all right, hey, we're willing to roll the dice because we're trying to change the world." So what was that dynamic like? I mean, how did, I'm curious as to this has to be a lot of different levels, engineering, senior management, board level discussions. >> You know, we felt a huge buy-in from Dell on the Open RAN concept. >> Right. >> Yeah, okay. >> And, you know, edge computing and, and the ability to get us the best product and evolve the best product, Intel is is critical in all these offerings. Intel has a great relationship with Dell. Dell helped us. Dell sponsored the DISH program and some of these suppliers, So it was definitely good to have their support and the buy-in on the O-RAN concept. We felt it from day one and we felt secure on that. >> Yeah, I mean, I, to add to that, I mean, you know DISH was very instrumental in driving, dictating and executing to our roadmap, right? They're one of the key, I mean, since they are out there and they're really turning in a way, it's important that a customer who's actually at the out front of innovation, helps us drive our own roadmap. So to Richard's point, a lot of our product roadmaps, in terms of what have you built and all that, was based on what DISH thinks as going to be market-based requirements. They also helped us a lot in the integration aspects. Like I said, one of the things about open desegregation of these networks is there is a lot of integration because, you know, there is, it's not a one, one monolithic pipe smokestack anymore. You are picking up best-in-class pieces, bits and pieces and tying it together. And it's important to understand when you tie it together things will go wrong, right? So there is a lot of learnings from an integration standpoint. Supportability, deployment, one of the things Richard talked about was supply chain, you know. Other Dell's ability to, lot of these deployments, a lot of these configs in the factory, right, in the second part. So especially a lot of these partnerships started during COVID time and as you all know, you know what we went through two years ago. So we had to make sure that lot of these things are done in one place and a factory, and not done in the field because we couldn't do a lot of these things. So there's a lot of, lot of experimentation, lot of, lot, lot of innovation on that. >> So it's 2030, what's this look like? What's the vision if we can work backwards from there? Well, a, a great network coverage to the entire country, bringing new services to enterprises, to verticals, bringing value add to customers and, you know, technology cycles, they are lasting much less than they were. I cannot even say what will happen in three years. 2030, I mean, I know, I know somebody has a vision for 2030. That's another thing. (everyone laughs) >> A lot of it is "build it and they will come", right? >> Yeah. >> I mean it really is right? You put that network in place and then innovation happens on top. That's the best thing. >> Yeah. And look and and I think the biggest people think about Open RAN in terms of cost, which, you know, you, you have some things in cost that you appreciate in Open RAN. The footprint, the the possibility to diversify suppliers and and have more competition. But for me, Open RAN is about innovation and cycles of innovation. I used to work for Nokia, I used to work for Alcatel. I knew from the generation of an idea to an execution and having a feature delivered to a certain customer, it, it took months. We want innovation to take weeks. We are innovating at the speed, speed of the cloud. We are cooperating with new players, players on the cloud and, and we expect things to happen much faster than they traditionally happen on the telecom sector. >> Move fast and break things. >> Well, we also expect that speed- >> Break and fix. (everyone laughs) >> Yeah, thank you for that. >> But speaking of speed, your customers expect that, right? They expect the service to be up 24/7. They expect to be able to access whatever content they want, whenever they want from wherever they are. So comment, Richard, in our last few minutes here of, of how the, the Dell partnership is helping DISH to really deliver the excellent customer experience that your customers just expect that you're going to deliver. >> Well by setting up the system, number one, we are leveraging on a number of services. And I mentioned the supply chain, but in reality Dell made much more than that for our 20% milestone and is supporting our 70% milestone by installing, testing, verifying most of our data center equipment. We found that this offering from Dell was really addressing some of our needs because, you know, we, we believe they know a lot in this area and they, they can provide the best advice and the best speed to market in, in terms of having this equipment. Because we are working on a time clock, we need to have this done as soon as possible. You know for the future, I hope that they can help us in driving more services. I hope they can bring all the infrastructure that we need to offer to our customers. And, you know, we keep committed to O-RAN. O-RAN is really important. We are not compromising that. And I think the future is bright for both of us. >> Yeah, and Dell learns from the experience. >> Exactly. >> Absolutely. >> There's got to be a catalyst for expanding your roadmap and vision in telecom. >> Yeah, I mean, like you said, I mean, you asked a 2030 question and I think that, you know, know six, seven years from now I think people should look at what DISH and Dell and say they were the trailblazers of make, bringing Open RAN to the market and making 5G a reality. I mean, you talk about 5G, but every 5G is on a different stages. I do think that this combination, this partnership has the best chance to be the first ones to actually have a truly Open RAN network to be successful in commercial. >> Awesome guys. Trailblazers, Dell and DISH. Well, we look forward to watching this story unfold. Thank you- >> Thank you. >> for joining Dave and me on the program today talking about what you're doing together. We appreciate it. >> Thanks for having us. >> Our pleasure. >> Thank you, bye. >> For our guests and for Dave Vellante, I'm Lisa Martin. You're watching theCUBE live from Barcelona at MWC23. We'll be back after a short break, so we'll see you soon.

>>Welcome back, everyone live here at Supercomputing 22 in Dallas, Texas. I'm John for host of the Queue here at Paul Gillin, editor of Silicon Angle, getting all the stories, bringing it to you live. Supercomputer TV is the queue right now. And bringing all the action Bresniker, chief architect of Hewlett Packard Labs with HP Cube alumnis here to talk about Supercomputing Road to Quantum. Kirk, great to see you. Thanks for coming on. >>Thanks for having me guys. Great to be >>Here. So Paul and I were talking and we've been covering, you know, computing as we get into the large scale cloud now on premises compute has been one of those things that just never stops. No one ever, I never heard someone say, I wanna run my application or workload on slower, slower hardware or processor or horsepower. Computing continues to go, but this, we're at a step function. It feels like we're at a level where we're gonna unleash new, new creativity, new use cases. You've been kind of working on this for many, many years at hp, Hewlett Packard Labs, I remember the machine and all the predecessor r and d. Where are we right now from your standpoint, HPE standpoint? Where are you in the computing? It's as a service, everything's changing. What's your view? >>So I think, you know, you capture so well. You think of the capabilities that you create. You create these systems and you engineer these amazing products and then you think, whew, it doesn't get any better than that. And then you remind yourself as an engineer. But wait, actually it has to, right? It has to because we need to continuously provide that next generation of scientists and engineer and artists and leader with the, with the tools that can do more and do more frankly with less. Because while we want want to run the program slower, we sure do wanna run them for less energy. And figuring out how we accomplish all of those things, I think is, is really where it's gonna be fascinating. And, and it's also, we think about that, we think about that now, scale data center billion, billion operations per second, the new science, arts and engineering that we'll create. And yet it's also what's beyond what's beyond that data center. How do we hook it up to those fantastic scientific instruments that are capable to generate so much information? We need to understand how we couple all of those things together. So I agree, we are at, at an amazing opportunity to raise the aspirations of the next generation. At the same time we have to think about what's coming next in terms of the technology. Is the silicon the only answer for us to continue to advance? >>You know, one of the big conversations is like refactoring, replatforming, we have a booth behind us that's doing energy. You can build it in data centers for compute. There's all kinds of new things. Is there anything in the paradigm of computing and now on the road to quantum, which I know you're involved, I saw you have on LinkedIn, you have an open rec for that. What paradigm elements are changing that weren't in play a few years ago that you're looking at right now as you look at the 20 mile stair into quantum? >>So I think for us it's fascinating because we've had a tailwind at our backs my whole career, 33 years at hp. And what I could count on was transistors got at first they got cheaper, faster and they use less energy. And then, you know, that slowed down a little bit. Now they're still cheaper and faster. As we look in that and that Moore's law continues to flatten out of it, there has to be something better to do than, you know, yet another copy of the prior design opening up that diversity of approach. And whether that is the amazing wafer scale accelerators, we see these application specific silicon and then broadening out even farther next to the next to the silicon. Here's the analog computational accelerator here is now the, the emergence of a potential quantum accelerator. So seeing that diversity of approaches, but what we have to happen is we need to harness all of those efficiencies and yet we still have to realize that there are human beings that need to create the application. So how do we bridge, how do we accommodate the physical of, of new kinds of accelerator? How do we imagine the cyber physical connection to the, to the rest of the supercomputer? And then finally, how do we bridge that productivity gap? Especially not for people who like me who have been around for a long time, we wanna think about that next generation cuz they're the ones that need to solve the problems and write the code that will do it. >>You mentioned what exists beyond silicon. In fact, are you looking at different kinds of materials that computers in the future will be built upon? >>Oh absolutely. You think of when, when we, we look at the quantum, the quantum modalities then, you know, whether it is a trapped ion or a superconducting, a piece of silicon or it is a neutral ion. There's just no, there's about half a dozen of these novel systems because really what we're doing when we're using a a quantum mechanical computer, we're creating a tiny universe. We're putting a little bit of material in there and we're manipulating at, at the subatomic level, harnessing the power of of, of quantum physics. That's an incredible challenge. And it will take novel materials, novel capabilities that we aren't just used to seeing. Not many people have a helium supplier in their data center today, but some of them might tomorrow. And understanding again, how do we incorporate industrialize and then scale all of these technologies. >>I wanna talk Turkey about quantum because we've been talking for, for five years. We've heard a lot of hyperbole about quantum. We've seen some of your competitors announcing quantum computers in the cloud. I don't know who's using these, these computers, what kind of work they're being used, how much of the, how real is quantum today? How close are we to having workable true quantum computers and what can you point to any examples of how it's being, how that technology is being used in the >>Field? So it, it remains nascent. We'll put it that way. I think part of the challenge is we see this low level technology and of course it was, you know, professor Richard Fineman who first pointed us in this direction, you know, more than 30 years ago. And you know, I I I trust his judgment. Yes. You know that there's probably some there there especially for what he was doing, which is how do we understand and engineer systems at the quantum mechanical level. Well he said a quantum mechanical system's probably the way to go. So understanding that, but still part of the challenge we see is that people have been working on the low level technology and they're reaching up to wondering will I eventually have a problem that that I can solve? And the challenge is you can improve something every single day and if you don't know where the bar is, then you don't ever know if you'll be good enough. >>I think part of the approach that we like to understand, can we start with the problem, the thing that we actually want to solve and then figure out what is the bespoke combination of classical supercomputing, advanced AI accelerators, novel quantum quantum capabilities. Can we simulate and design that? And we think there's probably nothing better to do that than than an next to scale supercomputer. Yeah. Can we simulate and design that bespoke environment, create that digital twin of this environment and if we, we've simulated it, we've designed it, we can analyze it, see is it actually advantageous? Cuz if it's not, then we probably should go back to the drawing board. And then finally that then becomes the way in which we actually run the quantum mechanical system in this hybrid environment. >>So it's na and you guys are feeling your way through, you get some moonshot, you work backwards from use cases as a, as a more of a discovery navigational kind of mission piece. I get that. And Exoscale has been a great role for you guys. Congratulations. Has there been strides though in quantum this year? Can you point to what's been the, has the needle moved a little bit a lot or, I mean it's moving I guess to some, there's been some talk but we haven't really been able to put our finger on what's moving, like what need, where's the needle moved I >>Guess in quantum. And I think, I think that's part of the conversation that we need to have is how do we measure ourselves. I know at the World Economic Forum, quantum Development Network, we had one of our global future councils on the future of quantum computing. And I brought in a scene I EEE fellow Par Gini who, you know, created the international technology roadmap for semiconductors. And I said, Paulo, could you come in and and give us examples, how was the semiconductor community so effective not only at developing the technology but predicting the development of technology so that whether it's an individual deciding if they should change careers or it's a nation state deciding if they should spend a couple billion dollars, we have that tool to predict the rate of change and improvement. And so I think that's part of what we're hoping by participating will bring some of that road mapping skill and technology and understanding so we can make those better reasoned investments. >>Well it's also fun to see super computing this year. Look at the bigger picture, obviously software cloud natives running modern applications, infrastructure as code that's happening. You're starting to see the integration of, of environments almost like a global distributed operating system. That's the way I call it. Silicon and advancements have been a big part of what we see now. Merchant silicon, but also dpu are on the scene. So the role role of silicon is there. And also we have supply chain problems. So how, how do you look at that as a a, a chief architect of h Hewlett Packard Labs? Because not only you have to invent the future and dream it up, but you gotta deal with the realities and you get the realities are silicon's great, we need more of that quantums around the corner, but supply chain, how do you solve that? What's your thoughts and how do you, how, how is HPE looking at silicon innovation and, and supply chain? >>And so for us it, it is really understanding that partnership model and understanding and contributing. And so I will do things like I happen to be the, the systems and architectures chapter editor for the I eee International Roadmap for devices and systems, that community that wants to come together and provide that guidance. You know, so I'm all about telling the semiconductor and the post semiconductor community, okay, this is where we need to compute. I have a partner in the applications and benchmark that says, this is what we need to compute. And when you can predict in the future about where you need to compute, what you need to compute, you can have a much richer set of conversations because you described it so well. And I think our, our senior fellow Nick Dubey would, he's coined the term internet of workflows where, you know, you need to harness everything from the edge device all the way through the extra scale computer and beyond. And it's not just one sort of static thing. It is a very interesting fluid topology. I'll use this compute at the edge, I'll do this information in the cloud, I want to have this in my exoscale data center and I still need to provide the tool so that an individual who's making that decision can craft that work flow across all of those different resources. >>And those workflows, by the way, are complicated. Now you got services being turned on and off. Observability is a hot area. You got a lot more data in in cycle inflow. I mean a lot more action. >>And I think you just hit on another key point for us and part of our research at labs, I have, as part of my other assignments, I help draft our AI ethics global policies and principles and not only tell getting advice about, about how we should live our lives, it also became the basis for our AI research lab at Shewl Packard Labs because they saw, here's a challenge and here's something where I can't actually believe, maintain my ethical compliance. I need to have engineer new ways of, of achieving artificial intelligence. And so much of that comes back to governance over that data and how can we actually create those governance systems and and do that out in the open >>That's a can of worms. We're gonna do a whole segment on that one, >>On that >>Technology, on that one >>Piece I wanna ask you, I mean, where rubber meets the road is where you're putting your dollars. So you've talked a lot, a lot of, a lot of areas of, of progress right now, where are you putting your dollars right now at Hewlett Packard Labs? >>Yeah, so I think when I draw, when I draw my 2030 vision slide, you know, I, for me the first column is about heterogeneous, right? How do we bring all of these novel computational approaches to be able to demonstrate their effectiveness, their sustainability, and also the productivity that we can drive from, from, from them. So that's my first column. My section column is that edge to exoscale workflow that I need to be able to harness all of those computational and data resources. I need to be aware of the energy consequence of moving data, of doing computation and find all of that while still maintaining and solving for security and privacy. But the last thing, and, and that's one was a, one was a how one was aware. The last thing is a who, right? And is is how do we take that subject matter expert? I think of a, a young engineer starting their career at hpe. It'll be very different than my 33 years. And part of it, you know, they will be undaunted by any, any scale. They will be cloud natives, maybe they metaverse natives, they will demand to design an open cooperative environment. So for me it's thinking about that individual and how do I take those capabilities, heterogeneous edge to exito scale workflows and then make them productive. And for me, that's, that's where we were putting our emphasis on those three. When, where and >>Who. Yeah. And making it compatible for the next generation. We see the student cluster competition going on over there. This is the only show that we cover that we've been to that is from the dorm room to the boardroom and this cuz Supercomputing now is elevating up into that workflow, into integration, multiple environments, cloud, premise, edge, metaverse. This is like a whole nother world. >>And, and, but I think it's, it's the way that regardless of which human pursuit you're in, you know, everyone is going to be demand simulation and modeling ai, ML and massive data m l and massive data analytics that's gonna be at heart of, of everything. And that's what you see. That's what I love about coming here. This isn't just the way we're gonna do science. This is the way we're gonna do everything. >>We're gonna come by your booth, check it out. We've talked to some of the folks, hpe obviously HPE Discover this year, GreenLake with center stage, it's now consumption is a service for technology. Whole nother ballgame. Congratulations on, on all this. I would say the massive, I won't say pivot, but you know, a change >>It >>Is and how you guys >>Operate. And you know, it's funny sometimes you think about the, the pivot to as a services benefiting the customer, but as someone who has supported designs over decades, you know, that ability to to to operate and at peak efficiency, to always keep in perfect operating order and to continuously change while still meeting the customer expectations that actually allows us to deliver innovation to our customers faster than when we are delivering warranted individual packaged products. >>Kirk, thanks for coming on Paul. Great conversation here. You know, the road to Quantum's gonna be paved through computing supercomputing software integrated workflows from the dorm room to the boardroom to Cube, bringing all the action here at Supercomputing 22. I'm Jacque Forer with Paul Gillin. Thanks for watching. We'll be right back.

>>When Oracle acquired my SQL via the Sun acquisition, nobody really thought the company would put much effort into the platform preferring to focus all the wood behind its leading Oracle database, Arrow pun intended. But two years ago, Oracle surprised many folks by announcing my SQL Heatwave a new database as a service with a massively parallel hybrid Columbia in Mary Mary architecture that brings together transactional and analytic data in a single platform. Welcome to our latest database, power panel on the cube. My name is Dave Ante, and today we're gonna discuss Oracle's MySQL Heat Wave with a who's who of cloud database industry analysts. Holgar Mueller is with Constellation Research. Mark Stammer is the Dragon Slayer and Wikibon contributor. And Ron Westfall is with Fu Chim Research. Gentlemen, welcome back to the Cube. Always a pleasure to have you on. Thanks for having us. Great to be here. >>So we've had a number of of deep dive interviews on the Cube with Nip and Aggarwal. You guys know him? He's a senior vice president of MySQL, Heatwave Development at Oracle. I think you just saw him at Oracle Cloud World and he's come on to describe this is gonna, I'll call it a shock and awe feature additions to to heatwave. You know, the company's clearly putting r and d into the platform and I think at at cloud world we saw like the fifth major release since 2020 when they first announced MySQL heat wave. So just listing a few, they, they got, they taken, brought in analytics machine learning, they got autopilot for machine learning, which is automation onto the basic o l TP functionality of the database. And it's been interesting to watch Oracle's converge database strategy. We've contrasted that amongst ourselves. Love to get your thoughts on Amazon's get the right tool for the right job approach. >>Are they gonna have to change that? You know, Amazon's got the specialized databases, it's just, you know, the both companies are doing well. It just shows there are a lot of ways to, to skin a cat cuz you see some traction in the market in, in both approaches. So today we're gonna focus on the latest heat wave announcements and we're gonna talk about multi-cloud with a native MySQL heat wave implementation, which is available on aws MySQL heat wave for Azure via the Oracle Microsoft interconnect. This kind of cool hybrid action that they got going. Sometimes we call it super cloud. And then we're gonna dive into my SQL Heatwave Lake house, which allows users to process and query data across MyQ databases as heatwave databases, as well as object stores. So, and then we've got, heatwave has been announced on AWS and, and, and Azure, they're available now and Lake House I believe is in beta and I think it's coming out the second half of next year. So again, all of our guests are fresh off of Oracle Cloud world in Las Vegas. So they got the latest scoop. Guys, I'm done talking. Let's get into it. Mark, maybe you could start us off, what's your opinion of my SQL Heatwaves competitive position? When you think about what AWS is doing, you know, Google is, you know, we heard Google Cloud next recently, we heard about all their data innovations. You got, obviously Azure's got a big portfolio, snowflakes doing well in the market. What's your take? >>Well, first let's look at it from the point of view that AWS is the market leader in cloud and cloud services. They own somewhere between 30 to 50% depending on who you read of the market. And then you have Azure as number two and after that it falls off. There's gcp, Google Cloud platform, which is further way down the list and then Oracle and IBM and Alibaba. So when you look at AWS and you and Azure saying, hey, these are the market leaders in the cloud, then you start looking at it and saying, if I am going to provide a service that competes with the service they have, if I can make it available in their cloud, it means that I can be more competitive. And if I'm compelling and compelling means at least twice the performance or functionality or both at half the price, I should be able to gain market share. >>And that's what Oracle's done. They've taken a superior product in my SQL heat wave, which is faster, lower cost does more for a lot less at the end of the day and they make it available to the users of those clouds. You avoid this little thing called egress fees, you avoid the issue of having to migrate from one cloud to another and suddenly you have a very compelling offer. So I look at what Oracle's doing with MyQ and it feels like, I'm gonna use a word term, a flanking maneuver to their competition. They're offering a better service on their platforms. >>All right, so thank you for that. Holger, we've seen this sort of cadence, I sort of referenced it up front a little bit and they sat on MySQL for a decade, then all of a sudden we see this rush of announcements. Why did it take so long? And and more importantly is Oracle, are they developing the right features that cloud database customers are looking for in your view? >>Yeah, great question, but first of all, in your interview you said it's the edit analytics, right? Analytics is kind of like a marketing buzzword. Reports can be analytics, right? The interesting thing, which they did, the first thing they, they, they crossed the chasm between OTP and all up, right? In the same database, right? So major engineering feed very much what customers want and it's all about creating Bellevue for customers, which, which I think is the part why they go into the multi-cloud and why they add these capabilities. And they certainly with the AI capabilities, it's kind of like getting it into an autonomous field, self-driving field now with the lake cost capabilities and meeting customers where they are, like Mark has talked about the e risk costs in the cloud. So that that's a significant advantage, creating value for customers and that's what at the end of the day matters. >>And I believe strongly that long term it's gonna be ones who create better value for customers who will get more of their money From that perspective, why then take them so long? I think it's a great question. I think largely he mentioned the gentleman Nial, it's largely to who leads a product. I used to build products too, so maybe I'm a little fooling myself here, but that made the difference in my view, right? So since he's been charged, he's been building things faster than the rest of the competition, than my SQL space, which in hindsight we thought was a hot and smoking innovation phase. It kind of like was a little self complacent when it comes to the traditional borders of where, where people think, where things are separated between OTP and ola or as an example of adjacent support, right? Structured documents, whereas unstructured documents or databases and all of that has been collapsed and brought together for building a more powerful database for customers. >>So I mean it's certainly, you know, when, when Oracle talks about the competitors, you know, the competitors are in the, I always say they're, if the Oracle talks about you and knows you're doing well, so they talk a lot about aws, talk a little bit about Snowflake, you know, sort of Google, they have partnerships with Azure, but, but in, so I'm presuming that the response in MySQL heatwave was really in, in response to what they were seeing from those big competitors. But then you had Maria DB coming out, you know, the day that that Oracle acquired Sun and, and launching and going after the MySQL base. So it's, I'm, I'm interested and we'll talk about this later and what you guys think AWS and Google and Azure and Snowflake and how they're gonna respond. But, but before I do that, Ron, I want to ask you, you, you, you can get, you know, pretty technical and you've probably seen the benchmarks. >>I know you have Oracle makes a big deal out of it, publishes its benchmarks, makes some transparent on on GI GitHub. Larry Ellison talked about this in his keynote at Cloud World. What are the benchmarks show in general? I mean, when you, when you're new to the market, you gotta have a story like Mark was saying, you gotta be two x you know, the performance at half the cost or you better be or you're not gonna get any market share. So, and, and you know, oftentimes companies don't publish market benchmarks when they're leading. They do it when they, they need to gain share. So what do you make of the benchmarks? Have their, any results that were surprising to you? Have, you know, they been challenged by the competitors. Is it just a bunch of kind of desperate bench marketing to make some noise in the market or you know, are they real? What's your view? >>Well, from my perspective, I think they have the validity. And to your point, I believe that when it comes to competitor responses, that has not really happened. Nobody has like pulled down the information that's on GitHub and said, Oh, here are our price performance results. And they counter oracles. In fact, I think part of the reason why that hasn't happened is that there's the risk if Oracle's coming out and saying, Hey, we can deliver 17 times better query performance using our capabilities versus say, Snowflake when it comes to, you know, the Lakehouse platform and Snowflake turns around and says it's actually only 15 times better during performance, that's not exactly an effective maneuver. And so I think this is really to oracle's credit and I think it's refreshing because these differentiators are significant. We're not talking, you know, like 1.2% differences. We're talking 17 fold differences, we're talking six fold differences depending on, you know, where the spotlight is being shined and so forth. >>And so I think this is actually something that is actually too good to believe initially at first blush. If I'm a cloud database decision maker, I really have to prioritize this. I really would know, pay a lot more attention to this. And that's why I posed the question to Oracle and others like, okay, if these differentiators are so significant, why isn't the needle moving a bit more? And it's for, you know, some of the usual reasons. One is really deep discounting coming from, you know, the other players that's really kind of, you know, marketing 1 0 1, this is something you need to do when there's a real competitive threat to keep, you know, a customer in your own customer base. Plus there is the usual fear and uncertainty about moving from one platform to another. But I think, you know, the traction, the momentum is, is shifting an Oracle's favor. I think we saw that in the Q1 efforts, for example, where Oracle cloud grew 44% and that it generated, you know, 4.8 billion and revenue if I recall correctly. And so, so all these are demonstrating that's Oracle is making, I think many of the right moves, publishing these figures for anybody to look at from their own perspective is something that is, I think, good for the market and I think it's just gonna continue to pay dividends for Oracle down the horizon as you know, competition intens plots. So if I were in, >>Dave, can I, Dave, can I interject something and, and what Ron just said there? Yeah, please go ahead. A couple things here, one discounting, which is a common practice when you have a real threat, as Ron pointed out, isn't going to help much in this situation simply because you can't discount to the point where you improve your performance and the performance is a huge differentiator. You may be able to get your price down, but the problem that most of them have is they don't have an integrated product service. They don't have an integrated O L T P O L A P M L N data lake. Even if you cut out two of them, they don't have any of them integrated. They have multiple services that are required separate integration and that can't be overcome with discounting. And the, they, you have to pay for each one of these. And oh, by the way, as you grow, the discounts go away. So that's a, it's a minor important detail. >>So, so that's a TCO question mark, right? And I know you look at this a lot, if I had that kind of price performance advantage, I would be pounding tco, especially if I need two separate databases to do the job. That one can do, that's gonna be, the TCO numbers are gonna be off the chart or maybe down the chart, which you want. Have you looked at this and how does it compare with, you know, the big cloud guys, for example, >>I've looked at it in depth, in fact, I'm working on another TCO on this arena, but you can find it on Wiki bod in which I compared TCO for MySEQ Heat wave versus Aurora plus Redshift plus ML plus Blue. I've compared it against gcps services, Azure services, Snowflake with other services. And there's just no comparison. The, the TCO differences are huge. More importantly, thefor, the, the TCO per performance is huge. We're talking in some cases multiple orders of magnitude, but at least an order of magnitude difference. So discounting isn't gonna help you much at the end of the day, it's only going to lower your cost a little, but it doesn't improve the automation, it doesn't improve the performance, it doesn't improve the time to insight, it doesn't improve all those things that you want out of a database or multiple databases because you >>Can't discount yourself to a higher value proposition. >>So what about, I wonder ho if you could chime in on the developer angle. You, you followed that, that market. How do these innovations from heatwave, I think you used the term developer velocity. I've heard you used that before. Yeah, I mean, look, Oracle owns Java, okay, so it, it's, you know, most popular, you know, programming language in the world, blah, blah blah. But it does it have the, the minds and hearts of, of developers and does, where does heatwave fit into that equation? >>I think heatwave is gaining quickly mindshare on the developer side, right? It's not the traditional no sequel database which grew up, there's a traditional mistrust of oracles to developers to what was happening to open source when gets acquired. Like in the case of Oracle versus Java and where my sql, right? And, but we know it's not a good competitive strategy to, to bank on Oracle screwing up because it hasn't worked not on Java known my sequel, right? And for developers, it's, once you get to know a technology product and you can do more, it becomes kind of like a Swiss army knife and you can build more use case, you can build more powerful applications. That's super, super important because you don't have to get certified in multiple databases. You, you are fast at getting things done, you achieve fire, develop velocity, and the managers are happy because they don't have to license more things, send you to more trainings, have more risk of something not being delivered, right? >>So it's really the, we see the suite where this best of breed play happening here, which in general was happening before already with Oracle's flagship database. Whereas those Amazon as an example, right? And now the interesting thing is every step away Oracle was always a one database company that can be only one and they're now generally talking about heat web and that two database company with different market spaces, but same value proposition of integrating more things very, very quickly to have a universal database that I call, they call the converge database for all the needs of an enterprise to run certain application use cases. And that's what's attractive to developers. >>It's, it's ironic isn't it? I mean I, you know, the rumor was the TK Thomas Curian left Oracle cuz he wanted to put Oracle database on other clouds and other places. And maybe that was the rift. Maybe there was, I'm sure there was other things, but, but Oracle clearly is now trying to expand its Tam Ron with, with heatwave into aws, into Azure. How do you think Oracle's gonna do, you were at a cloud world, what was the sentiment from customers and the independent analyst? Is this just Oracle trying to screw with the competition, create a little diversion? Or is this, you know, serious business for Oracle? What do you think? >>No, I think it has lakes. I think it's definitely, again, attriting to Oracle's overall ability to differentiate not only my SQL heat wave, but its overall portfolio. And I think the fact that they do have the alliance with the Azure in place, that this is definitely demonstrating their commitment to meeting the multi-cloud needs of its customers as well as what we pointed to in terms of the fact that they're now offering, you know, MySQL capabilities within AWS natively and that it can now perform AWS's own offering. And I think this is all demonstrating that Oracle is, you know, not letting up, they're not resting on its laurels. That's clearly we are living in a multi-cloud world, so why not just make it more easy for customers to be able to use cloud databases according to their own specific, specific needs. And I think, you know, to holder's point, I think that definitely lines with being able to bring on more application developers to leverage these capabilities. >>I think one important announcement that's related to all this was the JSON relational duality capabilities where now it's a lot easier for application developers to use a language that they're very familiar with a JS O and not have to worry about going into relational databases to store their J S O N application coding. So this is, I think an example of the innovation that's enhancing the overall Oracle portfolio and certainly all the work with machine learning is definitely paying dividends as well. And as a result, I see Oracle continue to make these inroads that we pointed to. But I agree with Mark, you know, the short term discounting is just a stall tag. This is not denying the fact that Oracle is being able to not only deliver price performance differentiators that are dramatic, but also meeting a wide range of needs for customers out there that aren't just limited device performance consideration. >>Being able to support multi-cloud according to customer needs. Being able to reach out to the application developer community and address a very specific challenge that has plagued them for many years now. So bring it all together. Yeah, I see this as just enabling Oracles who ring true with customers. That the customers that were there were basically all of them, even though not all of them are going to be saying the same things, they're all basically saying positive feedback. And likewise, I think the analyst community is seeing this. It's always refreshing to be able to talk to customers directly and at Oracle cloud there was a litany of them and so this is just a difference maker as well as being able to talk to strategic partners. The nvidia, I think partnerships also testament to Oracle's ongoing ability to, you know, make the ecosystem more user friendly for the customers out there. >>Yeah, it's interesting when you get these all in one tools, you know, the Swiss Army knife, you expect that it's not able to be best of breed. That's the kind of surprising thing that I'm hearing about, about heatwave. I want to, I want to talk about Lake House because when I think of Lake House, I think data bricks, and to my knowledge data bricks hasn't been in the sites of Oracle yet. Maybe they're next, but, but Oracle claims that MySQL, heatwave, Lakehouse is a breakthrough in terms of capacity and performance. Mark, what are your thoughts on that? Can you double click on, on Lakehouse Oracle's claims for things like query performance and data loading? What does it mean for the market? Is Oracle really leading in, in the lake house competitive landscape? What are your thoughts? >>Well, but name in the game is what are the problems you're solving for the customer? More importantly, are those problems urgent or important? If they're urgent, customers wanna solve 'em. Now if they're important, they might get around to them. So you look at what they're doing with Lake House or previous to that machine learning or previous to that automation or previous to that O L A with O ltp and they're merging all this capability together. If you look at Snowflake or data bricks, they're tacking one problem. You look at MyQ heat wave, they're tacking multiple problems. So when you say, yeah, their queries are much better against the lake house in combination with other analytics in combination with O ltp and the fact that there are no ETLs. So you're getting all this done in real time. So it's, it's doing the query cross, cross everything in real time. >>You're solving multiple user and developer problems, you're increasing their ability to get insight faster, you're having shorter response times. So yeah, they really are solving urgent problems for customers. And by putting it where the customer lives, this is the brilliance of actually being multicloud. And I know I'm backing up here a second, but by making it work in AWS and Azure where people already live, where they already have applications, what they're saying is, we're bringing it to you. You don't have to come to us to get these, these benefits, this value overall, I think it's a brilliant strategy. I give Nip and Argo wallet a huge, huge kudos for what he's doing there. So yes, what they're doing with the lake house is going to put notice on data bricks and Snowflake and everyone else for that matter. Well >>Those are guys that whole ago you, you and I have talked about this. Those are, those are the guys that are doing sort of the best of breed. You know, they're really focused and they, you know, tend to do well at least out of the gate. Now you got Oracle's converged philosophy, obviously with Oracle database. We've seen that now it's kicking in gear with, with heatwave, you know, this whole thing of sweets versus best of breed. I mean the long term, you know, customers tend to migrate towards suite, but the new shiny toy tends to get the growth. How do you think this is gonna play out in cloud database? >>Well, it's the forever never ending story, right? And in software right suite, whereas best of breed and so far in the long run suites have always won, right? So, and sometimes they struggle again because the inherent problem of sweets is you build something larger, it has more complexity and that means your cycles to get everything working together to integrate the test that roll it out, certify whatever it is, takes you longer, right? And that's not the case. It's a fascinating part of what the effort around my SQL heat wave is that the team is out executing the previous best of breed data, bringing us something together. Now if they can maintain that pace, that's something to to, to be seen. But it, the strategy, like what Mark was saying, bring the software to the data is of course interesting and unique and totally an Oracle issue in the past, right? >>Yeah. But it had to be in your database on oci. And but at, that's an interesting part. The interesting thing on the Lake health side is, right, there's three key benefits of a lakehouse. The first one is better reporting analytics, bring more rich information together, like make the, the, the case for silicon angle, right? We want to see engagements for this video, we want to know what's happening. That's a mixed transactional video media use case, right? Typical Lakehouse use case. The next one is to build more rich applications, transactional applications which have video and these elements in there, which are the engaging one. And the third one, and that's where I'm a little critical and concerned, is it's really the base platform for artificial intelligence, right? To run deep learning to run things automatically because they have all the data in one place can create in one way. >>And that's where Oracle, I know that Ron talked about Invidia for a moment, but that's where Oracle doesn't have the strongest best story. Nonetheless, the two other main use cases of the lake house are very strong, very well only concern is four 50 terabyte sounds long. It's an arbitrary limitation. Yeah, sounds as big. So for the start, and it's the first word, they can make that bigger. You don't want your lake house to be limited and the terabyte sizes or any even petabyte size because you want to have the certainty. I can put everything in there that I think it might be relevant without knowing what questions to ask and query those questions. >>Yeah. And you know, in the early days of no schema on right, it just became a mess. But now technology has evolved to allow us to actually get more value out of that data. Data lake. Data swamp is, you know, not much more, more, more, more logical. But, and I want to get in, in a moment, I want to come back to how you think the competitors are gonna respond. Are they gonna have to sort of do a more of a converged approach? AWS in particular? But before I do, Ron, I want to ask you a question about autopilot because I heard Larry Ellison's keynote and he was talking about how, you know, most security issues are human errors with autonomy and autonomous database and things like autopilot. We take care of that. It's like autonomous vehicles, they're gonna be safer. And I went, well maybe, maybe someday. So Oracle really tries to emphasize this, that every time you see an announcement from Oracle, they talk about new, you know, autonomous capabilities. It, how legit is it? Do people care? What about, you know, what's new for heatwave Lakehouse? How much of a differentiator, Ron, do you really think autopilot is in this cloud database space? >>Yeah, I think it will definitely enhance the overall proposition. I don't think people are gonna buy, you know, lake house exclusively cause of autopilot capabilities, but when they look at the overall picture, I think it will be an added capability bonus to Oracle's benefit. And yeah, I think it's kind of one of these age old questions, how much do you automate and what is the bounce to strike? And I think we all understand with the automatic car, autonomous car analogy that there are limitations to being able to use that. However, I think it's a tool that basically every organization out there needs to at least have or at least evaluate because it goes to the point of it helps with ease of use, it helps make automation more balanced in terms of, you know, being able to test, all right, let's automate this process and see if it works well, then we can go on and switch on on autopilot for other processes. >>And then, you know, that allows, for example, the specialists to spend more time on business use cases versus, you know, manual maintenance of, of the cloud database and so forth. So I think that actually is a, a legitimate value proposition. I think it's just gonna be a case by case basis. Some organizations are gonna be more aggressive with putting automation throughout their processes throughout their organization. Others are gonna be more cautious. But it's gonna be, again, something that will help the overall Oracle proposition. And something that I think will be used with caution by many organizations, but other organizations are gonna like, hey, great, this is something that is really answering a real problem. And that is just easing the use of these databases, but also being able to better handle the automation capabilities and benefits that come with it without having, you know, a major screwup happened and the process of transitioning to more automated capabilities. >>Now, I didn't attend cloud world, it's just too many red eyes, you know, recently, so I passed. But one of the things I like to do at those events is talk to customers, you know, in the spirit of the truth, you know, they, you know, you'd have the hallway, you know, track and to talk to customers and they say, Hey, you know, here's the good, the bad and the ugly. So did you guys, did you talk to any customers my SQL Heatwave customers at, at cloud world? And and what did you learn? I don't know, Mark, did you, did you have any luck and, and having some, some private conversations? >>Yeah, I had quite a few private conversations. The one thing before I get to that, I want disagree with one point Ron made, I do believe there are customers out there buying the heat wave service, the MySEQ heat wave server service because of autopilot. Because autopilot is really revolutionary in many ways in the sense for the MySEQ developer in that it, it auto provisions, it auto parallel loads, IT auto data places it auto shape predictions. It can tell you what machine learning models are going to tell you, gonna give you your best results. And, and candidly, I've yet to meet a DBA who didn't wanna give up pedantic tasks that are pain in the kahoo, which they'd rather not do and if it's long as it was done right for them. So yes, I do think people are buying it because of autopilot and that's based on some of the conversations I had with customers at Oracle Cloud World. >>In fact, it was like, yeah, that's great, yeah, we get fantastic performance, but this really makes my life easier and I've yet to meet a DBA who didn't want to make their life easier. And it does. So yeah, I've talked to a few of them. They were excited. I asked them if they ran into any bugs, were there any difficulties in moving to it? And the answer was no. In both cases, it's interesting to note, my sequel is the most popular database on the planet. Well, some will argue that it's neck and neck with SQL Server, but if you add in Mariah DB and ProCon db, which are forks of MySQL, then yeah, by far and away it's the most popular. And as a result of that, everybody for the most part has typically a my sequel database somewhere in their organization. So this is a brilliant situation for anybody going after MyQ, but especially for heat wave. And the customers I talk to love it. I didn't find anybody complaining about it. And >>What about the migration? We talked about TCO earlier. Did your t does your TCO analysis include the migration cost or do you kind of conveniently leave that out or what? >>Well, when you look at migration costs, there are different kinds of migration costs. By the way, the worst job in the data center is the data migration manager. Forget it, no other job is as bad as that one. You get no attaboys for doing it. Right? And then when you screw up, oh boy. So in real terms, anything that can limit data migration is a good thing. And when you look at Data Lake, that limits data migration. So if you're already a MySEQ user, this is a pure MySQL as far as you're concerned. It's just a, a simple transition from one to the other. You may wanna make sure nothing broke and every you, all your tables are correct and your schema's, okay, but it's all the same. So it's a simple migration. So it's pretty much a non-event, right? When you migrate data from an O LTP to an O L A P, that's an ETL and that's gonna take time. >>But you don't have to do that with my SQL heat wave. So that's gone when you start talking about machine learning, again, you may have an etl, you may not, depending on the circumstances, but again, with my SQL heat wave, you don't, and you don't have duplicate storage, you don't have to copy it from one storage container to another to be able to be used in a different database, which by the way, ultimately adds much more cost than just the other service. So yeah, I looked at the migration and again, the users I talked to said it was a non-event. It was literally moving from one physical machine to another. If they had a new version of MySEQ running on something else and just wanted to migrate it over or just hook it up or just connect it to the data, it worked just fine. >>Okay, so every day it sounds like you guys feel, and we've certainly heard this, my colleague David Foyer, the semi-retired David Foyer was always very high on heatwave. So I think you knows got some real legitimacy here coming from a standing start, but I wanna talk about the competition, how they're likely to respond. I mean, if your AWS and you got heatwave is now in your cloud, so there's some good aspects of that. The database guys might not like that, but the infrastructure guys probably love it. Hey, more ways to sell, you know, EC two and graviton, but you're gonna, the database guys in AWS are gonna respond. They're gonna say, Hey, we got Redshift, we got aqua. What's your thoughts on, on not only how that's gonna resonate with customers, but I'm interested in what you guys think will a, I never say never about aws, you know, and are they gonna try to build, in your view a converged Oola and o LTP database? You know, Snowflake is taking an ecosystem approach. They've added in transactional capabilities to the portfolio so they're not standing still. What do you guys see in the competitive landscape in that regard going forward? Maybe Holger, you could start us off and anybody else who wants to can chime in, >>Happy to, you mentioned Snowflake last, we'll start there. I think Snowflake is imitating that strategy, right? That building out original data warehouse and the clouds tasking project to really proposition to have other data available there because AI is relevant for everybody. Ultimately people keep data in the cloud for ultimately running ai. So you see the same suite kind of like level strategy, it's gonna be a little harder because of the original positioning. How much would people know that you're doing other stuff? And I just, as a former developer manager of developers, I just don't see the speed at the moment happening at Snowflake to become really competitive to Oracle. On the flip side, putting my Oracle hat on for a moment back to you, Mark and Iran, right? What could Oracle still add? Because the, the big big things, right? The traditional chasms in the database world, they have built everything, right? >>So I, I really scratched my hat and gave Nipon a hard time at Cloud world say like, what could you be building? Destiny was very conservative. Let's get the Lakehouse thing done, it's gonna spring next year, right? And the AWS is really hard because AWS value proposition is these small innovation teams, right? That they build two pizza teams, which can be fit by two pizzas, not large teams, right? And you need suites to large teams to build these suites with lots of functionalities to make sure they work together. They're consistent, they have the same UX on the administration side, they can consume the same way, they have the same API registry, can't even stop going where the synergy comes to play over suite. So, so it's gonna be really, really hard for them to change that. But AWS super pragmatic. They're always by themselves that they'll listen to customers if they learn from customers suite as a proposition. I would not be surprised if AWS trying to bring things closer together, being morely together. >>Yeah. Well how about, can we talk about multicloud if, if, again, Oracle is very on on Oracle as you said before, but let's look forward, you know, half a year or a year. What do you think about Oracle's moves in, in multicloud in terms of what kind of penetration they're gonna have in the marketplace? You saw a lot of presentations at at cloud world, you know, we've looked pretty closely at the, the Microsoft Azure deal. I think that's really interesting. I've, I've called it a little bit of early days of a super cloud. What impact do you think this is gonna have on, on the marketplace? But, but both. And think about it within Oracle's customer base, I have no doubt they'll do great there. But what about beyond its existing install base? What do you guys think? >>Ryan, do you wanna jump on that? Go ahead. Go ahead Ryan. No, no, no, >>That's an excellent point. I think it aligns with what we've been talking about in terms of Lakehouse. I think Lake House will enable Oracle to pull more customers, more bicycle customers onto the Oracle platforms. And I think we're seeing all the signs pointing toward Oracle being able to make more inroads into the overall market. And that includes garnishing customers from the leaders in, in other words, because they are, you know, coming in as a innovator, a an alternative to, you know, the AWS proposition, the Google cloud proposition that they have less to lose and there's a result they can really drive the multi-cloud messaging to resonate with not only their existing customers, but also to be able to, to that question, Dave's posing actually garnish customers onto their platform. And, and that includes naturally my sequel but also OCI and so forth. So that's how I'm seeing this playing out. I think, you know, again, Oracle's reporting is indicating that, and I think what we saw, Oracle Cloud world is definitely validating the idea that Oracle can make more waves in the overall market in this regard. >>You know, I, I've floated this idea of Super cloud, it's kind of tongue in cheek, but, but there, I think there is some merit to it in terms of building on top of hyperscale infrastructure and abstracting some of the, that complexity. And one of the things that I'm most interested in is industry clouds and an Oracle acquisition of Cerner. I was struck by Larry Ellison's keynote, it was like, I don't know, an hour and a half and an hour and 15 minutes was focused on healthcare transformation. Well, >>So vertical, >>Right? And so, yeah, so you got Oracle's, you know, got some industry chops and you, and then you think about what they're building with, with not only oci, but then you got, you know, MyQ, you can now run in dedicated regions. You got ADB on on Exadata cloud to customer, you can put that OnPrem in in your data center and you look at what the other hyperscalers are, are doing. I I say other hyperscalers, I've always said Oracle's not really a hyperscaler, but they got a cloud so they're in the game. But you can't get, you know, big query OnPrem, you look at outposts, it's very limited in terms of, you know, the database support and again, that that will will evolve. But now you got Oracle's got, they announced Alloy, we can white label their cloud. So I'm interested in what you guys think about these moves, especially the industry cloud. We see, you know, Walmart is doing sort of their own cloud. You got Goldman Sachs doing a cloud. Do you, you guys, what do you think about that and what role does Oracle play? Any thoughts? >>Yeah, let me lemme jump on that for a moment. Now, especially with the MyQ, by making that available in multiple clouds, what they're doing is this follows the philosophy they've had the past with doing cloud, a customer taking the application and the data and putting it where the customer lives. If it's on premise, it's on premise. If it's in the cloud, it's in the cloud. By making the mice equal heat wave, essentially a plug compatible with any other mice equal as far as your, your database is concern and then giving you that integration with O L A P and ML and Data Lake and everything else, then what you've got is a compelling offering. You're making it easier for the customer to use. So I look the difference between MyQ and the Oracle database, MyQ is going to capture market more market share for them. >>You're not gonna find a lot of new users for the Oracle debate database. Yeah, there are always gonna be new users, don't get me wrong, but it's not gonna be a huge growth. Whereas my SQL heatwave is probably gonna be a major growth engine for Oracle going forward. Not just in their own cloud, but in AWS and in Azure and on premise over time that eventually it'll get there. It's not there now, but it will, they're doing the right thing on that basis. They're taking the services and when you talk about multicloud and making them available where the customer wants them, not forcing them to go where you want them, if that makes sense. And as far as where they're going in the future, I think they're gonna take a page outta what they've done with the Oracle database. They'll add things like JSON and XML and time series and spatial over time they'll make it a, a complete converged database like they did with the Oracle database. The difference being Oracle database will scale bigger and will have more transactions and be somewhat faster. And my SQL will be, for anyone who's not on the Oracle database, they're, they're not stupid, that's for sure. >>They've done Jason already. Right. But I give you that they could add graph and time series, right. Since eat with, Right, Right. Yeah, that's something absolutely right. That's, that's >>A sort of a logical move, right? >>Right. But that's, that's some kid ourselves, right? I mean has worked in Oracle's favor, right? 10 x 20 x, the amount of r and d, which is in the MyQ space, has been poured at trying to snatch workloads away from Oracle by starting with IBM 30 years ago, 20 years ago, Microsoft and, and, and, and didn't work, right? Database applications are extremely sticky when they run, you don't want to touch SIM and grow them, right? So that doesn't mean that heat phase is not an attractive offering, but it will be net new things, right? And what works in my SQL heat wave heat phases favor a little bit is it's not the massive enterprise applications which have like we the nails like, like you might be only running 30% or Oracle, but the connections and the interfaces into that is, is like 70, 80% of your enterprise. >>You take it out and it's like the spaghetti ball where you say, ah, no I really don't, don't want to do all that. Right? You don't, don't have that massive part with the equals heat phase sequel kind of like database which are more smaller tactical in comparison, but still I, I don't see them taking so much share. They will be growing because of a attractive value proposition quickly on the, the multi-cloud, right? I think it's not really multi-cloud. If you give people the chance to run your offering on different clouds, right? You can run it there. The multi-cloud advantages when the Uber offering comes out, which allows you to do things across those installations, right? I can migrate data, I can create data across something like Google has done with B query Omni, I can run predictive models or even make iron models in different place and distribute them, right? And Oracle is paving the road for that, but being available on these clouds. But the multi-cloud capability of database which knows I'm running on different clouds that is still yet to be built there. >>Yeah. And >>That the problem with >>That, that's the super cloud concept that I flowed and I I've always said kinda snowflake with a single global instance is sort of, you know, headed in that direction and maybe has a league. What's the issue with that mark? >>Yeah, the problem with the, with that version, the multi-cloud is clouds to charge egress fees. As long as they charge egress fees to move data between clouds, it's gonna make it very difficult to do a real multi-cloud implementation. Even Snowflake, which runs multi-cloud, has to pass out on the egress fees of their customer when data moves between clouds. And that's really expensive. I mean there, there is one customer I talked to who is beta testing for them, the MySQL heatwave and aws. The only reason they didn't want to do that until it was running on AWS is the egress fees were so great to move it to OCI that they couldn't afford it. Yeah. Egress fees are the big issue but, >>But Mark the, the point might be you might wanna root query and only get the results set back, right was much more tinier, which been the answer before for low latency between the class A problem, which we sometimes still have but mostly don't have. Right? And I think in general this with fees coming down based on the Oracle general E with fee move and it's very hard to justify those, right? But, but it's, it's not about moving data as a multi-cloud high value use case. It's about doing intelligent things with that data, right? Putting into other places, replicating it, what I'm saying the same thing what you said before, running remote queries on that, analyzing it, running AI on it, running AI models on that. That's the interesting thing. Cross administered in the same way. Taking things out, making sure compliance happens. Making sure when Ron says I don't want to be American anymore, I want to be in the European cloud that is gets migrated, right? So tho those are the interesting value use case which are really, really hard for enterprise to program hand by hand by developers and they would love to have out of the box and that's yet the innovation to come to, we have to come to see. But the first step to get there is that your software runs in multiple clouds and that's what Oracle's doing so well with my SQL >>Guys. Amazing. >>Go ahead. Yeah. >>Yeah. >>For example, >>Amazing amount of data knowledge and, and brain power in this market. Guys, I really want to thank you for coming on to the cube. Ron Holger. Mark, always a pleasure to have you on. Really appreciate your time. >>Well all the last names we're very happy for Romanic last and moderator. Thanks Dave for moderating us. All right, >>We'll see. We'll see you guys around. Safe travels to all and thank you for watching this power panel, The Truth About My SQL Heat Wave on the cube. Your leader in enterprise and emerging tech coverage.

(upbeat intro music) >> Hello, everyone. Welcome back to theCube's presentation of the AWS Startup Showcase. This is season two, episode four, of the ongoing series covering the exciting startups from the a AWS ecosystem. Talk about cybersecurity. I'm your host, John Furrier. Here, excited to have two great guests. Ed Casmer, Founder & CEO of Cloud Storage Security. Back, Cube alumni. And also James Johnson, AVP of Research & Development, iPipeline here. Here to talk about Cloud Storage Security, antivirus on S3. Gents, thanks for joining us today. >> Thank you, John. >> Thank you. >> So, the topic here is cloud security, storage security. Ed, we had a great Cube conversation previously, earlier in the month. You know, companies are modernizing their apps and migrating to the cloud. That's fact. Everyone kind of knows that. Been there, done that. You know, clouds have the infrastructure, they got the OS, they got protection. But, the end of the day, the companies are responsible and they're on the hook for their own security of their data. And this is becoming more preeminent now that you have hybrid cloud, cloud operations, cloud-native applications. This is the core focus right now. In the next five years. This is what everyone's talking about. Architecture, how to build apps, workflows, team formation. Everything's being refactored around this. Can you talk about how organizations are adjusting, and how they view their data security in light of how applications are being built and specifically, around the goodness of say, S3? >> Yep, absolutely. Thank you for that. So, we've seen S3 grow 20,000% over the last 10 years. And that's primarily because companies like James with iPipeline, are delivering solutions that are leveraging this object storage more and above the others. When we look at protection, we typically fall into a couple of categories. The first one is, we have folks that are worried about the access of the data. How are they dealing with it? So, they're looking at configuration aspects. But, the big thing that we're seeing is that customers are blind to the fact that the data itself must also be protected and looked at. And, so, we find these customers who do come to the realization that it needs to happen. Finding out like how asking themselves, "How do I solve for this?" And, so, they need lightweight, cloud-native built solutions to deliver that. >> So, what's the blind spot? You mentioned there's a blind spot. They're kind of blind to that. What specifically are you seeing? >> Well, so when we get into these conversations, the first thing that we see with customers is, "I need to predict how I access it." This is everyone's conversation. "Who are my users? How do they get into my data? How am I controlling that policy? Am I making sure there's no east-west traffic there, once I've blocked the north-south?" But, what we really find is that the data is the key packet of this whole process. It's what gets consumed by the downstream users. Whether that's an employee, a customer, a partner. And, so, it's really the blind spot is the fact that we find most customers not looking at whether that data is safe to use. >> It's interesting. You know, when you talk about that, I think about like all the recent breaches and incidents. "Incidents" they call them. >> Yeah. >> They're really been around user configurations. S3 buckets not configured properly. And this brings up what you're saying, is that the users and the customers have to be responsible for the configurations, the encryption, the malware aspect of it. Don't just hope that AWS has the magic to do it. Is that kind of what you're getting at here? Is that the similar? Am I correlating that properly? >> Absolutely. That's perfect. And, and we've seen it. We've had our own customers, luckily, iPipeline's not one of them, that have actually infected their end users, because they weren't looking at the data. >> Yeah. And that's a huge issue. So, James, let's get in, you're a customer-partner. Talk about your relationship with these guys and what's it all about? >> Yeah. Well, iPipeline is building a digital ecosystem for life insurance and wealth management industries to enable the sale of life insurance to underinsured and uninsured Americans, to make sure that they have the coverage that they need should something happen. And, our solutions have been around for many years in a traditional data center type of an implementation. And, we're in process now of migrating that to the cloud, moving it to AWS. In order to give our customers a better experience, better resiliency, better reliability. And, with that, we have to change the way that we approach file storage and how we approach scanning for vulnerabilities in those files that might come to us via feeds from third parties, or that are uploaded directly by end users that come to us from a source that we don't control. So, it was really necessary for us to identify a solution that both solved for these vulnerability scanning needs, as well as enabling us to leverage the capabilities that we get with other aspects of our move to the cloud. Being able to automatically scale based on load, based on need. To ensure that we get the performance that our customers are looking for. >> So, tell me about your journey to the cloud, migrating to the cloud, and how you're using S3. Specifically, what led you to determine the need for the cloud-based AV solution? >> Yeah. So, when we looked to begin moving our applications to the cloud, one of the realizations that we had is that our approach to storing certain types of data, was a bit archaic. We were storing binary files in a database, which is not the most efficient way to do things. And, we were scanning them with the traditional antivirus engines, that would've been scaled in traditional ways. So, as our need grew, we would need to spin up additional instances of those engines to keep up with load. And we wanted a solution that was cloud-native, and would allow us to scan more dynamically without having to manage the underlying details of how many engines do I need to have running for a particular load at a particular time, and being able to scan dynamically and also being able to move that out of the application layer, being able to scan those files behind the scenes. So, scanning in, when the file's been saved in S3. It allows us to scan and release the file once it's been deemed safe, rather than blocking the user while they wait for that scan to take place. >> Awesome. Well, thanks for sharing that. I got to ask Ed and James, same question. And next is, how does all this factor into audits and self-compliance? Because, when you start getting into this level of sophistication, I'm sure it probably impacts reporting, workflows. Can you guys share the impact on that piece of it? The reporting. >> Yeah, I'll start with a comment, and James will have more applicable things to say. But, we're seeing two things. One, is you don't want to be the vendor whose name is in the news for infecting your customer base. So, that's number one. so you have to put something like this in place and figure that out. The second part is, we do hear that under SOC 2, under PCI, different aspects of it, there are scanning requirements on your data. Traditionally, we've looked at that as endpoint data and the data that you see in your on-prem world. It doesn't translate as directly to cloud data, but, it's certainly applicable. And if you want to achieve SOC 2 or you want to achieve some of these other pieces, you have to be scanning your data as well. >> James, what's your take? As practitioner, you're living it. >> Yeah. That's exactly right. There are a number of audits that we go through, where this is a question that comes up both from a SOC perspective, as well as our individual customers, who reach out, and they want to know where we stand from a security perspective and a compliance perspective. And, very often, this is a question of "How are you ensuring that the data that is uploaded into the application is safe and doesn't contain any vulnerabilities?" >> James, if you don't mind me asking. I have to kind of inquire, because I can imagine that you have users on your system, but also you have third parties, relationships. How does that impact this? What's the connection? >> That's a good question. We receive data from a number of different locations. From our customers directly, from their users, and from partners that we have, as well as partners that our customers have. And, as we ingest that data, from an implementation perspective, the way we've approached this, there's minimal impact there in each one of those integrations, because everything comes into the S3 bucket and is scanned before it is available for consumption or distribution. But, this allows us to ensure that no matter where that data is coming from, that we are able to verify that it is safe before we allow it into our systems or allow it to continue on to another third party, whether that's our customer or somebody else. >> Yeah. I don't mean to get in the weeds there, but it's one of those things where, you know, this is what people are experiencing right now. You know, Ed, we talked about this before. It's not just siloed data anymore. It's interactive data. It's third party data from multiple sources. This is a scanning requirement. >> Agreed. I find it interesting, too. I think James brings it up. We've had it in previous conversations, that not all data's created equal. Data that comes from third parties that you're not in control of, you feel like you have to scan and other data you may generate internally. You don't, have to be as compelled to scan that, although it's a good idea. But it's, you can kind of, as long as you can sift through and determine which data is which, and process it appropriately, then you're in good shape. >> Well, James. You're living the cloud security storage security situation, here. I got to ask you if you zoom out, not get in the weeds, and look at kind of the boardroom or the management conversation. Tell me about how you guys view the data security problem. I mean, obviously it's important, right? So, can you give us a level of, you know, how important it is for iPipeline and with your customers and where does this S3 piece fit in? I mean, when you guys look at this holistically, for data security, what's the view? What's the conversation like? >> Yeah. Well, data security is critical. As Ed mentioned a few minutes ago, you don't want to be the company that's in the news because some data was exposed. That's something that nobody has the appetite for. And, so, data security is, first and foremost, in everything that we do. And that's really where this solution came into play and making sure that we had not only a solution, but, we had a solution that was the right fit for the technology that we're using. There are a number of options. Some of them have been around for a while. But this is focused on S3, which we were using to store these documents that are coming from many different sources. And, you know, we have to take all the precautions we can to ensure that something that is malicious doesn't make its way into our ecosystem or into our customers' ecosystems through us. >> What's the primary use case that you see the value here with these guys? What's the "aha" moment that you had? >> With the Cloud Storage Security, specifically, it was really, it goes beyond the security aspects of being able to scan for vulnerable files, which is there are a number of options and, and they're one of those. But for us, the key was being able to scale dynamically without committing to a particular load, whether that's under committing or over committing. As we move our applications from a traditional data center type of installation to AWS, we anticipated a lot of growth over time. And being able to scale up very dynamically, you know, literally moving a slider within the admin console was key to us, to be able to meet our customer's needs without overspending. By building up something that was, dramatically larger than we needed in our initial rollout. >> Not a bad testimonial there, Ed. I mean. >> I agree. >> This is really highlights the applications using S3 more in the file workflow for the application in real time. This is where you start to see the rise of ransomware, other issues and scale matters. Can you share your thoughts and reaction to what James just said? >> Yeah, I think it's critical. I mean, as the popularity of S3 has increased, so has the fact that it's an attack vector now, and people are going after it. Whether that's to plant bad, malicious files, whether it's to replace code segments that are downloaded and used in other applications, it is a very critical piece. And when you look at scale, and you look at the cloud-native capability, there are lots of ways to solve it. You can dig a hole with a spoon, but a shovel works a lot better. And, in this case, you know, we take a simple example like James. They did a weekend migration, so, they've got new data coming in all the time. But, we did a massive migration. 5,000 files a minute being ingested. And, like he said, with a couple of clicks, scale up, process that over a sustained period of time, and then scale back down. So, you know, I've said it before. I said it on the previous one. We don't want to get in the way of someone's workflow. We want to help them secure their data and do it in a timely fashion, that they can continue with their proper processing and their normal customer responses. >> Yeah. Friction always has to be key. I know you're in the marketplace with your antivirus, for S3 on AWS. People can just download it. So, people are interested, go check it out. James, I got to ask you, and maybe Ed can chime in over the top, but, it seems so obvious. Data. Secure the data. Why is it so hard? Why isn't this so obvious? What's the problem? Why is it so difficult? Why are there so many different solutions? It just seems so obvious. You know, you got ransomware, you got injection of different malicious payloads. There's a ton of things going around around the data. Why is this? This is so obvious. Why isn't it solved? >> Well, I think there have been solutions available for a long time. That the challenge, the difficulty that I see is, that it is a moving target. As bad actors learn new vulnerabilities, new approaches. And as new technology becomes available, that opens additional attack vectors. That's the challenge. Is keeping up on the changing world. Including keeping up on the new ways that people are finding to exploit vulnerabilities. >> Yeah. And you got sensitive data at iPipeline. You do a lot of insurance, wealth management, all kinds of sensitive data, super valuable. You know, just brings me up, reminds me of the Sony hack, Ed, years ago. You know, companies are responsible for their own militia. I mean, cybersecurity, there's no government help for sure. I mean, companies are on the hook, as we mentioned earlier at the top of this interview. This really is highlighted that, IT departments and are, have to evolve to large scale cloud, you know, cloud-native applications, automation, AI machine learning all built in, to keep up at the scale. But, also, from a defense standpoint, I mean, James, you're out there, you're in the front lines. You got to defend yourself, basically, and you got to engineer it. >> A hundred percent. And just to go on top of what James was saying is, I think they're one of the big factors, and we've seen this. There's skill shortages out there. There's also just a pure lack of understanding. When we look at Amazon S3 or object storage in general, it's not an executable file system. So, people sort of assume that, "Oh, I'm safe. It's not executable. So, I'm not worried about it traversing my storage network." And they also probably have the assumption that the cloud providers, Amazon, is taking care of this for 'em. And, so, it's this "aha" moment, like you mentioned earlier. That you start to think, "Oh, it's not about where the data is sitting, per se, it's about scanning it as close to the storage spot. So, when it gets to the end user, it's safe and secure. And you can't rely on the end users' environment and system to be in place and up to date to handle it. So, it's that really, that lack of understanding that drives some of these folks into this, but for a while, we'll walk into customers and they'll say the same thing you said, John. "Why haven't I been doing this for so long?" And, it's because they didn't understand that it was such a risk. That's where that blind spot comes in. >> James, it's just a final note on your environment. What's your goals for the next year? How's things going over there in your side? How do you look at the security posture? What's on your agenda for the next year? How do you guys looking at the next level? >> Yeah, well, our goal as it relates to this is, to continue to move our existing applications over to AWS, to run natively there, which includes moving more data into S3 and leveraging the cloud storage security solution to scan that and ensure that it's, that there are no vulnerabilities that are getting in. >> And the ingestion? Is there like a bottlenecks, log jams? How do you guys see that scaling up? I mean, what's the strategy there? More, just add more S3? >> Well, S3 itself scales automatically for us and, the Cloud Storage Solution gives us levers to pull to do that. As Ed mentioned, we ingested a large amount of data during our initial migration, which created a bottleneck for us, as we were preparing to move our users over. We were able to, you know, make an adjustment in the admin console and spin up additional processes entirely behind the scenes and broke the log jam. So, I don't see any immediate concerns there. Being able to handle the load. >> You know, the term cloud-native and, you know, hyperscale-native, cloud-native, OneCloud, it's hybrid. All these things are native. We have anti-virus native coming soon. And I mean, this is what we're. You're basically doing is making it native into the workflows. Security native, and soon there's going to be security clouds out there. We're starting to see the rise of these new solutions. Can you guys share any thoughts or vision around how you see the industry evolving and what's needed, what's working and what's needed? Ed, we'll start with you. What's your vision? >> So, I think the notion of being able to look at and view the management plane and control that, has been where we're at right now. that's what everyone seems to be doing and going after. I think there are niche plays coming up, storage is one of them. But, we're going to get to a point where storage is just a blanket term for where you put your stuff. I mean, it kind of already is that, but, in AWS, it's going to be less about S3, less about work docs, less about EVS. It's going to be just storage and you're going to need a solution that can span all of that, to go along with where we're already at at the management plane. We're going to keep growing the data plane. >> James, what's your vision for what's needed in the industry? What's the gaps? What's working? And where do you see things going? >> Yeah, well, I think on the security front, specifically, Ed's probably a little bit better equipped to speak to them than I am. Since that's his primary focus. But I see the need for just expanded solutions that are cloud-native, that fit and fit nicely with the Amazon technologies, Whether that comes from Amazon or other partners like Cloud Storage Security, to fill those gaps. We're focused on, you know, the financial services and insurance industries. That's our niche. And we look to other partners, like Ed, to help be the experts in these areas. And so that's really what I'm looking for is, you know, the experts that we can partner with that are going to help fill those gaps as they come up and as they change in the future. >> Well, James, I really appreciate you coming on sharing your story. Ed, I'll give you the final word. Put a quick, spend a minute to talk about the company. I know Cloud Storage Security is an AWS partner, with the Security Software Competency. And is one of, I think, 16 partners listed in the competency and data category. So, take a minute to explain, you know, what's going on with the company, where people can find more information, how they buy and consume the products. >> Okay. >> Put the plug in. >> Yeah, thank you for that. So, we are a fast growing startup. We we've been in business for two and a half years, now. We have achieved our Security Competency. As John indicated, we're one of 16 data protection, Security Competent ISV vendors, globally. And, our goal is to expand and grow a platform that spans all storage types that you're going to be dealing with. And answer basic questions. "What do I have and where is it? Is it safe to use?" And, "Am I in proper control of it? Am I being alerted appropriately?" You know, so we're building this storage security platform, very laser-focused on the storage aspect of it. And, if people want to find out more information, you're more than welcome to go and try the software out on Amazon Marketplace. That's basically where we do most of our transacting. So, find it there, start a free trial, reach out to us directly from our website. We are happy to help you in any way that you need it, whether that's storage assessments, figuring out what data is important to you, and how to protect it. >> All right, Ed, thank you so much. Ed Casmer. Founder & CEO of Cloud Storage Security and of course James Johnson, AVP Research & Development, iPipeline customer. Gentlemen, thank you for sharing your story and featuring the company and the value proposition. It's certainly needed. This is season two, episode four. Thanks for joining us. Appreciate it. >> Thanks, John. >> Okay. I'm John Furrier. That is a wrap for this segment of the cybersecurity, season two, episode four. The ongoing series covering the exciting startups from Amazon's ecosystem. Thanks for watching. (gentle outro music)

(bright upbeat music) >> Hi, everyone, welcome back to theCUBE's Unstoppable Domains Partner Showcase. I'm John Furrier, host of theCUBE. This segment in this session is about expansion into Asia Pacific and Europe for Unstoppable Domains. It's a hot startup in the Web3 area, really creating a new innovation around NFTs, crypto, single sign-on, and digital identity, giving users the power like they should. We've got two great guests, Sajjad Rehman, Head of Europe, and Nilkanth, known as Nil, Iyer, head of Asia. Sajjad, Nil, welcome to this CUBE, and let's talk about the expansion. It's not really an expansion, the global economy is global, but showcase here about Unstoppables going to Europe. Thanks for coming on. >> Thanks for inviting us. >> Thanks John, for inviting us. >> So we're living in a global world, obviously, crypto, blockchain, decentralized applications. You're starting to see mainstream adoption, which means the shift is happening. There are more apps coming, and it means more infrastructure, and things got to get easier, right? So, reduce the steps it takes to do stuff, makes the wallets better, give people more secure access and control of their data. This is what Unstoppable is all about. You guys are in the middle of it, you're on this wave. What is the potential of Web3 with Unstoppable, and in general, in Asia and in Europe? >> I can go first. So, now, let's look at the Asia market. I mean, typically, we see the US market, the Europe markets, for typical Web 2.0 software and infrastructure is definitely the larger markets, with US typically accounting for about 60%, and Europe about 20 to 30%, and Asia has always been small. But we see in this whole world of blockchain, crypto, Web 3.0, Asia already has about 160 million users. They have more than 35 local exchanges. And if you really look at the number of countries, in terms of the rate of adoption, many of the Asian countries, which probably you'd have never even heard of, like Vietnam, actually topping the list, right? One of the reasons that this is happening, again, if you go through the Asian Development Bank's latest report, you have these Gen Zs and millennials, of that's 50% of the Asian population. And if you really look at 50% of the Asian population, that's 1.1 billion people out of the total, 1.8 billion Gen Z and millennials that you have have in the world. And these folks are digitally native, they're people, in fact, the Gen Zs are mobile first, and millennials, many of us, like myself, at least, are people who are digital, and 20% of the world's economy is currently digital, and the rest, 40 to 50%, which is going to happen in the Web 3.0 world, and that's going to be driven by millennials and Gen Zs. I think that's why this whole space is so exciting, because it's being driven by the users, by the new generation. I mean, that's my broad thought on this whole thing. >> Before we get get this started, I want to just comment, Asia, also, in other areas where mobile first came, you had the younger demographics absolutely driving the change, because they're like, "Well, I don't want the old way." They go right from scratch at the beginning, they're using the technologies. That has propelled the crypto world. I mean, that is absolutely true. Everyone's kind of seeing that. And that's now influencing some of these developer nations, like say, in Europe, for instance, and even North America, I think Europe's more advanced than North America, in my opinion, but we'll get to that. Oh, so potential in Europe. Sajjad, take us through your thoughts on... As head of Europe, for our audience. >> Absolutely, so, Nil's right. I think Asia is way ahead in terms of Gen Z user adopting crypto, Europe is actually a distant second, but it's surprising to note that Europe actually has the highest transactional activity in crypto over the last year and a half. And if you dig a bit deeper, I'd say, arguably, for Europe, I think the opportunity in Web3 is perhaps the largest. And then perhaps it can mean the most for Europe. Europe, for the last decade, has been trailing behind Asia and North America, when it comes to birthing unicorns, and I think Web3 can provide a StepChain opportunity. This belief, for me, stems from the fact that Europe's policy, right, like, for example, GDPR, is focused on enabling your data ownership. And I think I recently read a very good paper out of Stanford, by Patrick Henson. He speaks about Web3 being the best part, here, for Europe enabling patient sovereignty. So what that means is users control the data, they're paying to enter it, and they harness the value from it. And on one hand, while Europe is enabling that regulation, that's entered in that code, Web3 actually brings it into action. So I think with more enablement, better regulation, and we'll see more hubs, like the Crypto Valley in Switzerland pop up, that will bring, I think, I'd rather be careful, better to say, not over-regulation, the right regulation. We can expect more in prop capital, more builder talent, that then drives more adoption. So I think the prospects for Europe in terms of usage, as well as builders, are quite bright. >> Yeah, and I think, also, you guys are in areas where the cultural shift is so dramatic. You mentioned Asia, the demographics, even the entrepreneurial culture in Europe right now is booming. You look at all the venture-backed startups, and the young generation building companies! And again, cloud computing is a big part of that, obviously. But look at, compared to the United States, you go back 15 years ago, Europe was way behind, on the startup scene. Now it's booming and pumping on all cylinders. And it kind of points at this cultural shift. It's almost like a generational... It's like the digital hippies changing the world. The Web3, it's kind of, "I don't want to be Web2, Web2 is so old, I don't want to do that." And then it's all because it's changing, right? And there are things inadequate with Web2, on the naming system. Also the arbitrage around fake information, bots, users being manipulated, and also merchandised and monetized through these portals. Okay, that's kind of ending. So talk about the dynamic of Web2, 3, at those areas. You've got users and you've got companies, who build applications. They're going to shift and be forced, in our opinion, and I want to get your reaction to that. Do you think applications are going to have to be Web3, or users will reject them? >> Yeah, I think that I'll jump in and add to there in Nil's part. I think the Web3 is built on three principles, right? They're decentralization, ownership, and composability. And I think these are not binary. So if I look further on in the future, I don't see a future where you have just Web3. I think there's going to be coexistence or cooperation between Web2 companies, Web3, building bridges. I think there's going to be... There's a sliding scale to decentralization, versus centralization. Similarly, ownership. And I think users will find what works best for them in different contexts. I think what Unstoppable is doing is essentially providing the identity system for Web3, and that's way more powerful when it comes to being built on blockchains, than with the naming system we had for Web2, right? The identity system can serve the purpose of taking a user's personal identifier, password, blockchain, domain name, and attaching all kinds of attributes that define who you are, both in the physical and digital world, and filling out information that you can transact on the basis of. And I think the users would, as we go to a no-code and low-code future, right, where in Web2, more of the users were essentially consumers, or readers of the internet. And in Web3, with more low-code and no-code technology platforms taking shape and getting proliferation, you would see more users being actually writers, publishers, and developers on the internet. And they would value owning their data, and to harness the most amount of value from it. So I think that's the power concept, and I think that's the future I see, where Web3 will dominate. Nil, what do you think? >> Well, I think you put it very, very nicely, Sajjad. I think you covered most of the points, I think. But I'm seeing a lot of different things that are happening at the ground. I think a lot of the governments, a lot of the Web 2.0 players, the traditional banks, these guys are not sitting quiet on the blockchain space. There are a lot of pilots happening in the blockchain space, right? I mean, I can give you real life examples. I mean, one of the biggest examples is in my home state of Maharashtra, where Mumbai is. They actually partnered with Polygon (MATIC), right? Actually built a private blockchain-based capability to kind of deliver your COVID vaccination certificates with the QR code, right? And that's the only way they could deliver that kind of volumes in that short a time, with the kind of user control, the user control the user has on the data. That could only be possible because of blockchain. Of course, it's still private, because it's healthcare data, they still want to keep it, something that's not fully on a blockchain. But that is something. Similarly, there is a consortium of about nine banks who have actually trying to work on making things like remittances or trade finance much, much easier. I mean, remittances through a traditional, Web 2.0 world is very, very costly. And especially in the Asian countries, a lot of people from Southeast Asia work across the world and send back money home. It's a very costly and a time-taking affair. So they have actually partnered and built a blockchain-based capability, again, in a pilot stage, to kind of reduce the transaction costs. For example, if you just look at the trade finance days where there are 14 million traders, who do 2.4, 5 trillion dollars, of transaction, they were able to actually reduce the time that it takes from eight to nine days, to about two to three days. And so, to add on to what you're saying, I think these two worlds are going to meet, and meet very soon. And when they meet, what they need is a single digital identity, a human-readable way of being able to send and receive and do commerce. I think that's where I see Unstoppable Domains, very nicely positioned to be able to integrate these two worlds, so that's my thought on all the logistics. >> That was a great point. I was going to get into which industries, and kind of what areas, you see in your geographies. But it's a good point about saving time. I like how you brought that up, because in these new waves, you either got to reduce the steps it takes to do something, or save time, make it easy. And this is the successful formula, in anything, whether it's an app or UI or whatever, but what specifically are they doing in your areas? And what about Unstoppable are they attracted to? Is it because of the identity? Is it because of the apps? Is it because of the single sign-on? What is the reason that they're leaning in, and unpacking this further into their pilots? >> Sajjad, do you want to take that? >> Yeah, absolutely, man. >> Because. >> Yeah, I'm happy. Please jump in if you want. So I think, and let me clarify the question, John, you're talking about Web2 companies, looking to partner in software, or potential partnerships, right? >> Yeah, what are they seeing, and what are they seeing as the value that these pilots we heard from Nilkanth around the financial industry? And obviously, gaming's one, it's obvious. Huge: financial, healthcare, I mean, these are obviously verticals that are going to be heavily impacted in a positive way. What are they seeing as value? What's getting them motivated to do these pilots? Why are they jumping in, with both feet, if you will, on these projects? Is it because it's saving money, is it time, or both, is it ease of use, is it the user's expectations? Trying to tease out how you guys see that evolving. >> Yeah, yeah, I think... This is still, the space is, the movement is going very fast, but I think the space is still young. And right now, a lot of these companies are seeing the potential that Web3 offers. And I think the key, key dimensions, right, composability, decentralization, and ownership. So I think the key thing I'm seeing in EU is these Web2 companies seeing the momentum and looking to harness that by enabling bridges to Web3. One of the key trends in Europe has been Fintech, I think over the last five to six years, we have the Revolut, N26, e-TOTAL creating platforms, new banks and super finance, super apps rising to the forefront. And they are all enabling, or also connecting a bridge with Web3 in some shape and form, either enabling creating of crypto, some are launching their own native wallets, and these are, essentially, ways that they can, one, attract users. So the Gen Z who are looking for more friction in finance, to get them on board, but also to look to enable more adoption by their own users, who are not using these services that potentially create new revenue streams, and create allocation of capital that they could not access, to have access to otherwise. So I think that's one trend I'm seeing over here. I think the other key trend is, in Europe, at least, has been games. And again, dead links or damaged, web creators would call the metaverse. So a lot of game companies are looking to step into Game Fire, which is, again, a completely different business model to what traditional game companies used to use. Similarly, metaverse is where again, ownership creates a different business model and they see that users and gamers of the future would want to engage with that, versus just being monetized on the basis of subscription or ads. And I think that's something that they're becoming aware of, and moving quickly in the space, launching their own metaverses, or game by applications. Or creating interoperability with these decentralized applications. >> You know, I wanted to get into this point, but I was going to ask about the community empowerment piece of this equation, 'cause digital identity is about the user's identity, which implies they're part of a community. Web3 is very community-centric. But you mentioned gaming, I mean, people who have been watching the gaming world, like ourselves, know that communities and marketplaces have been very active for years, many years, over 15 years. Community, games, currency, in-game activity, has been out there, right, but siloed within the games themselves. So now, it seems that that paradigm's coming in and empowering all communities. Is this something that you guys see and agree with? And if so, what's different about that? How are communities being empowered? I guess that's the question. >> Yeah, I can maybe take that, Sajjad. So, I mean, I must have heard of Axie Infinity, I mean, 40% of their user base is in Vietnam. And the average earning that a person makes in a month, out of playing this game, is more than the national, daily or minimum wage that is there, right? So that's the kind of potential. Actually, going back, as a combination of actually answering your earlier question, and I think over and above what Sajjad said, what's very unique in Asia is we still have a lot of unbanked people, right? So if you really look at the total unbanked population of the world, it's 1.6 billion, and 24% of that is in Asia, so almost 375 million people are in Asia. So these are people who do not have access to finance or credit. So the whole idea is, how do we get these people on to a banking system, onto peer-to-peer lending, or peer-to-peer finance kind of capabilities. I think, again, Unstoppable Domains kind of helps in that, right? If you just look at the pure Web 3.0 world, and the complex, technical way in which money or other crypto is transferred from one wallet to the other, it's very difficult for an unbanked person who probably cannot even do basic communication, cannot read and write, to actually be able to do it. But something that's very human-readable, something that's very easy for him to understand, something that's visual, something that he can see on his mobile. With 2G network, we are not talking of... The world is talking about 5G, but there are parts of Asia, which are still using 2G and 2.5G kind of network, right? So I think that's one key use case. I think the banks are trying to solve because for them, this is a whole new customer segment. And, sorry, I actually went back a little bit, to your earlier question, but coming to this whole community-building, right? So on March 8th, we're launching something called this Women of Web3, or, oh, that is WoW3, right? This is basically to, again, empower. So if you, again, look at Asia, women need a lot of training, they need a lot of enablement, for them to be able to leverage the power of Web 3.0. I can talk about India, of course, being from India. A lot of the women do not... They do all the small businesses, but the money is taken by middlemen, or taken by their husbands. With Web 3.0, fundamentally, the money comes to them, because that's what they use to educate their children. And it's the same thing in a lot of other Southeast Asian countries as well. I think it's very important to build those communities, communities of women entrepreneurs. I think this is a big opportunity to really get the section of society, which probably will take 10 more years, if we go through the normal Web1 to Web 2.0 progression, where the power is with corporations, and not with the individuals. >> And that's a great announcement, by the way, you mentioned the $10 million worth of domains being issued out for... This is democratization, it's what it's all about. Again, this is a new revolution. I mean, this is a new thing. So great stuff, more education, more learning. And going to get the banks up and running, get those people banking, 'cause once they're banking, they get wallets, right? So they need the wallets. So let's get to the real meat here. You guys are in the territory, Europe and Asia, where there's a lot of wallets. There's a lot of exchanges, 'cause that's... They're not in the United States. There's a few of them there, but most of them outside the United States. And you've got a lot of dApps developing, decentralized applications, okay? So you got all this coming together in your territory. What's the strategy, how you going to attack that? You got the wallets, you got the exchanges, and you got D applications. DApps. >> Yeah, I'm happy to (indistinct). So I think, and just quickly there, I think one point is, and Nil really expressed it beautifully, is finding inclusion. That is something that has inspired me, how Web3 can make the internet more inclusive. That inspired my move here. Yeah, I think, for us, I think we are at the base start when it comes to Europe, right? And the key focus, in terms of our approach in Europe would be that, we want to do two things. One, we want to increase the utility of these domain names. And the second thing is, we will invite proliferation with our partners. So when I speak about utility, I think utility is when you have a universal identifier, which is a domain name, and then you have these attributes around it, right? What then defines your identity. So in the context, in Europe, we would look to find partners to help us enrich that identity around the domain name. And that adds value for users, in terms of acquiring these domains and new clients. And on the other end, when it comes to proliferation, I think it's about working with all those crypto, and crypto and Web3, Web3 participants as well as Web3-adjacent companies, brands, and services, who can help us educate current and future, and upcoming Web3 users about the utility of domain names, and help us onboard them to the decentralized internet. So I think that's going to be the general focus. I think the key is that, as, oh, and hopefully, we'll be having one, overarching regulation, EU, that allowed us to do this at a vision level. But I would say I think it's going to be tackling it country by country, identifying countries where there's deeper penetration for Web3, and then making sure that we are partnered with local, trusted partners that are already developing for local communities there. So, yeah, that's my view and Nil, I believe those are wants in, for Asia. >> Oh, I think, yeah, so again, in Asia, one is you have a significant part of humanity living in Asia, right? So obviously, all the other challenges and the opportunities that we talk about, I think the first area of focus would be educating the people on the massive opportunity that they have, and if you're able to get them in early, I think it's great for them as well, right? Because by the time governments, regulations, large banking, financial companies move, but if you can get the larger population into this whole space, it's good for them, so they are first movers in that space. I think we are doing a lot of things on this, worldwide. I think we've done more than 100 past podcasts, just educating people on what is Web 3.0, what are NFT domains? What is DeFi, and so on and so forth. I think it would need some bit of localization, customization, in Asia, given that India itself has about 22 languages. And then there are the other countries which, each of them with their own local languages and syntax, semantics and all those things, right? So I think that that is very important, to be able to disseminate the knowledge, although it's global, but I think to get the grassroot people to understand the opportunity, I think it would need some amount of work there. I think also building communities, I think, John, you talked about communities, so did Sajjad talk about communities. I think it's very important to build communities, because communities create ideation. It talks about... People share their challenges, so that people don't repeat the same mistakes. So I think it's very important to build communities based on interest. I think we all know in the technology world, you can build communities around Elegram, Telegram, Discord, Twitter spaces, and all those things. But, again, when you're talking of financial inclusion, you're talking of a different kind of community-building. I think that that would be important. And then of course I will kind of, primarily from a company perspective, I think getting the 35 odd exchanges in Asia, the wallets to partner with us. Just as an example, MATIC. They had, until September of last year, about 3,500 apps. In just one quarter, it doubled to 7,000 dApps on their platform. But that is the pace, or the speed of innovation that we are seeing on this whole 3.0 space. I think it's very important to get those key partners, Who are developing those dApps. See the power of single sign-on, having a human-readable, digital identity, being able to seamlessly transfer all your assets, digital assets, across multiple cryptos, across multiple NFT marketplaces, and so on and so forth. >> Yeah, and I think the whole community thing, too, is also you seeing the communities being part of, certainly in the entertainment area, and the artistry, creator world, the users are art of the community, they own it, too. So it goes both ways, but this brings up the marketplace, too, as well, because you guys have the opportunity to have trust built into the software layer, right? So now you can keep the reputation data. You can be anonymous, but it's trustworthy, versus bots, which we all know bots can be killed and then started again with... And no one knows what the tagalong has been around. So the whole inadequacy of Web2, which is just growing pains, right? This is what it evolution looks like, next abstraction layer. So I love that vibe. How advanced do you think that thinking is, where people are saying, Hey, we need this abstraction layer. We need this digital identity. We need to start expanding our applications so that the users can move across these and break down those silos where the data is, 'cause that's... This is like the nerd problem, right? It's the data silos that are holding it back. What's your guys' reaction to that? The killing the silos and making it horizontally scalable? >> Yeah, I think it's a nerd problem. It is a problem of people who understand technology. It's a problem of a lot of the people in the business who want to compete effectively against those giants, which are holding all the data. So I think those are the people who will innovate and move. Again, coming back to financial inclusion, coming back to the unbanked, those guys just want to do their business. They want to live their daily life. I think that's not where you'll see... You will see innovation in a different form, but they're not going to disrupt the disrupters. I think that would be the people, Fintechs, I think they would be the first to move on to something like that. I mean, that's my humble opinion. >> Sajjad, you heard. >> Yeah, I think- >> Go ahead. >> I mean, absolutely. I think, I mean, I touched on creators, right? So, like I said earlier, right, we are heading to a future where more people will be creators on the internet. Whether you're publishing, writing something, you're creating video content, and that means that they have data they own, but that's their data, they bring it to the internet. That's more powerful, more useful, and they should be able to transact on that basis. So I think people are recognizing that, and they will increasingly look to do so. And as they do that, they would want these systems that enable them to hold permission to their data. They will want to be able to control what their permission and what they want to provide, dApp. And at the end of the day, these applications have to work backwards from customers, and the customer's looking for that. That's where... That's what they will build. >> The users want freedom. They want to be able to be connected, and not be restricted. They want to freely move around the global internet and do whatever they want with the friends and apps that they want to consume, and not feel arbitraged. They don't want to feel like they're kind of nailed into a walled garden and stuck there and having to come back. It's the new normal. >> They don't want to be the product, right, so. >> They don't want to be the product. Gentlemen, great to have you on, great conversation. We're going to continue this later. Certainly want to keep the updates coming. You guys are in a very hot area in Europe and Asia Pacific. That's where a lot of the action is happening. We see the entrepreneurial activity, the business transformation, certainly with the new paradigm shift, and this big wave that's coming. It's here, it's mainstream. Thanks for coming on and sharing your insights. Appreciate it. >> Thanks, John. >> Thanks, John, Thanks for the opportunity, have a good day. >> Okay, okay, great conversation. All the action's moving and happening real fast. This is theCUBE Unstoppable Domains Partner Showcase. I'm John Furrier, your host. Thanks for watching. (contemplative music)

(upbeat music) >> Hey everyone. Welcome to theCUBE's coverage of Women In Tech, International Women's Day 2022. I'm your host, Lisa Martin. I have two guests from AWS here with me. Carolina Pina joins us, the head of Enterprise Enablement for LATAM and Laura Alvarez Modernel is here as well, Public Sector Programs Manager at AWS. Ladies, it's great to have you on theCUBE. >> Nice to meet you. >> Thank you for having us. >> Carolina, let's start with you. Talk to me a little bit about your role, what it is that you're doing there. >> So my role in AWS is to actually create mechanisms of massive training to try to close the talent gap that we have in the region. And when I mentioned talent gap, I'm talking about obviously digital and cloud-computing skills. So that's, that's, in a nutshell what my role entails. >> Lisa: Got it. How long have you been in that role? Just curious. >> So I've been at AWS a little bit over, over two years. I was actually in the public sector team when I joined, leading the education vertical for Latin American Canada. And I recently joined the commercial sector now leading these massive training efforts for the region for LATAM. >> And Laura, you're in public sector. Talk to me a little bit about your role. >> Yes, I'm in public sector. I'm also based in Buenos Aires, Argentina. So yeah, I'm from Latin America, and I lead educational and community impact programs in the Southern cone of Latin America. I also lead diversity, equity and inclusion efforts and I'm part of the Women at Amazon global board. That's our affinity group to make sure we make efforts towards building a more equal world. And on a personal note I'm really passionate about the topic of gender equality because I truly think it affects us all as women and as Latins. So that's something that I'm always interested in collaborating with. >> Lisa: Excellent. Carolina back to you. If we think about from an enablement perspective how is AWS partnering with its customers and its partners to train and employ women particularly in technology? >> Oh, sure. Lisa, so it's not a surprise. We, like I mentioned, you know we have a big cloud skills, talent gap in the region. In fact, you know, 69% of companies have reported talent shortages and difficulty hiring. So, and this represents a 15 year high. So, many of these companies are actually, you know, our own commercial customers. So they approach us saying, you know, asking for for support training and developing their talent. So like I mentioned, in my role I create massive training efforts and initiatives. So we always take into consideration women, minorities, underrepresented community, and not just for the current talent, meaning like the people that are currently employed, but also to ensure that we are proactively implementing initiatives to develop a talent of younger you know, a younger generation and a talent. So we can, you know, to inspire them and, and ensure that they, that we're seeing them represented in companies like AWS, you know and our customers, and in our partners. And obviously we, when we sit down with customers to craft these massive trainings you know, leveraging their ecosystems and communities, we actually try to use all our AWS training and certification portfolio which includes, you know, in live in class with live in structures, in classroom trainings. We also have our AWS Skill Builder platform which is the platform that allows us to, you know to reach a broader audience because it has, you know over 500 free and on-demand classes. And we also have a lot of different other programs that touches in different audiences. You know, we have AWS re/Start for underrepresented, and underemployed minorities. We also have AWS Academy, which is the program that we have for higher education institutions. And we have AWS, you know, Educate which also touches, you know, cloud beginners. So in every single of these programs, we ensure that we are encompassing and really speaking to women and developing training and developing women. >> Lisa: That's a great focus there. Laura, talk to me about upskilling. I know AWS is very much about promoting from within. What are some of the things that it's doing to help women in Latin America develop those tech skills and upskill from where, maybe where they are now? >> Well, Lisa, I think that is super interesting because there's definitely a skills gap problem, right? We have all heard about. And what's funny is also that we have this huge opportunity in Latin America to train people and to help further develop the countries. And we have the companies that need the talent. So why is there still a gap, right? And I think that's because there's no magic solution to solving this problem. No, like epic Hollywood movie scene that it's going to show how we close the gap. And it takes stepping out of our comfort zone. And as Carolina mentioned, collaborating. So, we at AWS have a commitment to help 29 million people globally to grow their technical skills with free cloud-computing skills training by 2025. I know that sounds a lot through educational programs but we do have as Carolina mentioned, a Skill Builder you can go into the website for free, enter, choose your path, get trained. We have Academy that we implement with universities. Re/Start that is a program that's already available in Argentina, Brazil, Chile, Colombia, Mexico, Peru, and Costa Rica. So there are a lot of opportunities, but you also mentioned something else that I would like to dive a bit deeper that is Latin American women. And yesterday we had the opportunity to record a panel about intersectionality with three amazing Latin women. And what we have to learn from that is that these are two minorities that intersect, right. We're talking about females that are minority. Latinas are minority. And in tech, that is also something that is even bigger minority. So there are more difficulties there and we need to make sure that we are meeting that talent that is there that is in Latin America, that exists. We know for sure we have unicorns in Latin America that are even AWS customers like Mercado Libre, and we have to meet them with the opportunities. And that's why we created a program that came from identifying how this problem evolves in Latin America, that there is a lack of confidence in women also that they don't feel prepared or equipped. There is a cultural component why we don't choose tech careers. And we partner with universities, more than 12 universities in Latin America with the International American Development Bank as well to create tech skills that's a free five weeks program in order to get students and get female in Latin America, into the tech world. And we also have them with mentorship. So I think that is an opportunity to truly collaborate because we as AWS are not going to solve these by ourselves, right? We need everyone pitching in on that. >> Lisa: Right. It's absolutely a team effort. You mentioned something important in terms of helping women, and especially minorities get out of their comfort zone. Carolina, I'm curious when you're talking with women and getting them into the program and sharing with them all of the enablement programs that you have, how do you help them be confident to get out of that comfort zone? That's a hard thing to do. >> Yeah, no, for sure. For sure, Lisa, well, I, you know, a lot of times actually I use myself as an example because, you know, I studied engineering and industrial systems engineering many years ago. And you know, a lot of my career has been in in higher education and innovation and startups. And as I mentioned in the intro I've been at AWS for a little bit over two years. So I, my career has not been in cloud and I recently joined the cloud. So I actually had to go through our own trainings and get our own certifications. So I, that's, you know a lot of times I actually, I use my own example, so people understand that you don't have to come from tech, you don't have to come, you can actually be a non-tech person and, and also see the the benefits of the cloud. And you don't have to only, you know, learn cloud if you're in the IT department or in an IT team. So sometimes, I also emphasize that the cloud and the future is absolutely the cloud. In fact, the world economic foreign, you know teaches us that cloud-computing is that the technology that's going to be mostly adopted by 2025. So that's why we need to ensure that every single person, women and others are really knowledgeable in the cloud. So that's why, you know, technical and untechnical. But I, you know, I use myself as an example for them to say, you know, you can actually do it. And obviously also I collaborate with Laura and a lot of the women at Amazon Latin America Group to also you know, ensure that we're doing webinars and panels. So we show them ourselves as role model like, Laura is an incredible role model for our community. And so it's also to to show examples of what the possibilities are. And that's what we do. >> Lisa: I love that you're sharing >> And can I make a note there also? >> Please, yes. >> To add to that. I think it also requires the companies and the, and the private sector to get out of their comfort zone, right? Because we are not going to find solutions doing what we are already doing. We truly need to go and get near these persons with a new message. Their interest is there in these programs we have reached more than 3,000 women already in Latin America with tech skills. So it's not that women are not interested. It's like, how do we reach them with a message that resounds with them, right? Like how we can explain the power of technology to transform the world and to actually improve their communities. I think there's something there also that we need to think further of. >> It's so important. You know, we say often when we're talking about women in tech, that she needs to see what she can be or if she can't see it, she can't be it. So having those role models and those mentors and sponsors is absolutely critical for women to get, I call it getting comfortably uncomfortable out of that comfort zone and recognizing there's so many opportunities. Carolina, to your point, you know, these days every company is a tech company, a data company whether you're talking about a car dealer, a grocery market. So your point about, you know, and obviously the future being cloud there's so much opportunity that that opens up, for everybody really, but that's an important thing for people to recognize how they can be a part of that get out of their comfort zone and try something that they maybe hadn't considered before. >> Yes. And, actually, Lisa I would love to share an example. So we have a group, O Boticário, which is one of our customers one of the, the lead retails in Brazil. And they've been a customer of AWS since 2013 when they realized that, you know the urgency and the importance of embracing state of the art technology, to your point, like, you know this is a retail company that understands that needs to be, you know embrace digital transformation, especially because, you know they get very busy during mother's days and other holidays during the year. So they realized that they, instead of outsourcing their IT requirements to technology experts they decided to actually start developing and bringing the talent, you know within itself, within, you know, technology in-house. So they decided to start training within. And that's when we, obviously we partnered with them to also create a very comprehensive training and certification plan that started with, you know a lot of the infrastructure and security teams but then it was actually then implemented in the rest of the company. So going back to the point like everybody really needs to know. And what we also love about O Boticário is they they really care about the diversion and inclusion aspect of this equation. And we actually collaborated with them as well through this program called Desenvolve with the Brazilian government. And Desenvolve means developing Portuguese and they this program really ensures that we are also closing that gender and that race gap and ensuring that they're actually, you know, developing talent in cloud for Brazil. So we, you know, obviously have been very successful with them and we will continue to do even more things with them particular for this topic. >> Lisa: I've always known how customer focused AWS is every time we get to go to re:Invent or some of the events but it's so nice to hear these the educational programs that you're doing with customers to help them improve DEI to help them enable their own women in their organizations to learn skills. I didn't realize that. I think that's fantastic very much a symbiotic part of AWS. If we think about the theme for this year's International Women's Day, Breaking The Bias I want to get both of your opinions and Laura we'll start with you, what that means to you, and where do you think we are in Latin America with breaking the bias? >> Well, I think breaking the bias is the first step to truly being who we are every day and being able to bring that to our work as well. I think we are in a learning curve of that. The companies are changing culturally, as Carolina mentioned we have customers that are aware of the importance of having women. And as we say at AWS not only because there is a good business reason because there is, because there are studies that show that we can increase the country's CPD, but also because it's important and it's the right thing to do. So in terms of breaking the bias I think we are learning and we have a long way to go. I talked a bit earlier about intersectionality and that is something that is also important to highlight, right? Because we are talking about females but we are also talking about another minorities. We're talking about underrepresented communities, Indigenous People, Latins. So when these overlap, we face even bigger challenges to get where we want to get, right? And to get to decision making places because technology is transforming the ways we take decisions, we live, and we need someone like us taking those decisions. So I think it's important at first to be aware and to see that you can get there and eventually to start the conversation going and to build the conversation, not to just leave it but to make sure we hear people and their input and what they're going through. >> Lisa: Yes. We definitely need to hear them. Carolina, what's your take on breaking the bias and where do you from your experience, where do you think we are with it? >> Yeah, no, I'm as passionate as Laura on this topic. And that's why we, you know we're collaborating in the Women at Amazon Latin America Chapter, because we're both very, I think breaking the bias starts with us and ourselves. And we are very proactive within AWS and externally. And I feel it's also, I mean, Lisa, what we've been doing is not only, obviously gathering you know, the troops and really making sure that, that we have very aggressive goals internally, but also bringing you know, bringing our male counterparts, and other, you know, other members of the other communities, because the change, we're not going to make it alone. Like the change where it is not women only talking to women is going to make the change. We actually need to make sure the male and other groups are represented. And the dialogue that they're that we're very conscious about that. And I feel like we're seeing more and more that the topic is becoming more of a priority not only within AWS and Amazon but we also see it because now that I meet with when I meet with customers around the region they really want to see how we can collaborate in these diversion and inclusion initiatives. So I think we are breaking the bias because now this topic is more top of mind. And then we are being more proactively addressing it and and training people and educating people. And I feel we're really in a pivoted point where the change that we've really been wanting to we will see in the next you know, few years which is very exciting. >> Lisa: Excellent, and we'll see that with the help of women like you guys. Thank you so much for joining me today, talking about what you're doing, how you're helping organizations across AWS's ecosystem, customers, partners, and helping, of course, folks from within you, right. It's a holistic effort, but we are on our way to breaking that bias and again, I thank you both for your insights. >> Thank you. >> Thank you, Lisa, for the opportunity. >> My pleasure. For Carolina Pina and Laura Alvarez Modernel, I'm Lisa Martin. You're watching theCUBE's coverage of Women in Tech, International Women's Day 2022. (upbeat music)

(upbeat music) >> Hello everyone, my name is Dave Vellante, and we're digging into the many facets of the software supply chain and how to better manage digital risk. I'd like to introduce Kirsten Newcomer, who is the Director of Cloud and DevSecOps Strategy at Red Hat. Hello Kirsten, welcome. >> Hello Dave, great to be here with you today. >> Let's dive right in. What technologies and practices should we be thinking about that can help improve the security posture within the software supply chain? >> So I think the most important thing for folks to think about really is adopting DevSecOps. And while organizations talk about DevSecOps, and many folks have adopted DevOps, they tend to forget the security part of DevSecOps. And so for me, DevSecOps is both DevSec, how do I shift security left into my supply chain, and SecOps which is a better understood and more common piece of the puzzle, but then closing that loop between what issues are discovered in production and feeding that back to the development team to ensure that we're really addressing that supply chain. >> Yeah I heard a stat. I don't know what the source is, I don't know if it's true, but it probably is that around 50% of the organizations in North America, don't even have a SecOps team. Now of course that probably includes a lot of smaller organizations, but the SecOps team, they're not doing DevSecOps, but so what are organizations doing for supply chain security today? >> Yeah, I think the most common practice, that people have adopted is vulnerability scanning. And so they will do that as part of their development process. They might do it at one particular point, they might do it at more than one point. But one of the challenges that, we see first of all, is that, that's the only security gate that they've integrated into their supply chain, into their pipeline. So they may be scanning code that they get externally, they may be scanning their own code. But the second challenge is that the results take so much work to triage. This is static vulnerability scanning. You get information that is not in full context, because you don't know whether a vulnerability is truly exploitable, unless you know how exposed that particular part of the code is to the internet, for example, or to other aspects. And so it's just a real challenge for organizations, who are only looking at static vulnerability data, to figure out what the right steps to take are to manage those. And there's no way we're going to wind up with zero vulnerabilities, in the code that we're all working with today. Things just move too quickly. >> Is that idea of vulnerability scanning, is it almost like sampling where you may or may not find the weakest link? >> I would say that it's more comprehensive than that. The vulnerability scanners that are available, are generally pretty strong, but they are, again, if it's a static environment, a lot of them rely on NVD database, which typically it's going to give you the worst case scenario, and by nature can't account for things like, was the software that you're scanning built with controls, mitigations built in. It's just going to tell you, this is the package, and this is the known vulnerabilities associated with that package. It's not going to tell you whether there were compiler time flags, that may be mitigated that vulnerability. And so it's almost overwhelming for organizations, to prioritize that information, and really understand it in context. And so when I think about the closed loop feedback, you really want not just that static scan, but also analysis that takes into account, the configuration of the application, and the runtime environment and any mitigations that might be present there. >> I see, thank you for that. So, given that this digital risk and software supply chains are now front and center, we read about them all the time now, how do you think organizations are responding? What's the future of software supply chain going to look like? >> That's a great one. So I think organizations are scrambling. We've certainly at Red Hat, We've seen an increase in questions, about Red Hat's own supply chain security, and we've got lots of information that we can share and make available. But I think also we're starting to see, this strong increased interest, in security bill of materials. So I actually started working with, automation and standards around security bill of materials, a number of years ago. I participated in The Linux Foundation, SPDX project. There are other projects like CycloneDX. But I think all organizations are going to need to, those of us who deliver software, we're going to need to provide S-bombs and consumers of our software should be looking for S-bombs, to help them understand, to build transparency across the projects. And to facilitate that automation, you can leverage the data, in a software package list, to get a quick view of vulnerabilities. Again, you don't have that runtime context yet, but it saves you that step, perhaps of having to do the initial scanning. And then there are additional things that folks are looking at. Attested pipelines is going to be key, for building your custom software. As you pull the code in and your developers build their solutions, their applications, being able to vet the steps in your pipeline, and attest that nothing has happened in that pipeline, is really going to be key. >> So the software bill of materials is going to give you, a granular picture of your software, and then what the chain of, providence if you will or? >> Well, an S-bomb depending on the format, an S-bomb absolutely can provide a chain of providence. But another thing when we think about it, from the security angles, so there's the providence, where did this come from? Who provided it to me? But also with that bill of materials, that list of packages, you can leverage tooling, that will give you information about vulnerability information about those packages. At Red Hat we don't think that vulnerability info should be included in the S-bomb, because vulnerability data changes everyday. But, it saves you a step potentially. Then you don't necessarily have to be so concerned about doing the scan, you can pull data about known vulnerabilities for those packages without a scan. Similarly the attestation in the pipeline, that's about things like ensuring that, the code that you pull into your pipeline is signed. Signatures are in many ways of more important piece for defining providence and getting trust. >> Got it. So I was talking to Asiso the other day, and was asking her okay, what are your main challenges, kind of the standard analyst questions, if you will. She said look, I got great people, but I just don't have enough depth of talent, to handle, the challenges I'm always sort of playing catch up. That leads one to the conclusion, okay, automation is potentially an answer to address that problem, but the same time, people have said to me, sometimes we put too much faith in automation. some say okay, hey Kirsten help me square the circle. I want to automate because I lack the talent, but it's not, it's not sufficient. What are your thoughts on automation? >> So I think in the world we're in today, especially with cloud native applications, you can't manage without automation, because things are moving too quickly. So I think the way that you assess whether automation is meeting your goals becomes critical. And so looking for external guidance, such as the NIST's Secure Software Development Framework, that can help. But again, when we come back, I think, look for an opinionated position from the vendors, from the folks you're working with, from your advisors, on what are the appropriate set of gates. And we've talked about vulnerability scanning, but analyzing the configed data for your apps it's just as important. And so I think we have to work together as an industry, to figure out what are the key security gates, how do we audit the automation, so that I can validate that automation and be comfortable, that it is actually meeting the needs. But I don't see how we move forward without automation. >> Excellent. Thank you. We were forced into digital, without a lot of thought. Some folks, it's a spectrum, some organizations are better shape than others, but many had to just dive right in without a lot of strategy. And now people have sat back and said, okay, let's be more planful, more thoughtful. So as you, and then of course, you've got, the supply chain hacks, et cetera. How do you think the whole narrative and the strategy is going to change? How should it change the way in which we create, maintain, consume softwares as both organizations and individuals? >> Yeah. So again, I think there's going to be, and there's already, need request for more transparency, from software vendors. This is a place where S-bombs play a role, but there's also a lot of conversation out there about zero trust. So what does that mean in, you have to have a relationship with your vendor, that provides transparency, so that you can assess the level of trust. You also have to, in your organization, determine to your point earlier about people with skills and automation. How do you trust, but verify? This is not just with your vendor, but also with your internal supply chain. So trust and verify remains key. That's been a concept that's been around for a while. Cloud native doesn't change that, but it may change the tools that we use. And we may also decide what are our trust boundaries. Are they where are we comfortable trusting? Where do we think that zero trust is more applicable place, a more applicable frame to apply? But I do think back to the automation piece, and again, it is hard for everybody to keep up. I think we have to break down silos, we have to ensure that teams are talking across those silos, so that we can leverage each other's skills. And we need to think about managing everything as code. What I like about the everything is code including security, is it does create auditability in new ways. If you're managing your infrastructure, and get Ops like approach your security policies, with a get Ops like approach, it provides visibility and auditability, and it enables your dev team to participate in new ways. >> So when you're talking about zero trust I think, okay, I can't trust users, I got to trust the verified users, machines, employees, my software, my partners. >> Yap >> Every possible connection point. >> Absolutely. And this is where both attestation and identity become key. So being able to, I mean, the SolarWinds team has done a really interesting set of things with their supply chain, after they were, in response to the hack they were dealing with. They're now using Tekton CD chains, to ensure that they have, attested every step in their supply chain process, and that they can replicate that with automation. So they're doing a combination of, yep. We've got humans who need to interact with the chain, and then we can validate every step in that chain. And then workload identity, is a key thing for us to think about too. So how do we assert identity for the workloads that are being deployed to the cloud and verify whether that's with SPIFFE SPIRE, or related projects verify, that the workload is the one that we meant to deploy and also runtime behavioral analysis. I know we've been talking about supply chain, but again, I think we have to do this closed loop. You can't just think about shifting security left. And I know you mentioned earlier, a lot of teams don't have SecOps, but there are solutions available, that help assess the behavior and runtime, and that information can be fed back to the app dev team, to help them adjust and verify and validate. Where do I need to tighten my security? >> Am glad you brought up the SolarWinds to Kirsten what they're doing. And as I remember after 911, everyone was afraid to fly, but it was probably the safest time in history to fly. And so same analogy here. SolarWinds probably has learned more about this and its reputation took a huge hit. But if you had to compare, what SolarWinds has learned and applied, at the speed at which they've done it with maybe, some other software suppliers, you might find that they've actually done a better job. It's just, unfortunately, that something hit that we never saw before. To me it was Stuxnet, like we'd never seen anything like this before, and then boom, we've entered a whole new era. I'll give you the last word Kirsten. >> No just to agree with you. And I think, again, as an industry, it's pushed us all to think harder and more carefully about where do we need to improve? What tools do we need to build to help ourselves? Again, S-bombs have been around, for a good 10 years or so, but they are enjoying a resurgence of importance signing, image signing, manifest signing. That's been around for ages, but we haven't made it easy to integrate that into the supply chain, and that's work that's happening today. Similarly that attestation of a supply chain, of a pipeline that's happening. So I think as a industry, we've all recognized, that we need to step up, and there's a lot of creative energy going into improving in this space. >> Excellent Kirsten Newcomer, thanks so much for your perspectives. Excellent conversation. >> My pleasure, thanks so much. >> You're welcome. And you're watching theCUBE, the leader in tech coverage. (soft music)

(upbeat music) >> Hello, everyone. Welcome to theCUBE's coverage of the "AWS Startup Showcase", season two, episode one. I'm Lisa Martin, and I'm excited to be joined by Snyk, next in this episode. Liran Tal joins me, the director of developer advocacy. Liran, welcome to the program. >> Lisa, thank you for having me. This is so cool. >> Isn't it cool? (Liran chuckles) All the things that we can do remotely. So I had the opportunity to speak with your CEO, Peter McKay, just about a month or so ago at AWS re:Invent. So much growth and momentum going on with Snyk, it's incredible. But I wanted to talk to you about specifically, let's start with your role from a developer advocate perspective, 'cause Snyk is saying modern development is changing, so traditional AppSec gatekeeping doesn't apply anymore. Talk to me about your role as a developer advocate. >> It is definitely. The landscape is changing, both developer and security, it's just not what it was before, and what we're seeing is developers need to be empowered. They need some help, just working through all of those security issues, security incidents happening, using open source, building cloud native applications. So my role is basically about making them successful, helping them any way we can. And so getting that security awareness out, or making sure people are having those best practices, making sure we understand what are the frustrations developers have, what are the things that we can help them with, to be successful day to day. And how they can be a really good part of the organization in terms of fixing security issues, not just knowing about it, but actually being proactively on it. >> And one of the things also that I was reading is, Shift Left is not a new concept. We've been talking about it for a long time. But Snyk's saying it was missing some things and proactivity is one of those things that it was missing. What else was it missing and how does Snyk help to fix that gap? >> So I think Shift Left is a good idea. In general, the idea is we want to fix security issues as soon as we can. We want to find them. Which I think that is a small nuance that what's kind of missing in the industry. And usually what we've seen with traditional security before was, 'cause notice that, the security department has like a silo that organizations once they find some findings they push it over to the development team, the R&D leader or things like that, but until it actually trickles down, it takes a lot of time. And what we needed to do is basically put those developer security tools, which is what Snyk is building, this whole security platform. Is putting that at the hands and at the scale of, and speed of modern development into developers. So, for example, instead of just finding security issues in your open source dependencies, what we actually do at Snyk is not just tell you about them, but you actually open a poll request to your source codes version and management system. And through that we are able to tell you, now you can actually merge it, you can actually review it, you can actually have it as part of your day-to-day workflows. And we're doing that through so many other ways that are really helpful and actually remediating the problem. So another example would be the IDE. So we are actually embedding an extension within your IDEs. So, once you actually type in your own codes, that is when we actually find the vulnerabilities that could exist within your own code, if that's like insecure code, and we can tell you about it as you hit Command + S and you will save the file. Which is totally different than what SaaS tools starting up application security testing was before because, when things started, you usually had SaaS tools running in the background and like CI jobs at the weekend and in deltas of code bases, because they were so slow to run, but developers really need to be at speed. They're developing really fast. They need to deploy. One development is deployed to production several times a day. So we need to really enable developers to find and fix those security issues as fast as we can. >> Yeah, that speed that you mentioned is absolutely critical to their workflow and what they're expecting. And one of the unique things about Snyk, you mentioned, the integration into how this works within development workflow with IDE, CIDC, they get environment enabling them to work at speed and not have to be security experts. I imagine are two important elements to the culture of the developer environment, right? >> Correct, yes. It says, a large part is we don't expect developers to be security experts. We want to help them, we want to, again, give them the tools, give them the knowledge. So we do it in several ways. For example, that IDE extension has a really cool thing that's like kind of unique to it that I really like, and that is, when we find, for example, you're writing code and maybe there's a batch traversal vulnerability in the function that you just wrote, what we'll actually do when we tell you about it, it will actually tell you, hey, look, these are some other commits made by other open source projects where we found the same vulnerability and those commits actually fixed it. So actually giving you example cases of what potentially good code looks like. So if you think about it, like who knows what patch reversal is, but prototype pollution like many types of vulnerabilities, but at the same time, we don't expect developers to actually know, the deep aspects of security. So they're left off with, having some findings, but not really, they want to fix them, but they don't really have the expertise to do it. So what we're doing is we're bridging that gap and we're being helpful. So I think this is what really proactive security is for developers, that says helping them remediate it. And I can give like more examples, like the security database, it's like a wonderful place where we also like provide examples and references of like, where does their vulnerability come from if there's like, what's fogging in open-source package? And we highlight that with a lot of references that provide you with things, the pull requests that fixed date, or the issue with where this was discussed. You have like an entire context of what is the... What made this vulnerability happen. So you have like a little bit more context than just specifically, emerging some stuff and updating, and there's a ton more. I'm happy to like dive more into this. >> Well, I can hear your enthusiasm for it, a developer advocate it seems like you are. But talking about the burdens of the gaps that you guys are filling it also seems like the developers and the security folks that this is also a bridge for those teams to work better together. >> Correct. I think that is not siloed anymore. I think the idea of having security champions or having threat modeling activities are really, really good, or like insightful both like developers and security, but more than just being insightful, useful practices that organizations should actually do actually bringing a discussion together to actually creating a more cohesive environment for both of those kind of like expertise, development and security to work together towards some of these aspects of like just mitigating security issues. And one of the things that actually Snyk is doing in that, in bringing their security into the developer mindset is also providing them with the ability to prioritize and understand what policies to put in place. So a lot of the times security organizations actually, the security org wants to do is put just, guardrails to make sure that developers have a good leeway to work around, but they're not like doing things that like, they definitely shouldn't do that, like prior to bringing a big risk into today organizations. And that's what I think we're doing also like great, which is the fact that we're providing the security folks to like put the policies in place and then developers who actually like, work really well within those understand how to prioritize vulnerabilities is an important part. And we kind of like quantify that, we put like an urgency score that says, hey, you should fix this vulnerability first. Why? Because it has, first of all, well, you can upgrade really quickly. It has a fix right there. Secondly, there's like an exploit in the wild. It means potentially an attacker can weaponize this vulnerability and like attack your organizations, in an automated fashion. So you definitely want to put that put like a lead on that, on that broken window, if so to say. So we ended up other kind of metrics that we can quantify and put this as like an urgency score, which we called a priority score that helps again, developers really know what to fix first, because like they could get a scan of like hundreds of vulnerabilities, but like, what do I start first with? So I find that like very useful for both the security and the developers working together. >> Right, and especially now, as we've seen such changes in the last couple of years to the threat landscape, the vulnerabilities, the security issues that are impacting every industry. The ability to empower developers to not only work at the speed with which they are accustomed and need to work, but also to be able to find those vulnerabilities faster prioritize which ones need to be fixed. I mean, I think of Log4Shell, for example, and when the challenge is going on with the supply chain, that this is really a critical capability from a developer empowerment perspective, but also from a overall business health and growth perspective. >> Definitely. I think, first of all, like if you want to step just a step back in terms of like, what has changed. Like what is the landscape? So I think we're seeing several things happening. First of all, there's this big, tremendous... I would call it a trend, but now it's like the default. Like of the growth of open source software. So first of all as developers are using more and more open source and that's like a growing trend of have like drafts of this. And it's like always increasing across, by the way, every ecosystem go, rust, .net, Java, JavaScript, whatever you're building, that's probably like on a growing trend, more open source. And that is, we will talk about it in a second what are the risks there. But that is one trend that we're saying. The other one is cloud native applications, which is also worth to like, I think dive deep into it in terms of the way that we're building applications today has completely shifted. And I think what AWS is doing in that sense is also creating a tremendous shift in the mindset of things. For example, out of the cloud infrastructure has basically democratized infrastructure. I do not need to, own my servers and own my monitoring and configure everything out. I can actually write codes that when I deploy it, when something parses this and runs this, it actually creates servers and monitoring, logging, different kinds of things for me. So it democratize the whole sense of building applications from what it was decades ago. And this whole thing is important and really, really fast. It makes things scalable. It also introduces some rates. For example, some of these configuration. So there's a lot that has been changed. And in that landscape of like what modern developer is and I think in that sense, we kind of can need a lead to a little bit more, be helpful to developers and help them like avoid all those cases. And I'm like happy to dive into like the open source and the cloud native. That was like follow-ups on this one. >> I want to get into a little bit more about your relationship with AWS. When I spoke with Peter McKay for re:Invent, he talked about the partnership being a couple of years old, but there's some kind of really interesting things that AWS is doing in terms of leveraging, Snyk. Talk to me about that. >> Indeed. So Snyky integrates with almost, I think probably a lot of services, but probably almost all of those that are unique and related to developers building on top of the AWS platform. And for example, that would be, if you actually are building your code, it connects like the source code editor. If you are pushing that code over, it integrates with code commits. As you build and CIS are running, maybe code build is something you're using that's in code pipeline. That is something that you have like native integrations. At the end of the day, like you have your container registry or Lambda. If you're using like functions as a service for your obligations, what we're doing is integrating with all of that. So at the end of the day, you really have all of that... It depends where you're integrating, but on all of those points of integration, you have like Snyk there to help you out and like make sure that if we find on any of those, any potential issues, anything from like licenses to vulnerabilities in your containers or just your code or your open source code in those, they actually find it at that point and mitigate the issue. So this kind of like if you're using Snyk, when you're a development machine, it kind of like accompanies you through this journey all over what a CIC kind of like landscape looks like as an architectural landscape for development, kind of like all the way there. And I think what you kind of might be I think more interested, I think to like put your on and an emphasis would be this recent integration with the Amazon Inspector. Which is as it's like very pivotal parts on the AWS platform to provide a lot of, integrate a lot of services and provide you with those insights on security. And I think the idea that now that is able to leverage vulnerability data from the Snyk's security intelligence database that says that's tremendous. And we can talk about that. We'd look for shell and recent issues. >> Yeah. Let's dig into that. We've have a few minutes left, but that was obviously a huge issue in November of 2021, when obviously we're in a very dynamic global situation period, but it's now not a matter of if an organization is going to be hit by vulnerabilities and security threats. It's a matter of when. Talk to me about really how impactful Snyk was in the Log4Shell vulnerability and how you help customers evade probably some serious threats, and that could have really impacted revenue growth, customer satisfaction, brand reputation. >> Definitely. The Log4Shell is, well, I mean was a vulnerability that was disclosed, but it's probably still a major part and going to be probably for the foreseeable future. An issue for organizations as they would need to deal with us. And we'll dive in a second and figure out like why, but in like a summary here, Log4Shell was the vulnerability that actually was found in Java library called Log4J. A logging library that is so popular today and used. And the thing is having the ability to react fast to those new vulnerabilities being disclosed is really a vital part of the organizations, because when it is asking factful, as we've seen Log4Shell being that is when, it determines where the security tool you're using is actually helping you, or is like just an added thing on like a checkbox to do. And that is what I think made Snyk's so unique in the sense. We have a team of those folks that are really boats, manually curating the ecosystem of CVEs and like finding by ourselves, but also there's like an entire, kind of like an intelligence platform beyond us. So we get a lot of notifications on chatter that happens. And so when someone opens an issue on an open source repository says, Hey, I found an issue here. Maybe that's an XSS or code injection or something like that. We find it really fast. And we at that point, before it goes to CVE requirement and stuff like that through like a miter and NVD, we find it really fast and can add it to the database. So this has been something that we've done with Log4Shell, where we found that as it was disclosed, not on the open source, but just on the open source system, but it was generally disclosed to everyone at that point. But not only that, because look for J as the library had several iterations of fixes they needed. So they fixed one version. Then that was the recommendation to upgrade to then that was actually found as vulnerable. So they needed to fix the another time and then another time and so on. So being able to react fast, which is, what I think helped a ton of customers and users of Snyk is that aspect. And what I really liked in the way that this has been received very well is we were very fast on creating those command line tools that allow developers to actually find cases of the Log4J library, embedded into (indistinct) but not true a package manifest. So sometimes you have those like legacy applications, deployed somewhere, probably not even legacy, just like the Log4J libraries, like bundled into a net or Java source code base. So you may not even know that you're using it in a sense. And so what we've done is we've like exposed with Snyk CLI tool and a command line argument that allows you to search for all of those cases. Like we can find them and help you, try and mitigate those issues. So that has been amazing. >> So you've talked in great length, Liran about, and detail about how Snyk is really enabling and empowering developers. One last question for you is when I spoke with Peter last month at re:Invent, he talked about the goal of reaching 28 million developers. Your passion as a director of developer advocacy is palpable. I can feel it through the screen here. Talk to me about where you guys are on that journey of reaching those 28 million developers and what personally excites you about what you're doing here. >> Oh, yeah. So many things. (laughs) Don't know where to start. We are constantly talking to developers on community days and things like that. So it's a couple of examples. We have like this dev site community, which is a growing and kicking community of developers and security people coming together and trying to work and understand, and like, just learn from each other. We have those events coming up. We actually have this, "The Big Fix". It's a big security event that we're launching on February 25th. And the idea is, want to help the ecosystem secure security obligations, open source or even if it's closed source. We like help you fix that though that yeah, it's like helping them. We've launched this Snyk ambassadors program, which is developers and security people, CSOs are even in there. And the idea is how can we help them also be helpful to the community? Because they are like known, they are passionate as we are, on application security and like helping developers code securely, build securely. So we launching all of those programs. We have like social impact related programs and the way that we like work with organizations, like maybe non-profit maybe they just need help, like getting, the security part of things kind of like figured out, students and things like that. Like, there's like a ton of those initiatives all over the boards, helping basically the world be a little bit more secure. >> Well, we could absolutely use Snyk's help in making the world more secure. Liran it's been great talking to you. Like I said, your passion for what you do and what Snyk is able to facilitate and enable is palpable. And it was a great conversation. I appreciate that. And we look forward to hearing what transpires during 2022 for Snyk so you got to come back. >> I will. Thank you. Thank you, Lisa. This has been fun. >> All right. Excellent. Liran Tal, I'm Lisa Martin. You're watching theCUBE's second season, season two of the "AWS Startup Showcase". This has been episode one. Stay tuned for more great episodes, full of fantastic content. We'll see you soon. (upbeat music)

(upbeat music) >> Hello everyone, my name is Dave Vellante, and we're digging into the many facets of the software supply chain and how to better manage digital risk. I'd like to introduce Kirsten Newcomer, who is the Director of Cloud and DevSecOps Strategy at Red Hat. Hello Kirsten, welcome. >> Hello Dave, great to be here with you today. >> Let's dive right in. What technologies and practices should we be thinking about that can help improve the security posture within the software supply chain? >> So I think the most important thing for folks to think about really is adopting DevSecOps. And while organizations talk about DevSecOps, and many folks have adopted DevOps, they tend to forget the security part of DevSecOps. And so for me, DevSecOps is both DevSec, how do I shift security left into my supply chain, and SecOps which is a better understood and more common piece of the puzzle, but then closing that loop between what issues are discovered in production and feeding that back to the development team to ensure that we're really addressing that supply chain. >> Yeah I heard a stat. I don't know what the source is, I don't know if it's true, but it probably is that around 50% of the organizations in North America, don't even have a SecOps team. Now of course that probably includes a lot of smaller organizations, but the SecOps team, they're not doing DevSecOps, but so what are organizations doing for supply chain security today? >> Yeah, I think the most common practice, that people have adopted is vulnerability scanning. And so they will do that as part of their development process. They might do it at one particular point, they might do it at more than one point. But one of the challenges that, we see first of all, is that, that's the only security gate that they've integrated into their supply chain, into their pipeline. So they may be scanning code that they get externally, they may be scanning their own code. But the second challenge is that the results take so much work to triage. This is static vulnerability scanning. You get information that is not in full context, because you don't know whether a vulnerability is truly exploitable, unless you know how exposed that particular part of the code is to the internet, for example, or to other aspects. And so it's just a real challenge for organizations, who are only looking at static vulnerability data, to figure out what the right steps to take are to manage those. And there's no way we're going to wind up with zero vulnerabilities, in the code that we're all working with today. Things just move too quickly. >> Is that idea of vulnerability scanning, is it almost like sampling where you may or may not find the weakest link? >> I would say that it's more comprehensive than that. The vulnerability scanners that are available, are generally pretty strong, but they are, again, if it's a static environment, a lot of them rely on NVD database, which typically it's going to give you the worst case scenario, and by nature can't account for things like, was the software that you're scanning built with controls, mitigations built in. It's just going to tell you, this is the package, and this is the known vulnerabilities associated with that package. It's not going to tell you whether there were compiler time flags, that may be mitigated that vulnerability. And so it's almost overwhelming for organizations, to prioritize that information, and really understand it in context. And so when I think about the closed loop feedback, you really want not just that static scan, but also analysis that takes into account, the configuration of the application, and the runtime environment and any mitigations that might be present there. >> I see, thank you for that. So, given that this digital risk and software supply chains are now front and center, we read about them all the time now, how do you think organizations are responding? What's the future of software supply chain going to look like? >> That's a great one. So I think organizations are scrambling. We've certainly at Red Hat, We've seen an increase in questions, about Red Hat's own supply chain security, and we've got lots of information that we can share and make available. But I think also we're starting to see, this strong increased interest, in security bill of materials. So I actually started working with, automation and standards around security bill of materials, a number of years ago. I participated in The Linux Foundation, SPDX project. There are other projects like CycloneDX. But I think all organizations are going to need to, those of us who deliver software, we're going to need to provide S-bombs and consumers of our software should be looking for S-bombs, to help them understand, to build transparency across the projects. And to facilitate that automation, you can leverage the data, in a software package list, to get a quick view of vulnerabilities. Again, you don't have that runtime context yet, but it saves you that step, perhaps of having to do the initial scanning. And then there are additional things that folks are looking at. Attested pipelines is going to be key, for building your custom software. As you pull the code in and your developers build their solutions, their applications, being able to vet the steps in your pipeline, and attest that nothing has happened in that pipeline, is really going to be key. >> So the software bill of materials is going to give you, a granular picture of your software, and then what the chain of, providence if you will or? >> Well, an S-bomb depending on the format, an S-bomb absolutely can provide a chain of providence. But another thing when we think about it, from the security angles, so there's the providence, where did this come from? Who provided it to me? But also with that bill of materials, that list of packages, you can leverage tooling, that will give you information about vulnerability information about those packages. At Red Hat we don't think that vulnerability info should be included in the S-bomb, because vulnerability data changes everyday. But, it saves you a step potentially. Then you don't necessarily have to be so concerned about doing the scan, you can pull data about known vulnerabilities for those packages without a scan. Similarly the attestation in the pipeline, that's about things like ensuring that, the code that you pull into your pipeline is signed. Signatures are in many ways of more important piece for defining providence and getting trust. >> Got it. So I was talking to Asiso the other day, and was asking her okay, what are your main challenges, kind of the standard analyst questions, if you will. She said look, I got great people, but I just don't have enough depth of talent, to handle, the challenges I'm always sort of playing catch up. That leads one to the conclusion, okay, automation is potentially an answer to address that problem, but the same time, people have said to me, sometimes we put too much faith in automation. some say okay, hey Kirsten help me square the circle. I want to automate because I lack the talent, but it's not, it's not sufficient. What are your thoughts on automation? >> So I think in the world we're in today, especially with cloud native applications, you can't manage without automation, because things are moving too quickly. So I think the way that you assess whether automation is meeting your goals becomes critical. And so looking for external guidance, such as the NIST's Secure Software Development Framework, that can help. But again, when we come back, I think, look for an opinionated position from the vendors, from the folks you're working with, from your advisors, on what are the appropriate set of gates. And we've talked about vulnerability scanning, but analyzing the configed data for your apps it's just as important. And so I think we have to work together as an industry, to figure out what are the key security gates, how do we audit the automation, so that I can validate that automation and be comfortable, that it is actually meeting the needs. But I don't see how we move forward without automation. >> Excellent. Thank you. We were forced into digital, without a lot of thought. Some folks, it's a spectrum, some organizations are better shape than others, but many had to just dive right in without a lot of strategy. And now people have sat back and said, okay, let's be more planful, more thoughtful. So as you, and then of course, you've got, the supply chain hacks, et cetera. How do you think the whole narrative and the strategy is going to change? How should it change the way in which we create, maintain, consume softwares as both organizations and individuals? >> Yeah. So again, I think there's going to be, and there's already, need request for more transparency, from software vendors. This is a place where S-bombs play a role, but there's also a lot of conversation out there about zero trust. So what does that mean in, you have to have a relationship with your vendor, that provides transparency, so that you can assess the level of trust. You also have to, in your organization, determine to your point earlier about people with skills and automation. How do you trust, but verify? This is not just with your vendor, but also with your internal supply chain. So trust and verify remains key. That's been a concept that's been around for a while. Cloud native doesn't change that, but it may change the tools that we use. And we may also decide what are our trust boundaries. Are they where are we comfortable trusting? Where do we think that zero trust is more applicable place, a more applicable frame to apply? But I do think back to the automation piece, and again, it is hard for everybody to keep up. I think we have to break down silos, we have to ensure that teams are talking across those silos, so that we can leverage each other's skills. And we need to think about managing everything as code. What I like about the everything is code including security, is it does create auditability in new ways. If you're managing your infrastructure, and get Ops like approach your security policies, with a get Ops like approach, it provides visibility and auditability, and it enables your dev team to participate in new ways. >> So when you're talking about zero trust I think, okay, I can't trust users, I got to trust the verified users, machines, employees, my software, my partners. >> Yap >> Every possible connection point. >> Absolutely. And this is where both attestation and identity become key. So being able to, I mean, the SolarWinds team has done a really interesting set of things with their supply chain, after they were, in response to the hack they were dealing with. They're now using Tekton CD chains, to ensure that they have, attested every step in their supply chain process, and that they can replicate that with automation. So they're doing a combination of, yep. We've got humans who need to interact with the chain, and then we can validate every step in that chain. And then workload identity, is a key thing for us to think about too. So how do we assert identity for the workloads that are being deployed to the cloud and verify whether that's with SPIFFE SPIRE, or related projects verify, that the workload is the one that we meant to deploy and also runtime behavioral analysis. I know we've been talking about supply chain, but again, I think we have to do this closed loop. You can't just think about shifting security left. And I know you mentioned earlier, a lot of teams don't have SecOps, but there are solutions available, that help assess the behavior and runtime, and that information can be fed back to the app dev team, to help them adjust and verify and validate. Where do I need to tighten my security? >> Am glad you brought up the SolarWinds to Kirsten what they're doing. And as I remember after 911, everyone was afraid to fly, but it was probably the safest time in history to fly. And so same analogy here. SolarWinds probably has learned more about this and its reputation took a huge hit. But if you had to compare, what SolarWinds has learned and applied, at the speed at which they've done it with maybe, some other software suppliers, you might find that they've actually done a better job. It's just, unfortunately, that something hit that we never saw before. To me it was Stuxnet, like we'd never seen anything like this before, and then boom, we've entered a whole new era. I'll give you the last word Kirsten. >> No just to agree with you. And I think, again, as an industry, it's pushed us all to think harder and more carefully about where do we need to improve? What tools do we need to build to help ourselves? Again, S-bombs have been around, for a good 10 years or so, but they are enjoying a resurgence of importance signing, image signing, manifest signing. That's been around for ages, but we haven't made it easy to integrate that into the supply chain, and that's work that's happening today. Similarly that attestation of a supply chain, of a pipeline that's happening. So I think as a industry, we've all recognized, that we need to step up, and there's a lot of creative energy going into improving in this space. >> Excellent Kirsten Newcomer, thanks so much for your perspectives. Excellent conversation. >> My pleasure, thanks so much. >> You're welcome. And you're watching theCUBE, the leader in tech coverage. (soft music)

(upbeat music) >> Hello everyone, my name is Dave Vellante, and we're digging into the many facets of the software supply chain and how to better manage digital risk. I'd like to introduce Kirsten Newcomer, who is the Director of Cloud and DevSecOps Strategy at Red Hat. Hello Kirsten, welcome. >> Hello Dave, great to be here with you today. >> Let's dive right in. What technologies and practices should we be thinking about that can help improve the security posture within the software supply chain? >> So I think the most important thing for folks to think about really is adopting DevSecOps. And while organizations talk about DevSecOps, and many folks have adopted DevOps, they tend to forget the security part of DevSecOps. And so for me, DevSecOps is both DevSec, how do I shift security left into my supply chain, and SecOps which is a better understood and more common piece of the puzzle, but then closing that loop between what issues are discovered in production and feeding that back to the development team to ensure that we're really addressing that supply chain. >> Yeah I heard a stat. I don't know what the source is, I don't know if it's true, but it probably is that around 50% of the organizations in North America, don't even have a SecOps team. Now of course that probably includes a lot of smaller organizations, but the SecOps team, they're not doing DevSecOps, but so what are organizations doing for supply chain security today? >> Yeah, I think the most common practice, that people have adopted is vulnerability scanning. And so they will do that as part of their development process. They might do it at one particular point, they might do it at more than one point. But one of the challenges that, we see first of all, is that, that's the only security gate that they've integrated into their supply chain, into their pipeline. So they may be scanning code that they get externally, they may be scanning their own code. But the second challenge is that the results take so much work to triage. This is static vulnerability scanning. You get information that is not in full context, because you don't know whether a vulnerability is truly exploitable, unless you know how exposed that particular part of the code is to the internet, for example, or to other aspects. And so it's just a real challenge for organizations, who are only looking at static vulnerability data, to figure out what the right steps to take are to manage those. And there's no way we're going to wind up with zero vulnerabilities, in the code that we're all working with today. Things just move too quickly. >> Is that idea of vulnerability scanning, is it almost like sampling where you may or may not find the weakest link? >> I would say that it's more comprehensive than that. The vulnerability scanners that are available, are generally pretty strong, but they are, again, if it's a static environment, a lot of them rely on NVD database, which typically it's going to give you the worst case scenario, and by nature can't account for things like, was the software that you're scanning built with controls, mitigations built in. It's just going to tell you, this is the package, and this is the known vulnerabilities associated with that package. It's not going to tell you whether there were compiler time flags, that may be mitigated that vulnerability. And so it's almost overwhelming for organizations, to prioritize that information, and really understand it in context. And so when I think about the closed loop feedback, you really want not just that static scan, but also analysis that takes into account, the configuration of the application, and the runtime environment and any mitigations that might be present there. >> I see, thank you for that. So, given that this digital risk and software supply chains are now front and center, we read about them all the time now, how do you think organizations are responding? What's the future of software supply chain going to look like? >> That's a great one. So I think organizations are scrambling. We've certainly at Red Hat, We've seen an increase in questions, about Red Hat's own supply chain security, and we've got lots of information that we can share and make available. But I think also we're starting to see, this strong increased interest, in security bill of materials. So I actually started working with, automation and standards around security bill of materials, a number of years ago. I participated in The Linux Foundation, SPDX project. There are other projects like CycloneDX. But I think all organizations are going to need to, those of us who deliver software, we're going to need to provide S-bombs and consumers of our software should be looking for S-bombs, to help them understand, to build transparency across the projects. And to facilitate that automation, you can leverage the data, in a software package list, to get a quick view of vulnerabilities. Again, you don't have that runtime context yet, but it saves you that step, perhaps of having to do the initial scanning. And then there are additional things that folks are looking at. Attested pipelines is going to be key, for building your custom software. As you pull the code in and your developers build their solutions, their applications, being able to vet the steps in your pipeline, and attest that nothing has happened in that pipeline, is really going to be key. >> So the software bill of materials is going to give you, a granular picture of your software, and then what the chain of, providence if you will or? >> Well, an S-bomb depending on the format, an S-bomb absolutely can provide a chain of providence. But another thing when we think about it, from the security angles, so there's the providence, where did this come from? Who provided it to me? But also with that bill of materials, that list of packages, you can leverage tooling, that will give you information about vulnerability information about those packages. At Red Hat we don't think that vulnerability info should be included in the S-bomb, because vulnerability data changes everyday. But, it saves you a step potentially. Then you don't necessarily have to be so concerned about doing the scan, you can pull data about known vulnerabilities for those packages without a scan. Similarly the attestation in the pipeline, that's about things like ensuring that, the code that you pull into your pipeline is signed. Signatures are in many ways of more important piece for defining providence and getting trust. >> Got it. So I was talking to Asiso the other day, and was asking her okay, what are your main challenges, kind of the standard analyst questions, if you will. She said look, I got great people, but I just don't have enough depth of talent, to handle, the challenges I'm always sort of playing catch up. That leads one to the conclusion, okay, automation is potentially an answer to address that problem, but the same time, people have said to me, sometimes we put too much faith in automation. some say okay, hey Kirsten help me square the circle. I want to automate because I lack the talent, but it's not, it's not sufficient. What are your thoughts on automation? >> So I think in the world we're in today, especially with cloud native applications, you can't manage without automation, because things are moving too quickly. So I think the way that you assess whether automation is meeting your goals becomes critical. And so looking for external guidance, such as the NIST's Secure Software Development Framework, that can help. But again, when we come back, I think, look for an opinionated position from the vendors, from the folks you're working with, from your advisors, on what are the appropriate set of gates. And we've talked about vulnerability scanning, but analyzing the configed data for your apps it's just as important. And so I think we have to work together as an industry, to figure out what are the key security gates, how do we audit the automation, so that I can validate that automation and be comfortable, that it is actually meeting the needs. But I don't see how we move forward without automation. >> Excellent. Thank you. We were forced into digital, without a lot of thought. Some folks, it's a spectrum, some organizations are better shape than others, but many had to just dive right in without a lot of strategy. And now people have sat back and said, okay, let's be more planful, more thoughtful. So as you, and then of course, you've got, the supply chain hacks, et cetera. How do you think the whole narrative and the strategy is going to change? How should it change the way in which we create, maintain, consume softwares as both organizations and individuals? >> Yeah. So again, I think there's going to be, and there's already, need request for more transparency, from software vendors. This is a place where S-bombs play a role, but there's also a lot of conversation out there about zero trust. So what does that mean in, you have to have a relationship with your vendor, that provides transparency, so that you can assess the level of trust. You also have to, in your organization, determine to your point earlier about people with skills and automation. How do you trust, but verify? This is not just with your vendor, but also with your internal supply chain. So trust and verify remains key. That's been a concept that's been around for a while. Cloud native doesn't change that, but it may change the tools that we use. And we may also decide what are our trust boundaries. Are they where are we comfortable trusting? Where do we think that zero trust is more applicable place, a more applicable frame to apply? But I do think back to the automation piece, and again, it is hard for everybody to keep up. I think we have to break down silos, we have to ensure that teams are talking across those silos, so that we can leverage each other's skills. And we need to think about managing everything as code. What I like about the everything is code including security, is it does create auditability in new ways. If you're managing your infrastructure, and get Ops like approach your security policies, with a get Ops like approach, it provides visibility and auditability, and it enables your dev team to participate in new ways. >> So when you're talking about zero trust I think, okay, I can't trust users, I got to trust the verified users, machines, employees, my software, my partners. >> Yap >> Every possible connection point. >> Absolutely. And this is where both attestation and identity become key. So being able to, I mean, the SolarWinds team has done a really interesting set of things with their supply chain, after they were, in response to the hack they were dealing with. They're now using Tekton CD chains, to ensure that they have, attested every step in their supply chain process, and that they can replicate that with automation. So they're doing a combination of, yep. We've got humans who need to interact with the chain, and then we can validate every step in that chain. And then workload identity, is a key thing for us to think about too. So how do we assert identity for the workloads that are being deployed to the cloud and verify whether that's with SPIFFE SPIRE, or related projects verify, that the workload is the one that we meant to deploy and also runtime behavioral analysis. I know we've been talking about supply chain, but again, I think we have to do this closed loop. You can't just think about shifting security left. And I know you mentioned earlier, a lot of teams don't have SecOps, but there are solutions available, that help assess the behavior and runtime, and that information can be fed back to the app dev team, to help them adjust and verify and validate. Where do I need to tighten my security? >> Am glad you brought up the SolarWinds to Kirsten what they're doing. And as I remember after 911, everyone was afraid to fly, but it was probably the safest time in history to fly. And so same analogy here. SolarWinds probably has learned more about this and its reputation took a huge hit. But if you had to compare, what SolarWinds has learned and applied, at the speed at which they've done it with maybe, some other software suppliers, you might find that they've actually done a better job. It's just, unfortunately, that something hit that we never saw before. To me it was Stuxnet, like we'd never seen anything like this before, and then boom, we've entered a whole new era. I'll give you the last word Kirsten. >> No just to agree with you. And I think, again, as an industry, it's pushed us all to think harder and more carefully about where do we need to improve? What tools do we need to build to help ourselves? Again, S-bombs have been around, for a good 10 years or so, but they are enjoying a resurgence of importance signing, image signing, manifest signing. That's been around for ages, but we haven't made it easy to integrate that into the supply chain, and that's work that's happening today. Similarly that attestation of a supply chain, of a pipeline that's happening. So I think as a industry, we've all recognized, that we need to step up, and there's a lot of creative energy going into improving in this space. >> Excellent Kirsten Newcomer, thanks so much for your perspectives. Excellent conversation. >> My pleasure, thanks so much. >> You're welcome. And you're watching theCUBE, the leader in tech coverage. (soft music)

(upbeat music) >> Welcome back to Las Vegas everybody. You're watching theCUBE coverage of AWS reinvent 2021. I tell you this place is packed. It's quite amazing here, over 20,000 people, I'd say it's closer to 25, maybe 27,000, and it's whole overflow, lots going on in the evenings. It's quite remarkable and we're really happy to be part of this. Jay Turner is here, he's the Vice President of Development and Operations, at PCCW Global. He's joined by Garrett Lowell, Vice President of Ecosystem Partnerships for the Americas at PCCW Global. Guys, welcome to theCUBE. Thanks for coming on. >> Thank you. >> Thank you so much. Jay, maybe you could take us through, for those people who aren't familiar with your company, what do you guys do, what are you all about? >> PCCW Global is the international operating wing of Hong Kong telecom. If it's outside of Hong Kong, it's our network. We've got about 695,000 kilometers of diverse cable, we've got about 43, 44 terabit of capacity came into business in 2005, if my brain is serving me correctly right now. We have a very diverse and vast portfolio ranging all the way from satellite teleports, all the way to IP transit. We're a Tier 1 service provider from that perspective as well. We do one of everything when it comes to networking and that's really, what was the basis of Console Connect, was inventing a platform to really enable our users to capitalize on our network and our assets. >> Okay. 2005, obviously you predated Cloud, you laid a bunch of fibers struck it in the ocean, I mean, global networks. There was a big trend to do that you had to think, you had to go bigger, go home in that business, (laughing) all right. Console Connect is your platform, is that right? >> Jay: Yes. >> So explain- >> Yeah, sorry, Console Connect is a software defined interconnection platform. We built a user self-service portal. Users can allocate ports, they get the LOAs issued to them directly from the platform. And then once they've got an active port or they've come in via one of our partnerships, they can then provision connectivity across our platform. That may be extending to their data centers or extending to their branch office, or it could be building a circuit into the Cloud via direct connect, could be building a circuit into an internet exchange. All of those circuits are going to be across that 685,000 kilometers of diverse fiber rather than going across the public internet. >> When you started, it took some time obviously to build out that infrastructure and then the Cloud came into play, but it was still early days, but it sounds like you're taking the AWS Cloud model and applying that to your business, eliminate all that undifferentiated heavy lifting, if you will, like the visioning in management. >> Yeah, we've heard many people, and that's kind of the impetus of this was, I want to be directly connected to my end point. And how do I do that? AWS, yes, they had direct connect, but figuring out how to do that as an enterprise was challenging. So we said, hey, we'll automate that for you. Just tell us what region you want to connect to. And we'll do all the heavy lifting and we'll just hand you back a villain tag. You're good to go. So it's a classic case, okay. AWS has direct connect. People will go, oh, that's directly competitive, but it's now you're adding value on top of that. Right? >> Yeah. >> Describe where you fit, Garrett, inside of the AWS ecosystem. You look around this hall and it's just a huge growing ecosystem, where you fit inside of that ecosystem and then your ecosystem. What's that like? >> Where we fit into the AWS ecosystem, as Jay alluded to, we're adding value to our partners and customers where they can come in, not only are they able to access the AWS platform as well as other Cloud platforms, but they're also able to access each other. We have a marketplace in our platform, which allows our customers and partners to put a description of their services on the marketplace and advertise their capabilities out to the rest of the ecosystem of PCCW Global and Console Connect. >> And you're doing that inside of AWS, is that right or at least in part? >> No, that's not inside of AWS. >> So your platform is your platform. >> Yes. >> Your relationship with AWS is to superpower direct connect. Is that right or? >> So we're directly connected to AWS throughout the globe. And this allows our customers and partners to be able to utilize not only the PCCW global network, but also to expand that capability to the AWS platform in Cloud. >> So wherever there's a Cloud, you plug into it, okay? >> Garrett: That's correct. >> Jay: Yeah. And then another advantage, the customer, obviously doesn't have to be directly co-located with AWS. They don't have to be in the same geographical region. If for some reason you need to be connected to U.S. west, but you're in Frankfurt, fine, we'll back all the traffic for you. >> Dave: Does that happen a lot? >> It actually does. >> How come? What's the use case there. >> Global diversity is certainly one of them just being able to have multiple footprints. But the other thing that we're seeing more of late is these Cloud-based companies are beginning to be attracted to where their customers are located. So they'll start seeing these packets of views and they'll go, well, we're going to go into that region as well, stand up a VPC there. We want our customers then being able to directly connect to that asset that's closest to them. And then still be able to back call that traffic if necessary or take it wherever. >> What's the big macro trends in your business? Broadly you see cost per bit coming down, you see data consumption and usage going through the roof. How does that affect you? What are some of the big trends that you see? >> I think one of the biggest ones and one that we targeted with Console Connect, we were hearing a lot of customers going, the world's changing so dynamically. We don't know how to do a one-year forecast of bandwidth, much less a three-year, which is what a lot of contracts are asking us for. So we said, hey, how about one day? Can you do one day? (Dave laughs) Because that's what our granularity is. We allow for anything from one day up to three years right now, and then even within that term, we're dynamic. If something happens, if suddenly some product goes through the roof and you've suddenly got a spike in traffic, if a ship drags its anchor through a sub sea cable, and suddenly you're having to pivot, you just come into the platform, you click a couple of buttons, 20 seconds later, we've modified your bandwidth for you or we've provisioned a new circuit for you, we've got your backup going, whatever. Really at the end of the day, it's the customer paying for their network, so the customer should be the one making those decisions. >> How's that affect pricing? I presume or so, I can have one day to a three-year term, for example if I commit to three years, I get a better deal. Is that right, or? >> You do, but at the end of the day, it's actually pretty much a moderate, a better deal. We don't want to force the hand of the customer. If you signed a 12 month contract with us, we're going to give you a 3% discount. >> So it's not really, that's not a motivation to do it. It's just (indistinct) reduce the transaction complexity. And that's why you will sign up for a longer term not to get the big discount. >> Correct. And then, like I said, even within a longer contract, we're still going to allow you to flex and flow and modify if you need to, because it's your network. >> What kind of constraints do you put on that? Do I have to commit to a flow? And then everything above that is, I can flex up. Is that how it works? >> Yeah. >> Okay. And then, the more I commit to, the better the deal is, or not necessarily? >> No, it's pretty much flat rate. >> Okay, I'm going to commit and I'm going to say, all right, I know I'm going to use X, or sign up for that and anything over it, you're pretty flexible, I might get a few points if I sign up for more, somebody might want to optimize that if they're big enough. >> And another really neat advantage, the other complaint we heard from customers, they go, I need three different direct connect, I need to be connected to three different parties, but I don't want to run three different cross-connects and I don't want to have three different ports. That's just an expense and I don't want. And we, fine, take your one gig port run one gig of services on it. If that's 20 different services, we're fine. We allow you to multiplex your port and provision as- >> So awesome. I love that model. I know some software companies who I would recommend to take a look at that pricing model. So Garrett, how do you segment the ecosystem? How do you look at that? Maybe you could draw and paint a picture of the idea of partners and what they look like. I know there's not just one category, but, >> Sure. Our ideal partners are internet exchangers, Cloud partners and SAS providers, because a big piece of our business is migration to the Cloud, and the flexibility of our platform allows and encourages our SAS providers and SI partners to perform migration to the Cloud much easier in a flexible format for their customers. >> What can you tell us, any kind of metrics you can give us around your business to give a sense of the scope, the scale? >> Well, of our business, (Dave laughs) one of the driving factors here, Gardner says that about 2023, I think, 40% of the enterprise workloads will be deployed in the Cloud, which is all fine and dandy, except in my head, you're just trading one set of complexities for another. Instead of having everything in a glass house and being able to understand that, now you're going, it's in the Cloud, now I need to manage my connectivity there. wait a minute, are my security policies still the same? Do they apply if I'm going across the public internet? What exposure have I just bought into myself to try to run this? The platform really aims at normalizing that as much as possible. If you're directly connected to AWS, at the end of the day, that's a really long ethernet cable. So your a glass house just got a lot bigger, but you're still able to maintain and use the exact same policies and procedures that you've been using. That's really one of our guiding principles, is to reduce that complexity and make it very simple for the user. >> I understand that, cause in the early days of Cloud, a lot of enterprises, the CIOs, they were concerned about security, then I think they realized, ah, AWS has pretty good security. CIA is using it. But still people would say to me, it's not that it's best security, it's just different. You know, we move slow, Dave. How do you accommodate, there's that diversity, I mean, AWS is obviously matured, but are you suggesting that you can take my security edicts in my glass house and bring those into your networks and ultimately into the Cloud? Is that how it works? >> That's the goal. It's not going to be a panacea more than likely, but the more edicts that we can allow you to bring across and not have to go back and revamp and, the better for you as a customer and the better really for us, because it normalizes things, it makes it much easier for us to accommodate more and more users. >> And is it such now in the eco, is all the diversity in the ecosystem, is it such that there's enough common patterns you guys can accommodate most of those use cases? >> Yeah, absolutely. One of the key components is the fact that the platform runs on our MPLS network, which is inherently secure. It's not on the public internet anywhere. We do have internet on demand capability. So in the event that a customer wants access to the internet, no problem. We can accommodate this. And we also have 5G capability built into the platform to allow flexibility of location and flexibility of, I would say, standing up new customer locations. And then the other component of the security is the fact that the customers can bring their own security and apply anywhere. We're not blocking, we don't have any port filters or anything of this nature. >> If would think 5G actually, I could see people arguing both sides, but my sense is 5G is going to be a huge driver for your business cause it's going to just create so much more demand for your services, I think. I can see somebody arguing the counter about it. What's your point of view on that? >> No, I think that's a fair assessment. I think it's going to drive business for everyone here on the show floor and it's pushing those workloads more toward the edge, which is not an area that people were typically concerned with. The edge was just the door that they walked through. That's becoming much different now. We're also going to start seeing, and we're already seeing it, huge trends of moving that data at the edge rather than bringing it all the way back to a central warehouse and help ending it. The ability to have a dynamic platform where you can see exactly what your network's doing and in the push of a button, modify that, or provision new connectivity in response to how your business is performing. >> Yeah, ultimately it's all about the applications that are going to be driving demand for more data. That's just a tailwind for you guys. >> Yeah. You look at, some of the car companies are coming on, Tesla, you're drive around with like eight CPUs and I think communicating back over the air. >> Dave: Yeah, right. >> You start scaling that and you start getting into some some real bottlenecks. >> Amazing business you guys having obviously capital intensive, but once you get in there, you got a big moat. That is a matter of getting on a flywheel and innovating. Guys, congratulations on all the progress and so much for coming on theCUBE. >> Thanks for the time. >> Thank you very much. >> Great to meet you guys. Good luck. All right, thank you for watching. This is Dave Vellante for theCUBE, the leader in High-Tech Coverage. We'll be right back. (upbeat music)

>>From the Bellagio hotel in Las Vegas, it's the cube covering UI path forward for brought to you by >>Welcome to the cubes coverage of UI path forward for live from Las Vegas. We're here at the Bellagio. Lisa Martin, with Dave a long time, very excited to have in-person events back ish. I'll say we're going to be talking about automation as a boardroom imperative. We have two guests joining us here, James Matras here consulting principal. America's intelligent automation leader at UI and Irv. Dennis retired EA partner, and former CFO of HUD gentlemen. Welcome to the program. Exciting topic automation as a boardroom imperative, James says COO and start with you. How do you discuss the value of automation as being a key component and driver of transformation? >>That's a great question. I think what we've seen in the last couple of years is the evolution of what automation used to be. Two is going nine. And we've seen the shift from what we call generation one, which is very RPA centric type automation to more generation two, which is the combined integration of multiple technologies. It can target an intern process and it's quite important that you understand the pivotal shift because it's not enabling us to move from a task micro top agenda to a macro agenda actually impacts an organization at a strategic level. The ability to be able to look at processes more deeply to automate them in an end to end process collectively and use these different technologies in a synergistic manner truly becomes powerful because it shifts the narrative from a micro process agenda into more systemic area. >>So gen zero is an Emmanuel gen one is RPA point tools that individual maybe getting their personal productivity out. And then now you're saying gen three is across the enterprise. Where are we in terms of, you know, take your experience from your practical experience? Where do you think the world is? It's like probably between zero and one still. Right. But the advanced folks of thinking about gen three, w what's your, >>Yeah, it's a great question. And, um, when you and I, I can do the comparison being private and public sector on this because I was 37 years with E Y then went into retirement and CFL at HUD CFO. Ed was, was a HUD was nowhere. They had to just do all the intelligence digitalization, um, throughout, uh, from scratch. The private sector is probably five or six years ahead of them. But when you think about James talks about the gen one, two and three, the private sector is probably somewhere between two and three. And I know we're talking about the board in this conversation. Um, boards probably have one and two on their radar. Some boards may have three, some may not, but that's where the real strategic focus for boards needs to be is looking forward and, and getting ahead. But I think from a public sector standpoint, lot to go private sector, more to go as well. But, uh, there's a, there's a bit of a gap, but the public sector is probably only about three or four years behind the private sector >>To be okay. Let's look at the numbers, look at, look at the progress for the quarter. And now it's like discussion on cyber discussion on digital discussion on automated issue. It really changed the narrative over the last decade. >>Yeah, I think when you think of boards today, the lots of conversation on cyber that that conversation has been around for a while. A lot of conversation on ESG today, that conversation is getting, getting very popular. But I think when you think of next three, a Jen talks that bear James talks about, um, that's got to start elevating itself if it's not within the boardroom right now, because that will be the future of the company. And the way I think of it from a board's conversation is if a company doesn't think of themselves as a technology company in all aspects, no matter what you do, you are a technology company or you need to be. And if you're not thinking along that way, you're gonna, you're gonna lose market share and you're going to start falling behind your competitors. >>Well, and how much acceleration did the pandemic bring to just that organizations that weren't digital forward last year are probably gone? >>I think it certainly has shifted quite a lot. There's been a drive, the relevance of technology and hard plays for us in the modern workforce in the modern workplace has fundamentally changed the pandemic. We reimagine how we do things. Technology has progressed in itself significantly, and that made a big difference for, for all the environments as a result of that. So certainly is one of the byproducts of the pandemic has been certainly a good thing for everybody. >>Where does automation fit in the board? Virginia? You've got compensation committee. You've probably, I mean, there's somebody in charge of cyber. You got ESG now there's automation part of a broader digital agenda. Where's what's the right word. >>You know, I, I would personally put it in a enterprise risk management from a standpoint that if you're not focused on it, it's going to be a risk to the enterprise. And, um, when you think of automation and intelligent automation and RPA, uh, I think boards have a pretty good sense of how you interface with your customers and your vendors. I think a big push ought to be looking internally at your own infrastructure. You know, what are you, what are you doing in the HR space? What are you doing in a financial statement, close process? What are you doing your procurement process? I suspect there's still a lot of very routine transactions and processing within those, that infrastructure that if you just apply some RPA artificial intelligence, that data extraction techniques, you can probably eliminate a lot of man hours from the routine stuff. And, and the many man hours is probably not the right way to think of it. You could elevate people's work from being pushing numbers around to being data analyzers. And that's where the excitement is for people to see. >>It's not how it's viewed at organizations. We're not eliminating hours. Well focusing folks on much more strategic down at a test. >>Yes. I would say that that's exactly right now in the private sector, you're always going to have the efficiency play and profitability. So there will be an element of that. I know when at HUD we're, we're focused, we were not focused on eliminating hours because we needed people and we focused on creating efficiencies within the space and having people convert from, again, being Trent routine transactions, to being data analyzers and made the jobs, I'm sure. Fund for them as well. I mean, this is a lot of fun stuff. And, and if, uh, uh, companies need to be pushing this down through their entire infrastructure, not just dealing with our customers and the third parties that they deal with >>Catalyst or have been public sector. So you mentioned they may be five or six years behind, but I've seen certain public sector organizations really lean in, they learn from, from the private sector. And then even when you think about some of the military, how advanced they are absolutely. You know, the private could learn from them and if they could open it up. But >>So, yeah, I think that's, that's well said I was in this, you know, the that's the civilian part with, with the housing and urban development. I think the catalyst is, uh, bringing the expertise in, uh, I know when I, when I came, I went to HUD to elevate their financial infrastructure. It was, it was probably the worst of the cabinet agency. The financials were a mess. There was no, there was a, uh, there was not a clean audit opinion for eight years. And I was there to fix that and we fixed it through digitalization and digital transformation, as well as a financial transformation. The catalyst is just creating the education, letting people know what is, what, what technology can do. You don't have to be a programmer, but it's like driving a car. Anybody can drive a car, but we can't mechanic, you know, work as a mechanic on it. >>So I think it's creating education, letting people know what it can do. And at HUD, for example, we did a very simple, I was telling James earlier, we did a very simple RPA project on an, an, a financial statement, close process. It was 2,600 hours, six months. Once we implemented the RPA, brought that down to 70 hours, two weeks, people's eyes exploded with it. And then all of a sudden, I said, I want everyone to go back and come back with, with any manual process, any routine process that can convert to an RPA. And I got a list of a hundred, then it came then became trying to slow everything down. We're not going to do it overnight. Yeah, exactly. >>So, but it was self-funding. It was >>Self-funded. Yes. >>And, and how do you take that message to customers that it could be self-funding how how's that resonating >>Very well. And I think it was important. I always like to say, it's a point of differentiation because you look at, uh, mentioned earlier that organizations are basically technology companies. That's what they are. But now if you look across that we no longer compete at the ERP level without got SAP, Oracle, it's not a point of differentiation. We don't compete the application layer where they've got service. Now, black line, how we use them is helpful. We competed the digital layer and with automation is a major component of that. That's where your differentiation takes place. Now, if you have a point of differentiation, that is self-funding, it fundamentally changes the game. And that's why it's so important for boards to understand this, because that risk management, if you've not doing it, somebody is getting ahead of the game much faster than you are. >>Yeah. Yeah. You mentioned ERP and it, and it triggered something in my mind. Cause I, I said this 10 years ago about data. If in the nineties, you, you couldn't have picked SAP necessarily as the winner of ERP. But if you could have picked the companies that were using ERP could have made a lot of money in the stock market because they outperform their peers. And the same thing was true with data. And I think the same thing is going to be true with automation in the coming decade. >>Couldn't agree more. And I think that's exactly the point that differential acceleration happening this. And it's harder because of the Europeans. Once you knew what it was, you can put the boundaries on it. Digital, the options are infinite. It's just continuous progress as are from there. >>I've got a question for you. You talked about some great stats about how dramatically faster things were took far less time. How does that help from an adoption perspective? I know how much cultural change is very difficult for folks in any organization, but that sort of self-serving how does that help fuel adoption? >>Well, it's interesting. Um, it's, it is a, we're actually going to talk about this tomorrow. It is a framework and it's got to start at the leadership has got to start with governance. It's got to start with a detailed plan. That's executable. And it's got to start with getting buy-in from not only your, the, the organization, but the people you're dealing with outside the organization. Um, it's, it's, uh, I think that's absolutely critical. And when you bring this back to the boardroom, they are the leaders of the companies. And, and I, James, I talked about this as we're getting ready for tomorrow's session. I think the number one thing a board can do today is an own personal self assessment. Do they understand automation? Do they understand what next generation three is? Do they understand what the different components can do? And do they understand how the companies are implementing it? And if I was a board member, uh, on our boards, I say, we need to understand that or else this is nothing's going to happen. We're going to be here at the reliance of the CEO and the CFO strategy, which may or may not include or be thinking about this next three. So leadership at the top is going to drive this. And it's so critical. >>We were talking about catalyst before. And you mentioned education and expertise. I'm always curious as to what drew you to public sector because it's, yeah, I mean, very successful, you know, you're, you're with one of the global SIS directly, you can make a lot more money and that side. So what was it did, was it a desire to it's a great country? Was it >>Take one for the team and I'm going to do a selfish plug here. I just actually wrote a book in this whole thing called transforming a federal agency. What's the name of the book transforming and federal agency. And it's, uh, I spent my time at E Y for 37 years, fully retired. I wanted to give back and do meaningful work. And we lived in Columbus, Ohio, as I was talking about earlier, I was going to go teach and I got a call from the president's personnel office to see if I wanted to come. And these, the CFO at HUD with secretary Carson and change turn the agency around, uh, that took me a little while to say yes, because I wasn't sure I wanted something full time. It was a, it was in DC. So I'd be in a commuting role back and forth. My family's in Columbus. >>Um, but it was, uh, I did it and I loved it. It was, uh, I would pray, I would ask anyone that's has the ability to go into public service at any point in their career to do it. It's it was very rewarding. It was one of my favorite three years of life. And to your point, I didn't have to do it, but, uh, if I wanted to do something and give back and that met the criteria and we were very successful in turning it around with the digital transformation and a lot of stuff that we're talking about today gave me the ability to talk about it because I helped lead it >>For sharing that and did it. So did it start with the CFO's office? Because the first time I ever even heard about our RPO RPA was at a CFO conference and I started talking to him like, oh, this is going to be game changing. Is that where it started? Is that where it lands today? >>From an infrastructure standpoint, the CFO has the wonderful ability to see most processes within a company and its entire lifestyle from beginning to end. So CFO has that visibility to understand where efficiencies can happen in the process. And so the CFO plays a dramatically important role in this. And you think about a CFO's role today versus 20 years ago, it's no longer this, the bean counter rolling up numbers that become a business advisors to the board, to the CEO and to the executive suite. Um, so the CFO, I think has probably the best visibility of all the processes on a global basis. And they can see where the, the efficiencies and the implementation of automation can happen. >>So they can be catalysts and really fueling the actual >>Redesign of work. Yes, they, they, they probably need to be the catalyst. And as a board member, you want to be asking what is the CFO's strategic imperative for the next year? And if it doesn't include this, it's just got to get on the agenda. >>Well, curve ball here is his CFO question and you know, three years or two years ago, you wouldn't have even thought, I mean, let me set it up better. One of the industries that is highly automated is crypto. Yeah. You wouldn't even thought about crypto in your balance sheet a couple of years ago, but I'm not sure it's a widespread board level discussion, but as a CFO, what do you make of the trend to put Bitcoin on balance sheets? >>Yeah, I'm probably not the right person to ask because I'm a conservative guy. >>If somebody supported me and he said, Hey, why don't we put crypto on the balance sheet? >>I would get much more educated. I wouldn't shut it down. I would put it into, let's get more educated. Let's get the experts in here. Let's understand what's really happening with it. Let's understand what the risks are, what the rewards are. And can we absorb any sort of risk or reward with it? And when you say put it on the balance sheet, you can put it on in a small way to test it out. I wouldn't put the whole, I wouldn't make the whole balance sheet for Dell on day one. So that's why I would think about it. Just tell, tell me more, get me educated. How did you think about it? How can it help our business? How can I help our shareholders? How does it grow the bottom line? And then, then you start making decisions. >>Cause CFOs, let me find nature often conservative and most CFOs that I talked to just say no way, not a chance, but you're, maybe you're not as conservative as you think. Well, >>No, but I will never say go away on anything. I mean, cause I want to learn. I want to know. I mean, um, if you like all this stuff, that's new, it's easy to say go away, right? Yeah. But all of a sudden, three years later, the go away, all your competitors are doing it at a competitive advantage. So never say go away, get yourself educated before you jump into it. >>That's good advice. Yeah. In any walk of life question for you, or have you talked about the education aspect there? I'm curious from a risk mitigation perspective, especially given the last 18, 19 months, so tumultuous, so scary for all those organizations that were very digital, they're either gone or they accelerated very quickly. How much of an education do you have to provide certain industries? And are you seeing certain industries? I think healthcare manufacturing, financial services as being leaders in the uptake? >>Well, I think the financial service industries, for sure, they, they, they get this and then they need to, uh, cause they, you know, they're, they're a transaction and based, uh, industry. Uh, so they get it completely. Um, you know, I think maybe some manufacturing distribution, some of the old line businesses are, you know, they may not be thinking of this as progressively as they should. Um, but they'll get there. They're going to have to get there eventually. Um, you know, when you think about the education, my, I thought you were gonna ask a question about the education of the workforce. And I think as a board member, I would be really focused on, uh, how am I educating my workforce of the future? And do I have the workforce of the future today? Do I have to educate them to have to bring in hiring for it? Do I have to bring third-party service providers to get us there? So as a board member really focus on, do I have the right workforce to get us to this next stage? And if not, what do I need to do to get there? Because >>We'll allocate a percentage of their budgets to training and education. And the question is where do they put it >>In? Is it the right training and education, right? >>Where do they focus though? Right now we hear you iPad talking about they're a horizontal play, but James, when you and Lisa, we were asking about industry, when you go to market, are you, are you more focused on verticals? Are you thinking, >>No, it's on two things. So which often find is regardless of the sector with some nuanced variation, the back office functions are regionally the procure to pay process as the same fundamentals, regardless of the sector where the differentiation comes in at a sector of service is when you start going to the middle of the front office, I mean a mining has only one customer. They sold their product to image the retailer has an endless number of them. So when you get to the middle and front office and really start engaging with a customer and external vendors, then a differentiation is very unique and you'd have a lot of sort of customers having sector specific nuances and variations in how you use the platform. And that's where the shift now is happening as well is the back office functions that are largely driven by the CFO. If now getting good, robust value out of it, there's pivot to make it a differentiator in the market, comes in the front and middle office. And that's where we starting to say, sector specific genres solutions, nuances really come to the fall >>Deep industry expertise. Do you think digital at all changes that the reason I ask it because I see Amazon as a retail and then they're in cloud and they're in grocery other in content Apple's in, in financial services and you're seeing these internet giants with a dual agenda, they're disrupting horizontal technology and then there's disruptive industries. And my premise is it's because of data and digital. Do you ever see that industry specialization changing that value chain >>Without a doubt? And I think it's happens initially. It starts off. When people have started looking at the process, they realize there's such key dependencies on the upstream and downstream components of the value chain that they want to control it. So they actually start bridging out of what the core practices or the core business to own a broader agenda. And with digital, you can do it. You can actively interact more systemically that installs triggering, well, maybe I have a different product offering. Maybe I can own this. Could I monetize the information I had at my disposal today in a completely new line. And that really what gets truly innovative and starts creating a revenue increase as opposed as the cost saving. And that's what they're really going after. It's how do I, >>The vertical integration is not new. The plenty of ended up Koch industries, Tyson foods, but now it's digital. So presumably you can do it faster with greater greater scale >>Without a doubt. And you don't have to move your big ERP and things like that. Cause that's the only way it takes five years to move my technology backbone with digital. I can do the interaction tomorrow and we can build up enough to be able to sustain that in the short term. >>Right. And speaking of speed, unfortunately, guys, we are out of time, but thank you. Fantastic conversation automation as a board imperative guys, that's been great James or >>Thank you for your time. Thank you so much >>For Dave a long day. I'm Lisa Martin. You're watching the queue. We are live in Las Vegas at the Bellagio at UI path forward for stick around Dave and I will be right back. Okay.

>>Welcome back to the cubes coverage of AWS public sector summit live in Washington D. C. A face to face event were on the ground here is to keep coverage. I'm john Kerry, your hosts got two great guests. Both cuba alumni Shannon Kellogg VP of public policy for the Americas and john would ceo tell us congratulations on some announcement on stage and congressional john being a public company. Last time I saw you in person, you are private. Now your I. P. O. Congratulations >>totally virtually didn't meet one investor, lawyer, accountant or banker in person. It's all done over zoom. What's amazing. >>We'll go back to that and a great great to see you had great props here earlier. You guys got some good stuff going on in the policy side, a core max on stage talking about this Virginia deal. Give us the update. >>Yeah. Hey thanks john, it's great to be back. I always like to be on the cube. Uh, so we made an announcement today regarding our economic impact study, uh, for the commonwealth of Virginia. And this is around the amazon web services business and our presence in Virginia or a WS as we all, uh, call, uh, amazon web services. And um, basically the data that we released today shows over the last decade the magnitude of investment that we're making and I think reflects just the overall investments that are going into Virginia in the data center industry of which john and I have been very involved with over the years. But the numbers are quite um, uh, >>just clever. This is not part of the whole H. 20. H. Q. Or whatever they call HQ >>To HQ two. It's so Virginia Amazon is investing uh in Virginia as part of our HQ two initiative. And so Arlington Virginia will be the second headquarters in the U. S. In addition to that, AWS has been in Virginia for now many years, investing in both data center infrastructure and also other corporate facilities where we house AWS employees uh in other parts of Virginia, particularly out in what's known as the dullest technology corridor. But our data centers are actually spread throughout three counties in Fairfax County, Loudoun County in Prince William County. >>So this is the maxim now. So it wasn't anything any kind of course this is Virginia impact. What was, what did he what did he announce? What did he say? >>Yeah. So there were a few things that we highlighted in this economic impact study. One is that over the last decade, if you can believe it, we've invested $35 billion 2020 alone. The AWS investment in construction and these data centers. uh it was actually $1.3 billion 2020. And this has created over 13,500 jobs in the Commonwealth of Virginia. So it's a really great story of investment and job creation and many people don't know John in this Sort of came through in your question too about HQ two, But aws itself has over 8000 employees in Virginia today. Uh, and so we've had this very significant presence for a number of years now in Virginia over the last, you know, 15 years has become really the cloud capital of the country, if not the world. Uh, and you see all this data center infrastructure that's going in there, >>John What's your take on this? You've been very active in the county there. Um, you've been a legend in the area and tech, you've seen this many years, you've been doing so I think the longest running company doing cyber my 31st year, 31st year. So you've been on the ground. What does this all mean to you? >>Well, you know, it goes way back to, it was roughly 2005 when I served on the Economic Development Commission, Loudon County as the chairman. And at the time we were the fastest-growing county in America in Loudon County. But our residential real property taxes were going up stratospherically because when you look at it, every dollar real property tax that came into residential, we lose $2 because we had to fund schools and police and fire departments and so forth. And we realized for every dollar of commercial real property tax that came in, We made $97 in profit, but only 13% of the money that was coming into the county was coming in commercially. So a small group got together from within the county to try and figure out what were the assets that we had to offer to companies like Amazon and we realized we had a lot of land, we had water and then we had, you know this enormous amount of dark fiber, unused fibre optic. And so basically the county made it appealing to companies like amazon to come out to Loudon County and other places in northern Virginia and the rest is history. If you look today, we're Loudon County is Loudon County generates a couple $100 million surplus every year. It's real property taxes have come down in in real dollars and the percentage of revenue that comes from commercials like 33 34%. That's really largely driven by the data center ecosystem that my friend over here Shannon was talking. So >>the formula basically is look at the assets resources available that may align with the kind of commercial entities that good. How's their domicile there >>that could benefit. >>So what about power? Because the data centers need power, fiber fiber is great. The main, the main >>power you can build power but the main point is is water for cooling. So I think I think we had an abundance of water which allowed us to build power sources and allowed companies like amazon to build their own power sources. So I think it was really a sort of a uh uh better what do they say? Better lucky than good. So we had a bunch of assets come together that helps. Made us, made us pretty lucky as a, as a region. >>Thanks area too. >>It is nice and >>john, it's really interesting because the vision that john Wood and several of his colleagues had on that economic development board has truly come through and it was reaffirmed in the numbers that we released this week. Um, aws paid $220 million 2020 alone for our data centers in those three counties, including loud >>so amazon's contribution to >>The county. $220 million 2020 alone. And that actually makes up 20% of overall property tax revenues in these counties in 2020. So, you know, the vision that they had 15 years ago, 15, 16 years ago has really come true today. And that's just reaffirmed in these numbers. >>I mean, he's for the amazon. So I'll ask you the question. I mean, there's a lot of like for misinformation going around around corporate reputation. This is clearly an example of the corporation contributing to the, to the society. >>No, no doubt. And you think >>About it like that's some good numbers, 20 million, 30 >>$5 million dollar capital investment. You know, 10, it's, what is it? 8000 9000 >>Jobs. jobs, a W. S. jobs in the Commonwealth alone. >>And then you look at the economic impact on each of those counties financially. It really benefits everybody at the end of the day. >>It's good infrastructure across the board. How do you replicate that? Not everyone's an amazon though. So how do you take the formula? What's your take on best practice? How does this rollout? And that's the amazon will continue to grow, but that, you know, this one company, is there a lesson here for the rest of us? >>I think I think all the data center companies in the cloud companies out there see value in this region. That's why so much of the internet traffic comes through northern Virginia. I mean it's I've heard 70%, I've heard much higher than that too. So I think everybody realizes this is a strategic asset at a national level. But I think the main point to bring out is that every state across America should be thinking about investments from companies like amazon. There are, there are really significant benefits that helps the entire community. So it helps build schools, police departments, fire departments, etcetera, >>jobs opportunities. What's the what's the vision though? Beyond data center gets solar sustainability. >>We do. We have actually a number of renewable energy projects, which I want to talk about. But just one other quick on the data center industry. So I also serve on the data center coalition which is a national organization of data center and cloud providers. And we look at uh states all over this country were very active in multiple states and we work with governors and state governments as they put together different frameworks and policies to incent investment in their states and Virginia is doing it right. Virginia has historically been very forward looking, very forward thinking and how they're trying to attract these data center investments. They have the right uh tax incentives in place. Um and then you know, back to your point about renewable energy over the last several years, Virginia is also really made some statutory changes and other policy changes to drive forward renewable energy in Virginia. Six years ago this week, john I was in a coma at county in Virginia, which is the eastern shore. It's a very rural area where we helped build our first solar farm amazon solar farm in Virginia in 2015 is when we made this announcement with the governor six years ago this week, it was 88 megawatts, which basically at the time quadruple the virginias solar output in one project. So since that first project we at Amazon have gone from building that one facility, quadrupling at the time, the solar output in Virginia to now we're by the end of 2023 going to be 1430 MW of solar power in Virginia with 15 projects which is the equivalent of enough power to actually Enough electricity to power 225,000 households, which is the equivalent of Prince William county Virginia. So just to give you the scale of what we're doing here in Virginia on renewable energy. >>So to me, I mean this comes down to not to put my opinion out there because I never hold back on the cube. It's a posture, we >>count on that. It's a >>posture issue of how people approach business. I mean it's the two schools of thought on the extreme true business. The government pays for everything or business friendly. So this is called, this is a modern story about friendly business kind of collaborative posture. >>Yeah, it's putting money to very specific use which has a very specific return in this case. It's for everybody that lives in the northern Virginia region benefits everybody. >>And these policies have not just attracted companies like amazon and data center building builders and renewable energy investments. These policies are also leading to rapid growth in the cybersecurity industry in Virginia as well. You know john founded his company decades ago and you have all of these cybersecurity companies now located in Virginia. Many of them are partners like >>that. I know john and I both have contributed heavily to a lot of the systems in place in America here. So congratulations on that. But I got to ask you guys, well I got you for the last minute or two cybersecurity has become the big issue. I mean there's a lot of these policies all over the place. But cyber is super critical right now. I mean, where's the red line Shannon? Where's you know, things are happening? You guys bring security to the table, businesses are out there fending for themselves. There's no militia. Where's the, where's the, where's the support for the commercial businesses. People are nervous >>so you want to try it? >>Well, I'm happy to take the first shot because this is and then we'll leave john with the last word because he is the true cyber expert. But I had the privilege of hosting a panel this morning with the director of the cybersecurity and Infrastructure Security agency at the department, Homeland Security, Jenness easterly and the agency is relatively new and she laid out a number of initiatives that the DHS organization that she runs is working on with industry and so they're leaning in their partnering with industry and a number of areas including, you know, making sure that we have the right information sharing framework and tools in place, so the government and, and we in industry can act on information that we get in real time, making sure that we're investing for the future and the workforce development and cyber skills, but also as we enter national cybersecurity month, making sure that we're all doing our part in cyber security awareness and training, for example, one of the things that are amazon ceo Andy Jassy recently announced as he was participating in a White house summit, the president biden hosted in late august was that we were going to at amazon make a tool that we've developed for information and security awareness for our employees free, available to the public. And in addition to that we announced that we were going to provide free uh strong authentication tokens for AWS customers as part of that announcement going into national cybersecurity months. So what I like about what this administration is doing is they're reaching out there looking for ways to work with industry bringing us together in these summits but also looking for actionable things that we can do together to make a difference. >>So my, my perspective echoing on some of Shannon's points are really the following. Uh the key in general is automation and there are three components to automation that are important in today's environment. One is cyber hygiene and education is a piece of that. The second is around mis attribution meaning if the bad guy can't see you, you can't be hacked. And the third one is really more or less around what's called attribution, meaning I can figure out actually who the bad guy is and then report that bad guys actions to the appropriate law enforcement and military types and then they take it from there >>unless he's not attributed either. So >>well over the basic point is we can't as industry hat back, it's illegal, but what we can do is provide the tools and methods necessary to our government counterparts at that point about information sharing, where they can take the actions necessary and try and find those bad guys. >>I just feel like we're not moving fast enough. Businesses should be able to hack back. In my opinion. I'm a hawk on this one item. So like I believe that because if people dropped on our shores with troops, the government will protect us. >>So your your point is directly taken when cyber command was formed uh before that as airlines seeing space physical domains, each of those physical domains have about 100 and $50 billion they spend per year when cyber command was formed, it was spending less than Jpmorgan chase to defend the nation. So, you know, we do have a ways to go. I do agree with you that there needs to be more uh flexibility given the industry to help help with the fight. You know, in this case. Andy Jassy has offered a couple of tools which are, I think really good strong tokens training those >>are all really good. >>We've been working with amazon for a long time, you know, ever since, uh, really, ever since the CIA embrace the cloud, which was sort of the shot heard around the world for cloud computing. We do the security compliance automation for that air gap region for amazon as well as other aspects >>were all needs more. Tell us faster, keep cranking up that software because tell you right now people are getting hit >>and people are getting scared. You know, the colonial pipeline hack that affected everybody started going wait a minute, I can't get gas. >>But again in this area of the line and jenny easterly said this this morning here at the summit is that this truly has to be about industry working with government, making sure that we're working together, you know, government has a role, but so does the private sector and I've been working cyber issues for a long time to and you know, kind of seeing where we are this year in this recent cyber summit that the president held, I really see just a tremendous commitment coming from the private sector to be an effective partner in securing the nation this >>full circle to our original conversation around the Virginia data that you guys are looking at the Loudon County amazon contribution. The success former is really commercial public sector. I mean, the government has to recognize that technology is now lingua franca for all things everything society >>well. And one quick thing here that segues into the fact that Virginia is the cloud center of the nation. Um uh the president issued a cybersecurity executive order earlier this year that really emphasizes the migration of federal systems into cloud in the modernization that jOHN has worked on, johN had a group called the Alliance for Digital Innovation and they're very active in the I. T. Modernization world and we remember as well. Um but you know, the federal government is really emphasizing this, this migration to cloud and that was reiterated in that cybersecurity executive order >>from the, well we'll definitely get you guys back on the show, we're gonna say something. >>Just all I'd say about about the executive order is that I think one of the main reasons why the president thought was important is that the legacy systems that are out there are mainly written on kobol. There aren't a lot of kids graduating with degrees in COBOL. So COBOL was designed in 1955. I think so I think it's very imperative that we move has made these workloads as we can, >>they teach it anymore. >>They don't. So from a security point of view, the amount of threats and vulnerabilities are through the >>roof awesome. Well john I want to get you on the show our next cyber security event. You have you come into a fireside chat and unpack all the awesome stuff that you're doing. But also the challenges. Yes. And there are many, you have to keep up the good work on the policy. I still say we got to remove that red line and identified new rules of engagement relative to what's on our sovereign virtual land. So a whole nother Ballgame, thanks so much for coming. I appreciate it. Thank you appreciate it. Okay, cute coverage here at eight of public sector seven Washington john ferrier. Thanks for watching. Mhm. Mhm.

>>Welcome to this cube conversation which is part of our third Aws startup showcase of this year. I'm your host lisa martin and I'm pleased to welcome to the cube ceo and co founder of White Source Romney Sasse Rami, Welcome to the program. >>Thank you. Thank you so much for having me. >>I'm excited for our audience to hear about White Source, give us that high level overview of what the company is and what you how you're helping organizations. >>Sure. So we have software engineering teams keep track of their use of open source components sometimes referred to as dependencies and primarily focused on security aspect of those dependencies and are able to very natively and very quickly identify one all of the dependencies that are being used in a certain software that's being developed and alert to any known vulnerabilities that exist in those dependencies and then nick our users through the journey of finding them prioritizing them and fixing the vulnerability is such that their software when it gets released is not at risk, >>not at risk. And one of the things we've talked so much about In the last 18 months is the threat landscape. It's changed dramatically. We've seen a huge increase in ransom where huge increase in Ddos attacks. We also are in the fifth consecutive year of a cybersecurity skills gap. It's been there for a while. We know that there have been barriers between developers and security. How does White Source help address that cybersecurity skills gap. >>So we focus on automating as much of the security practices possible. Right. So basically our main premise is that we want to be the security expert for the engineering team so that they don't have to right? So we provide tools that automate the entire process of remediating the vulnerability so that we can save the developers effort and time in becoming security expert basically saying they don't need to become security expert, they can keep doing what they do best, which is developed software and provide more business value to their employer. And we will take care of anything that has to do with security in their software for them. So basically we're trying to alleviate the need for developers to develop any kind of security related skill set. >>I got to ask you how does that address? We talked about the skills gap but also the cultural shift required for developers to then kind of exhale and and put their trust in you guys and that's a big challenge to change cultures within organizations. How do you help influence that? >>Sure. So look, when you're talking about cultural shift, it always takes time. Like these things do not happen overnight And its gradual and so we are very well aware of it and we do not expect people to have 100% confidence in us immediately in day one. Okay, so our tools and and practices account for it and we help our users uh increasingly trust us more by proving ourselves to them by first starting with providing advice and allowing them to control the pace at which they automate more of the process. Right? So initially we will just tell them what they need to do and let them do it themselves until they are, they have gained enough experience without tools to just allow us to take the full cycle for them. That's one which maybe is even more important is that we rely very heavily on crowd sourcing, Right? So we have a very extensive customer base that is made up of some of the world's leading enterprise organizations that have very complex and a large environments and across those environments, combined with our ongoing and monitoring of everything that's going on in the large world of open source projects, we have compiled a very extensive crowd source database or knowledge base, if you will, that basically gives you intel on what others are doing with those vulnerable open stores dependencies, Right? And we can give you a lot of confidence when we see that the broader community of both commercial and free opens those users have upgraded a vulnerable dependency to a safe version and are speaking to the new version, right? They're not pulling it back there, not undoing that change. And so we give you a lot of visibility into all of that information and also, you know, when when things go bad, right? If we see that many people roll back some change and uh avoiding some dependency version, then we will warn you away from upgrading that version. So I think that the fact that we are establishing our recommendations on a lot of crowd sourced data is another way for us to provide more confidence, automating actions for our users. >>The C word confidence is absolutely critical. I got to ask you though Romney, something that you you mentioned, I was always, I always like to ask start ups, you know, what was the impetus to start the company? You're the Ceo and co founder? What were some of the gaps that were missing? Was it crowdsourcing? And was it the the lack of that community to really provide that visibility to developers that you guys saw as an opportunity to fix in the market? >>Alright. So at the risk of exposing my real age, Uh tell you that the company started over 10 years ago and was actually based on previous experience that as founders had in another company when when it was time to sell it. Right? So when we sold our previous company, we had to go through a two diligence process where we were required to provide a very detailed report of all the open source dependencies that we were using and we didn't have such a report and sort of caught us off guard and we had to spend a lot of time during, you know, the most stressful part of the due diligence, finding out which open source we were using and documenting it and coming up with the report. And so that was a very personal experience we had, but it was very obvious that it's not something that we did special. Right? Everyone is developing software is relying very heavily on open source and usually doesn't track it everywhere. Soon it initially started from just the very basic need for transparency, visibility and the ability to provide a, you know, simple bill of material that's now become a big thing right around S bahn Uh, but 10 years ago it was very difficult, it was very like manually laborious task to be able to come up with your bill of material and that's sort of the experience that big. Uh, the foundation of white suits >>got it and then talk to me about your relationship with AWS and mentioned in the beginning of this segment that this is part of our third AWS startup showcase of the year. Give us an overview of your relationship with AWS from a technology partnership perspective cells marketing product. >>Sure. So we've been working with us for a very long time and they are a wonderful partner to work with. It started right at the beginning where we are a cloud native company. Right? So we're staff solution provider and from the beginning we chose aws to be the infrastructure on which to no solution and we grew together with them over time over the last 10 years. We've been scaling again and again our environment and you know, the services that we provide and have been consuming more and more on AWS services, both for infrastructure and but also and very importantly for securing our runtime environment, which they do a great job at. But then it went even further and we are now integrated with a lot of AWS services and products and technologies. So our offering is very much integrated with several AWS offerings. And even beyond that, we are working closely as they go to market partner with AWS. So we have several co marketing initiatives with them and we are part of the startup coastal program. Such that AWS sales people can coastal white source to their customers. >>I imagine that is an advantage the partnership and the deep relationship that you have with a W. S in terms of getting those customers meetings and and helping them achieve the confidence in the technologies and the power of the two companies in 10 years. We're looking at 1000 customers and some big names. I saw from your website Microsoft Comcast, uh, Splunk 23% of the Fortune 100. Tell me how the aws partnership helps you give those developers the confidence that they need to trust in your technologies. >>Sure. So, first I think the synergy is very apparent, very obvious because both AWS and us sell to the engineering departments into the devil's people. All right. So we are catering to the same users the same customers the same, even decision makers. And so it's very easy to understand. It's also very easy to tell the better together story. Right? So, it's very easy for the the the THE AWS sales people to explain to their customers why it's easily integrate Herbal and it makes the sales motion easier and transparent and fluid and it makes the customer's consumption of the joint services easier. Right? So it's for them, it's easier to work with AWS is a window knowing that they can get all these added security features from them and gained the confidence of having this solution vetted by amazon and get us as a reference for us as a vendor also makes it easier for them to trust us and to use our services uh, with peace of life. >>Sounds like a synergistic cultures as well. I want to dig into something that I saw in the notes that you guys provided that white sources enabling organizations to eliminate up to 85% of security alerts. That's a big number. How do you do that? >>Okay. First, to clarify, we're talking about open source vulnerability or its rights are not in general. Not all security for open source security alliance. We've developed a deeper analysis that goes beyond just looking at your bill of material and identifying which dependencies are vulnerable and analyzes the way in which the developers are using those dependencies and what we've found over the last three years of running that technology with real customers? over many tens of thousands of development projects. Is that on average, 85% of the vulnerabilities in open source dependencies. I'll not reachable from your code. All right. So they are still there. You're still using the dependency but you're using some other function of it, which is not vulnerable. And the vulnerable function is never actively called in your code base. So this is like very specific. It's not some generic analysis. We had to analyze your code and figure that out. And so again, the average statistics statistics, is That just 15% of vulnerabilities are quote unquote, reachable form your code and makes your software vulnerable. Right? All the others are simply not exploitable. And so it can easily be eliminated for the need to remediate. Right? So you don't have to >>got it. How are you guys helping customers? There's been a lot of data that shows companies are spending millions uh annually using multiple web app and a P. I. Security tools on average but are still having problems with those tools being effective. How does white source help customers not waste time and resources and get right to being able to identify and remediate those vulnerabilities >>short. So look again in our philosophy, is that just detecting the problem? The security issues doesn't fix anything. Right. Doesn't help you solve your problem. Right, paramount to going to visit your dentist and having them find the cavity and maybe they do an x ray and they tell you exactly which tooth it's on and how deep it is. And then just send you home and you did you need to deal with it yourself. Right? So it doesn't really solve the problem. Your your mouth still painful. You have to fix the problem in order to get any kind of value for the security service of tool, you have to, you know, close the loop, finish the process and fix the vulnerability. And so by investing a lot in automating the remediation in enabling our tools to close that cycle right to finish the job and fix the vulnerability. We enable you to actually gain the value from the various tools that you're using and make sure that your software is not exposed and not vulnerable and not just give you a report with the vulnerabilities, right? Not just find them for you. >>Got It. Last question for you is if we look at your recommendations when you're talking to customers, especially as I mentioned earlier in the conversation, the threat landscape has changed dramatically in the last 18 months when you're in customer conversations, how do you advise them to start? You start with the developers. Do you start with security or do you start by saying you've got to bring everybody together. >>So we would normally start with security uh and you know, not necessarily the developers themselves, but the engineering managers. The heads of engineering again because our main effort is to leave the developers alone. Right. We want to get as little developer involvement as possible so that they can be free to do what they need to do. Security is something they have to right? It's a sure it's not, it doesn't add business value, it just protects the business from being exposed to greater risk. And so our approach and our practice is to be a sort of exception based tool for developers and only get them involved when you absolutely have to have them chime in and do something. Otherwise, we can fully take ownership and automate the entire process of identification, prioritization and remediation for the organization and just provide reports on, you know, how many vulnerabilities we fix this month and and give them better visibility into their security posture. Yeah, but you know, we invest most of our innovation attention resources as a company to automate as much of that process as possible so that the developers don't have to spend their time on security issues. We will do it for it. >>And I imagine developer productivity goes way up for your customers? I do have one more question for you, given that here we are in the fall of 2021, what are some of the things that you're looking forward to as we go into the new year? >>I love you in the new jewish year or then you >>Uh maybe both. I was thinking, you know, just as we go into 2020 to some of the things that you're excited about. >>Sure, so look, it's it's a little difficult to be happy about something that's a problem for other people, right? Because there is a growing threat for application security and there is more and more attacks going on in the world. But I'm really looking forward to helping more people be more protected while not wasting their time. All right. So it what drives me is the ability for us as a company to provide real value for customers and not be some shelf will not be a tool that just produces reports that no one knows what to do with. And the fact that we are able to steal our users and our customers away from risk and save them. The the hassle of being attacked, being hacked, having their data stolen or having the system broken into is what I mostly look >>and there's plenty of opportunities for you guys to do just that and really add that value for those developers And the company is like I said, big brands Microsoft Comcast block Romney, thank you for joining me on the program today, talking to us about white source and how you're really feeling the gaps in the cybersecurity skills landscape and helping really transform developer productivity where security is concerned. We appreciate your time. >>Thank you. Thank you so much for having me on the show. >>My pleasure for a missus I'm lisa martin. You're watching this cube conversation. Mhm mm mm.

>>Hello, and welcome. Very excited to see everybody here. DockerCon is going fantastic. Everybody's uh, engaging in the chat. It's awesome to see. My name is Peter McKee. I'm the head of developer relations here at Docker and Taber. Today. We're going to be talking about container first development now and in the future. But before we do that, a couple little housekeeping items, first of all, yes, we are live. So if you're in our session, you can go ahead and chat, ask us questions. We'd love to get all your questions and answer them. Um, if you come to the main page on the website and you do not see the chat, go ahead and click on the blue button and that'll die. Uh, deep dive you into our session and you can interact with the chat there. Okay. Without further ado, let's just jump right into it. Katie, how are you? Welcome. Do you mind telling everybody who you are and a little bit about yourself? >>Absolutely. Hello everyone. My name is Katie and currently I am the eco-system advocate at cloud native computing foundation or CNCF. My responsibility is to lead and represent the end-user community. So these are all the practitioners within the cloud native space that are vendor neutral. So they use cloud native technologies to build their services, but they don't sell it. So this is quite an important characteristic as well. My responsibility is to make sure to close the gap between these practitioners and the project maintainers, to make sure that there is a feedback loop around. Um, I have many roles within the community. I am on the advisory board for KIPP finishes, a sandbox project. I'm working with open UK to make sure that Elton standards are used fairly across data, hardware, and software. And I have been, uh, affiliated way if you'd asked me to make sure that, um, I'm distributing a cloud native fundamental scores to make cloud and they do a few bigger despite everyone. So looking forward to this panel and checking with everyone. >>Awesome. Yeah. Welcome. Glad to have you here. Johanna's how are you? Can you, uh, tell everybody a little bit about yourself and who you are? Yeah, sure. >>So hi everybody. My name is Johannes I'm one of the co-founders at get pot, which in case you don't know is an open-source and container based development platform, which is probably also the reason why you Peter reached out and invited me here. So pleasure to be here, looking forward to the discussion. Um, yeah, though it is already a bit later in Munich. Um, and actually my girlfriend had a remote cocktail class with her colleagues tonight and it took me some stamina to really say no to all the Moscow mules that were prepared just over there in my living room. Oh wow. >>You're way better than me. Yeah. Well welcome. Thanks for joining us. Jerome. How are you? Good to see you. Can you tell everybody who you are and a little bit about yourself? Hi, >>Sure. Yeah, so I'm, I, I used to work at Docker and some, for me would say I'm a container hipster because I was running containers in production before it for hype. Um, I worked at Docker before it was even called Docker. And then since 2018, I'm now a freelancer and doing training and consulting around Docker containers, Kubernetes, all these things. So I used to help folks do stuff with Docker when I was there and now I still have them with containers more generally speaking. So kind of, uh, how do we say same, same team, different company or something like that? Yeah. >>Yeah. Perfect. Yeah. Good to see you. I'm glad you're on. Uh, Jacob, how are you? Good to see you. Thanks for joining us. Good. Yeah. Thanks for having me tell, tell everybody a little bit about yourself who you are. >>Yeah. So, uh, I'm the creator of a tool called mutagen, which is an open source, uh, development tool for doing high performance file synchronization and, uh, network forwarding, uh, to enable remote development. And so I come from like a physics background where I was sort of always doing, uh, remote developments, you know, whether that was on a big central clusters or just like some sort of local machine that was a bit more powerful. And so I, after I graduated, I built this tool called mutagen, uh, for doing remote development. And then to my surprise, people just started using it to use, uh, with Docker containers. And, uh, that's kind of grown into its primary use case now. So I'm, yeah, I've gotten really involved with the Docker community and, uh, talked with a lot of great people and now I'm one of the Docker captains. So I get to talk with even more and, and join these events and yeah, but I'm, I'm kind of focused on doing remote development. Uh, cause I, you know, I like, I like having all my tools available on my local machine, but I also like being able to pull in a little bit more powerful hardware or uh, you know, maybe a software that I can't run locally. And so, uh, that's sort of my interest in, in Docker container. Yeah. Awesome. >>Awesome. We're going to come back to that for sure. But yeah. Thank you again. I really appreciate you all joining me and yeah. So, um, I've been thinking about container first development for a while and you know, what does that actually mean? So maybe, maybe we can define it in our own little way. So I, I just throw it out to the panel. When you think about container first development, what comes to mind? What w what, what are you kind of thinking about? Don't be shy. Go ahead. Jerome. You're never a loss of words >>To me. Like if I go back to the, kind of the first, uh, you know, training engagements we did back at Docker and kind of helping folks, uh, writing Dockerfiles to stop developing in containers. Um, often we were replacing, um, uh, set up with a bunch of Vagrant boxes and another, like the VMs and combinations of local things. And very often they liked it a lot and they were very soon, they wanted to really like develop in containers, like run this microservice. This piece of code is whatever, like run that in containers because that means they didn't have to maintain that thing on their own machine. So that's like five years ago. That's what it meant to me back then. However, today, if you, if you say, okay, you know, developing in containers, um, I'm thinking of course about things like get bought and, uh, I think it's called PR or something like that. >>Like this theme, maybe that thing with the ESCO, that's going to run in a container. And you, you have this vs code thing running in your browser. Well, obviously not in your browser, but in a container that you control from your browser and, and many other things like that, that I, I think that's what we, where we want to go today. Uh, and that's really interesting, um, from all kinds of perspectives, like Chevy pair pairing when we will not next to each other, but actually thousands of miles away, um, or having this little environment that they can put aside and come back to it later, without it having using resource in my machine. Um, I don't know, having this dev service running somewhere in the cloud without needing something like, it's at the rights that are like the, the possibilities are really endless. >>Yeah. Yeah. Perfect. Yeah. I'm, you know, a little while ago I was, I was torn, right. W do I spin up containers? Do I develop inside of my containers? Right. There's foul sinking issues. Um, you know, that we've been working on at Docker for a while, and Jacob is very, very familiar with those, right? Sometimes it, it becomes hard, but, and I, and I love developing in the cloud, but I also have this screaming, you know, fast machine sitting on my desktop that I think I should take advantage of. So I guess another question is, you know, should we be developing inside of containers? Is that a smart thing to do? Uh, I'd love to hear you guys' thoughts around that. >>You know, I think it's one of those things where it's, you know, for me container first development is really about, um, considering containers as sort of a first class citizen in, in terms of your development toolkit, right. I mean, there's not always that silver bullet, that's like the one thing you should use for everything. You know, you shouldn't, you shouldn't use containers if they're not fitting in or adding value to your workflow, but I think there's a lot of scenarios that are like, you know, super on super early on in the development process. Like as soon as you get the server kind of running and working and, you know, you're able to access it, you know, running on your local system. Uh that's I think that's when the value comes in to it to add containers to, you know, what you're doing or to your project. Right. I mean, for me, they're, um, they're more of a orchestrational tool, right? So if I don't have to have six different browser tabs open with like, you know, an API server running at one tab and a web server running in another tab and a database running in another tab, I can just kind of encapsulate those and, and use them as an automation thing. So I think, you know, even if you have a super powerful computer, I think there's still value in, um, using containers as, as a orchestrational mechanism. Yeah. Yeah, >>For sure. I think, I think one of the, one of my original aha moments with Docker was, oh, I can spin up different versions of a database locally and not have to install it and not have to configure it and everything, but, you know, it just ran inside of a container. And that, that was it. Although it's might seem simple to some people that's very, very powerful. Right. So I think being able to spin things up and containers very quickly is one of the super benefits. But yeah, I think, uh, developing in containers is, is hard right now, right. With, um, you know, and how do you do that? Right. Does anybody have any thoughts around, how do you go about that? Right. Should you use a container as just a development environment, so, you know, creating an image and then running it just with your dev tools in it, or do you just, uh, and maybe with an editor all inside of it, and it's just this process, that's almost like a VM. Um, yeah. So I'll just kick it back to the panel. I'd love to hear your thoughts on, you know, how do you set up and configure, uh, containers to develop in any thoughts around that? >>Maybe one step back again, to answer your question, what kind of container first development mean? I think it doesn't mean, um, by default that it has to be in the cloud, right? As you said, um, there are obvious benefits when it comes to the developer experience of containers, such as, I dunno, consistency, we have standardized tools dependencies for the dev side of things, but it also makes their dev environment more similar to all the pipeline that is somehow happening to the right, right. So CIC D all the way to production, it is security, right? Which also somehow comes with standardization. Um, but vulnerability scanning tools like sneak are doing a great job there. And, um, for us, it gets pod. One of the key reasons why we created get pod was literally creating this peace of mind for deaths. So from a developer's point of view, you do not need to take care anymore about all the hassle around setups and things that you will need to install. >>And locally, based on some outdated, REIT me on three operating systems in your company, everybody has something different and leading to these verbs in my machine situations, um, that really slow professional software developers down. Right. Um, back to your point, I mean, with good pod, we obviously have to package everything together in one container because otherwise, exactly the situation happens that you need to have five browser tabs open. So we try and leverage that. And I think a dev environment is not just the editor, right? So a dev environment includes your source code. It includes like a powerful shell. It includes file systems. It includes essentially all the tools you need in order to be productive databases and so on. And, um, yeah, we believe that should be encapsulated, um, um, in a container. >>Yeah. Awesome. Katie, you talked to a lot of end users, right. And you're talking to a lot of developers. What, what's your thoughts around container first development, right? Or, or what's the community out there screaming or screaming. It might be too to, uh, har you know, to, to two grand of the word. Right. But yeah, I love it. I love to hear what your, your thoughts. >>Absolutely. So I think when you're talking about continuing driven development, uh, the first thing that crosses my mind is the awareness of the infrastructure or the platform you're going to run your application on top of, because usually when you develop your application, you'd like to replicate as much as possible the production or even the staging environment to make sure that when you deploy your application, you have us little inconsistencies as possible, but at the same time, you minimize the risk for something to go wrong as well. So when it talking about the, the community, um, again, when you deploy applications and containers and Kubernetes, you have to use, you have awareness about, and probably apply some of the best practices, like introducing liveliness and readiness probes, to make sure that your application can restart in, in case it actually goes down or there's like a you're starving going CPU or something like that. >>So, uh, I think when it comes to deployment and development of an application, the main thing is to actually improve the end developer experience. I think there has been a lot of focus in the community to develop the tool, to actually give you the right tool to run application and production, but that doesn't necessarily, um, go back to how the end developer is actually enabling that application to run into that production system. So I think there has been, uh, this focus for the community identified now, and it's more, more, um, or trying to build momentum on enhancing the developer experience. And we've seen this going through many, uh, where we think production of many tools did what has been one of them, which actually we can have this portable, um, development environment if you choose so, and you can actually replicate them across different teams in different machines, which is actually quite handy. >>But at the same time, we had tools such as local composts has been a great tool to run locally. We have tool such as carefully, which is absolutely great to automatically dynamically upload any changes to how within your code. So I think all of these kinds of tools, they getting more matured. And again, this is going back to again, we need to enhance our developer experience coming back to what is the right way to do so. Um, I think it really depends on the environment you have in production, because there's going to define some of the structures with the tool and you're going to have internally, but at the same time, um, I'd like to say that, uh, it really depends on, on what trucks are developing. Uh, so it's, it's, I would like to personally, I would like to see a bit more diversification in this area because we might have this competitive solutions that is going to push us to towards a new edge. So this is like, what definitely developer experience. If we're talking about development, that's what we need to enhance. And that's what I see the momentum building at the moment. >>Yeah. Yeah. Awesome. Jerome, I saw you shaking your head there in agreement, or maybe not, but what's your thoughts? >>I was, uh, I was just reacting until 82. Uh, it depends thinking that when I, when I do training, that's probably the answer that I gave the most, uh, each time somebody asks, oh, should we do diesel? And I was also looking at some of the questions in the chat about, Hey, the, should we like have a negatory in the, in the container or something like that. And folks can have pretty strong opinions one way or the other, but as a ways, it kind of depends what we do. It also depends of the team that we're working with. Um, you, you could have teams, you know, with like small teams with folks with lots of experience and they all come with their own Feb tools and editorials and plugins. So you know that like you're gonna have PRI iMacs out of my cold dead hands or something like that. >>So of course, if you give them something else, they're going to be extremely unhappy or sad. On the other hand, you can have team with folks who, um, will be less opinionated on that. And even, I don't know, let's say suddenly you start working on some project with maybe a new programming language, or maybe you're targeting some embedded system or whatever, like something really new and different. And you come up with all the tools, even the ADE, the extensions, et cetera, folks will often be extremely happy in that case that you're kind of giving them a Dettol and an ADE, even if that's not what they usually would, uh, would use, um, because it will come with all of the, the, the nice stage, you know, the compression, the, um, the, the, the bigger, the, whatever, all these things. And I think there is also something interesting to do here with development in containers. >>Like, Hey, you're going to start working on this extremely complex target based on whatever. And this is a container that has everything to get started. Okay. Maybe it's not your favorites editor, but it has all the customization and the conserver and whatever. Um, so you can start working right away. And then maybe later you, we want to, you know, do that from the container in a way, and have your own Emacs, atom, sublime, vs code, et cetera, et cetera. Um, but I think it's great for containers here, as well as they reserve or particularly the opportunity. And I think like the, that, that's one thing where I see stuff like get blood being potentially super interesting. Um, it's hard for me to gauge because I confess I was never a huge ID kind of person had some time that gives me this weird feeling, like when I help someone to book some, some code and you know, that like with their super nice IDE and everything is set up, but they feel kind of lost. >>And then at some point I'm like, okay, let's, let's get VI and grep and let's navigate this code base. And that makes me feel a little bit, you know, as this kind of old code for movies where you have the old, like colorful guy who knows going food, but at the end ends up still being obsolete because, um, it's only a going for movies that whole good for masters and the winning right. In real life, we don't have conformance there's anymore mentioned. So, um, but part of me is like, yeah, I like having my old style of editor, but when, when the modern editorial modern ID comes with everything set up and configured, that's just awesome. That's I, um, it's one thing that I'm not very good at sitting up all these little things, but when somebody does it and I can use it, it's, it's just amazing. >>Yeah. Yeah. I agree. I'm I feel the same way too. Right. I like, I like the way I've I have my environment. I like the tools that I use. I like the way they're set up. And, but it's a big issue, right? If you're switching machines, like you said, if you're helping someone else out there, they're not there, your key bindings aren't there, you can't, you can't navigate their system. Right? Yeah. So I think, you know, talking about, uh, dev environments that, that Docker's coming out with, and we're, you know, there's a lot, there, there's a, it's super complex, all these things we're talking about. And I think we're taking the approach of let's do something, uh, well, first, right. And then we can add on to that. Right. Because I think, you know, setting up full, full developed environments is hard, right. Especially in the, the, um, cloud native world nowadays with microservices, do you run them on a repo? >>Do you not have a monitor repo? Maybe that would be interesting to talk about. I think, um, you know, I always start out with the mono repos, right. And you have all your services in there and maybe you're using one Docker file. And then, because that works fine. Cause everything is JavaScript and node. And then you throw a little Python in there and then you throw a little go and now you start breaking things out and then things get too complex there, you know, and you start pulling everything out into different, get repos and now, right. Not everything just fits into these little buckets. Right. So how do you guys think maybe moving forward, how do we attack that night? How do we attack these? Does separate programming languages and environments and kind of bring them all together. You know, we, we, I hesitate, we solve that with compose around about running, right about executing, uh, running your, your containers. But, uh, developing with containers is different than running containers. Right. It's a, it's a different way to think about it. So anyway, sorry, I'm rattling on a little bit, but yeah. Be interesting to look at a more complex, uh, setup right. Of, uh, of, you know, even just 10 microservices that are in different get repos and different languages. Right. Just some thoughts. And, um, I'm not sure we all have this flushed out yet, but I'd love to hear your, your, you guys' thoughts around that. >>Jacob, you, you, you, you look like you're getting ready to jump there. >>I didn't wanna interrupt, but, uh, I mean, I think for me the issue isn't even really like the language boundary or, or, um, you know, a sub repo boundary. I think it's really about, you know, the infrastructure, right? Because you have, you're moving to an era where you have these cloud services, which, you know, some of them like S3, you can, you can mock up locally, uh, or run something locally in a container. But at some point you're going to have like, you know, cloud specific hardware, right? Like you got TPS or something that maybe are forming some critical function in your, in your application. And you just can't really replicate that locally, but you still want to be able to develop against that in some capacity. So, you know, my, my feeling about where it's going to go is you'll end up having parts of your application running locally, but then you also have, uh, you know, containers or some other, uh, element that's sort of cohabitating with, uh, you know, either staging or, or testing or production services that you're, uh, that you're working with. >>So you can actually, um, you know, test against a really or realistic simulation or the actual, uh, surface that you're running against in production. Because I think it's just going to become untenable to keep emulating all of that stuff locally, or to have to like duplicate these, you know, and, you know, I guess you can argue about whether or not it's a good thing that, that everything's moving to these kind of more closed off cloud services, but, you know, the reality of situation is that's where it's going to go. And there's certain hardware that you're going to want in the cloud, especially if you're doing, you know, machine learning oriented stuff that there's just no way you're going to be able to run locally. Right. I mean, if you're, even if you're in a dev team where you have, um, maybe like a central machine where you've got like 10 or 20 GPU's in it, that's not something that you're going to be able to, to, to replicate locally. And so that's how I kind of see that, um, you know, containers easing that boundary between different application components is actually maybe more about co-location, um, or having different parts of your application run in different locations, on different hardware, you know, maybe someone on your laptop, maybe it's someone, you know, AWS or Azure or somewhere. Yeah. It'd be interesting >>To start seeing those boundaries blur right. Working local and working in the cloud. Um, and you might even, you might not even know where something is exactly is running right until you need to, you know, that's when you really care, but yeah. Uh, Johanas, what's your thoughts around that? I mean, I think we've, we've talked previously of, of, um, you know, hybrid kind of environments. Uh, but yeah. What, what's your thoughts around that? >>Um, so essentially, yeah, I think, I mean, we believe that the lines between cloud and local will also potentially blur, and it's actually not really about that distinction. It's just packaging your dev environment in a way and provisioning your dev environment in a way that you are what we call always ready to coat. So that literally, um, you, you have that for the, you described as, um, peace of mind that you can just start to be creative and start to be productive. And if that is a container potentially running locally and containers are at the moment. I think, you know, the vehicle that we use, um, two weeks ago, or one week ago actually stack blitz announced the web containers. So potentially some things, well, it's run in the browser at some point, but currently, you know, Docker, um, is the standard that enables you to do that. And what we think will happen is that these cloud-based or local, um, dev environments will be what we call a femoral. So it will be similar to CIS, um, that we are using right now. And it doesn't literally matter, um, where they are running at the end. It's just, um, to reduce friction as much as possible and decrease and yeah, yeah. Essentially, um, avoid or the hustle that is currently involved in setting up and also managing dev environments, um, going forward, which really slows down specifically larger teams. >>Yeah. Yeah. Um, I'm going to shift gears a little bit here. We have a question from the audience in chat, uh, and it's, I think it's a little bit two parts, but so far as I can see container first, uh, development, have the challenges of where to get safe images. Um, and I was going to answer it, but let me keep it, let me keep going, where to get safe images and instrumentation, um, and knowing where exactly the problem is happening, how do we provide instrument instrumentation to see exactly where a problem might be happening and why? So I think the gist of it is kind of, of everything is in a container and I'm sitting outside, you know, the general thought around containers is isolation, right. Um, so how do I get views into that? Um, whether debugging or, or, or just general problems going on. I think that's maybe a broader question around the, how you, you know, you have your local hosts and then you're running everything containers, and what's the interplay there. W what's your thoughts there? >>I tend to think that containers are underused interactively. I mean, I think in production, you have this mindset that there's sort of this isolated environment, but it's very, actually simple to drop into a shell inside of a container and use it like you would, you know, your terminal. Um, so if you want to install software that way, you know, through, through an image rather than through like Homebrew or something, uh, you can kind of treat containers in that way and you can get a very, um, you know, direct access to the, to the space in which those are running in. So I think, I think that's maybe the step one is just like getting rid of that mindset, that, that these are all, um, you know, these completely encapsulated environments that you can't interact with because it's actually quite easy to just Docker exec into a container and then use it interactively >>Yeah. A hundred percent. And maybe I'll pass, I'm going to pass this question. You drone, but maybe demystify containers a little bit when I talked about this on the last, uh, panel, um, because we have a question in the, in the chat around, what's the, you know, why, why containers now I have VMs, right? And I think there's a misunderstanding in the industry, uh, about what, what containers are, we think they're fair, packaged stuff. And I think Jacob was hitting on that of what's underneath the hood. So maybe drown, sorry, for a long way to set up a question of what, what, what makes up a container, what is a container >>Is a container? Well, I, I think, um, the sharpest and most accurate and most articulate definition, I was from Alice gold first, and I will probably misquote her, but she said something like containers are a bunch of capsulated processes, maybe running on a cookie on welfare system. I'm not sure about the exact definition, but I'm going to try and, uh, reconstitute that like containers are just processes that run on a Unix machine. And we just happen to put a bunch of, um, red tape or whatever around them so that they are kind of contained. Um, but then the beauty of it is that we can contend them as much, or as little as we want. We can go kind of only in and put some actual VM or something like firecracker around that to give some pretty strong angulation, uh, all we can also kind of decontam theorize some aspects, you know, you can have a container that's actually using the, um, the, um, the network namespace of the host. >>So that gives it an entire, you know, wire speed access to the, to the network of the host. Um, and so to me, that's what really interesting, of course there is all the thing about, oh, containers are lightweight and I can pack more of them and they start fast and the images can be small, yada yada, yada. But to me, um, with my background in infrastructure and building resilient, things like that, but I find really exciting is the ability to, you know, put the slider wherever I need it. Um, the, the, the ability to have these very light containers, all very heavily, very secure, very anything, and even the ability to have containers in containers. Uh, even if that sounds a little bit, a little bit gimmicky at first, like, oh, you know, like you, you did the Mimi, like, oh, I heard you like container. >>So I put Docker when you're on Docker. So you can run container for you, run containers. Um, but that's actually extremely convenient because, um, as soon as you stop building, especially something infrastructure related. So you challenge is how do you test that? Like, when we were doing.cloud, we're like, okay, uh, how do we provision? Um, you know, we've been, if you're Amazon, how do you provision the staging for us installed? How do you provision the whole region, Jen, which is actually staging? It kind of makes things complicated. And the fact that we have that we can have containers within containers. Uh, that's actually pretty powerful. Um, we're also moving to things where we have secure containers in containers now. So that's super interesting, like stuff like a SIS box, for instance. Um, when I saw that, that was really excited because, uh, one of the horrible things I did back in the days as Docker was privileged containers, precisely because we wanted to have Docker in Docker. >>And that was kind of opening Pandora's box. That's the right, uh, with the four, because privileged containers can do literally anything. They can completely wreck up the machine. Um, and so, but at the same time, they give you the ability to run VPNs and run Docker in Docker and all these cool things. You can run VM in containers, and then you can list things. So, um, but so when I saw that you could actually have kind of secure containers within containers, like, okay, there is something really powerful and interesting there. And I think for folks, well, precisely when you want to do development in containers, especially when you move that to the cloud, that kind of stuff becomes a really important and interesting because it's one thing to have my little dev thing on my local machine. It's another thing when I want to move that to a swarm or Kubernetes cluster, and then suddenly even like very quickly, I hit the wall, which is, oh, I need to have containers in my containers. Um, and then having a runtime, like that gets really intense. >>Interesting. Yeah, yeah, yeah. And I, and jumping back a bit, um, yeah, uh, like you said, drum at the, at the base of it, it containers just a, a process with, with some, uh, Abra, pardon me, operating constructs wrapped around it and see groups, namespaces those types of things. But I think it's very important to, for our discussion right. Of, uh, developers really understanding that, that this is just the process, just like a normal process when I spin up my local bash in my term. Uh, and I'm just interacting with that. And a lot of the things we talk about are more for production runtimes for securing containers for isolating them locally. I don't, I don't know. I'll throw the question out to the panel. Is that really relevant to us locally? Right. Do we want to pull out all of those restrictions? What are the benefits of containers for development, right. And maybe that's a soft question, but I'd still love to hear your thoughts. Maybe I'll kick it over to you, Katie, would you, would you kick us off a little bit with that? >>I'll try. Um, so I think when, again, I was actually thinking of the previous answers because maybe, maybe I could do a transition here. So, interesting, interesting about containers, a piece of trivia, um, the secrets and namespaces have been within the Linux kernel since 2008, I think, which just like more than 10 years ago, hover containers become popular in the last years. So I think it's, it's the technology, but it's about the organization adopting this technology. So I think why it got more popular now is because it became the business differentiator organizations started to think, how can I deliver value to my customers as quickly as possible? So I think that there should be this kind of two lane, um, kind of progress is the technology, but it's at the same time organization and cultural now are actually essential for us to develop, uh, our applications locally. >>Again, I think when it's a single application, if you have just one component, maybe it's easier for you to kind of run it locally, have a very simple testing environment. Sufficient is a container necessary, probably not. However, I think it's more important when you're thinking to the bigger picture. When we have an architecture that has myriads of microservices at the basis, when it's something that you have to expose, for example, an API, or you have to consume an API, these are kind of things where you might need to think about a lightweight set up within the containers, only local environment to make sure that you have at least a similar, um, environment or a configuration to make sure that you test some of the expected behavior. Um, I think the, the real kind of test you start from the, the dev cluster will like the dev environment. >>And then like for, for you to go to staging and production, you will get more clear into what exactly that, um, um, configuration should be in the end. However, at the same time, again, it's, it's more about, um, kind of understanding why you continue to see this, the thing, like, I don't say that you definitely need containers at all times, but there are situations when you have like, again, multiple services and you need to replicate them. It's just the place to, to, to work with these kind of, um, setups. So, um, yeah, really depends on what you're trying to develop here. Nothing very specific, unfortunately, but get your product and your requirements are going to define what you're going to work with. >>Yeah, no, I think that's a great answer, right. I think one of the best answers in, in software engineering and engineering in general as well, it depends. Right. It's things are very specific when we start getting down to the details, but yeah, generally speaking, you know, um, I think containers are good for development, but yeah, it depends, right. It really depends. Is it helping you then? Great. If it's hindering you then, okay. Maybe think what's, what's the hindrance, right. And are containers the right solution. I agree. 110% and, >>And everything. I would like absurd this too as well. When we, again, we're talking about the development team and now we have this culture where we have the platform and infrastructure team, and then you have your engineering team separately, especially when the regulations are going to be segregated. So, um, it's quite important to understand that there might be a, uh, a level of up-skilling required. So pushing for someone to use containers, because this is the right way for you to develop your application might be not, uh, might not be the most efficient way to actually develop a product because you need to spend some time to make sure that the, the engineering team has the skills to do so. So I think it's, it's, again, going back to my answers here is like, truly be aware of how you're trying to develop how you actually collaborate and having that awareness of your platform can be quite helpful in developing your, uh, your publication, the more importantly, having less, um, maybe blockers pushing it to a production system. >>Yeah, yeah. A hundred percent. Yeah. The, uh, the cultural issue is, is, um, within the organization, right. Is a very interesting thing. And it, and I would submit that it's very hard from top down, right. Pushing down tools and processes down to the dev team, man, we'll just, we'll just rebel. It usually comes from the bottom up. Right. What's working for us, we're going to do right. And whether we do it in the shadows and don't let it know, or, or we've conformed, right. Yeah. A hundred percent. Um, interesting. I would like to think a little bit in the future, right? Like, let's say, I don't know, two, three years from now, if, if y'all could wave a and I'm from Texas. So I say y'all, uh, if you all could wave a magic wand, what, what, what would that bring about right. What, what would, what would be the best scenario? And, and we just don't have to say containers. Right. But, you know, what's the best development environment and I'm going to kick it over to you, Jacob. Cause I think you hinted at some of that with some hybrid type of stuff, but, uh, yeah. Implies, they need to keep you awake. You're, you're, you're, uh, almost on the other side of the world for me, but yeah, please. >>Um, I think, you know, it's, it's interesting because you have this technology that you've been, that's been brought from production, so it's not, um, necessarily like the right or the normal basis for development. So I think there's going to be some sort of realignment or renormalization in terms of, uh, you know, what the, what the basis and the abstractions that we're using on a daily basis are right. Like images and containers as they exist now are really designed for, um, for production use cases. And, and in terms of like, even even the ergonomics of opening a shell inside a container, I think is something that's, um, you know, not as polished or not as smooth as it could be because they've come from production. And so I think it's important, like not to, not to have people look at, look at the technology as it exists now and say like, okay, this is slightly rough around the edges, or it wasn't designed for this use case and think, oh, there's, you know, there's never any way I could use this for, for my development of workflows. >>I think it's, you know, it's something Docker's exploring now with, uh, with the, uh, dev containers, you know, it's, it's a new, and it's an experimental paradigm and it may not be what the final picture looks like. As, you know, you were saying, there's going to be kind of a baseline and you'll add features to that or iterate on that. Um, but I think that's, what's interesting about it, right? Cause it's, there's not a lot of things as developers that you get to play with that, um, that are sort of the new technology. Like if you're talking about things you're building to ship, you want to kind of use tried and true components that, you know, are gonna, that are going to be reliable. But I think containers are that interesting point where it's like, this is an established technology, but it's also being used in a way now that's completely different than what it was designed for. And, and, you know, as hackers, I think that's kind of an interesting opportunity to play with it, but I think, I think that's, what's going to happen is you're just going to see kind of those production, um, designed, uh, knobs kind of sanded down or redesigned for, for development. So that's kind of where I see it going. >>Yeah. Yeah. And I think that's what I was trying to hint out earlier is like, um, yeah, just because all these things are there, does it actually mean we need them locally? Right. Do they make sense? I, I agree. A hundred percent, uh, anybody else drawn? What are your thoughts around that? And then, and then, uh, I'll probably just ask all of you. I'd love to hear each of your thoughts of the future. >>I had a thought was maybe unrelated, but I was kind of wondering if we would see something on the side of like energy efficiency in some way. Um, and maybe it's just because I've been thinking a lot about like climate change and things like that recently, and trying to reduce like the, uh, the energy use energy use and things like that. Perhaps it's also because I recently got a new laptop, which on paper is super awesome, but in practice, as soon as you try to have like two slack tabs and a zoom call, you know, it's super fast, both for 30 seconds. And after 30 seconds, it blows its thermal budget and it's like slows down to a crawl. And I started to think, Hmm, maybe, you know, like before we, we, we were thinking about, okay, I don't have that much CPU available. So you have to be kind of mindful about that. >>And now I wonder how are we going to get in something similar to that, but where you try to save CPU cycles, not just because you don't have that many CPU cycles, but more because you know, that you can't go super fast for super long when you are on one of these like small laptops or tablets or phones, like you have this demo budget to take into account. And, um, I wonder if, and how like, is there something where goaltenders can do some things here? I guess it can be really interesting if they can do some the equivalent of like Docker top and Docker stats. And if I could see, like how much what's are these containers using, I can already do that with power top on Linux, for instance, like process by process. So I'm thinking I could see what's the power usage of, of some containers. Um, and I wonder if down the line, is this going to be something useful or is this just silly because we can just masquerade CPU usage for, for Watson and forget about it. >>Yeah. Yeah. It was super, super interesting, uh, perspective for sure. I'm going to shut up because I want to, I want to give, make sure I give Johannes and Katie time. W w what are your thoughts of the future around, let's just say, you know, container development in general, right? You want, you want to start absolutely. Oh, honest, Nate. Johns wants more time. I say, I'll try not to. Beneficiate >>Expensive here, but, um, so one of the things that we've we've touched upon earlier in the panel was multicloud strategy. And I was reading one of the data reports from it was about the concept of Kubernetes from gamer Townsville. But what is working for you to see there is that more and more organizations are thinking about multicloud strategy, which means that you need to develop an application or need an infrastructure or a component, which will allow you to run this application bead on a public cloud bead, like locally in a data center and so forth. And here, when it comes to this kind of, uh, maybe problems we come across open standards, this is where we require something, which will allow us to execute our application or to run our platform in different environments. So when you're thinking about the application or development of the application, one of the things that, um, came out in 2019 at was the Oakland. >>Um, I wish it was Kybella, which is a, um, um, an open application model based application, which allows you to describe the way you would like your service to be executed in different environments. It doesn't need to be well developed specifically for communities. However, the open application model is specialized. So specialized tries to cover multiple platforms. You will be able to execute your application anywhere you want it to. So I think that that's actually quite important because it completely obstructs what is happening underneath it, completely obstructs notions, such as containers, uh, or processes is just, I want this application and I want to have this kind of behavior is so example of, to scale in this conditions or to, um, to be exposed for these, uh, end points and so forth. And everything that I would like to mention here is that maybe this transcends again, the, uh, the logistics of the application development, but it definitely will impact the way we run our applications. >>So one of the biggest, well, one of the new trends that is kind of gaining momentum now has been around Plaza. And this is again, something which is trying to present what we have the on containers. Again, it's focusing on the, it's kind of a cyclical, um, uh, action movement that we have here. When we moved from the VMs to containers, it was smaller footprint. We want like better execution, one, this agnosticism of the platforms. We have the same thing happening here with Watson, but again, it consents a new, um, uh, kind of, well, it teaches in you, uh, in new climax here, where again, we shrink the footprint of the cluster. We have a better isolation of all the services. We have a better trend, like portability of how services and so forth. So there is a great potential out there. And again, like why I'm saying this is some of these technologies are gonna define the way we're gonna do our development of the application on our local environment. >>That's why it's important to kind of maybe have an eye there and maybe see if some of those principles of some of those technologies we can bring internally as well. And just this, like a, a final thought here, um, security has been mentioned as well. Um, I think it's something which has been, uh, at the forefront, especially when it comes to containers, uh, especially when it comes to enterprise organizations and those who are regulated, which I feel come very comfortable to run their application within a VM where you have the full isolation, you can do what we have complete control of what's happening inside that compute. So, um, again, security has been at the forefront at the moment. So I know it has mentioned in the panel before. I'd like to mention that we have the security white paper, which has been published. We have the software supply chain, white paper as well, which twice to figure out or define some of these good practices as well, again, which you can already apply from your development environment and then propagate them to production. So I'm just going to leave, uh, all of these. That's all. >>That's awesome. And yeah, well, while is very, very interesting. I saw the other day that, um, and I forget who it was, maybe, maybe all can remember, um, you know, running, running the node, um, engine inside of, you know, in Walzem inside of a browser. Right. And, uh, at first glance I said, well, we already have a JavaScript execution engine. Right. And it's kind of like Docker and Docker. So you have, uh, you know, you have the browser, then, then you have blossom and then you have a node, you know, a JavaScript runtime. And, and I didn't understand was while I was, um, you know, actually executing is JavaScript and it's not, but yeah, it's super interesting, super powerful. I always felt that the browser was, uh, Java's what write once run anywhere kind of solution, right. That never came about, they were thinking of set top, uh, TV boxes and stuff like that, which is interesting. >>I don't know, you'll some of the history of Java, but yeah. Wasm is, is very, I'm not sure how to correctly pronounce it, but yeah, it's extremely interesting because of the isolation in that boxing. Right. And running powerful languages that were used to inside of a more isolated environment. Right. And it's almost, um, yeah, it's kind of, I think I've mentioned it before that the containers inside of containers, right. Um, yeah. So Johannes, hopefully I gave you enough time. I delayed, I delayed as much as I can. My friend, you better, you better just kidding. I'm just kidding, please, please. >>It was by the way, stack let's and they worked together with Google and with Russell, um, developing the web containers, it's called there's, it's quite interesting. The research they're doing there. Yeah. Yeah. I mean, what we believe and I, I also believe is that, um, yeah, probably somebody is doing to death environments, what Docker did to servers and at least that good part. We hope that somebody will be us. Um, so what we mean by that is that, um, we think today we are still somehow emotionally attached to our dev environments. Right. We give them names, we massage them over time, which can also have its benefits, but it's, they're still pets in some way. Right. And, um, we believe that, um, environments in the future, um, will be treated similar like servers today as automated resources that you can just spin up and close down whenever you need them. >>Right. And, um, this trend essentially that you also see in serverless, if you look at what kind of Netlify is doing a bit with preview environments, what were sellers doing? Um, there, um, we believe will also arrive at, um, at Steph environments. It probably won't be there tomorrow. So it will take some time because if there's also, you know, emotion involved into, in that, in that transition, but ultimately really believe that, um, provisioning dev environments also in the cloud allows you to leverage the power of the cloud and to essentially build all that stuff that you need in order to work in advance. Right? So that's literally either command or a button. So either, I don't know, a command that spins up your local views code and SSH into, into a container, or you do it in a browser, um, will be the way that professional development teams will develop in the future. Probably let's see in our direction of document, we say it's 2000 to 23. Let's see if that holds true. >>Okay. Can we, can, we let's know. Okay. Let's just say let's have a friendly bet. I don't know that's going to be closed now, but, um, yeah, I agree. I, you know, it's my thought around is it, it's hard, right? Th these are hard. And what problems do you tackle first, right? Do you tackle the day, one of, uh, you know, of development, right. I joined a team, Hey, here's your machine? And you have Docker installed and there you go, pull, pull down your environment. Right. Is that necessarily just an image? You know, what, what exactly is that sure. Containers are involved. Right. But that's, I mean, you, you've probably all gone through it. You joined a team, new project, even open-source project, right there. There's a huge hurdle just to get everything configured, to get everything installed, to get it up and running, um, you know, set aside all understanding the code base. >>Cause that's a different issue. Right. But just getting everything running locally and to your point earlier, Jacob of around, uh, recreating, local production cues and environments and, you know, GPS or anything like that, right. Is extremely hard. You can't do a lot of that locally. Right. So I think that's one of the things I'd love to see tackled. And I think that's where we're tackling in dev environments, uh, with Docker, but then now how do you become productive? Right. And where do we go from there? And, uh, and I would love to see this kind of hybrid and you guys have been all been talking about it where I can, yes. I have it configured everything locally on my nice, you know, apple notebook. Right. And then, you know, I go with the family and we go on vacation. I don't want to drag this 16 inch, you know, Mac laptop with me. >>And I want to take my nice iPad with the magic keyboard and all the bang stuff. Right. And I just want to fire up and I pick up where I left off. Right. And I keep coding and environment feels, you know, as much as it can that I'm still working at backup my desktop. I think those, those are very interesting to me. And I think reproducing, uh, the production running runtime environments as close as possible, uh, when I develop my, I think that's extremely powerful, extremely powerful. I think that's one of the hardest things, right. It's it's, uh, you know, we used to say, we, you debug in production. Right. We would launch, right. We would do, uh, as much performance testing as possible. But until you flip that switch on a big, on a big site, that's where you really understand what is going to break. >>Right. Well, awesome. I think we're just about at time. I really, really appreciate everybody joining me. Um, it's been a pleasure talking to all of you. We have to do this again. If I, uh, hopefully, you know, I I'm in here in America and we seem to be doing okay with COVID, but I know around the world, others are not. So my heart goes out to them, but I would love to be able to get out of here and come see all of you and meet you in person, maybe break some bread together. But, um, again, it was a pleasure talking to you all, and I really appreciate you taking the time. Have a good evening. Cool. >>Thanks for having us. Thanks for joining us. Yes.

>> From around the globe, it's the Cube! With digital coverage of IBM Think 2021, brought to you by IBM. >> Well, welcome back to the Cube and our IBM Think initiative and today a fascinating subject with a dramatic shift that's going on in the Middle East and specifically in the kingdom of Saudi Arabia. There is a significant partnership that has just recently been launched called SARIE, which is the Saudi Arabian real interbank express. And it basically is a, a dramatic move to make the kingdom cashless - and IBM is very much at the center of that. With me to talk about that role is Elhadji Cisse who at IBM is the MEA head of payments which of course is middle East and Africa. Elhadji, good to have you with us all the way from Dubai. Good to see you today. >> The pleasure's all mine. >> Good. Well, thank you for joining us. And let's, let's talk about this initiative. First off, the problem or at least the challenge that IBM and its partners are trying to solve and now how you're going about it. So let's just paint that 30,000 foot level, if you will, then we'll dive in a little deeper. >> All right. So if you look at the countries, the kingdom of Saudi Arabia, and in much of the region, Middle East and Africa, we have very cash driven society. And this provides lots of challenges in terms of government point of view, businesses' point of view. And even the consumer point of view. The cash transaction is becoming less and less traceable. You are less likely to see where the cash is going, where the cash is coming from. Maintaining the cash also is becoming more and more expensive in terms of security, in terms of recycling the cash, holding the cash, transacting the cash, all of that has to be taken into consideration. And the kingdom of Saudi Arabia, with the help of the crown Prince Mohammad bin Salman, has a visionary vision 2030 to be put in place that will enable them to revolutionize the entire financial sector. There's a segment within that called the FSDB, the financial sector development program. And that program, within that program, they have a goal to develop a digital platform that will enhance and enable the society to go to a more cashless society and also help define a full end to end digital environment for the, for the kingdom. >> So when you think about the scale of this, I mean it's almost mindblowing in a way, because in many cases we've been talking about with various of your colleagues at IBM, different initiatives that involve an organization or involve maybe a more regional partnership or something like that. This is national, right? This is every banking institution in the kingdom of Saudi Arabia. Businesses, government entities. I mean, if you would, share with me some of the complexity of this in terms of a project of that scale and, and trying to bring together these disparate systems that all have a different kind of legacy overhang, if you will, right. And now you're trying to modernize everybody moving towards the same goal in 2030, I think it's mind blowing. >> Yeah, it is. It is, John. And if you look at the complexity, if I may speak a little bit about how complex it is, let's start with the team. The team has been a full diverse team. We have 10 different nationalities. We have team from America, Canada, Egypt, Saudi Arabia, UAE, China, UK, Pakistan, India. I mean, you name it. We have the whole globe pretty much. Every single region, Australia also was there. We had the team of that magnitude. In addition to that, as you rightfully stated, we're not building a system for a particular company or particular industry. It is for the entire country, all the banks of Saudi Arabia: the 11 national banks and the 12 additional international banks that are there. The global corporates, such as the Telco corporation, the oil corporation that are there. All of them needs to be onboarded into this including the 17 million or 20 some million population that are there. Now, the keys to this that we have is that our partners, MasterCard and Saudi payments, we have mandated ourself not to divide ourselves into three teams. We have to go with this as one single team. This was the motto of the project. This is what made us successful. We didn't differentiate between IBM, MasterCard, or Saudi payment. We all went together and addressed every single challenge as a team with the three different layers. And that's what helped us become successful with this engagement. >> So let's look at the initiatives specifically then in terms of the technology that's driving this. We talk a lot about the digital transformation that's occurring in the world. And again, it's kind of a catch all phrase, but this truly is a almost a magical transformation that you're going through. So how did you address the various workloads, what's going to be done where and how, and by whom. And then this integration that has to go on with that, not only are you centralizing a lot of these functions but you also have to distribute them to institutions across the kingdom. So if you would share a little bit of insight on that. >> Yeah. So if you look, if you look at the architecture that we have put in place, it's really a very agile and flexible architecture in a way that we have put in a central entity, which is the payment hub that is, that will handle all the payments solution that is there. And we put the flexibility for all the consumers because we have different banks. If you look at the banks industry, we have banks that are very mature, banks that have a medium level of maturity, and some that are absolutely not mature at all. And with this solution that we have to get involved, we have to be Azure 222 enabled, which is the new language that we will be using. Now, the infrastructure that we put in place have enabled that flexibility, otherwise we will never going to be successful. You cannot come to a country and say everybody needs to be onboarded into this language. Everybody needs to be operating this way. No, that will never going to work. We have taken that into consideration from the beginning. We knew this would be a challenge and we put different tools within IBM that we have put in place in order to go to mitigate those, such as the WTX, which is the Webster transformation exchanger that enables us to transform messages from and to Azure 222 or to Azure 222 or to any type of format that the customer have, any of the customer would be the banks. So we encapsulate that. Another challenge that we have is on the on boarding aspect. A lot of banks, again depending on their maturity level, we have to be ready with different environment for them to be, to catch up with us. Not everybody will be able to onboard on the same time. So by leveraging our RTVS solution, the rational testable service virtualization, it enables us to mitigate, to virtualize an entire ecosystem, make it look like it is a physical environment for the banks to use as a test as opposed to in the normal circumstances, purchasing additional hardware additional software, additional components and doing that, we're just virtualizing it for those who are ready for a system testing, those who are ready for a performance test, those who're ready for any type of non-functional requirements testing aspect. So these tools and this mechanism have helped us with our complex system integration methodology to mitigate this complexity and make it easy for the ecosystem to be onboarded and make us successful in this deal. >> And you raised a really interesting point in terms of the maturity of different levels of technology within the banking institutions there. You've got, you know, I'm sure, as you pointed out, some very small enterprises, right? Very small towns, very small institutions whose systems might not be as sophisticated or as mature, basically. So ultimately, how do you tie all that in together so that there might be a very large institution that has a very robust set of infrastructure and processes in place. And then you've got it communicating with a very small institution. You've got to be a great translator, right? I mean, IBM does here. Because you don't have them sometimes basically talking the same language, literally in this case. >> Yes, absolutely. And this is really our forte. We are the system integrators of choice in this region. And this goes without saying, because of our platform and our processes and our people that we put together. If you look at this, this example again, on the integration layer, we've enabled two lines of communication, two channels for the community. They could either go for API if they are very mature or they could go to MQ which is a low level of, I won't say a low level, but a very old fashioned way of communicating. On that aspect, they not only they have two protocols to get to us, they can use any message format that they want as long as we agree and we have an end check on the language that they're going to be using. And this integration layer or the system of integration that we have built that enables us to add that flexibility on both entities. >> So this was just launched. I mean literally just launched. What's your timeline in order to have full or I guess, reasonable implementation. >> That's a great question. Actually, the average is 24 to 30 months. We have broken the world record. We have implemented this magnificent solution within 18 months. It's actually a 17 month and a half of implementation. With the scope that we have, that is onboarding all the banks, having deferred net settlement, having the Azure 222, billing solution on it. We had the, we had the billing we had the dispute management, we had the single proxies. We have the debit cap and limit management and the portal solution. So we have all of these component within 17 and a half month. This breaks the world record of implementing an instant payment solution globally. >> We'll call Guinness and get you in the book then. It is a remarkable achievement. It really is. And you know, and you've talked about some of the the values here in terms of reduced transaction costs. Greater stability, greater security, greater transactional relationships, I imagine market liquidity, right? In your thought, I mean, tie all that together for our viewers in terms of impact and what you think this kind of partnership is going to create in terms of changing the way basically financial services are delivered in the kingdom. >> So it will change a lot. And the impact in the economy, like I said this is going to be on a three-fold. One, from a consumer point of view, you'll be able to save time in making your transactions. You will be able to trace your transactions and be able to have enough data to understand how you're managing your budget in your annual transaction. From a business point of view, you will be able to save yourself from theft. I mean, again, having cash in your business, it will tend to having more people coming in and stealing them from you either your employees or your customers or anybody else. But having a cashless business nobody can literally steal your money. They can only steal your phone or steal your gadget that you have for that aspect. Managing and maintaining cash also is a big problem. Now from a government point of view, this is where it gets very interesting, especially for Saudi Arabia, the taxation of the employees or the payment of it, the trustability of all of that and being able to trace it and being able to say, okay how much tax you will need to pay by end of the year without you doing the calculation. That information was already provided to the government. And as a central bank, the printing of cash, maintaining cash, storing cash, securing cash all of those costs will be going away. This is why the country wanted to go into a cashless society. >> Well, it's a fascinating endeavor. And certainly congratulations on that front. We're talking about real time payments and really making a significant difference in in how services are delivered in the kingdom and Elhadji, I certainly have appreciated your time here today and talking about it and and wish you all the best down the road. Thank you very much. >> Thank you very much, John. I appreciate it. >> All right. So we're talking about the journey to a cashless society in the kingdom of Saudi Arabia and what Elhadji is doing and what IBM is doing to make that happen. I'm John Wallace and thanks for joining us here on the Cube!

(gentle music) >> From around the globe, it's the Cube! With digital coverage of IBM Think 2021, brought to you by IBM. >> Well, welcome back to the Cube and our IBM Think initiative and today a fascinating subject with a dramatic shift that's going on in the Middle East and specifically in the kingdom of Saudi Arabia. There is a significant partnership that has just recently been launched called SARIE, which is the Saudi Arabian real interbank express. And it basically is a, a dramatic move to make the kingdom cashless - and IBM is very much at the center of that. With me to talk about that role is Elhadji Cisse who at IBM is the MEA head of payments which of course is middle East and Africa. Elhadji, good to have you with us all the way from Dubai. Good to see you today. >> The pleasure's all mine. >> Good. Well, thank you for joining us. And let's, let's talk about this initiative. First off, the problem or at least the challenge that IBM and its partners are trying to solve and now how you're going about it. So let's just paint that 30,000 foot level, if you will, then we'll dive in a little deeper. >> All right. So if you look at the countries in the kingdom of Saudi Arabia, and in much of the region, Middle East and Africa, we have very cash driven society. And this provides lots of challenges in terms of government point of view, businesses' point of view. And even the consumer point of view. The cash transaction is becoming less and less traceable. You are less likely to see where the cash is going, where the cash is coming from. Maintaining the cash also is becoming more and more expensive in terms of security, in terms of recycling the cash, holding the cash, transacting the cash, all of that has to be taken into consideration. And the kingdom of Saudi Arabia, with the help of the crown Prince Mohammad bin Salman, has a visionary vision 2030 to be put in place that will enable them to revolutionize the entire financial sector. There's a segment within that called the FSDB, the financial sector development program. And that program, within that program, they have a goal to develop a digital platform that will enhance and enable the society to go to a more cashless society and also help define a full end to end digital environment for the, for the kingdom. >> So when you think about the scale of this, I mean it's almost mindblowing in a way, because in many cases we've been talking about with various of your colleagues at IBM, different initiatives that involve an organization or involve maybe a more regional partnership or something like that. This is national, right? This is every banking institution in the kingdom of Saudi Arabia. Businesses, government entities. I mean, if you would, share with me some of the complexity of this in terms of a project of that scale and, and trying to bring together these disparate systems that all have a different kind of legacy overhang, if you will, right. And now you're trying to modernize everybody moving towards the same goal in 2030, I think it's mind blowing. >> Yeah, it is. It is, John. And if you look at the complexity, if I may speak a little bit about how complex it is, let's start with the team. The team has been a full diverse team. We have 10 different nationalities. We have team from America, Canada, Egypt, Saudi Arabia, UAE, China, UK, Pakistan, India. I mean, you name it. We have the whole globe pretty much. Every single region, Australia also was there. We had the team of that magnitude. In addition to that, as you rightfully stated, we're not building a system for a particular company or particular industry. It is for the entire country, all the banks of Saudi Arabia: the 11 national banks and the 12 additional international banks that are there. The global corporates, such as the Telco corporation, the oil corporation that are there. All of them needs to be onboarded into this including the 17 million or 20 some million population that are there. Now, the keys to this that we have is that our partners, MasterCard and Saudi payments, we have mandated ourself not to divide ourselves into three teams. We have to go with this as one single team. This was the motto of the project. This is what made us successful. We didn't differentiate between IBM, MasterCard, or Saudi payment. We all went together and addressed every single challenge as a team with the three different layers. And that's what helped us become successful with this engagement. >> So let's look at the initiatives specifically then in terms of the technology that's driving this. We talk a lot about the digital transformation that's occurring in the world. And again, it's kind of a catch all phrase, but this truly is a almost a magical transformation that you're going through. So how did you address the various workloads, what's going to be done where and how, and by whom. And then this integration that has to go on with that, not only are you centralizing a lot of these functions but you also have to distribute them to institutions across the kingdom. So if you would share a little bit of insight on that. >> Yeah. So if you look, if you look at the architecture that we have put in place, it's really a very agile and flexible architecture in a way that we have put in a central entity, which is the payment hub that is, that will handle all the payments solution that is there. And we put the flexibility for all the consumers because we have different banks. If you look at the banks industry, we have banks that are very mature, banks that have a medium level of maturity, and some that are absolutely not mature at all. And with this solution that we have to get involved, we have to be Azure 222 enabled, which is the new language that we will be using. Now, the infrastructure that we put in place have enabled that flexibility, otherwise we will never going to be successful. You cannot come to a country and say everybody needs to be onboarded into this language. Everybody needs to be operating this way. No, that will never going to work. We have taken that into consideration from the beginning. We knew this would be a challenge and we put different tools within IBM that we have put in place in order to go to mitigate those, such as the WTX, which is the Webster transformation exchanger that enables us to transform messages from and to Azure 222 or to Azure 222 or to any type of format that the customer have, any of the customer would be the banks. So we encapsulate that. Another challenge that we have is on the on boarding aspect. A lot of banks, again depending on their maturity level, we have to be ready with different environment for them to be, to catch up with us. Not everybody will be able to onboard on the same time. So by leveraging our RTVS solution, the rational testable service virtualization, it enables us to mitigate, to virtualize an entire ecosystem, make it look like it is a physical environment for the banks to use as a test as opposed to in the normal circumstances, purchasing additional hardware additional software, additional components and doing that, we're just virtualizing it for those who are ready for a system testing, those who are ready for a performance test, those who're ready for any type of non-functional requirements testing aspect. So these tools and this mechanism have helped us with our complex system integration methodology to mitigate this complexity and make it easy for the ecosystem to be onboarded and make us successful in this deal. >> And you raised a really interesting point in terms of the maturity of different levels of technology within the banking institutions there. You've got, you know, I'm sure, as you pointed out, some very small enterprises, right? Very small towns, very small institutions whose systems might not be as sophisticated or as mature, basically. So ultimately, how do you tie all that in together so that there might be a very large institution that has a very robust set of infrastructure and processes in place. And then you've got it communicating with a very small institution. You've got to be a great translator, right? I mean, IBM does here. Because you don't have them sometimes basically talking the same language, literally in this case. >> Yes, absolutely. And this is really our forte. We are the system integrators of choice in this region. And this goes without saying, because of our platform and our processes and our people that we put together. If you look at this, this example again, on the integration layer, we've enabled two lines of communication, two channels for the community. They could either go for API if they are very mature or they could go to MQ which is a low level of, I won't say a low level, but a very old fashioned way of communicating. On that aspect, they not only they have two protocols to get to us, they can use any message format that they want as long as we agree and we have an end check on the language that they're going to be using. And this integration layer or the system of integration that we have built that enables us to add that flexibility on both entities. >> So this was just launched. I mean literally just launched. What's your timeline in order to have full or I guess, reasonable implementation. >> That's a great question. Actually, the average is 24 to 30 months. We have broken the world record. We have implemented this magnificent solution within 18 months. It's actually a 17 month and a half of implementation. With the scope that we have, that is onboarding all the banks, having deferred net settlement, having the Azure 222, billing solution on it. We had the, we had the billing we had the dispute management, we had the single proxies. We have the debit cap and limit management and the portal solution. So we have all of these component within 17 and a half month. This breaks the world record of implementing an instant payment solution globally. >> We'll call Guinness and get you in the book then. It is a remarkable achievement. It really is. And you know, and you've talked about some of the the values here in terms of reduced transaction costs. Greater stability, greater security, greater transactional relationships, I imagine market liquidity, right? In your thought, I mean, tie all that together for our viewers in terms of impact and what you think this kind of partnership is going to create in terms of changing the way basically financial services are delivered in the kingdom. >> So it will change a lot. And the impact in the economy, like I said this is going to be on a three-fold. One, from a consumer point of view, you'll be able to save time in making your transactions. You will be able to trace your transactions and be able to have enough data to understand how you're managing your budget in your annual transaction. From a business point of view, you will be able to save yourself from theft. I mean, again, having cash in your business, it will tend to having more people coming in and stealing them from you either your employees or your customers or anybody else. But having a cashless business nobody can literally steal your money. They can only steal your phone or steal your gadget that you have for that aspect. Managing and maintaining cash also is a big problem. Now from a government point of view, this is where it gets very interesting, especially for Saudi Arabia, the taxation of the employees or the payment of it, the trustability of all of that and being able to trace it and being able to say, okay how much tax you will need to pay by end of the year without you doing the calculation. That information was already provided to the government. And as a central bank, the printing of cash, maintaining cash, storing cash, securing cash all of those costs will be going away. This is why the country wanted to go into a cashless society. >> Well, it's a fascinating endeavor. And certainly congratulations on that front. We're talking about real time payments and really making a significant difference in in how services are delivered in the kingdom and Elhadji, I certainly have appreciated your time here today and talking about it and and wish you all the best down the road. Thank you very much. >> Thank you very much, John. I appreciate it. >> All right. So we're talking about the journey to a cashless society in the kingdom of Saudi Arabia and what Elhadji is doing and what IBM is doing to make that happen. I'm John Wallace and thanks for joining us here on the Cube!