>> From the CUBE Studios in Palo Alto in Boston, bringing you data driven insights from the Cube and ETR. This is Breaking Analysis with Dave Vellante. >> A better than expected earnings report in late August got people excited about Snowflake again, but the negative sentiment in the market is weighed heavily on virtually all growth tech stocks and Snowflake is no exception. As we've stressed many times the company's management is on a long term mission to dramatically simplify the way organizations use data. Snowflake is tapping into a multi hundred billion dollar total available market and continues to grow at a rapid pace. In our view, Snowflake is embarking on its third major wave of innovation data apps, while its first and second waves are still bearing significant fruit. Now for short term traders focused on the next 90 or 180 days, that probably doesn't matter. But those taking a longer view are asking, "Should we still be optimistic about the future of this high flyer or is it just another over hyped tech play?" Hello and welcome to this week's Wiki Bond Cube Insights powered by ETR. Snowflake's Quarter just ended. And in this breaking analysis we take a look at the most recent survey data from ETR to see what clues and nuggets we can extract to predict the near term future in the long term outlook for Snowflake which is going to announce its earnings at the end of this month. Okay, so you know the story. If you've been investor in Snowflake this year, it's been painful. We said at IPO, "If you really want to own this stock on day one, just hold your nose and buy it." But like most IPOs we said there will be likely a better entry point in the future, and not surprisingly that's been the case. Snowflake IPOed a price of 120, which you couldn't touch on day one unless you got into a friends and family Delio. And if you did, you're still up 5% or so. So congratulations. But at one point last year you were up well over 200%. That's been the nature of this volatile stock, and I certainly can't help you with the timing of the market. But longer term Snowflake is targeting 10 billion in revenue for fiscal year 2028. A big number. Is it achievable? Is it big enough? Tell you what, let's come back to that. Now shorter term, our expert trader and breaking analysis contributor Chip Simonton said he got out of the stock a while ago after having taken a shot at what turned out to be a bear market rally. He pointed out that the stock had been bouncing around the 150 level for the last few months and broke that to the downside last Friday. So he'd expect 150 is where the stock is going to find resistance on the way back up, but there's no sign of support right now. He said maybe at 120, which was the July low and of course the IPO price that we just talked about. Now, perhaps earnings will be a catalyst, when Snowflake announces on November 30th, but until the mentality toward growth tech changes, nothing's likely to change dramatically according to Simonton. So now that we have that out of the way, let's take a look at the spending data for Snowflake in the ETR survey. Here's a chart that shows the time series breakdown of snowflake's net score going back to the October, 2021 survey. Now at that time, Snowflake's net score stood at a robust 77%. And remember, net score is a measure of spending velocity. It's a proprietary network, and ETR derives it from a quarterly survey of IT buyers and asks the respondents, "Are you adopting the platform new? Are you spending 6% or more? Is you're spending flat? Is you're spending down 6% or worse? Or are you leaving the platform decommissioning?" You subtract the percent of customers that are spending less or churning from those that are spending more and adopting or adopting and you get a net score. And that's expressed as a percentage of customers responding. In this chart we show Snowflake's in out of the total survey which ranges... The total survey ranges between 1,200 and 1,400 each quarter. And the very last column... Oh sorry, very last row, we show the number of Snowflake respondents that are coming in the survey from the Fortune 500 and the Global 2000. Those are two very important Snowflake constituencies. Now what this data tells us is that Snowflake exited 2021 with very strong momentum in a net score of 82%, which is off the charts and it was actually accelerating from the previous survey. Now by April that sentiment had flipped and Snowflake came down to earth with a 68% net score. Still highly elevated relative to its peers, but meaningfully down. Why was that? Because we saw a drop in new ads and an increase in flat spend. Then into the July and most recent October surveys, you saw a significant drop in the percentage of customers that were spending more. Now, notably, the percentage of customers who are contemplating adding the platform is actually staying pretty strong, but it is off a bit this past survey. And combined with a slight uptick in planned churn, net score is now down to 60%. That uptick from 0% and 1% and then 3%, it's still small, but that net score at 60% is still 20 percentage points higher than our highly elevated benchmark of 40% as you recall from listening to earlier breaking analysis. That 40% range is we consider a milestone. Anything above that is actually quite strong. But again, Snowflake is down and coming back to churn, while 3% churn is very low, in previous quarters we've seen Snowflake 0% or 1% decommissions. Now the last thing to note in this chart is the meaningful uptick in survey respondents that are citing, they're using the Snowflake platform. That's up to 212 in the survey. So look, it's hard to imagine that Snowflake doesn't feel the softening in the market like everyone else. Snowflake is guiding for around 60% growth in product revenue against the tough compare from a year ago with a 2% operating margin. So like every company, the reaction of the street is going to come down to how accurate or conservative the guide is from their CFO. Now, earlier this year, Snowflake acquired a company called Streamlit for around $800 million. Streamlit is an open source Python library and it makes it easier to build data apps with machine learning, obviously a huge trend. And like Snowflake, generally its focus is on simplifying the complex, in this case making data science easier to integrate into data apps that business people can use. So we were excited this summer in the July ETR survey to see that they added some nice data and pick on Streamlit, which we're showing here in comparison to Snowflake's core business on the left hand side. That's the data warehousing, the Streamlit pieces on the right hand side. And we show again net score over time from the previous survey for Snowflake's core database and data warehouse offering again on the left as compared to a Streamlit on the right. Snowflake's core product had 194 responses in the October, 22 survey, Streamlit had an end of 73, which is up from 52 in the July survey. So significant uptick of people responding that they're doing business in adopting Streamlit. That was pretty impressive to us. And it's hard to see, but the net scores stayed pretty constant for Streamlit at 51%. It was 52% I think in the previous quarter, well over that magic 40% mark. But when you blend it with Snowflake, it does sort of bring things down a little bit. Now there are two key points here. One is that the acquisition seems to have gained exposure right out of the gate as evidenced by the large number of responses. And two, the spending momentum. Again while it's lower than Snowflake overall, and when you blend it with Snowflake it does pull it down, it's very healthy and steady. Now let's do a little pure comparison with some of our favorite names in this space. This chart shows net score or spending velocity in the Y-axis, an overlap or presence, pervasiveness if you will, in the data set on the X-axis. That red dotted line again is that 40% highly elevated net score that we like to talk about. And that table inserted informs us as to how the companies are plotted, where the dots set up, the net score, the ins. And we're comparing a number of database players, although just a caution, Oracle includes all of Oracle including its apps. But we just put it in there for reference because it is the leader in database. Right off the bat, Snowflake jumps out with a net score of 64%. The 60% from the earlier chart, again included Streamlit. So you can see its core database, data warehouse business actually is higher than the total company average that we showed you before 'cause the Streamlit is blended in. So when you separate it out, Streamlit is right on top of data bricks. Isn't that ironic? Only Snowflake and Databricks in this selection of names are above the 40% level. You see Mongo and Couchbase, they know they're solid and Teradata cloud actually showing pretty well compared to some of the earlier survey results. Now let's isolate on the database data platform sector and see how that shapes up. And for this analysis, same XY dimensions, we've added the big giants, AWS and Microsoft and Google. And notice that those three plus Snowflake are just at or above the 40% line. Snowflake continues to lead by a significant margin in spending momentum and it keeps creeping to the right. That's that end that we talked about earlier. Now here's an interesting tidbit. Snowflake is often asked, and I've asked them myself many times, "How are you faring relative to AWS, Microsoft and Google, these big whales with Redshift and Synapse and Big Query?" And Snowflake has been telling folks that 80% of its business comes from AWS. And when Microsoft heard that, they said, "Whoa, wait a minute, Snowflake, let's partner up." 'Cause Microsoft is smart, and they understand that the market is enormous. And if they could do better with Snowflake, one, they may steal some business from AWS. And two, even if Snowflake is winning against some of the Microsoft database products, if it wins on Azure, Microsoft is going to sell more compute and more storage, more AI tools, more other stuff to these customers. Now AWS is really aggressive from a partnering standpoint with Snowflake. They're openly negotiating, not openly, but they're negotiating better prices. They're realizing that when it comes to data, the cheaper that you make the offering, the more people are going to consume. At scale economies and operating leverage are really powerful things at volume that kick in. Now Microsoft, they're coming along, they obviously get it, but Google is seemingly resistant to that type of go to market partnership. Rather than lean into Snowflake as a great partner Google's field force is kind of fighting fashion. Google itself at Cloud next heavily messaged what they call the open data cloud, which is a direct rip off of Snowflake. So what can we say about Google? They continue to be kind of behind the curve when it comes to go to market. Now just a brief aside on the competitive posture. I've seen Slootman, Frank Slootman, CEO of Snowflake in action with his prior companies and how he depositioned the competition. At Data Domain, he eviscerated a company called Avamar with their, what he called their expensive and slow post process architecture. I think he actually called it garbage, if I recall at one conference I heard him speak at. And that sort of destroyed BMC when he was at ServiceNow, kind of positioning them as the equivalent of the department of motor vehicles. And so it's interesting to hear how Snowflake openly talks about the data platforms of AWS, Microsoft, Google, and data bricks. I'll give you this sort of short bumper sticker. Redshift is just an on-prem database that AWS morphed to the cloud, which by the way is kind of true. They actually did a brilliant job of it, but it's basically a fact. Microsoft Excel, a collection of legacy databases, which also kind of morphed to run in the cloud. And even Big Query, which is considered cloud native by many if not most, is being positioned by Snowflake as originally an on-prem database to support Google's ad business, maybe. And data bricks is for those people smart enough to get it to Berkeley that love complexity. And now Snowflake doesn't, they don't mention Berkeley as far as I know. That's my addition. But you get the point. And the interesting thing about Databricks and Snowflake is a while ago in the cube I said that there was a new workload type emerging around data where you have AWS cloud, Snowflake obviously for the cloud database and Databricks data for the data science and EML, you bring those things together and there's this new workload emerging that's going to be very powerful in the future. And it's interesting to see now the aspirations of all three of these platforms are colliding. That's quite a dynamic, especially when you see both Snowflake and Databricks putting venture money and getting their hooks into the loyalties of the same companies like DBT labs and Calibra. Anyway, Snowflake's posture is that we are the pioneer in cloud native data warehouse, data sharing and now data apps. And our platform is designed for business people that want simplicity. The other guys, yes, they're formidable, but we Snowflake have an architectural lead and of course we run in multiple clouds. So it's pretty strong positioning or depositioning, you have to admit. Now I'm not sure I agree with the big query knockoffs completely. I think that's a bit of a stretch, but snowflake, as we see in the ETR survey data is winning. So in thinking about the longer term future, let's talk about what's different with Snowflake, where it's headed and what the opportunities are for the company. Snowflake put itself on the map by focusing on simplifying data analytics. What's interesting about that is the company's founders are as you probably know from Oracle. And rather than focusing on transactional data, which is Oracle's sweet spot, the stuff they worked on when they were at Oracle, the founder said, "We're going to go somewhere else. We're going to attack the data warehousing problem and the data analytics problem." And they completely re-imagined the database and how it could be applied to solve those challenges and reimagine what was possible if you had virtually unlimited compute and storage capacity. And of course Snowflake became famous for separating the compute from storage and being able to completely shut down compute so you didn't have to pay for it when you're not using it. And the ability to have multiple clusters hit the same data without making endless copies and a consumption/cloud pricing model. And then of course everyone on the planet realized, "Wow, that's a pretty good idea." Every venture capitalist in Silicon Valley has been funding companies to copy that move. And that today has pretty much become mainstream in table stakes. But I would argue that Snowflake not only had the lead, but when you look at how others are approaching this problem, it's not necessarily as clean and as elegant. Some of the startups, the early startups I think get it and maybe had an advantage of starting later, which can be a disadvantage too. But AWS is a good example of what I'm saying here. Is its version of separating compute from storage was an afterthought and it's good, it's... Given what they had it was actually quite clever and customers like it, but it's more of a, "Okay, we're going to tier to storage to lower cost, we're going to sort of dial down the compute not completely, we're not going to shut it off, we're going to minimize the compute required." It's really not true as separation is like for instance Snowflake has. But having said that, we're talking about competitors with lots of resources and cohort offerings. And so I don't want to make this necessarily all about the product, but all things being equal architecture matters, okay? So that's the cloud S-curve, the first one we're showing. Snowflake's still on that S-curve, and in and of itself it's got legs, but it's not what's going to power the company to 10 billion. The next S-curve we denote is the multi-cloud in the middle. And now while 80% of Snowflake's revenue is AWS, Microsoft is ramping up and Google, well, we'll see. But the interesting part of that curve is data sharing, and this idea of data clean rooms. I mean it really should be called the data sharing curve, but I have my reasons for calling it multi-cloud. And this is all about network effects and data gravity, and you're seeing this play out today, especially in industries like financial services and healthcare and government that are highly regulated verticals where folks are super paranoid about compliance. There not going to share data if they're going to get sued for it, if they're going to be in the front page of the Wall Street Journal for some kind of privacy breach. And what Snowflake has done is said, "Put all the data in our cloud." Now, of course now that triggers a lot of people because it's a walled garden, okay? It is. That's the trade off. It's not the Wild West, it's not Windows, it's Mac, it's more controlled. But the idea is that as different parts of the organization or even partners begin to share data that they need, it's got to be governed, it's got to be secure, it's got to be compliant, it's got to be trusted. So Snowflake introduced the idea of, they call these things stable edges. I think that's the term that they use. And they track a metric around stable edges. And so a stable edge, or think of it as a persistent edge is an ongoing relationship between two parties that last for some period of time, more than a month. It's not just a one shot deal, one a done type of, "Oh guys shared it for a day, done." It sent you an FTP, it's done. No, it's got to have trajectory over time. Four weeks or six weeks or some period of time that's meaningful. And that metric is growing. Now I think sort of a different metric that they track. I think around 20% of Snowflake customers are actively sharing data today and then they track the number of those edge relationships that exist. So that's something that's unique. Because again, most data sharing is all about making copies of data. That's great for storage companies, it's bad for auditors, and it's bad for compliance officers. And that trend is just starting out, that middle S-curve, it's going to kind of hit the base of that steep part of the S-curve and it's going to have legs through this decade we think. And then finally the third wave that we show here is what we call super cloud. That's why I called it multi-cloud before, so it could invoke super cloud. The idea that you've built a PAS layer that is purpose built for a specific objective, and in this case it's building data apps that are cloud native, shareable and governed. And is a long-term trend that's going to take some time to develop. I mean, application development platforms can take five to 10 years to mature and gain significant adoption, but this one's unique. This is a critical play for Snowflake. If it's going to compete with the big cloud players, it has to have an app development framework like Snowpark. It has to accommodate new data types like transactional data. That's why it announced this thing called UniStore last June, Snowflake a summit. And the pattern that's forming here is Snowflake is building layer upon layer with its architecture at the core. It's not currently anyway, it's not going out and saying, "All right, we're going to buy a company that's got to another billion dollars in revenue and that's how we're going to get to 10 billion." So it's not buying its way into new markets through revenue. It's actually buying smaller companies that can complement Snowflake and that it can turn into revenue for growth that fit in to the data cloud. Now as to the 10 billion by fiscal year 28, is that achievable? That's the question. Yeah, I think so. Would the momentum resources go to market product and management prowess that Snowflake has? Yes, it's definitely achievable. And one could argue to $10 billion is too conservative. Indeed, Snowflake CFO, Mike Scarpelli will fully admit his forecaster built on existing offerings. He's not including revenue as I understand it from all the new stuff that's in the pipeline because he doesn't know what it's going to look like. He doesn't know what the adoption is going to look like. He doesn't have data on that adoption, not just yet anyway. And now of course things can change quite dramatically. It's possible that is forecast for existing businesses don't materialize or competition picks them off or a company like Databricks actually is able in the longer term replicate the functionality of Snowflake with open source technologies, which would be a very competitive source of innovation. But in our view, there's plenty of room for growth, the market is enormous and the real key is, can and will Snowflake deliver on the promises of simplifying data? Of course we've heard this before from data warehouse, the data mars and data legs and master data management and ETLs and data movers and data copiers and Hadoop and a raft of technologies that have not lived up to expectations. And we've also, by the way, seen some tremendous successes in the software business with the likes of ServiceNow and Salesforce. So will Snowflake be the next great software name and hit that 10 billion magic mark? I think so. Let's reconnect in 2028 and see. Okay, we'll leave it there today. I want to thank Chip Simonton for his input to today's episode. Thanks to Alex Myerson who's on production and manages the podcast. Ken Schiffman as well. Kristin Martin and Cheryl Knight help get the word out on social media and in our newsletters. And Rob Hove is our Editor in Chief over at Silicon Angle. He does some great editing for us. Check it out for all the news. Remember all these episodes are available as podcasts. Wherever you listen, just search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com. Or you can email me to get in touch David.vallante@siliconangle.com. DM me @dvellante or comment on our LinkedIn post. And please do check out etr.ai, they've got the best survey data in the enterprise tech business. This is Dave Vellante for the CUBE Insights, powered by ETR. Thanks for watching, thanks for listening and we'll see you next time on breaking analysis. (upbeat music)

(atmospheric music) >> Welcome to theCUBE Coverage of Data Citizens 2022 Collibra's Customer event. My name is Dave Vellante. With us is Kirk Haslbeck, who's the Vice President of Data Quality of Collibra. Kirk, good to see you, welcome. >> Thanks for having me, Dave. Excited to be here. >> You bet. Okay, we're going to discuss data quality, observability. It's a hot trend right now. You founded a data quality company, OwlDQ, and it was acquired by Collibra last year. Congratulations. And now you lead data quality at Collibra. So we're hearing a lot about data quality right now. Why is it such a priority? Take us through your thoughts on that. >> Yeah, absolutely. It's definitely exciting times for data quality which you're right, has been around for a long time. So why now? And why is it so much more exciting than it used to be? I think it's a bit stale, but we all know that companies use more data than ever before, and the variety has changed and the volume has grown. And while I think that remains true there are a couple other hidden factors at play that everyone's so interested in as to why this is becoming so important now. And I guess you could kind of break this down simply and think about if Dave you and I were going to build a new healthcare application and monitor the heartbeat of individuals, imagine if we get that wrong, what the ramifications could be, what those incidents would look like. Or maybe better yet, we try to build a new trading algorithm with a crossover strategy where the 50 day crosses the 10 day average. And imagine if the data underlying the inputs to that is incorrect. We will probably have major financial ramifications in that sense. So, kind of starts there, where everybody's realizing that we're all data companies, and if we are using bad data we're likely making incorrect business decisions. But I think there's kind of two other things at play. I bought a car not too long ago and my dad called and said, "How many cylinders does it have?" And I realized in that moment, I might have failed him cause I didn't know. And I used to ask those types of questions about any lock breaks and cylinders, and if it's manual or automatic. And I realized, I now just buy a car that I hope works. And it's so complicated with all the computer chips. I really don't know that much about it. And that's what's happening with data. We're just loading so much of it. And it's so complex that the way companies consume them in the IT function is that they bring in a lot of data and then they syndicate it out to the business. And it turns out that the individuals loading and consuming all of this data for the company actually may not know that much about the data itself and that's not even their job anymore. So, we'll talk more about that in a minute, but that's really what's setting the foreground for this observability play and why everybody's so interested. It's because we're becoming less close to the intricacies of the data and we just expect it to always be there and be correct. >> You know, the other thing too about data quality, and for years we did the MIT, CDO, IQ event. We didn't do it last year at COVID, messed everything up. But the observation I would make there, your thoughts is, data quality used to be information quality, used to be this back office function, and then it became sort of front office with financial services, and government and healthcare, these highly regulated industries. And then the whole chief data officer thing happened and people were realizing, well they sort of flipped the bit from sort of a data as a risk to data as an asset. And now as we say, we're going to talk about observability. And so it's really become front and center, just the whole quality issue because data's so fundamental, hasn't it? >> Yeah, absolutely. I mean, let's imagine we pull up our phones right now and I go to my favorite stock ticker app, and I check out the Nasdaq market cap. I really have no idea if that's the correct number. I know it's a number, it looks large, it's in a numeric field. And that's kind of what's going on. There's so many numbers and they're coming from all of these different sources, and data providers, and they're getting consumed and passed along. But there isn't really a way to tactically put controls on every number and metric across every field we plan to monitor, but with the scale that we've achieved in early days, even before Collibra. And what's been so exciting is, we have these types of observation techniques, these data monitors that can actually track past performance of every field at scale. And why that's so interesting, and why I think the CDO is listening right intently nowadays to this topic is, so maybe we could surface all of these problems with the right solution of data observability and with the right scale, and then just be alerted on breaking trends. So we're sort of shifting away from this world of must write a condition and then when that condition breaks that was always known as a break record. But what about breaking trends and root cause analysis? And is it possible to do that with less human intervention? And so I think most people are seeing now that it's going to have to be a software tool and a computer system. It's not ever going to be based on one or two domain experts anymore. >> So how does data observability relate to data quality? Are they sort of two sides of the same coin? Are they cousins? What's your perspective on that? >> Yeah, it's super interesting. It's an emerging market. So the language is changing, a lot of the topic and areas changing. The way that I like to say it or break it down because the lingo is constantly moving, as a target on the space is really breaking records versus breaking trends. And I could write a condition when this thing happens it's wrong, and when it doesn't it's correct. Or I could look for a trend and I'll give you a good example. Everybody's talking about fresh data and stale data, and why would that matter? Well, if your data never arrived, or only part of it arrived, or didn't arrive on time, it's likely stale, and there will not be a condition that you could write that would show you all the good and the bads. That was kind of your traditional approach of data quality break records. But your modern day approach is you lost a significant portion of your data, or it did not arrive on time to make that decision accurately on time. And that's a hidden concern. Some people call this freshness, we call it stale data. But it all points to the same idea of the thing that you're observing may not be a data quality condition anymore. It may be a breakdown in the data pipeline. And with thousands of data pipelines in play for every company out there, there's more than a couple of these happening every day. >> So what's the Collibra angle on all this stuff? Made the acquisition, you got data quality, observability coming together. You guys have a lot of expertise in this area, but you hear providence of data. You just talked about stale data, the whole trend toward realtime. How is Collibra approaching the problem and what's unique about your approach? >> Well I think where we're fortunate is with our background. Myself and team, we sort of lived this problem for a long time in the Wall Street days about a decade ago. And we saw it from many different angles. And what we came up with, before it was called data observability or reliability, was basically the underpinnings of that. So we're a little bit ahead of the curve there when most people evaluate our solution. It's more advanced than some of the observation techniques that currently exist. But we've also always covered data quality and we believe that people want to know more, they need more insights. And they want to see break records and breaking trends together, so they can correlate the root cause. And we hear that all the time. "I have so many things going wrong just show me the big picture. Help me find the thing that if I were to fix it today would make the most impact." So we're really focused on root cause analysis, business impact, connecting it with lineage and catalog metadata. And as that grows you can actually achieve total data governance. At this point with the acquisition of what was a Lineage company years ago, and then my company OwlDQ, now Collibra Data Quality. Collibra may be the best positioned for total data governance and intelligence in the space. >> Well, you mentioned financial services a couple of times and some examples, remember the flash crash in 2010. Nobody had any idea what that was. They would just say, "Oh, it's a glitch." So they didn't understand the root cause of it. So this is a really interesting topic to me. So we know at Data Citizens 22 that you're announcing, you got to announce new products, right? It is your yearly event. What's new? Give us a sense as to what products are coming out but specifically around data quality and observability. >> Absolutely. There's this, there's always a next thing on the forefront. And the one right now is these hyperscalers in the cloud. So you have databases like Snowflake and BigQuery, and Databricks, Delta Lake and SQL Pushdown. And ultimately what that means is a lot of people are storing in loading data even faster in a SaaS like model. And we've started to hook into these databases, and while we've always worked with the same databases in the past they're supported today. We're doing something called Native Database pushdown, where the entire compute and data activity happens in the database. And why that is so interesting and powerful now? Is everyone's concerned with something called Egress. Did my data that I've spent all this time and money with my security team securing ever leave my hands, did it ever leave my secure VPC as they call it? And with these native integrations that we're building and about to unveil here as kind of a sneak peak for next week at Data Citizens, we're now doing all compute and data operations in databases like Snowflake. And what that means is with no install and no configuration you could log into the Collibra data quality app and have all of your data quality running inside the database that you've probably already picked as your go forward team selection secured database of choice. So we're really excited about that. And I think if you look at the whole landscape of network cost, egress cost, data storage and compute, what people are realizing is it's extremely efficient to do it in the way that we're about to release here next week. >> So this is interesting because what you just described, you mentioned Snowflake, you mentioned Google, oh actually you mentioned yeah, Databricks. You know, Snowflake has the data cloud. If you put everything in the data cloud, okay, you're cool. But then Google's got the open data cloud. If you heard, Google next. And now Databricks doesn't call it the data cloud, but they have like the open source data cloud. So you have all these different approaches and there's really no way, up until now I'm hearing, to really understand the relationships between all those and have confidence across, it's like yamarket AMI, you should just be a note on the mesh. I don't care if it's a data warehouse or a data lake, or where it comes from, but it's a point on that mesh and I need tooling to be able to have confidence that my data is governed and has the proper lineage, providence. And that's what you're bringing to the table. Is that right? Did I get that right? >> Yeah, that's right. And it's, for us, it's not that we haven't been working with those great cloud databases, but it's the fact that we can send them the instructions now we can send them the operating ability to crunch all of the calculations, the governance, the quality, and get the answers. And what that's doing, it's basically zero network cost, zero egress cost, zero latency of time. And so when you were to log into BigQuery tomorrow using our tool, or say Snowflake for example, you have instant data quality metrics, instant profiling, instant lineage in access, privacy controls, things of that nature that just become less onerous. What we're seeing is there's so much technology out there just like all of the major brands that you mentioned but how do we make it easier? The future is about less clicks, faster time to value, faster scale, and eventually lower cost. And we think that this positions us to be the leader there. >> I love this example because, we've got talks about well the cloud guys you're going to own the world. And of course now we're seeing that the ecosystem is finding so much white space to add value connect across cloud. Sometimes we call it super cloud and so, or inter clouding. Alright, Kirk, give us your final thoughts on the trends that we've talked about and data Citizens 22. >> Absolutely. Well I think, one big trend is discovery and classification. Seeing that across the board, people used to know it was a zip code and nowadays with the amount of data that's out there they want to know where everything is, where their sensitive data is, if it's redundant, tell me everything inside of three to five seconds. And with that comes, they want to know in all of these hyperscale databases how fast they can get controls and insights out of their tools. So I think we're going to see more one click solutions, more SaaS based solutions, and solutions that hopefully prove faster time to value on all of these modern cloud platforms. >> Excellent. All right, Kirk Haslbeck, thanks so much for coming on theCUBE and previewing Data Citizens 22. Appreciate it. >> Thanks for having me, Dave. >> You're welcome. All right. And thank you for watching. Keep it right there for more coverage from theCUBE. (atmospheric music)

>>Collibra is a company that was founded in 2008 right before the so-called modern big data era kicked into high gear. The company was one of the first to focus its business on data governance. Now, historically, data governance and data quality initiatives, they were back office functions and they were largely confined to regulatory regulated industries that had to comply with public policy mandates. But as the cloud went mainstream, the tech giants showed us how valuable data could become and the value proposition for data quality and trust. It evolved from primarily a compliance driven issue to becoming a lynchpin of competitive advantage. But data in the decade of the 2010s was largely about getting the technology to work. You had these highly centralized technical teams that were formed and they had hyper specialized skills to develop data architectures and processes to serve the myriad data needs of organizations. >>And it resulted in a lot of frustration with data initiatives for most organizations that didn't have the resources of the cloud guys and the social media giants to really attack their data problems and turn data into gold. This is why today for example, this quite a bit of momentum to rethinking monolithic data architectures. You see, you hear about initiatives like data mesh and the idea of data as a product. They're gaining traction as a way to better serve the the data needs of decentralized business Uni users, you hear a lot about data democratization. So these decentralization efforts around data, they're great, but they create a new set of problems. Specifically, how do you deliver like a self-service infrastructure to business users and domain experts? Now the cloud is definitely helping with that, but also how do you automate governance? This becomes especially tricky as protecting data privacy has become more and more important. >>In other words, while it's enticing to experiment and run fast and loose with data initiatives kinda like the Wild West, to find new veins of gold, it has to be done responsibly. As such, the idea of data governance has had to evolve to become more automated. And intelligence governance and data lineage is still fundamental to ensuring trust as data. It moves like water through an organization. No one is gonna use data that isn't trusted. Metadata has become increasingly important for data discovery and data classification. As data flows through an organization, the continuously ability to check for data flaws and automating that data quality, they become a functional requirement of any modern data management platform. And finally, data privacy has become a critical adjacency to cyber security. So you can see how data governance has evolved into a much richer set of capabilities than it was 10 or 15 years ago. >>Hello and welcome to the Cube's coverage of Data Citizens made possible by Calibra, a leader in so-called Data intelligence and the host of Data Citizens 2022, which is taking place in San Diego. My name is Dave Ante and I'm one of the hosts of our program, which is running in parallel to data citizens. Now at the Cube we like to say we extract the signal from the noise, and over the, the next couple of days, we're gonna feature some of the themes from the keynote speakers at Data Citizens and we'll hear from several of the executives. Felix Von Dala, who is the co-founder and CEO of Collibra, will join us along with one of the other founders of Collibra, Stan Christians, who's gonna join my colleague Lisa Martin. I'm gonna also sit down with Laura Sellers, she's the Chief Product Officer at Collibra. We'll talk about some of the, the announcements and innovations they're making at the event, and then we'll dig in further to data quality with Kirk Hasselbeck. >>He's the vice president of Data quality at Collibra. He's an amazingly smart dude who founded Owl dq, a company that he sold to Col to Collibra last year. Now many companies, they didn't make it through the Hado era, you know, they missed the industry waves and they became Driftwood. Collibra, on the other hand, has evolved its business. They've leveraged the cloud, expanded its product portfolio, and leaned in heavily to some major partnerships with cloud providers, as well as receiving a strategic investment from Snowflake earlier this year. So it's a really interesting story that we're thrilled to be sharing with you. Thanks for watching and I hope you enjoy the program. >>Last year, the Cube Covered Data Citizens Collibra's customer event. And the premise that we put forth prior to that event was that despite all the innovation that's gone on over the last decade or more with data, you know, starting with the Hado movement, we had data lakes, we'd spark the ascendancy of programming languages like Python, the introduction of frameworks like TensorFlow, the rise of ai, low code, no code, et cetera. Businesses still find it's too difficult to get more value from their data initiatives. And we said at the time, you know, maybe it's time to rethink data innovation. While a lot of the effort has been focused on, you know, more efficiently storing and processing data, perhaps more energy needs to go into thinking about the people and the process side of the equation, meaning making it easier for domain experts to both gain insights for data, trust the data, and begin to use that data in new ways, fueling data, products, monetization and insights data citizens 2022 is back and we're pleased to have Felix Van Dema, who is the founder and CEO of Collibra. He's on the cube or excited to have you, Felix. Good to see you again. >>Likewise Dave. Thanks for having me again. >>You bet. All right, we're gonna get the update from Felix on the current data landscape, how he sees it, why data intelligence is more important now than ever and get current on what Collibra has been up to over the past year and what's changed since Data Citizens 2021. And we may even touch on some of the product news. So Felix, we're living in a very different world today with businesses and consumers. They're struggling with things like supply chains, uncertain economic trends, and we're not just snapping back to the 2010s. That's clear, and that's really true as well in the world of data. So what's different in your mind, in the data landscape of the 2020s from the previous decade, and what challenges does that bring for your customers? >>Yeah, absolutely. And, and I think you said it well, Dave, and and the intro that that rising complexity and fragmentation in the broader data landscape, that hasn't gotten any better over the last couple of years. When when we talk to our customers, that level of fragmentation, the complexity, how do we find data that we can trust, that we know we can use has only gotten kinda more, more difficult. So that trend that's continuing, I think what is changing is that trend has become much more acute. Well, the other thing we've seen over the last couple of years is that the level of scrutiny that organizations are under respect to data, as data becomes more mission critical, as data becomes more impactful than important, the level of scrutiny with respect to privacy, security, regulatory compliance, as only increasing as well, which again, is really difficult in this environment of continuous innovation, continuous change, continuous growing complexity and fragmentation. >>So it's become much more acute. And, and to your earlier point, we do live in a different world and and the the past couple of years we could probably just kind of brute for it, right? We could focus on, on the top line. There was enough kind of investments to be, to be had. I think nowadays organizations are focused or are, are, are, are, are, are in a very different environment where there's much more focus on cost control, productivity, efficiency, How do we truly get value from that data? So again, I think it just another incentive for organization to now truly look at data and to scale it data, not just from a a technology and infrastructure perspective, but how do you actually scale data from an organizational perspective, right? You said at the the people and process, how do we do that at scale? And that's only, only only becoming much more important. And we do believe that the, the economic environment that we find ourselves in today is gonna be catalyst for organizations to really dig out more seriously if, if, if, if you will, than they maybe have in the have in the best. >>You know, I don't know when you guys founded Collibra, if, if you had a sense as to how complicated it was gonna get, but you've been on a mission to really address these problems from the beginning. How would you describe your, your, your mission and what are you doing to address these challenges? >>Yeah, absolutely. We, we started Colli in 2008. So in some sense and the, the last kind of financial crisis, and that was really the, the start of Colli where we found product market fit, working with large finance institutions to help them cope with the increasing compliance requirements that they were faced with because of the, of the financial crisis and kind of here we are again in a very different environment, of course 15 years, almost 15 years later. But data only becoming more important. But our mission to deliver trusted data for every user, every use case and across every source, frankly, has only become more important. So what has been an incredible journey over the last 14, 15 years, I think we're still relatively early in our mission to again, be able to provide everyone, and that's why we call it data citizens. We truly believe that everyone in the organization should be able to use trusted data in an easy, easy matter. That mission is is only becoming more important, more relevant. We definitely have a lot more work ahead of us because we are still relatively early in that, in that journey. >>Well, that's interesting because, you know, in my observation it takes seven to 10 years to actually build a company and then the fact that you're still in the early days is kind of interesting. I mean, you, Collibra's had a good 12 months or so since we last spoke at Data Citizens. Give us the latest update on your business. What do people need to know about your, your current momentum? >>Yeah, absolutely. Again, there's, there's a lot of tail organizations that are only maturing the data practices and we've seen it kind of transform or, or, or influence a lot of our business growth that we've seen, broader adoption of the platform. We work at some of the largest organizations in the world where it's Adobe, Heineken, Bank of America, and many more. We have now over 600 enterprise customers, all industry leaders and every single vertical. So it's, it's really exciting to see that and continue to partner with those organizations. On the partnership side, again, a lot of momentum in the org in, in the, in the markets with some of the cloud partners like Google, Amazon, Snowflake, data bricks and, and others, right? As those kind of new modern data infrastructures, modern data architectures that are definitely all moving to the cloud, a great opportunity for us, our partners and of course our customers to help them kind of transition to the cloud even faster. >>And so we see a lot of excitement and momentum there within an acquisition about 18 months ago around data quality, data observability, which we believe is an enormous opportunity. Of course, data quality isn't new, but I think there's a lot of reasons why we're so excited about quality and observability now. One is around leveraging ai, machine learning, again to drive more automation. And the second is that those data pipelines that are now being created in the cloud, in these modern data architecture arch architectures, they've become mission critical. They've become real time. And so monitoring, observing those data pipelines continuously has become absolutely critical so that they're really excited about about that as well. And on the organizational side, I'm sure you've heard a term around kind of data mesh, something that's gaining a lot of momentum, rightfully so. It's really the type of governance that we always believe. Then federated focused on domains, giving a lot of ownership to different teams. I think that's the way to scale data organizations. And so that aligns really well with our vision and, and from a product perspective, we've seen a lot of momentum with our customers there as well. >>Yeah, you know, a couple things there. I mean, the acquisition of i l dq, you know, Kirk Hasselbeck and, and their team, it's interesting, you know, the whole data quality used to be this back office function and, and really confined to highly regulated industries. It's come to the front office, it's top of mind for chief data officers, data mesh. You mentioned you guys are a connective tissue for all these different nodes on the data mesh. That's key. And of course we see you at all the shows. You're, you're a critical part of many ecosystems and you're developing your own ecosystem. So let's chat a little bit about the, the products. We're gonna go deeper in into products later on at, at Data Citizens 22, but we know you're debuting some, some new innovations, you know, whether it's, you know, the, the the under the covers in security, sort of making data more accessible for people just dealing with workflows and processes as you talked about earlier. Tell us a little bit about what you're introducing. >>Yeah, absolutely. We're super excited, a ton of innovation. And if we think about the big theme and like, like I said, we're still relatively early in this, in this journey towards kind of that mission of data intelligence that really bolts and compelling mission, either customers are still start, are just starting on that, on that journey. We wanna make it as easy as possible for the, for our organization to actually get started because we know that's important that they do. And for our organization and customers that have been with us for some time, there's still a tremendous amount of opportunity to kind of expand the platform further. And again, to make it easier for really to, to accomplish that mission and vision around that data citizen that everyone has access to trustworthy data in a very easy, easy way. So that's really the theme of a lot of the innovation that we're driving. >>A lot of kind of ease of adoption, ease of use, but also then how do we make sure that lio becomes this kind of mission critical enterprise platform from a security performance architecture scale supportability that we're truly able to deliver that kind of an enterprise mission critical platform. And so that's the big theme from an innovation perspective, From a product perspective, a lot of new innovation that we're really excited about. A couple of highlights. One is around data marketplace. Again, a lot of our customers have plans in that direction, how to make it easy. How do we make, how do we make available to true kind of shopping experience that anybody in your organization can, in a very easy search first way, find the right data product, find the right dataset, that data can then consume usage analytics. How do you, how do we help organizations drive adoption, tell them where they're working really well and where they have opportunities homepages again to, to make things easy for, for people, for anyone in your organization to kind of get started with ppia, you mentioned workflow designer, again, we have a very powerful enterprise platform. >>One of our key differentiators is the ability to really drive a lot of automation through workflows. And now we provided a new low code, no code kind of workflow designer experience. So, so really customers can take it to the next level. There's a lot more new product around K Bear Protect, which in partnership with Snowflake, which has been a strategic investor in kib, focused on how do we make access governance easier? How do we, how do we, how are we able to make sure that as you move to the cloud, things like access management, masking around sensitive data, PII data is managed as much more effective, effective rate, really excited about that product. There's more around data quality. Again, how do we, how do we get that deployed as easily and quickly and widely as we can? Moving that to the cloud has been a big part of our strategy. >>So we launch more data quality cloud product as well as making use of those, those native compute capabilities in platforms like Snowflake, Data, Bricks, Google, Amazon, and others. And so we are bettering a capability, a capability that we call push down. So actually pushing down the computer and data quality, the monitoring into the underlying platform, which again, from a scale performance and ease of use perspective is gonna make a massive difference. And then more broadly, we, we talked a little bit about the ecosystem. Again, integrations, we talk about being able to connect to every source. Integrations are absolutely critical and we're really excited to deliver new integrations with Snowflake, Azure and Google Cloud storage as well. So there's a lot coming out. The, the team has been work at work really hard and we are really, really excited about what we are coming, what we're bringing to markets. >>Yeah, a lot going on there. I wonder if you could give us your, your closing thoughts. I mean, you, you talked about, you know, the marketplace, you know, you think about data mesh, you think of data as product, one of the key principles you think about monetization. This is really different than what we've been used to in data, which is just getting the technology to work has been been so hard. So how do you see sort of the future and, you know, give us the, your closing thoughts please? >>Yeah, absolutely. And I, and I think we we're really at this pivotal moment, and I think you said it well. We, we all know the constraint and the challenges with data, how to actually do data at scale. And while we've seen a ton of innovation on the infrastructure side, we fundamentally believe that just getting a faster database is important, but it's not gonna fully solve the challenges and truly kind of deliver on the opportunity. And that's why now is really the time to deliver this data intelligence vision, this data intelligence platform. We are still early, making it as easy as we can. It's kind of, of our, it's our mission. And so I'm really, really excited to see what we, what we are gonna, how the marks gonna evolve over the next, next few quarters and years. I think the trend is clearly there when we talk about data mesh, this kind of federated approach folks on data products is just another signal that we believe that a lot of our organization are now at the time. >>The understanding need to go beyond just the technology. I really, really think about how do we actually scale data as a business function, just like we've done with it, with, with hr, with, with sales and marketing, with finance. That's how we need to think about data. I think now is the time given the economic environment that we are in much more focus on control, much more focused on productivity efficiency and now's the time. We need to look beyond just the technology and infrastructure to think of how to scale data, how to manage data at scale. >>Yeah, it's a new era. The next 10 years of data won't be like the last, as I always say. Felix, thanks so much and good luck in, in San Diego. I know you're gonna crush it out there. >>Thank you Dave. >>Yeah, it's a great spot for an in-person event and, and of course the content post event is gonna be available@collibra.com and you can of course catch the cube coverage@thecube.net and all the news@siliconangle.com. This is Dave Valante for the cube, your leader in enterprise and emerging tech coverage. >>Hi, I'm Jay from Collibra's Data Office. Today I want to talk to you about Collibra's data intelligence cloud. We often say Collibra is a single system of engagement for all of your data. Now, when I say data, I mean data in the broadest sense of the word, including reference and metadata. Think of metrics, reports, APIs, systems, policies, and even business processes that produce or consume data. Now, the beauty of this platform is that it ensures all of your users have an easy way to find, understand, trust, and access data. But how do you get started? Well, here are seven steps to help you get going. One, start with the data. What's data intelligence? Without data leverage the Collibra data catalog to automatically profile and classify your enterprise data wherever that data lives, databases, data lakes or data warehouses, whether on the cloud or on premise. >>Two, you'll then wanna organize the data and you'll do that with data communities. This can be by department, find a business or functional team, however your organization organizes work and accountability. And for that you'll establish community owners, communities, make it easy for people to navigate through the platform, find the data and will help create a sense of belonging for users. An important and related side note here, we find it's typical in many organizations that data is thought of is just an asset and IT and data offices are viewed as the owners of it and who are really the central teams performing analytics as a service provider to the enterprise. We believe data is more than an asset, it's a true product that can be converted to value. And that also means establishing business ownership of data where that strategy and ROI come together with subject matter expertise. >>Okay, three. Next, back to those communities there, the data owners should explain and define their data, not just the tables and columns, but also the related business terms, metrics and KPIs. These objects we call these assets are typically organized into business glossaries and data dictionaries. I definitely recommend starting with the topics that are most important to the business. Four, those steps that enable you and your users to have some fun with it. Linking everything together builds your knowledge graph and also known as a metadata graph by linking or relating these assets together. For example, a data set to a KPI to a report now enables your users to see what we call the lineage diagram that visualizes where the data in your dashboards actually came from and what the data means and who's responsible for it. Speaking of which, here's five. Leverage the calibra trusted business reporting solution on the marketplace, which comes with workflows for those owners to certify their reports, KPIs, and data sets. >>This helps them force their trust in their data. Six, easy to navigate dashboards or landing pages right in your platform for your company's business processes are the most effective way for everyone to better understand and take action on data. Here's a pro tip, use the dashboard design kit on the marketplace to help you build compelling dashboards. Finally, seven, promote the value of this to your users and be sure to schedule enablement office hours and new employee onboarding sessions to get folks excited about what you've built and implemented. Better yet, invite all of those community and data owners to these sessions so that they can show off the value that they've created. Those are my seven tips to get going with Collibra. I hope these have been useful. For more information, be sure to visit collibra.com. >>Welcome to the Cube's coverage of Data Citizens 2022 Collibra's customer event. My name is Dave Valante. With us is Kirk Hasselbeck, who's the vice president of Data Quality of Collibra Kirk, good to see you. Welcome. >>Thanks for having me, Dave. Excited to be here. >>You bet. Okay, we're gonna discuss data quality observability. It's a hot trend right now. You founded a data quality company, OWL dq, and it was acquired by Collibra last year. Congratulations. And now you lead data quality at Collibra. So we're hearing a lot about data quality right now. Why is it such a priority? Take us through your thoughts on that. >>Yeah, absolutely. It's, it's definitely exciting times for data quality, which you're right, has been around for a long time. So why now and why is it so much more exciting than it used to be? I think it's a bit stale, but we all know that companies use more data than ever before and the variety has changed and the volume has grown. And, and while I think that remains true, there are a couple other hidden factors at play that everyone's so interested in as, as to why this is becoming so important now. And, and I guess you could kind of break this down simply and think about if Dave, you and I were gonna build, you know, a new healthcare application and monitor the heartbeat of individuals, imagine if we get that wrong, you know, what the ramifications could be, what, what those incidents would look like, or maybe better yet, we try to build a, a new trading algorithm with a crossover strategy where the 50 day crosses the, the 10 day average. >>And imagine if the data underlying the inputs to that is incorrect. We will probably have major financial ramifications in that sense. So, you know, it kind of starts there where everybody's realizing that we're all data companies and if we are using bad data, we're likely making incorrect business decisions. But I think there's kind of two other things at play. You know, I, I bought a car not too long ago and my dad called and said, How many cylinders does it have? And I realized in that moment, you know, I might have failed him because, cause I didn't know. And, and I used to ask those types of questions about any lock brakes and cylinders and, and you know, if it's manual or, or automatic and, and I realized I now just buy a car that I hope works. And it's so complicated with all the computer chips, I, I really don't know that much about it. >>And, and that's what's happening with data. We're just loading so much of it. And it's so complex that the way companies consume them in the IT function is that they bring in a lot of data and then they syndicate it out to the business. And it turns out that the, the individuals loading and consuming all of this data for the company actually may not know that much about the data itself, and that's not even their job anymore. So we'll talk more about that in a minute, but that's really what's setting the foreground for this observability play and why everybody's so interested. It, it's because we're becoming less close to the intricacies of the data and we just expect it to always be there and be correct. >>You know, the other thing too about data quality, and for years we did the MIT CDO IQ event, we didn't do it last year, Covid messed everything up. But the observation I would make there thoughts is, is it data quality? Used to be information quality used to be this back office function, and then it became sort of front office with financial services and government and healthcare, these highly regulated industries. And then the whole chief data officer thing happened and people were realizing, well, they sort of flipped the bit from sort of a data as a, a risk to data as a, as an asset. And now as we say, we're gonna talk about observability. And so it's really become front and center just the whole quality issue because data's so fundamental, hasn't it? >>Yeah, absolutely. I mean, let's imagine we pull up our phones right now and I go to my, my favorite stock ticker app and I check out the NASDAQ market cap. I really have no idea if that's the correct number. I know it's a number, it looks large, it's in a numeric field. And, and that's kind of what's going on. There's, there's so many numbers and they're coming from all of these different sources and data providers and they're getting consumed and passed along. But there isn't really a way to tactically put controls on every number and metric across every field we plan to monitor, but with the scale that we've achieved in early days, even before calibra. And what's been so exciting is we have these types of observation techniques, these data monitors that can actually track past performance of every field at scale. And why that's so interesting and why I think the CDO is, is listening right intently nowadays to this topic is, so maybe we could surface all of these problems with the right solution of data observability and with the right scale and then just be alerted on breaking trends. So we're sort of shifting away from this world of must write a condition and then when that condition breaks, that was always known as a break record. But what about breaking trends and root cause analysis? And is it possible to do that, you know, with less human intervention? And so I think most people are seeing now that it's going to have to be a software tool and a computer system. It's, it's not ever going to be based on one or two domain experts anymore. >>So, So how does data observability relate to data quality? Are they sort of two sides of the same coin? Are they, are they cousins? What's your perspective on that? >>Yeah, it's, it's super interesting. It's an emerging market. So the language is changing a lot of the topic and areas changing the way that I like to say it or break it down because the, the lingo is constantly moving is, you know, as a target on this space is really breaking records versus breaking trends. And I could write a condition when this thing happens, it's wrong and when it doesn't it's correct. Or I could look for a trend and I'll give you a good example. You know, everybody's talking about fresh data and stale data and, and why would that matter? Well, if your data never arrived or only part of it arrived or didn't arrive on time, it's likely stale and there will not be a condition that you could write that would show you all the good in the bads. That was kind of your, your traditional approach of data quality break records. But your modern day approach is you lost a significant portion of your data, or it did not arrive on time to make that decision accurately on time. And that's a hidden concern. Some people call this freshness, we call it stale data, but it all points to the same idea of the thing that you're observing may not be a data quality condition anymore. It may be a breakdown in the data pipeline. And with thousands of data pipelines in play for every company out there there, there's more than a couple of these happening every day. >>So what's the Collibra angle on all this stuff made the acquisition, you got data quality observability coming together, you guys have a lot of expertise in, in this area, but you hear providence of data, you just talked about, you know, stale data, you know, the, the whole trend toward real time. How is Calibra approaching the problem and what's unique about your approach? >>Well, I think where we're fortunate is with our background, myself and team, we sort of lived this problem for a long time, you know, in, in the Wall Street days about a decade ago. And we saw it from many different angles. And what we came up with before it was called data observability or reliability was basically the, the underpinnings of that. So we're a little bit ahead of the curve there when most people evaluate our solution, it's more advanced than some of the observation techniques that that currently exist. But we've also always covered data quality and we believe that people want to know more, they need more insights, and they want to see break records and breaking trends together so they can correlate the root cause. And we hear that all the time. I have so many things going wrong, just show me the big picture, help me find the thing that if I were to fix it today would make the most impact. So we're really focused on root cause analysis, business impact, connecting it with lineage and catalog metadata. And as that grows, you can actually achieve total data governance at this point with the acquisition of what was a Lineage company years ago, and then my company Ldq now Collibra, Data quality Collibra may be the best positioned for total data governance and intelligence in the space. >>Well, you mentioned financial services a couple of times and some examples, remember the flash crash in 2010. Nobody had any idea what that was, you know, they just said, Oh, it's a glitch, you know, so they didn't understand the root cause of it. So this is a really interesting topic to me. So we know at Data Citizens 22 that you're announcing, you gotta announce new products, right? You're yearly event what's, what's new. Give us a sense as to what products are coming out, but specifically around data quality and observability. >>Absolutely. There's this, you know, there's always a next thing on the forefront. And the one right now is these hyperscalers in the cloud. So you have databases like Snowflake and Big Query and Data Bricks is Delta Lake and SQL Pushdown. And ultimately what that means is a lot of people are storing in loading data even faster in a SaaS like model. And we've started to hook in to these databases. And while we've always worked with the the same databases in the past, they're supported today we're doing something called Native Database pushdown, where the entire compute and data activity happens in the database. And why that is so interesting and powerful now is everyone's concerned with something called Egress. Did your, my data that I've spent all this time and money with my security team securing ever leave my hands, did it ever leave my secure VPC as they call it? >>And with these native integrations that we're building and about to unveil, here's kind of a sneak peek for, for next week at Data Citizens. We're now doing all compute and data operations in databases like Snowflake. And what that means is with no install and no configuration, you could log into the Collibra data quality app and have all of your data quality running inside the database that you've probably already picked as your your go forward team selection secured database of choice. So we're really excited about that. And I think if you look at the whole landscape of network cost, egress, cost, data storage and compute, what people are realizing is it's extremely efficient to do it in the way that we're about to release here next week. >>So this is interesting because what you just described, you know, you mentioned Snowflake, you mentioned Google, Oh actually you mentioned yeah, data bricks. You know, Snowflake has the data cloud. If you put everything in the data cloud, okay, you're cool, but then Google's got the open data cloud. If you heard, you know, Google next and now data bricks doesn't call it the data cloud, but they have like the open source data cloud. So you have all these different approaches and there's really no way up until now I'm, I'm hearing to, to really understand the relationships between all those and have confidence across, you know, it's like Jak Dani, you should just be a note on the mesh. And I don't care if it's a data warehouse or a data lake or where it comes from, but it's a point on that mesh and I need tooling to be able to have confidence that my data is governed and has the proper lineage, providence. And, and, and that's what you're bringing to the table, Is that right? Did I get that right? >>Yeah, that's right. And it's, for us, it's, it's not that we haven't been working with those great cloud databases, but it's the fact that we can send them the instructions now, we can send them the, the operating ability to crunch all of the calculations, the governance, the quality, and get the answers. And what that's doing, it's basically zero network costs, zero egress cost, zero latency of time. And so when you were to log into Big Query tomorrow using our tool or like, or say Snowflake for example, you have instant data quality metrics, instant profiling, instant lineage and access privacy controls, things of that nature that just become less onerous. What we're seeing is there's so much technology out there, just like all of the major brands that you mentioned, but how do we make it easier? The future is about less clicks, faster time to value, faster scale, and eventually lower cost. And, and we think that this positions us to be the leader there. >>I love this example because, you know, Barry talks about, wow, the cloud guys are gonna own the world and, and of course now we're seeing that the ecosystem is finding so much white space to add value, connect across cloud. Sometimes we call it super cloud and so, or inter clouding. All right, Kirk, give us your, your final thoughts and on on the trends that we've talked about and Data Citizens 22. >>Absolutely. Well, I think, you know, one big trend is discovery and classification. Seeing that across the board, people used to know it was a zip code and nowadays with the amount of data that's out there, they wanna know where everything is, where their sensitive data is. If it's redundant, tell me everything inside of three to five seconds. And with that comes, they want to know in all of these hyperscale databases how fast they can get controls and insights out of their tools. So I think we're gonna see more one click solutions, more SAS based solutions and solutions that hopefully prove faster time to value on, on all of these modern cloud platforms. >>Excellent. All right, Kurt Hasselbeck, thanks so much for coming on the Cube and previewing Data Citizens 22. Appreciate it. >>Thanks for having me, Dave. >>You're welcome. Right, and thank you for watching. Keep it right there for more coverage from the Cube. Welcome to the Cube's virtual Coverage of Data Citizens 2022. My name is Dave Valante and I'm here with Laura Sellers, who's the Chief Product Officer at Collibra, the host of Data Citizens. Laura, welcome. Good to see you. >>Thank you. Nice to be here. >>Yeah, your keynote at Data Citizens this year focused on, you know, your mission to drive ease of use and scale. Now when I think about historically fast access to the right data at the right time in a form that's really easily consumable, it's been kind of challenging, especially for business users. Can can you explain to our audience why this matters so much and what's actually different today in the data ecosystem to make this a reality? >>Yeah, definitely. So I think what we really need and what I hear from customers every single day is that we need a new approach to data management and our product teams. What inspired me to come to Calibra a little bit a over a year ago was really the fact that they're very focused on bringing trusted data to more users across more sources for more use cases. And so as we look at what we're announcing with these innovations of ease of use and scale, it's really about making teams more productive in getting started with and the ability to manage data across the entire organization. So we've been very focused on richer experiences, a broader ecosystem of partners, as well as a platform that delivers performance, scale and security that our users and teams need and demand. So as we look at, Oh, go ahead. >>I was gonna say, you know, when I look back at like the last 10 years, it was all about getting the technology to work and it was just so complicated. But, but please carry on. I'd love to hear more about this. >>Yeah, I, I really, you know, Collibra is a system of engagement for data and we really are working on bringing that entire system of engagement to life for everyone to leverage here and now. So what we're announcing from our ease of use side of the world is first our data marketplace. This is the ability for all users to discover and access data quickly and easily shop for it, if you will. The next thing that we're also introducing is the new homepage. It's really about the ability to drive adoption and have users find data more quickly. And then the two more areas of the ease of use side of the world is our world of usage analytics. And one of the big pushes and passions we have at Collibra is to help with this data driven culture that all companies are trying to create. And also helping with data literacy, with something like usage analytics, it's really about driving adoption of the CLE platform, understanding what's working, who's accessing it, what's not. And then finally we're also introducing what's called workflow designer. And we love our workflows at Libra, it's a big differentiator to be able to automate business processes. The designer is really about a way for more people to be able to create those workflows, collaborate on those workflow flows, as well as people to be able to easily interact with them. So a lot of exciting things when it comes to ease of use to make it easier for all users to find data. >>Y yes, there's definitely a lot to unpack there. I I, you know, you mentioned this idea of, of of, of shopping for the data. That's interesting to me. Why this analogy, metaphor or analogy, I always get those confused. I let's go with analogy. Why is it so important to data consumers? >>I think when you look at the world of data, and I talked about this system of engagement, it's really about making it more accessible to the masses. And what users are used to is a shopping experience like your Amazon, if you will. And so having a consumer grade experience where users can quickly go in and find the data, trust that data, understand where the data's coming from, and then be able to quickly access it, is the idea of being able to shop for it, just making it as simple as possible and really speeding the time to value for any of the business analysts, data analysts out there. >>Yeah, I think when you, you, you see a lot of discussion about rethinking data architectures, putting data in the hands of the users and business people, decentralized data and of course that's awesome. I love that. But of course then you have to have self-service infrastructure and you have to have governance. And those are really challenging. And I think so many organizations, they're facing adoption challenges, you know, when it comes to enabling teams generally, especially domain experts to adopt new data technologies, you know, like the, the tech comes fast and furious. You got all these open source projects and get really confusing. Of course it risks security, governance and all that good stuff. You got all this jargon. So where do you see, you know, the friction in adopting new data technologies? What's your point of view and how can organizations overcome these challenges? >>You're, you're dead on. There's so much technology and there's so much to stay on top of, which is part of the friction, right? It's just being able to stay ahead of, of and understand all the technologies that are coming. You also look at as there's so many more sources of data and people are migrating data to the cloud and they're migrating to new sources. Where the friction comes is really that ability to understand where the data came from, where it's moving to, and then also to be able to put the access controls on top of it. So people are only getting access to the data that they should be getting access to. So one of the other things we're announcing with, with all of the innovations that are coming is what we're doing around performance and scale. So with all of the data movement, with all of the data that's out there, the first thing we're launching in the world of performance and scale is our world of data quality. >>It's something that Collibra has been working on for the past year and a half, but we're launching the ability to have data quality in the cloud. So it's currently an on-premise offering, but we'll now be able to carry that over into the cloud for us to manage that way. We're also introducing the ability to push down data quality into Snowflake. So this is, again, one of those challenges is making sure that that data that you have is d is is high quality as you move forward. And so really another, we're just reducing friction. You already have Snowflake stood up. It's not another machine for you to manage, it's just push down capabilities into Snowflake to be able to track that quality. Another thing that we're launching with that is what we call Collibra Protect. And this is that ability for users to be able to ingest metadata, understand where the PII data is, and then set policies up on top of it. So very quickly be able to set policies and have them enforced at the data level. So anybody in the organization is only getting access to the data they should have access to. >>Here's Topica data quality is interesting. It's something that I've followed for a number of years. It used to be a back office function, you know, and really confined only to highly regulated industries like financial services and healthcare and government. You know, you look back over a decade ago, you didn't have this worry about personal information, g gdpr, and, you know, California Consumer Privacy Act all becomes, becomes so much important. The cloud is really changed things in terms of performance and scale and of course partnering for, for, with Snowflake it's all about sharing data and monetization, anything but a back office function. So it was kind of smart that you guys were early on and of course attracting them and as a, as an investor as well was very strong validation. What can you tell us about the nature of the relationship with Snowflake and specifically inter interested in sort of joint engineering or, and product innovation efforts, you know, beyond the standard go to market stuff? >>Definitely. So you mentioned there were a strategic investor in Calibra about a year ago. A little less than that I guess. We've been working with them though for over a year really tightly with their product and engineering teams to make sure that Collibra is adding real value. Our unified platform is touching pieces of our unified platform or touching all pieces of Snowflake. And when I say that, what I mean is we're first, you know, able to ingest data with Snowflake, which, which has always existed. We're able to profile and classify that data we're announcing with Calibra Protect this week that you're now able to create those policies on top of Snowflake and have them enforce. So again, people can get more value out of their snowflake more quickly as far as time to value with, with our policies for all business users to be able to create. >>We're also announcing Snowflake Lineage 2.0. So this is the ability to take stored procedures in Snowflake and understand the lineage of where did the data come from, how was it transformed with within Snowflake as well as the data quality. Pushdown, as I mentioned, data quality, you brought it up. It is a new, it is a, a big industry push and you know, one of the things I think Gartner mentioned is people are losing up to $15 million without having great data quality. So this push down capability for Snowflake really is again, a big ease of use push for us at Collibra of that ability to, to push it into snowflake, take advantage of the data, the data source, and the engine that already lives there and get the right and make sure you have the right quality. >>I mean, the nice thing about Snowflake, if you play in the Snowflake sandbox, you, you, you, you can get sort of a, you know, high degree of confidence that the data sharing can be done in a safe way. Bringing, you know, Collibra into the, into the story allows me to have that data quality and, and that governance that I, that I need. You know, we've said many times on the cube that one of the notable differences in cloud this decade versus last decade, I mean ob there are obvious differences just in terms of scale and scope, but it's shaping up to be about the strength of the ecosystems. That's really a hallmark of these big cloud players. I mean they're, it's a key factor for innovating, accelerating product delivery, filling gaps in, in the hyperscale offerings cuz you got more stack, you know, mature stack capabilities and you know, it creates this flywheel momentum as we often say. But, so my question is, how do you work with the hyperscalers? Like whether it's AWS or Google, whomever, and what do you see as your role and what's the Collibra sweet spot? >>Yeah, definitely. So, you know, one of the things I mentioned early on is the broader ecosystem of partners is what it's all about. And so we have that strong partnership with Snowflake. We also are doing more with Google around, you know, GCP and kbra protect there, but also tighter data plex integration. So similar to what you've seen with our strategic moves around Snowflake and, and really covering the broad ecosystem of what Collibra can do on top of that data source. We're extending that to the world of Google as well and the world of data plex. We also have great partners in SI's Infosys is somebody we spoke with at the conference who's done a lot of great work with Levi's as they're really important to help people with their whole data strategy and driving that data driven culture and, and Collibra being the core of it. >>Hi Laura, we're gonna, we're gonna end it there, but I wonder if you could kind of put a bow on, you know, this year, the event your, your perspectives. So just give us your closing thoughts. >>Yeah, definitely. So I, I wanna say this is one of the biggest releases Collibra's ever had. Definitely the biggest one since I've been with the company a little over a year. We have all these great new product innovations coming to really drive the ease of use to make data more valuable for users everywhere and, and companies everywhere. And so it's all about everybody being able to easily find, understand, and trust and get access to that data going forward. >>Well congratulations on all the pro progress. It was great to have you on the cube first time I believe, and really appreciate you, you taking the time with us. >>Yes, thank you for your time. >>You're very welcome. Okay, you're watching the coverage of Data Citizens 2022 on the cube, your leader in enterprise and emerging tech coverage. >>So data modernization oftentimes means moving some of your storage and computer to the cloud where you get the benefit of scale and security and so on. But ultimately it doesn't take away the silos that you have. We have more locations, more tools and more processes with which we try to get value from this data. To do that at scale in an organization, people involved in this process, they have to understand each other. So you need to unite those people across those tools, processes, and systems with a shared language. When I say customer, do you understand the same thing as you hearing customer? Are we counting them in the same way so that shared language unites us and that gives the opportunity for the organization as a whole to get the maximum value out of their data assets and then they can democratize data so everyone can properly use that shared language to find, understand, and trust the data asset that's available. >>And that's where Collibra comes in. We provide a centralized system of engagement that works across all of those locations and combines all of those different user types across the whole business. At Collibra, we say United by data and that also means that we're united by data with our customers. So here is some data about some of our customers. There was the case of an online do it yourself platform who grew their revenue almost three times from a marketing campaign that provided the right product in the right hands of the right people. In other case that comes to mind is from a financial services organization who saved over 800 K every year because they were able to reuse the same data in different kinds of reports and before there was spread out over different tools and processes and silos, and now the platform brought them together so they realized, oh, we're actually using the same data, let's find a way to make this more efficient. And the last example that comes to mind is that of a large home loan, home mortgage, mortgage loan provider where they have a very complex landscape, a very complex architecture legacy in the cloud, et cetera. And they're using our software, they're using our platform to unite all the people and those processes and tools to get a common view of data to manage their compliance at scale. >>Hey everyone, I'm Lisa Martin covering Data Citizens 22, brought to you by Collibra. This next conversation is gonna focus on the importance of data culture. One of our Cube alumni is back, Stan Christians is Collibra's co-founder and it's Chief Data citizens. Stan, it's great to have you back on the cube. >>Hey Lisa, nice to be. >>So we're gonna be talking about the importance of data culture, data intelligence, maturity, all those great things. When we think about the data revolution that every business is going through, you know, it's so much more than technology innovation. It also really re requires cultural transformation, community transformation. Those are challenging for customers to undertake. Talk to us about what you mean by data citizenship and the role that creating a data culture plays in that journey. >>Right. So as you know, our event is called Data Citizens because we believe that in the end, a data citizen is anyone who uses data to do their job. And we believe that today's organizations, you have a lot of people, most of the employees in an organization are somehow gonna to be a data citizen, right? So you need to make sure that these people are aware of it. You need that. People have skills and competencies to do with data what necessary and that's on, all right? So what does it mean to have a good data culture? It means that if you're building a beautiful dashboard to try and convince your boss, we need to make this decision that your boss is also open to and able to interpret, you know, the data presented in dashboard to actually make that decision and take that action. Right? >>And once you have that why to the organization, that's when you have a good data culture. Now that's continuous effort for most organizations because they're always moving, somehow they're hiring new people and it has to be continuous effort because we've seen that on the hand. Organizations continue challenged their data sources and where all the data is flowing, right? Which in itself creates a lot of risk. But also on the other set hand of the equation, you have the benefit. You know, you might look at regulatory drivers like, we have to do this, right? But it's, it's much better right now to consider the competitive drivers, for example, and we did an IDC study earlier this year, quite interesting. I can recommend anyone to it. And one of the conclusions they found as they surveyed over a thousand people across organizations worldwide is that the ones who are higher in maturity. >>So the, the organizations that really look at data as an asset, look at data as a product and actively try to be better at it, don't have three times as good a business outcome as the ones who are lower on the maturity scale, right? So you can say, ok, I'm doing this, you know, data culture for everyone, awakening them up as data citizens. I'm doing this for competitive reasons, I'm doing this re reasons you're trying to bring both of those together and the ones that get data intelligence right, are successful and competitive. That's, and that's what we're seeing out there in the market. >>Absolutely. We know that just generally stand right, the organizations that are, are really creating a, a data culture and enabling everybody within the organization to become data citizens are, We know that in theory they're more competitive, they're more successful. But the IDC study that you just mentioned demonstrates they're three times more successful and competitive than their peers. Talk about how Collibra advises customers to create that community, that culture of data when it might be challenging for an organization to adapt culturally. >>Of course, of course it's difficult for an organization to adapt but it's also necessary, as you just said, imagine that, you know, you're a modern day organization, laptops, what have you, you're not using those, right? Or you know, you're delivering them throughout organization, but not enabling your colleagues to actually do something with that asset. Same thing as through with data today, right? If you're not properly using the data asset and competitors are, they're gonna to get more advantage. So as to how you get this done, establish this. There's angles to look at, Lisa. So one angle is obviously the leadership whereby whoever is the boss of data in the organization, you typically have multiple bosses there, like achieve data officers. Sometimes there's, there's multiple, but they may have a different title, right? So I'm just gonna summarize it as a data leader for a second. >>So whoever that is, they need to make sure that there's a clear vision, a clear strategy for data. And that strategy needs to include the monetization aspect. How are you going to get value from data? Yes. Now that's one part because then you can leadership in the organization and also the business value. And that's important. Cause those people, their job in essence really is to make everyone in the organization think about data as an asset. And I think that's the second part of the equation of getting that right, is it's not enough to just have that leadership out there, but you also have to get the hearts and minds of the data champions across the organization. You, I really have to win them over. And if you have those two combined and obviously a good technology to, you know, connect those people and have them execute on their responsibilities such as a data intelligence platform like s then the in place to really start upgrading that culture inch by inch if you'll, >>Yes, I like that. The recipe for success. So you are the co-founder of Collibra. You've worn many different hats along this journey. Now you're building Collibra's own data office. I like how before we went live, we were talking about Calibra is drinking its own champagne. I always loved to hear stories about that. You're speaking at Data Citizens 2022. Talk to us about how you are building a data culture within Collibra and what maybe some of the specific projects are that Collibra's data office is working on. >>Yes, and it is indeed data citizens. There are a ton of speaks here, are very excited. You know, we have Barb from m MIT speaking about data monetization. We have Dilla at the last minute. So really exciting agen agenda. Can't wait to get back out there essentially. So over the years at, we've doing this since two and eight, so a good years and I think we have another decade of work ahead in the market, just to be very clear. Data is here to stick around as are we. And myself, you know, when you start a company, we were for people in a, if you, so everybody's wearing all sorts of hat at time. But over the years I've run, you know, presales that sales partnerships, product cetera. And as our company got a little bit biggish, we're now thousand two. Something like people in the company. >>I believe systems and processes become a lot important. So we said you CBRA isn't the size our customers we're getting there in of organization structure, process systems, et cetera. So we said it's really time for us to put our money where is and to our own data office, which is what we were seeing customers', organizations worldwide. And they organizations have HR units, they have a finance unit and over time they'll all have a department if you'll, that is responsible somehow for the data. So we said, ok, let's try to set an examples that other people can take away with it, right? Can take away from it. So we set up a data strategy, we started building data products, took care of the data infrastructure. That's sort of good stuff. And in doing all of that, ISA exactly as you said, we said, okay, we need to also use our product and our own practices and from that use, learn how we can make the product better, learn how we make, can make the practice better and share that learning with all the, and on, on the Monday mornings, we sometimes refer to eating our dog foods on Friday evenings. >>We referred to that drinking our own champagne. I like it. So we, we had a, we had the driver to do this. You know, there's a clear business reason. So we involved, we included that in the data strategy and that's a little bit of our origin. Now how, how do we organize this? We have three pillars, and by no means is this a template that everyone should, this is just the organization that works at our company, but it can serve as an inspiration. So we have a pillar, which is data science. The data product builders, if you'll or the people who help the business build data products. We have the data engineers who help keep the lights on for that data platform to make sure that the products, the data products can run, the data can flow and you know, the quality can be checked. >>And then we have a data intelligence or data governance builders where we have those data governance, data intelligence stakeholders who help the business as a sort of data partner to the business stakeholders. So that's how we've organized it. And then we started following the CBRA approach, which is, well, what are the challenges that our business stakeholders have in hr, finance, sales, marketing all over? And how can data help overcome those challenges? And from those use cases, we then just started to build a map and started execution use of the use case. And a important ones are very simple. We them with our, our customers as well, people talking about the cata, right? The catalog for the data scientists to know what's in their data lake, for example, and for the people in and privacy. So they have their process registry and they can see how the data flows. >>So that's a starting place and that turns into a marketplace so that if new analysts and data citizens join kbra, they immediately have a place to go to, to look at, see, ok, what data is out there for me as an analyst or a data scientist or whatever to do my job, right? So they can immediately get access data. And another one that we is around trusted business. We're seeing that since, you know, self-service BI allowed everyone to make beautiful dashboards, you know, pie, pie charts. I always, my pet pee is the pie chart because I love buy and you shouldn't always be using pie charts. But essentially there's become proliferation of those reports. And now executives don't really know, okay, should I trust this report or that report the reporting on the same thing. But the numbers seem different, right? So that's why we have trusted this reporting. So we know if a, the dashboard, a data product essentially is built, we not that all the right steps are being followed and that whoever is consuming that can be quite confident in the result either, Right. And that silver browser, right? Absolutely >>Decay. >>Exactly. Yes, >>Absolutely. Talk a little bit about some of the, the key performance indicators that you're using to measure the success of the data office. What are some of those KPIs? >>KPIs and measuring is a big topic in the, in the data chief data officer profession, I would say, and again, it always varies with to your organization, but there's a few that we use that might be of interest. Use those pillars, right? And we have metrics across those pillars. So for example, a pillar on the data engineering side is gonna be more related to that uptime, right? Are the, is the data platform up and running? Are the data products up and running? Is the quality in them good enough? Is it going up? Is it going down? What's the usage? But also, and especially if you're in the cloud and if consumption's a big thing, you have metrics around cost, for example, right? So that's one set of examples. Another one is around the data sciences and products. Are people using them? Are they getting value from it? >>Can we calculate that value in ay perspective, right? Yeah. So that we can to the rest of the business continue to say we're tracking all those numbers and those numbers indicate that value is generated and how much value estimated in that region. And then you have some data intelligence, data governance metrics, which is, for example, you have a number of domains in a data mesh. People talk about being the owner of a data domain, for example, like product or, or customer. So how many of those domains do you have covered? How many of them are already part of the program? How many of them have owners assigned? How well are these owners organized, executing on their responsibilities? How many tickets are open closed? How many data products are built according to process? And so and so forth. So these are an set of examples of, of KPIs. There's a, there's a lot more, but hopefully those can already inspire the audience. >>Absolutely. So we've, we've talked about the rise cheap data offices, it's only accelerating. You mentioned this is like a 10 year journey. So if you were to look into a crystal ball, what do you see in terms of the maturation of data offices over the next decade? >>So we, we've seen indeed the, the role sort of grow up, I think in, in thousand 10 there may have been like 10 achieve data officers or something. Gartner has exact numbers on them, but then they grew, you know, industries and the number is estimated to be about 20,000 right now. Wow. And they evolved in a sort of stack of competencies, defensive data strategy, because the first chief data officers were more regulatory driven, offensive data strategy support for the digital program. And now all about data products, right? So as a data leader, you now need all of those competences and need to include them in, in your strategy. >>How is that going to evolve for the next couple of years? I wish I had one of those balls, right? But essentially I think for the next couple of years there's gonna be a lot of people, you know, still moving along with those four levels of the stack. A lot of people I see are still in version one and version two of the chief data. So you'll see over the years that's gonna evolve more digital and more data products. So for next years, my, my prediction is it's all products because it's an immediate link between data and, and the essentially, right? Right. So that's gonna be important and quite likely a new, some new things will be added on, which nobody can predict yet. But we'll see those pop up in a few years. I think there's gonna be a continued challenge for the chief officer role to become a real executive role as opposed to, you know, somebody who claims that they're executive, but then they're not, right? >>So the real reporting level into the board, into the CEO for example, will continue to be a challenging point. But the ones who do get that done will be the ones that are successful and the ones who get that will the ones that do it on the basis of data monetization, right? Connecting value to the data and making that value clear to all the data citizens in the organization, right? And in that sense, they'll need to have both, you know, technical audiences and non-technical audiences aligned of course. And they'll need to focus on adoption. Again, it's not enough to just have your data office be involved in this. It's really important that you're waking up data citizens across the organization and you make everyone in the organization think about data as an asset. >>Absolutely. Because there's so much value that can be extracted. Organizations really strategically build that data office and democratize access across all those data citizens. Stan, this is an exciting arena. We're definitely gonna keep our eyes on this. Sounds like a lot of evolution and maturation coming from the data office perspective. From the data citizen perspective. And as the data show that you mentioned in that IDC study, you mentioned Gartner as well, organizations have so much more likelihood of being successful and being competitive. So we're gonna watch this space. Stan, thank you so much for joining me on the cube at Data Citizens 22. We appreciate it. >>Thanks for having me over >>From Data Citizens 22, I'm Lisa Martin, you're watching The Cube, the leader in live tech coverage. >>Okay, this concludes our coverage of Data Citizens 2022, brought to you by Collibra. Remember, all these videos are available on demand@thecube.net. And don't forget to check out silicon angle.com for all the news and wiki bod.com for our weekly breaking analysis series where we cover many data topics and share survey research from our partner ETR Enterprise Technology Research. If you want more information on the products announced at Data Citizens, go to collibra.com. There are tons of resources there. You'll find analyst reports, product demos. It's really worthwhile to check those out. Thanks for watching our program and digging into Data Citizens 2022 on the Cube, your leader in enterprise and emerging tech coverage. We'll see you soon.

(lighthearted music) >> Hey all. Welcome back to theCube's coverage of Kubecon North America '22 CloudNativeCon. We're in Detroit. We've been here all day covering day one of the event from our perspective. Three days of coverage coming at you. Lisa Martin here with John Furrier. John, a lot of buzz today. A lot of talk about the maturation of Kubernetes with different services that vendors are offering. We talked a little bit about security earlier today. One of the things that is a hot topic is national security. >> Yeah, this is a huge segment we got coming up. It really takes that all that nerd talk about Kubernetes and puts it into action. We actually see demonstrable results. This is about advanced artificial intelligence for tactical decision making at the edge to support our military operations because a lot of the deaths are because of bad technology. And this has been talked about. We've been covering Silicon Angle, we wrote a story there now on this topic. This should be a really exciting segment so I'm really looking forward to it. >> Excellent, so am I. Please welcome back one of our alumni, Nick Barcet senior director, customer led open innovation at Red Hat. Great to have you back. Greg Forrest joins us as well from Lockheed Martin Director of AI Foundations. Guys, great to have you on the program. Nick, what's been your perception before we dig into the news and break that open of KubeCon 2022? >> So, KubeCon is always a wonderful event because we can see people working with us in the community developing new stuff, people that we see virtually all year. But it's the time at which we can really establish human contact and that's wonderful. And it's also the moments where we can make big topic move forward and the topics have been plenty at this KubeCon from MicroShift to KCP, to AI, to all domains have been covered. >> Greg, you're the director of AI foundations at Lockheed Martin. Obviously well known, contractors to the military lot of intellectual property, storied history. >> Greg: Sure. >> Talk about this announcement with Red Hat 'cause I think this is really indicative of what's happening at the edge. Data, compute, industrial equipment, and people, in this case lives are in danger or to preserve peace. This is a killer story in terms of understanding what this all means. What's your take on this relationship with Red Hat? What's the secret sauce? >> Yeah, it's really important for us. So part of our 21st century security strategy as a company is to partner with companies like Red Hat and Big Tech and bring the best of the commercial world into the Department of Defense for our soldiers on the ground. And that's exactly what we announced today or Tuesday in our partnership. And so the ability to take commercial products and utilize them in theater is really important for saving lives on the ground. And so we can go through exactly what we did as part of this demonstration, but we took MicroShift at the edge and we were able to run our AI payloads on that. That provided us with the ability to do things like AI based RF sensing, so radio frequency sensing. And we were also able to do computer vision based technologies at the edge. So we went out, we had a small UAV that went out and searched for a target on the ground. It found a target using its radio frequency capabilities, the RF capabilities. Then once we're able to hone in on that target, what Red Hat device edge and MicroShift enables us to do is actually then switch sensing modalities. And then we're able to look at this target via the camera and use computer vision-based technologies to actually more accurately locate the target and then track that target in real time. So that's one of the keys to be able to actually switch modalities in real time on one platform is really important for our joint all domain operations construct. The idea of how do you actually connect all of these assets in the environment, in the battle space. >> Talk about the challenge and how hard it is to do this. The back haul, you'll go back to the central server, bring data back, connecting things. What if there's insecurity around connectivity? I mean there's a lot of things going, can you just scope the magnitude of how hard it's to actually deploy something at a tactical edge? >> It is. There's a lot of data that comes from all of these sensors, whether they're RF sensors or EO or IR. We're working across multiple domains, right? And so we want to take that data back and train on that and then redeploy to the edge. And so with MicroShift, we're able to do that in a way that's robust, that's repeatable, and that's automated. And that really instills trust in us and our customers that when we deploy new software capabilities to the edge over the air, like we did in this demonstration that they're going to run right on the target hardware. And so that's a huge advantage to what we're doing here that when we push software to the edge in real time we know it's going to run. >> And in realtime is absolutely critical. We talk about it in so many different industries. Oh, it's customers expect realtime access whether it's your banking app or whatnot. But here we're talking about literally life and death situations on the battlefield. So that realtime data access is literally life and death. >> It's paramount to what we're doing. In this case, the aircraft started with one role which was to go find a radio frequency admitter and then switch roles to then go get cameras and eyes on that. So where is that coming from? Are there people on the ground? Are there dangerous people on the ground? And it gives the end user on the ground complete situational awareness of what is actually happening. And that is key for enhanced decision making. Enhanced decision making is critical to what we're doing. And so that's really where we're advancing this technology and where we can save lives. >> I read a report from General Mattis when he was in service that a lot of the deaths are due to not having enough information really at the edge. >> Greg: Friendly fire. >> Friendly fire, a lot of stuff that goes on there. So this is really, really important. Nick, you're sitting there saying this is great. My customer's talking about the product. This is your innovation, Red Hat device edge in action. This is real. This is industrial- >> So it's more than real. Actually this type of use case is what convinced us to transform a technology we had been working on which is a small form factor of Kubernetes to transform it into a product. Because sometimes, US engineers have a tendency to invent stuff that are great on paper, but it's a solution trying to find a problem. And we need customers to work with us to make sure that do solution do solve a real problem. And Lockheed was great. Worked with us upstream on that project. Helped us prove out that the concept was actually worth it and we waited until Lockheed had tested the concept in the air. >> Okay, so Red Hat device edge and MicroShift, explain that, how that works real quick for the folks that don't know. So one of the thing we learned is that Kubernetes is great but it's only part of the journey. In order to get those workloads on those aircraft or in order to get those workloads in a factory, you also need to consider the full life cycle of the device itself. And you don't handle a device that is inside of a UAV or inside of a factory the same way you handle a server. You have to deal with those devices in a way that is much more akin to a setup box. So we had to modify how the OS was behaving to deal with devices and we reduced what we had built in real for each edge aspect and combined it with MicroShift and that's what became with that Red Hat device edge. >> We're in a low SWAP environment, space, weight and power, right? Or very limited, We're on a small UAS in this demonstration. So the ability to spool up and spool down containers and to save computing power and to do that on demand and orchestrate that with MicroShift is paramount to what we're doing. We wouldn't be able to do it without that capability. >> John: That's awesome. >> I want to get both of your opinions. Nick, we'll start with you and then Greg we'll go to you. In terms of MicroShift , what is its superpower? What differentiates it from other competing solutions in the market? >> So MicroShift is Kubernetes but reduced to the strict minimum of a runtime version of Kubernetes so that it takes a minimal footprint so that we maximize the space available for the workload in those very constraints environments. On a board where you have eight or 16 gig of RAM, if you use only two gig of that to run the infrastructure component, you leave the rest for the AI workload that you need on the drone. And that's what is really important. >> And these AI payloads, the inference that we're doing at the edge is very compute intensive. So again, the ability to manage that and orchestrate that is paramount to running on these very small board computers. These are small drones that don't have a lot of weight that don't allow a lot of space. >> John: Got to be efficient >> And be efficient with it. >> How were you guys involved? Talk about the relationship. So you guys were tightly involved. Talk about the roles you guys played together. Was it co-development? Was it customer/partner? Talk about the relationship. >> Yeah, so we started actually with satellite. So you can think of small cube sets in a very similar environment to a low powered UAV. And it started there. And then in the last, I would say year or so, Nick we have worked together to develop MicroShift. We work closely on Slack channels together like we're part of the same team. >> John: That's great. >> And hey Red Hat, this is what we need, this is what we're looking for. These are the constraints that we have. And this team has been amazing and just delivered on everything that we've asked for. >> I mean this is really an example of the innovation at the edge, industrial edge specifically. You got an operating system, you got form factor challenges, you got operating parameters. And just to having that flex, you can't just take this and put it over there. >> But it's what really is a community applied to an industrial context. So what happened there is we worked as part of the MicroShift community together with a real time communication channel, the same slack that anybody developing Kubernetes uses we've been using to identify where the problems were, how to solve them, bring new ideas and that's how we tackle these problems. >> Yeah, a true open source model I mean the Red Hat and the Lockheed teams were in it together on a daily basis communicating like we were part of the same company. And and that's really how you move these things forward. >> Yeah, and of course open source is great but also you got to lock down the security. How did you guys handle that? What's going on with the security? 'Cause you got to make sure no take over the devices. >> So the funny thing is that even though what we produce is highly inclusive of security concern, our development model is completely open. So it's not security biopurification, it's security because we apply the best practices. >> John: You see everything. >> Absolutely. >> Yes. >> And then you harden it in the joint development, there it is. >> Yeah, but what we support, what we offer as a product is the same for Lockheed or for any other customer because there is no domain where security is not important. When you control the recognition on a drone or where you control the behavior of a robot in a factory, security is paramount because you can't immobilize a country by infecting a robot the same way you could immobilize a military operation- >> Greg: That's right. >> By infecting a UAV. >> Not to change the subject, but I got to go on a tangent here cause it pops in my head. You mentioned cube set, not related to theCUBE of course. Where theCube for the video. Cube sets are very powerful. People can launch space right now very inexpensively. So it's a highly contested and congested environment. Any space activity going on around the corner with you guys? 'Cause remember the world's not around, it's edge is now in space. Mars is the edge. >> That's right. >> Our first prototype for MicroShift was actually a cube set. >> Greg: That's where it started. >> And IBM project, the project called Endurance. That's the first time we actually put MicroShift into use. And that was a very interesting project, very early version of MicroShift . And now we have talks with many other people on reproducing that at more industrial level this was more like a cool high school project. >> But to your point, the scalability across different platforms is there. If we're running on top of MicroShift on this common OS, it just eases the development. Behind the scenes, we have a whole AI factory at Lockheed Martin where we have a common ecosystem for how we actually develop and deploy these algorithms to the edge. And now we've got a common ecosystem at the edge. And so it helps that whole process to be able to do that in automated ways, repeatable ways so we can instill trust in our DRD customer that the validation of verification of this is a really important aspect. >> John: Must be a fun place to work. >> It is, it's exciting. There's endless opportunities. >> You must get a lot of young kids applying for those jobs. They're barely into the whole. I mean, AI's a hot feel and people want to get their hands on real applications. I was serious about space. Is there space activity going on with you guys or is it just now military edge, not yet military space? Or is that classified? >> Yeah, so we're working across multiple fronts, absolutely. >> That's awesome. >> What excite, oh, sorry John. What excites you most, never a dull moment with what you're doing, but just the potential to enable a safer, a more secure world, what excites you most about this partnership and the direction and the we'll say the trajectory it's going on? >> Yeah, I think, for me, the safer insecure world is paramount to what we're doing. We're here for national defense and for our allies and that's really critical to what we're doing. That's what motivates me. That's what gets me up in the morning to know that there is a soldier on the ground who will be using this technology and we will give be giving that person the situational awareness to make the right decisions at the right time. So we can go from small UAVs to larger aircraft or we can do it in a small confined edge device like a stalker UAV. We can scale this up to different products different platforms and they don't even have to be Lockheed Martin >> John: And more devices that are going to be imagined. >> More devices that we haven't even imagined yet. >> Right, that aren't even on the frontier yet. Nick, what's next from your perspective? >> In the domain we are in, next is always plenty of things. Sustainability is a huge domain right now on which we're working. We have lots of things going on in the AI space, stuff going on with Lockheed Martin. We have things going on in the radio network domain. We've been very heavily involved in telecommunication and this is constantly evolving. There is not one domain that, in terms of infrastructure Red Hat is not touching >> Well, this is the first of multiple demonstrations. The scenarios will get more complex with multiple aircraft and in the future, we're also looking at bringing a lot of the 5G work. Lockheed has put a large focus on 5G.mil for military applications and running some of those workloads on top of MicroShift as well is things to come in the future that we are already planning and looking at. >> Yeah, and it's needed in theater to have connectivity. Got to have your own connectivity. >> It's paramount, absolutely. >> Absolutely, it's paramount. It's game-changing. Guys, thank you so much for joining John and me on theCube talking about how Red Hat and Lockheed Martin are working together to leverage AI to really improve decision making and save more lives. It was a wonderful conversation. We're going to have to have you back 'cause we got to follow this. >> Yeah, of course. >> This was great, thank you so much. >> Thank you very much for having us. >> Lisa: Our pleasure, thank you. >> Greg: Really appreciate it. >> Excellent. For our guests and John Furrier, I'm Lisa Martin. You're watching theCUBE Live from KubeCon CloudNativeCon '22 from Detroit. Stick around. Next guest is going to join John and Savannah in just a minute. (lighthearted music)

(bright upbeat music) >> Welcome to theCUBE's Coverage of Data Citizens 2022 Collibra's Customer event. My name is Dave Vellante. With us is Kirk Hasselbeck, who's the Vice President of Data Quality of Collibra. Kirk, good to see you. Welcome. >> Thanks for having me, Dave. Excited to be here. >> You bet. Okay, we're going to discuss data quality, observability. It's a hot trend right now. You founded a data quality company, OwlDQ and it was acquired by Collibra last year. Congratulations! And now you lead data quality at Collibra. So we're hearing a lot about data quality right now. Why is it such a priority? Take us through your thoughts on that. >> Yeah, absolutely. It's definitely exciting times for data quality which you're right, has been around for a long time. So why now, and why is it so much more exciting than it used to be? I think it's a bit stale, but we all know that companies use more data than ever before and the variety has changed and the volume has grown. And while I think that remains true, there are a couple other hidden factors at play that everyone's so interested in as to why this is becoming so important now. And I guess you could kind of break this down simply and think about if Dave, you and I were going to build, you know a new healthcare application and monitor the heartbeat of individuals, imagine if we get that wrong, what the ramifications could be? What those incidents would look like? Or maybe better yet, we try to build a new trading algorithm with a crossover strategy where the 50 day crosses the 10 day average. And imagine if the data underlying the inputs to that is incorrect. We'll probably have major financial ramifications in that sense. So, it kind of starts there where everybody's realizing that we're all data companies and if we are using bad data, we're likely making incorrect business decisions. But I think there's kind of two other things at play. I bought a car not too long ago and my dad called and said, "How many cylinders does it have?" And I realized in that moment, I might have failed him because 'cause I didn't know. And I used to ask those types of questions about any lock brakes and cylinders and if it's manual or automatic and I realized I now just buy a car that I hope works. And it's so complicated with all the computer chips. I really don't know that much about it. And that's what's happening with data. We're just loading so much of it. And it's so complex that the way companies consume them in the IT function is that they bring in a lot of data and then they syndicate it out to the business. And it turns out that the individuals loading and consuming all of this data for the company actually may not know that much about the data itself and that's not even their job anymore. So, we'll talk more about that in a minute but that's really what's setting the foreground for this observability play and why everybody's so interested, it's because we're becoming less close to the intricacies of the data and we just expect it to always be there and be correct. >> You know, the other thing too about data quality and for years we did the MIT CDOIQ event we didn't do it last year at COVID, messed everything up. But the observation I would make there love thoughts is it data quality used to be information quality used to be this back office function, and then it became sort of front office with financial services and government and healthcare, these highly regulated industries. And then the whole chief data officer thing happened and people were realizing, well, they sort of flipped the bit from sort of a data as a a risk to data as an asset. And now, as we say, we're going to talk about observability. And so it's really become front and center, just the whole quality issue because data's fundamental, hasn't it? >> Yeah, absolutely. I mean, let's imagine we pull up our phones right now and I go to my favorite stock ticker app and I check out the NASDAQ market cap. I really have no idea if that's the correct number. I know it's a number, it looks large, it's in a numeric field. And that's kind of what's going on. There's so many numbers and they're coming from all of these different sources and data providers and they're getting consumed and passed along. But there isn't really a way to tactically put controls on every number and metric across every field we plan to monitor. But with the scale that we've achieved in early days, even before Collibra. And what's been so exciting is we have these types of observation techniques, these data monitors that can actually track past performance of every field at scale. And why that's so interesting and why I think the CDO is listening right intently nowadays to this topic is so maybe we could surface all of these problems with the right solution of data observability and with the right scale and then just be alerted on breaking trends. So we're sort of shifting away from this world of must write a condition and then when that condition breaks, that was always known as a break record. But what about breaking trends and root cause analysis? And is it possible to do that, with less human intervention? And so I think most people are seeing now that it's going to have to be a software tool and a computer system. It's not ever going to be based on one or two domain experts anymore. >> So, how does data observability relate to data quality? Are they sort of two sides of the same coin? Are they cousins? What's your perspective on that? >> Yeah, it's super interesting. It's an emerging market. So the language is changing a lot of the topic and areas changing the way that I like to say it or break it down because the lingo is constantly moving as a target on this space is really breaking records versus breaking trends. And I could write a condition when this thing happens it's wrong and when it doesn't, it's correct. Or I could look for a trend and I'll give you a good example. Everybody's talking about fresh data and stale data and why would that matter? Well, if your data never arrived or only part of it arrived or didn't arrive on time, it's likely stale and there will not be a condition that you could write that would show you all the good and the bads. That was kind of your traditional approach of data quality break records. But your modern day approach is you lost a significant portion of your data, or it did not arrive on time to make that decision accurately on time. And that's a hidden concern. Some people call this freshness, we call it stale data but it all points to the same idea of the thing that you're observing may not be a data quality condition anymore. It may be a breakdown in the data pipeline. And with thousands of data pipelines in play for every company out there there, there's more than a couple of these happening every day. >> So what's the Collibra angle on all this stuff made the acquisition you got data quality observability coming together, you guys have a lot of expertise in this area but you hear providence of data you just talked about stale data, the whole trend toward real time. How is Collibra approaching the problem and what's unique about your approach? >> Well, I think where we're fortunate is with our background, myself and team we sort of lived this problem for a long time in the Wall Street days about a decade ago. And we saw it from many different angles. And what we came up with before it was called data observability or reliability was basically the underpinnings of that. So we're a little bit ahead of the curve there when most people evaluate our solution. It's more advanced than some of the observation techniques that currently exist. But we've also always covered data quality and we believe that people want to know more, they need more insights and they want to see break records and breaking trends together so they can correlate the root cause. And we hear that all the time. I have so many things going wrong just show me the big picture. Help me find the thing that if I were to fix it today would make the most impact. So we're really focused on root cause analysis, business impact connecting it with lineage and catalog, metadata. And as that grows, you can actually achieve total data governance. At this point, with the acquisition of what was a lineage company years ago and then my company OwlDQ, now Collibra Data Quality, Collibra may be the best positioned for total data governance and intelligence in the space. >> Well, you mentioned financial services a couple of times and some examples, remember the flash crash in 2010. Nobody had any idea what that was, they just said, "Oh, it's a glitch." So they didn't understand the root cause of it. So this is a really interesting topic to me. So we know at Data Citizens '22 that you're announcing you got to announce new products, right? Your yearly event, what's new? Give us a sense as to what products are coming out but specifically around data quality and observability. >> Absolutely. There's always a next thing on the forefront. And the one right now is these hyperscalers in the cloud. So you have databases like Snowflake and Big Query and Data Bricks, Delta Lake and SQL Pushdown. And ultimately what that means is a lot of people are storing in loading data even faster in a salike model. And we've started to hook in to these databases. And while we've always worked with the same databases in the past they're supported today we're doing something called Native Database pushdown, where the entire compute and data activity happens in the database. And why that is so interesting and powerful now is everyone's concerned with something called Egress. Did my data that I've spent all this time and money with my security team securing ever leave my hands? Did it ever leave my secure VPC as they call it? And with these native integrations that we're building and about to unveil here as kind of a sneak peek for next week at Data Citizens, we're now doing all compute and data operations in databases like Snowflake. And what that means is with no install and no configuration you could log into the Collibra Data Quality app and have all of your data quality running inside the database that you've probably already picked as your your go forward team selection secured database of choice. So we're really excited about that. And I think if you look at the whole landscape of network cost, egress cost, data storage and compute, what people are realizing is it's extremely efficient to do it in the way that we're about to release here next week. >> So this is interesting because what you just described you mentioned Snowflake, you mentioned Google, oh actually you mentioned yeah, the Data Bricks. Snowflake has the data cloud. If you put everything in the data cloud, okay, you're cool but then Google's got the open data cloud. If you heard Google Nest and now Data Bricks doesn't call it the data cloud but they have like the open source data cloud. So you have all these different approaches and there's really no way up until now I'm hearing to really understand the relationships between all those and have confidence across, it's like (indistinct) you should just be a note on the mesh. And I don't care if it's a data warehouse or a data lake or where it comes from, but it's a point on that mesh and I need tooling to be able to have confidence that my data is governed and has the proper lineage, providence. And that's what you're bringing to the table. Is that right? Did I get that right? >> Yeah, that's right. And for us, it's not that we haven't been working with those great cloud databases, but it's the fact that we can send them the instructions now we can send them the operating ability to crunch all of the calculations, the governance, the quality and get the answers. And what that's doing, it's basically zero network cost, zero egress cost, zero latency of time. And so when you were to log into Big BigQuery tomorrow using our tool or let or say Snowflake, for example, you have instant data quality metrics, instant profiling, instant lineage and access privacy controls things of that nature that just become less onerous. What we're seeing is there's so much technology out there just like all of the major brands that you mentioned but how do we make it easier? The future is about less clicks, faster time to value faster scale, and eventually lower cost. And we think that this positions us to be the leader there. >> I love this example because every talks about wow the cloud guys are going to own the world and of course now we're seeing that the ecosystem is finding so much white space to add value, connect across cloud. Sometimes we call it super cloud and so, or inter clouding. Alright, Kirk, give us your final thoughts and on the trends that we've talked about and Data Citizens '22. >> Absolutely. Well I think, one big trend is discovery and classification. Seeing that across the board people used to know it was a zip code and nowadays with the amount of data that's out there, they want to know where everything is where their sensitive data is. If it's redundant, tell me everything inside of three to five seconds. And with that comes, they want to know in all of these hyperscale databases, how fast they can get controls and insights out of their tools. So I think we're going to see more one click solutions, more SAS-based solutions and solutions that hopefully prove faster time to value on all of these modern cloud platforms. >> Excellent, all right. Kurt Hasselbeck, thanks so much for coming on theCUBE and previewing Data Citizens '22. Appreciate it. >> Thanks for having me, Dave. >> You're welcome. All right, and thank you for watching. Keep it right there for more coverage from theCUBE.

(upbeat music) >> Hello everyone, welcome to this special Cube conversation here in Palo Alto, California. I'm John Furrier, host of theCUBE in theCUBE Studios. We've got a special video here. We love when we have startups that are launching. It's an exclusive video of a hot startup that's launching. Got great reviews so far. You know, word on the street is, they got something different and unique. We're going to' dig into it. Amit Govrin who's the CEO and co-founder of Kubiya, which stands for Cube in Hebrew, and they're headquartered in Bay Area and in Tel Aviv. Amit, congratulations on the startup launch and thanks for coming in and talk to us in theCUBE >> Thank you, John, very nice to be here. >> So, first of all, a little, 'cause we love the Cube, 'cause theCUBE's kind of an open brand. We've never seen the Cube in Hebrew, so is that true? Kubiya is? >> Kubiya literally means cube. You know, clearly there's some additional meanings that we can discuss. Obviously we're also launching a KubCon, so there's a dual meaning to this event. >> KubCon, not to be confused with CubeCon. Which is an event we might have someday and compete. No, I'm only kidding, good stuff. I want to get into the startup because I'm intrigued by your story. One, you know, conversational AI's been around, been a category. We've seen chat bots be all the rage and you know, I kind of don't mind chat bots on some sites. I can interact with some, you know, form based knowledge graph, whatever, knowledge database and get basic stuff self served. So I can see that, but it never really scaled or took off. And now with Cloud Native kind of going to the next level, we're starting to see a lot more open source and a lot more automation, in what I call AI as code or you know, AI as a service, machine learning, developer focused action. I think you guys might have an answer there. So if you don't mind, could you take a minute to explain what you guys are doing, what's different about Kubiya, what's happening? >> Certainly. So thank you for that. Kubiya is what we would consider the first, or one of the first, advanced virtual assitants with a domain specific expertise in DevOps. So, we respect all of the DevOps concepts, GitOps, workflow automation, of those categories you've mentioned, but also the added value of the conversational AI. That's really one of the few elements that we can really bring to the table to extract what we call intent based operations. And we can get into what that means in a little bit. I'll save that maybe for the next question. >> So the market you're going after is kind of, it's, I love to hear starters when they, they don't have a Gartner Magic quadrant, they can fit nicely, it means they're onto something. What is the market you're going after? Because you're seeing a lot of developers driving a lot of the key successes in DevOps. DevOps has evolved to the point where, and DevSecOps, where developers are driving the change. And so having something that's developer focused is key. Are you guys targeting the developers, IT buyers, cloud architects? Who are you looking to serve with this new opportunity? >> So essentially self-service in the world of DevOps, the end user typically would be a developer, but not only, and obviously the operators, those are the folks that we're actually looking to help augment a lot of their efforts, a lot of the toil that they're experiencing in a day to day. So there's subcategories within that. We can talk about the different internal developer tools, or platforms, shared services platforms, service catalogs are tangential categories that this kind of comes on. But on top of that, we're adding the element of conversational AI. Which, as I mentioned, that's really the "got you". >> I think you're starting to see a lot of autonomous stuff going on, autonomous pen testing. There's a company out there doing I've seen autonomous AI. Automation is a big theme of it. And I got to ask, are you guys on the business side purely in the cloud? Are you born in the cloud, is it a cloud service? What's the product choice there? It's a service, right? >> Software is a service. We have the classic, Multi-Tenancy SAAS, but we also have a hybrid SAAS solution, which allows our customers to run workflows using remote runners, essentially hosted at their own location. >> So primary cloud, but you're agnostic on where they could consume, how they want to' consume the product. >> Technology agnostic. >> Okay, so that's cool. So let's get into the problem you're solving. So take me through, this will drive a lot of value here, when you guys did the company, what problems did you hone in on and what are you guys seeing as the core problem that you solve? >> So we, this is a unique, I don't know how unique, but this is a interesting proposition because I come from the business side, so call it the top down. I've been in enterprise sales, I've been in a CRO, VP sales hat. My co-founder comes from the bottom up, right? He ran DevOps teams and SRE teams in his previous company. That's actually what he did. So, we met each other halfway, essentially with me seeing a lot of these problems of self-service not being so self-service after all, platforms hitting walls with adoption. And he actually created his own self-service platform, within his last company, to address his own personal pains. So we essentially kind of met with both perspectives. >> So you're absolutely hardcore on self-service. >> We're enabling self-service. >> And that basically is what everybody wants. I mean, the developers want self-service. I mean, that's kind of like, you know, that's the nirvana. So take us through what you guys are offering, give us an example of use cases and who's buying your product, why, and take us through that whole piece. >> Do you mind if I take a step back and say why we believe self-service has somewhat failed or not gotten off. >> Yeah, absolutely. >> So look, this is essentially how we're looking at it. All the analysts and the industry insiders are talking about self-service platforms as being what's going to' remove the dependency of the operator in the loop the entire time, right? Because the operator, that scarce resource, it's hard to hire, hard to train, hard to retain those folks, Developers are obviously dependent on them for productivity. So the operators in this case could be a DevOps, could be a SecOps, it could be a platform engineer. It comes in different flavors. But the common denominator, somebody needs an access request, provisioning a new environment, you name it, right? They go to somebody, that person is operator. The operator typically has a few things on their plate. It's not just attending and babysitting platforms, but it's also innovating, spinning up, and scaling services. So they see this typically as kind of, we don't really want to be here, we're going to' go and do this because we're on call. We have to take it on a chin, if you may, for this. >> It's their child, they got to' do it. >> Right, but it's KTLOs, right, keep the lights on, this is maintenance of a platform. It's not what they're born and bred to do, which is innovate. That's essentially what we're seeing, we're seeing that a lot of these platforms, once they finally hit the point of maturity, they're rolled out to the team. People come to serve themselves in platform, and low and behold, it's not as self-service as it may seem. >> We've seen that certainly with Kubernetes adoption being, I won't say slow, it's been fast, but it's been good. But I think this is kind of the promise of what SRE was supposed to be. You know, do it once and then babysit in the sense of it's working and automated. Nothing's broken yet. Don't call me unless you need something, I see that. So the question, you're trying to make it easier then, you're trying to free up the talent. >> Talent to operate and have essentially a human, like in the loop, essentially augment that person and give the end users all of the answers they require, as if they're talking to a person. >> I mean it's basically, you're taking the virtual assistant concept, or chat bot, to a level of expertise where there's intelligence, jargon, experience into the workflows that's known. Not just talking to chat bot, get a support number to rebook a hotel room. >> We're converting operational workflows into conversations. >> Give me an example, take me through an example. >> Sure, let's take a simple example. I mean, not everyone provisions EC2's with two days (indistinct). But let's say you want to go and provision new EC2 instances, okay? If you wanted to do it, you could go and talk to the assistant and say, "I want to spin up a new server". If it was a human in the loop, they would ask you the following questions: what type of environment? what are we attributing this to? what type of instance? security groups, machine images, you name it. So, these are the questions that typically somebody needs to be armed with before they can go and provision themselves, serve themselves. Now the problem is users don't always have these questions. So imagine the following scenario. Somebody comes in, they're in Jira ticket queue, they finally, their turn is up and the next question they don't have the answer to. So now they have to go and tap on a friend, or they have to go essentially and get that answer. By the time they get back, they lost their turn in queue. And then that happens again. So, they lose a context, they lose essentially the momentum. And a simple access request, or a simple provision request, can easily become a couple days of ping pong back and forth. This won't happen with the virtual assistant. >> You know, I think, you know, and you mentioned chat bots, but also RPA is out there, you've seen a lot of that growth. One of the hard things, and you brought this up, I want to get your reaction to, is contextualizing the workflow. It might not be apparent, but the answer might be there, it disrupts the entire experience at that point. RPA and chat bots don't have that contextualization. Is that what you guys do differently? Is that the unique flavor here? Is that difference between current chat bots and RPA? >> The way we see it, I alluded to the intent based operations. Let me give a tangible experience. Even not from our own world, this will be easy. It's a bidirectional feedback loop 'cause that's actually what feeds the context and the intent. We all know Waze, right, in the world of navigation. They didn't bring navigation systems to the world. What they did is they took the concept of navigation systems that are typically satellite guided and said it's not just enough to drive down the 280, which typically have no traffic, right, and to come across traffic and say, oh, why didn't my satellite pick that up? So they said, have the end users, the end nodes, feed that direction back, that feedback, right. There has to be a bidirectional feedback loop that the end nodes help educate the system, make the system be better, more customized. And that's essentially what we're allowing the end users. So the maintenance of the system isn't entirely in the hands of the operators, right? 'Cause that's the part that they dread. And the maintenance of the system is democratized across all the users that they can teach the system, give input to the system, hone in the system in order to make it more of the DNA of the organization. >> You and I were talking before you came on this camera interview, you said playfully that the Siri for DevOps, which kind of implies, hey infrastructure, do something for me. You know, we all know Siri, so we get that. So that kind of illustrates kind of where the direction is. Explain why you say that, what does that mean? Is that like a NorthStar vision that you guys are approaching? You want to' have a state where everything's automated in it's conversational deployments, that kind of thing. And take us through why that Siri for DevOps is. >> I think it helps anchor people to what a virtual assistant is. Because when you hear virtual assistant, that can mean any one of various connotations. So the Siri is actually a conversational assistant, but it's not necessarily a virtual assistant. So what we're saying is we're anchoring people to that thought and saying, we're actually allowing it to be operational, turning complex operations into simple conversations. >> I mean basically they take the automate with voice Google search or a query, what's the score of the game? And, it also, and talking to the guy who invented Siri, I actually interviewed on theCUBE, it's a learning system. It actually learns as it gets more usage, it learns. How do you guys see that evolving in DevOps? There's a lot of jargon in DevOps, a lot of configurations, a lot of different use cases, a lot of new technologies. What's the secret sauce behind what you guys do? Is it the conversational AI, is it the machine learning, is it the data, is it the model? Take us through the secret sauce. >> In fact, it's all the above. And I don't think we're bringing any one element to the table that hasn't been explored before, hasn't been done. It's a recipe, right? You give two people the same ingredients, they can have complete different results in terms of what they come out with. We, because of our domain expertise in DevOps, because of our familiarity with developer workflows with operators, we know how to give a very well suited recipe. Five course meal, hopefully with Michelin stars as part of that. So a few things, maybe a few of the secret sauce element, conversational AI, the ability to essentially go and extract the intent of the user, so that if we're missing context, the system is smart enough to go and to get that feedback and to essentially feed itself into that model. >> Someone might say, hey, you know, conversational AI, that was yesterday's trend, it never happened. It was kind of weak, chat bots were lame. What's different now and with you guys, and the market, that makes a redo or a second shot at this, a second bite at the apple, as they say. What do you guys see? 'Cause you know, I would argue that it's, you know, it's still early, real early. >> Certainly. >> How do you guys view that? How would you handle that objection? >> It's a fair question. I wasn't around the first time around to tell you what didn't work. I'm not afraid to share that the feedback that we're getting is phenomenal. People understand that we're actually customizing the workflows, the intent based operations to really help hone in on the dark spots. We call it last mile, you know, bottlenecks. And that's really where we're helping. We're helping in a way tribalize internal knowledge that typically hasn't been documented because it's painful enough to where people care about it but not painful enough to where you're going to' go and sit down an entire day and document it. And that's essentially what the virtual assistant can do. It can go and get into those crevices and help document, and operationalize all of those toils. And into workflows. >> Yeah, I mean some will call it grunt work, or low level work. And I think the automation is interesting. I think we're seeing this in a lot of these high scale situations where the talented hard to hire person is hired to do, say, things that were hard to do, but now harder things are coming around the corner. So, you know, serverless is great and all this is good, but it doesn't make the complexity go away. As these inflection points continue to drive more scale, the complexity kind of grows, but at the same time so is the ability to abstract away the complexity. So you're starting to see the smart, hired guns move to higher, bigger problems. And the automation seems to take the low level kind of like capabilities or the toil, or the grunt work, or the low level tasks that, you know, you don't want a high salaried person doing. Or I mean it's not so much that they don't want to' do it, they'll take one for the team, as you said, or take it on the chin, but there's other things to work on. >> I want to add one more thing, 'cause this goes into essentially what you just said. Think about it's not the virtual system, what it gives you is not just the intent and that's one element of it, is the ability to carry your operations with you to the place where you're not breaking your workflows, you're actually comfortable operating. So the virtual assistant lives inside of a command line interface, it lives inside of chat like Slack, and Teams, and Mattermost, and so forth. It also lives within a low-code editor. So we're not forcing anyone to use uncomfortable language or operations if they're not comfortable with. It's almost like Siri, it travels in your mobile phone, it's on your laptop, it's with you everywhere. >> It makes total sense. And the reason why I like this, and I want to' get your reaction on this because we've done a lot of interviews with DevOps, we've met at every CubeCon since it started, and Kubernetes kind of highlights the value of the containers at the orchestration level. But what's really going on is the DevOps developers, and the CICD pipeline, with infrastructure's code, they're basically have a infrastructure configuration at their disposal all the time. And all the ops challenges have been around that, the repetitive mundane tasks that most people do. There's like six or seven main use cases in DevOps. So the guardrails just need to be set. So it sounds like you guys are going down the road of saying, hey here's the use cases you can bounce around these use cases all day long. And just keep doing your jobs cause they're bolting on infrastructure to every application. >> There's one more element to this that we haven't really touched on. It's not just workflows and use cases, but it's also knowledge, right? Tribal knowledge, like you asked me for an example. You can type or talk to the assistant and ask, "How much am I spending on AWS, on US East 1, on so and so customer environment last week?", and it will know how to give you that information. >> Can I ask, should I buy a reserve instances or not? Can I ask that question? 'Cause there's always good trade offs between buying the reserve instances. I mean that's kind of the thing that. >> This is where our ecosystem actually comes in handy because we're not necessarily going to' go down every single domain and try to be the experts in here. We can tap into the partnerships, API, we have full extensibility in API and the software development kit that goes into. >> It's interesting, opinionated and declarative are buzzwords in developer language. So you started to get into this editorial thing. So I can bring up an example. Hey cube, implement the best service mesh. What answer does it give you? 'Cause there's different choices. >> Well this is actually where the operator, there's clearly guard rails. Like you can go and say, I want to' spin up a machine, and it will give you all of the machines on AWS. Doesn't mean you have to get the X one, that's good for a SAP environment. You could go and have guardrails in place where only the ones that are relevant to your team, ones that have resources and budgetary, you know, guidelines can be. So, the operator still has all the control. >> It was kind of tongue in cheek around the editorialized, but actually the answer seems to be as you're saying, whatever the customer decided their service mesh is. So I think this is where it gets into as an assistant to architecting and operating, that seems to be the real value. >> Now code snippets is a different story because that goes on to the web, that goes onto stock overflow, and that's actually one of the things. So inside the CLI, you could actually go and ask for code snippets and we could actually go and populate that, it's a smart CLI. So that's actually one of the things that are an added value of that. >> I was saying to a friend and we were talking about open source and how when I grew up, there was no open source. If you're a developer now, I mean there's so much code, it's not so much coding anymore as it is connecting and integrating. >> Certainly. >> And writing glue layers, if you will. I mean there's still code, but it's not, you don't have to build it from scratch. There's so much code out there. This low-code notion of a smart system is interesting 'cause it's very matrix like. It can build its own code. >> Yes, but I'm also a little wary with low-code and no code. I think part of the problem is we're so constantly focused on categories and categorizing ourselves, and different categories take on a life of their own. So low-code no code is not necessarily, even though we have the low-code editor, we're not necessarily considering ourselves low-code. >> Serverless, no code, low-code. I was so thrown on a term the other day, architecture-less. As a joke, no we don't need architecture. >> There's a use case around that by the way, yeah, we do. Show me my AWS architecture and it will build the architect diagram for you. >> Again, serverless architect, this is all part of infrastructure's code. At the end of the day, the developer has infrastructure with code. Again, how they deploy it is the neuron. That's what we've been striving for. >> But infrastructure is code. You can destroy, you know, terraform, you can go and create one. It's not necessarily going to' operate it for you. That's kind of where this comes in on top of that. So it's really complimentary to infrastructure. >> So final question, before we get into the origination story, data and security are two hot areas we're seeing fill the IT gap, that has moved into the developer role. IT is essentially provisioned by developers now, but the OP side shifted to large scale SRE like environments, security and data are critical. What's your opinion on those two things? >> I agree. Do you want me to give you the normal data as gravity? >> So you agree that IT is now, is kind of moved into the developer realm, but the new IT is data ops and security ops basically. >> A hundred percent, and the lines are so blurred. Like who's what in today's world. I mean, I can tell you, I have customers who call themselves five different roles in the same day. So it's, you know, at the end of the day I call 'em operators 'cause I don't want to offend anybody because that's just the way it is. >> Architectural-less, we're going to' come back to that. Well, I know we're going to' see you at CubeCon. >> Yes. >> We should catch up there and talk more. I'm looking forward to seeing how you guys get the feedback from the marketplace. It should be interesting to hear, the curious question I have for you is, what was the origination story? Why did you guys come together, was it a shared problem? Was it a big market opportunity? Was it an itch you guys were scratching? Did you feel like you needed to come together and start this company? What was the real vision behind the origination? Take a take a minute to explain the story. >> No, absolutely. So I've been living in Palo Alto for the last couple years. Previous, also a founder. So, you know, from my perspective, I always saw myself getting back in the game. Spent a few years in AWS essentially managing partnerships for tier one DevOps partners, you know, all of the known players. Some in public, some of them not. And really the itch was there, right. I saw what everyone's doing. I started seeing consistency in the pains that I was hearing back, in terms of what hasn't been solved. So I already had an opinion where I wanted to go. And when I was visiting actually Israel with the family, I was introduced by a mutual friend to Shaked, Shaked Askayo, my co-founder and CTO. Amazing guy, unbelievable technologists, probably one the most, you know, impressive folks I've had a chance to work with. And he actually solved a very similar problem, you know, in his own way in a previous company, BlueVine, a FinTech company where he was head of SRE, having to, essentially, oversee 200 developers in a very small team. The ratio was incongruent to what the SRE guideline would tell. >> That's more than 10 x rate developer. >> Oh, absolutely. Sure enough. And just imagine it's four different time zones. He finishes day shift and you already had the US team coming, asking for a question. He said, this is kind of a, >> Got to' clone himself, basically. >> Well, yes. He essentially said to me, I had no day, I had no life, but I had Corona, I had COVID, which meant I could work from home. And I essentially programed myself in the form of a bot. Essentially, when people came to him, he said, "Don't talk to me, talk to the bot". Now that was a different generation. >> Just a trivial example, but the idea was to automate the same queries all the time. There's an answer for that, go here. And that's the benefit of it. >> Yes, so he was able to see how easy it was to solve, I mean, how effective it was solving 70% of the toil in his organization. Scaling his team, froze the headcount and the developer team kept on going. So that meant that he was doing some right. >> When you have a problem, and you need to solve it, the creativity comes out of the woodwork, you know, invention is the mother of necessity. So final question for you, what's next? Got the launch, what are you guys hope to do over the next six months to a year, hiring? Put a plug in for the company. What are you guys looking to do? Take a minute to share the future vision and get a plug in. >> A hundred percent. So, Kubiya, as you can imagine, announcing ourselves at CubeCon, so in a couple weeks. Opening the gates towards the public beta and NGA in the next couple months. Essentially working with dozens of customers, Aston Martin, and business earn in. We have quite a few, our website's full of quotes. You can go ahead. But effectively we're looking to go and to bring the next operator, generation of operators, who value their time, who value the, essentially, the value of tribal knowledge that travels between organizations that could be essentially shared. >> How many customers do you guys have in your pre-launch? >> It's above a dozen. Without saying, because we're actually looking to onboard 10 more next week. So that's just an understatement. It changes from day to day. >> What's the number one thing people are saying about you? >> You got that right. I know it's, I'm trying to be a little bit more, you know. >> It's okay, you can be cocky, startups are good. But I mean they're obviously, they're using the product and you're getting good feedback. Saving time, are they saying this is a dream product? Got it right, what are some of the things? >> I think anybody who doesn't feel the pain won't know, but the folks who are in the trenches, or feeling the pain, or experiencing this toil, who know what this means, they said, "You're doing this different, you're doing this right. You architected it right. You know exactly what the developer workflows," you know, where all the areas, you know, where all the skeletons are hidden within that. And you're attending to that. So we're happy about that. >> Everybody wants to clone themselves, again, the tribal knowledge. I think this is a great example of where we see the world going. Make things autonomous, operationally automated for the use cases you know are lock solid. Why wouldn't you just deploy? >> Exactly, and we have a very generous free tier. People can, you know, there's a plugin, you can sign up for free until the end of the year. We have a generous free tier. Yeah, free forever tier, as well. So we're looking for people to try us out and to give us feedback. >> I think the self-service, I think the point is, we've talked about it on the Cube at our events, everyone says the same thing. Every developer wants self-service, period. Full stop, done. >> What they don't say is they need somebody to help them babysit to make sure they're doing it right. >> The old dashboard, green, yellow, red. >> I know it's an analogy that's not related, but have you been to Whole Foods? Have you gone through their self-service line? That's the beauty of it, right? Having someone in a loop helping you out throughout the time. You don't get confused, if something's not working, someone's helping you out, that's what people want. They want a human in the loop, or a human like in the loop. We're giving that next best thing. >> It's really the ratio, it's scale. It's a scaling. It's force multiplier, for sure. Amit, thanks for coming on, congratulations. >> Thank you so much. >> See you at KubeCon. Thanks for coming in, sharing the story. >> KubiyaCon. >> CubeCon. Cube in Hebrew, Kubiya. Founder, co-founder and CEO here, sharing the story in the launch. Conversational AI for DevOps, the theory of DevOps, really kind of changing the game, bringing efficiency, solving a lot of the pain points of large scale infrastructure. This is theCUBE, CUBE conversation, I'm John Furrier, thanks for watching. (upbeat electronic music)

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

>>Welcome back everyone to the Cube's live coverage here in San Francisco of VMware Explorer, 2022. I'm John furrier with Dave ante coast of the hub. We're two sets, three days of wall to wall coverage. Our 12 year covering VMware's annual conference day, formerly world. Now VMware Explorer. We're kicking off day tube, no Sharma director of product management at Google cloud GCP. No Thankss for coming on the cube. Good to see you. >>Yeah. Very nice to see you as well. >>It's been a while. Google next cloud. Next is your event. We haven't been there cuz of the pandemic. Now you got an event coming up in October. You wanna give that plug out there in October 11th, UHS gonna be kind of a hybrid show. You guys with GCP, doing great. Getting up, coming up on in, in the rear with third place, Amazon Azure GCP, you guys have really nailed the developer and the AI and the data piece in the cloud. And now with VMware, with multicloud, you guys are in the mix in the universal program that they got here had been, been a partnership. Talk about the Google VMware relationship real quick. >>Yeah, no, I wanna first address, you know, us being in third place. I think when, when customers think about cloud transformation, you know, they, they, for them, it's all about how you can extract value from the data, you know, how you can transform your business with AI. And as far as that's concerned, we are in first place. Now coming to the VMware partnership, what we observed was, you know, you know, first of all, like there's a lot of data gravity built over the past, you know, 20 years in it, you know, and you know, VMware has, you know, really standardized it platforms. And when it comes to the data gravity, what we found was that, you know, customers want to extract the value that, you know, lives in that data as I was just talking about, but they find it hard to change architectures and, you know, bring those architectures into, you know, the cloud native world, you know, with microservices and so forth. >>Especially when, you know, these applications have been built over the last 20 years with off the shelf, you know, commercial off the shelf in, you know, systems you don't even know who wrote the code. You don't know what the IP address configuration is. And it's, you know, if you change anything, it can break your production. But at the same time, they want to take advantage of what the cloud has to offer. You know, the self-service the elasticity, you know, the, the economies of scale efficiencies of operation. So we wanted to, you know, bring CU, you know, bring the cloud to where the customer is with this service. And, you know, with, like I said, you know, VMware was the defacto it platform. So it was a no brainer for us to say, you know what, we'll give VMware in a native manner yeah. For our customers and bring all the benefits of the cloud into it to help them transform and take advantage of the cloud. >>It's interesting. And you called out that the, the advantages of Google cloud, one of the things that we've observed is, you know, VMware trying to be much more cloud native in their messaging and their positioning. They're trying to connect into that developer world for cloud native. I mean, Google, I mean, you guys have been cloud native literally from day one, just as a company. Yeah. Infrastructure wise, I mean, DevOps was an infrastructures code was Google's DNA. I, you had Borg, which became Kubernetes. Everyone kind of knows that in the history, if you, if you're in, in the, inside the ropes. Yeah. So as you guys have that core competency of essentially infrastructures code, which is basically cloud, how are you guys bringing that into the enterprise with the VMware, because that's where the puck is going. Right. That's where the use cases are. Okay. You got data clearly an advantage there, developers, you guys do really well with developers. We see that at say Coon and CNCF. Where's the use cases as the enterprise start to really figure out that this is now happening with hybrid and they gotta be more cloud native. Are they ramping up certain use cases? Can you share and connect the dots between what you guys had as your core competency and where the enterprise use cases are? >>Yeah. Yeah. You know, I think transformation means a lot of things, especially when you get into the cloud, you want to be not only efficient, but you also wanna make sure you're secure, right. And that you can manage and maintain your infrastructure in a way that you can reason about it. When, you know, when things go wrong, we took a very unique approach with Google cloud VMware engine. When we brought it to the cloud to Google cloud, what we did was we, we took like a cloud native approach. You know, it would seem like, you know, we are to say that, okay, VMware is cloud native, but in fact that's what we've done with this service from the ground up. One of the things we wanted to do was make sure we meet all the enterprise needs availability. We are the only service that gives four nines of SLA in a single site. >>We are the only service that has fully redundant networking so that, you know, some of the pets that you run on the VMware platform with your operational databases and the keys to the kingdom, you know, they can be run in a efficient manner and in a, in a, in a stable manner and, and, you know, in a highly available fashion, but we also paid attention to performance. One of our customers Mitel runs a unified communication service. And what they found was, you know, the high performance infrastructure, low latency infrastructure actually helps them deliver, you know, highly reliable, you know, communication experience to their customers. Right. And so, you know, we, you know, while, you know, so we developed the service from the ground up, making sure we meet the needs of these enterprise applications, but also wanted to make sure it's positioned for the future. >>Well, integrated into Google cloud VPC, networking, billing, identities, access control, you know, support all of that with a one stop shop. Right? And so this completely changes the game for, for enterprises on the outset, but what's more like we also have built in integration to cloud operations, you know, a single pane of glass for managing all your cloud infrastructure. You know, you have the ability to easily ELT into BigQuery and, you know, get a data transformation going that way from your operational databases. So, so I think we took a very like clean room ground from the ground of approach to make sure we get the best of both worlds to our customers. So >>Essentially made the VMware stack of first class citizen connecting to all the go Google tool. Did you build a bare metal instance to be able to support >>That? We, we actually have a very customized infrastructure to make sure that, you know, the experience that customers looking for in the VMware context is what we can deliver to them. And, and like I said, you know, being able to manage the pets in, in addition to the cattle that, that we are, we are getting with the modern containerized workloads. >>And, and it's not likely you did that as a one off, I, I would presume that other partners can potentially take advantage of that, that approach as well. Is that >>True? Absolutely. So one of our other examples is, is SAP, you know, our SAP infrastructure runs on very similar kind of, you know, highly redundant infrastructure, some, some parts of it. And, and then, you know, we also have in the same context partners such as NetApp. So, so customers want to, you know, truly, so, so there's two parts to it, right? One is to meet customers where they already are, but also take them to the future. And partner NetApp has delivered a cloud service that is well integrated into the platform, serves use cases like VDI serves use cases for, you know, tier two data protection scenarios, Dr. And also high performance context that customers are looking for, explain >>To people because think a lot of times people understand say, oh, NetApp, but doesn't Google have storage. Yeah. So explain that relationship and why that, that is complimentary. Yeah. And not just some kind of divergence from your strategy. >>Yeah. Yeah. No. So I think the, the idea here is NetApp, the NetApp platform living on-prem, you know, for, for so many years, it's, it's built a lot of capabilities that customers take advantage of. Right. So for example, it has the sta snap mirror capabilities that enable, you know, instant Dr. Of between locations and customers. When they think of the cloud, they are also thinking of heterogeneous context where some of the infrastructure is still needs to live on prem. So, you know, they have the Dr going on from the on-prem side using snap mirror, into Google cloud. And so, you know, it enables that entry point into the cloud. And so we believe, you know, partnering with NetApp kind of enables these high performance, you know, high, you know, reliability and also enables the customers to meet regulatory needs for, you know, the Dr. And data protection that they're looking for. And, >>And NetApp, obviously a big VMware partner as well. So I can take that partnership with VMware and NetApp into the Google cloud. >>Correct. Yeah. Yeah. It's all about leverage. Like I said, you know, meeting customers where they already are and ensuring that we smoothen their journey into the future rather than making it like a single step, you know, quantum leap. So to speak between two words, you know, I think, you know, I like to say like for the, for the longest time the cloud was being presented as a false choice between, you know, the infrastructure as of, of the past and the infrastructure of the future, like the red pill and the blue pill. Right. And, you know, we've, I like to say, like, I've, you know, we've brought, brought into the, into this context, the purple pill. Right. Which gives you really the best of both tools. >>Yeah. And this is a tailwind for you guys now, and I wanna get your thoughts on this and your differentiation around multi-cloud that's around the corner. Yeah. I mean, everyone now recognizes at least multi clouds of reality. People have workloads on AWS, Azure and GCP. That is technically multi-cloud. Yeah. Now the notion of spanning applications across clouds is coming certainly hybrid cloud is a steady state, which essentially DevOps on prem or edge in the cloud. So, so you have, now the recognition that's here, you guys are positioned well for this. How is that evolving and how are you positioning yourself with, and how you're differentiating around as clients start thinking, Hey, you know what, I can start running things on AWS and GCP. Yeah. And OnPrem in a really kind of a distributed way. Yeah. With abstractions and these things that people are talking about super cloud, what we call it. And, and this is really the conversations. Okay. What does that next future around the corner architecture look like? And how do you guys fit in, because this is an opportunity for you guys. It's almost, it's almost, it's like Wayne Gretsky, the puck is coming to you. Yeah. Yeah. It seems that way to me. What, how do you respond to >>That? Yeah, no, I think, you know, Raghu said, yes, I did yesterday. Right. It's all about being cloud smart in this new heterogeneous world. I think Google cloud has always been the most open and the most customer oriented cloud. And the reason I say that is because, you know, looking at like our Kubernetes platform, right. What we've enabled with Kubernetes and Antho is the ability for a customer to run containerized infrastructure in the same consistent manner, no matter what the platform. So while, you know, Kubernetes runs on GKE, you can run using Anthos on the VMware platform and you can run using Anthos on any other cloud on the planet in including AWS Azure. And, and so it's, you know, we, we take a very open, we've taken an open approach with Kubernetes to begin with, but, you know, the, the fact that, you know, with Anthos and this multicloud management experience that we can provide customers, we are, we are letting customers get the full freedom of an advantage of what multicloud has to has to offer. And I like to say, you know, VMware is the ES of ISAs, right. Cause cuz if you think about it, it's the only hypervisor that you can run in the same consistent manner, take the same image and run it on any of the providers. Right. And you can, you know, link it, you know, with the L two extensions and create a fabric that spans the world and, and, and multiple >>Products with, with almost every company using VMware. >>That's pretty much that's right. It's the largest, like the VMware network of, of infrastructure is the largest network on the planet. Right. And so, so it's, it's truly about enabling customer choice. We believe that every cloud, you know, brings its advantages and, you know, at the end of their day, the technology of, you know, capabilities of the provider, the differentiation of the provider need to stand on its merit. And so, you know, we truly embrace this notion of money. Those ops guys >>Have to connect to opportunities to connect to you, you guys in yeah. In, in the cloud. >>Yeah. Absolutely >>Like to ask you a question sort of about database philosophy and maybe, maybe futures a little bit, there seems to be two camps. I mean, you've got multiple databases, you got span for, you know, kind of global distributed database. You've got big query for analytics. There seems to be a trend in the industry for some providers to say, okay, let's, let's converge the transactions and analytics and kind of maybe eliminate the need to do a lot of Elting and others are saying, no, no, we want to be, be, you know, really precise and distinct with our capabilities and, and, and have be spoke set of capability, right. Tool for the right job. Let's call it. What's Google's philosophy in that regard. And, and how do you think about database in the future? >>So, so I think, you know, when it comes to, you know, something as general and as complex as data, right, you know, data lives in all ships and forms, it, it moves at various velocities that moves at various scale. And so, you know, we truly believe that, you know, customers should have the flexibility and freedom to put things together using, you know, these various contexts and, and, you know, build the right set of outcomes for themselves. So, you know, we, we provide cloud SQL, right, where customers can run their own, you know, dedicated infrastructure, fully managed and operated by Google at a high level of SLA compared to any other way of doing it. We have a database born in the cloud, a data warehouse born in the cloud BigQuery, which enables zero ops, you know, zero touch, you know, instant, you know, know high performance analytics at scale, you know, span gives customers high levels of reliability and redundancy in, in, in a worldwide context. So with, with, with extreme levels of innovation coming from, you know, the, the, the NTP, you know, that happen across different instances. Right? So I, you know, I, we, we do think that, you know, data moves a different scale and, and different velocity and, and, you know, customers have a complex set of needs. And, and so our portfolio of database services put together can truly address all ends of the spectrum. >>Yeah. And we've certainly been following you guys at CNCF and the work that Google cloud's doing extremely strong technical people. Yeah. Really open source focused, great products, technology. You guys do a great job. And I, I would imagine, and it's clear that VMware is an opportunity for you guys, given the DNA of their customer base. The installed base is huge. You guys have that nice potential connection where these customers are kind of going where its puck is going. You guys are there now for the next couple minutes, give a, give a plug for Google cloud to the VMware customer base out there. Yeah. Why Google cloud, why now what's in it for them? What's the, what's the value parts? Give the, give the plug for Google cloud to the VMware community. >>Absolutely. So, so I think, you know, especially with VMware engine, what we've built, you know, is truly like a cloud native next generation enterprise platform. Right. And it does three specific things, right? It gives you a cloud optimized experience, right? Like the, the idea being, you know, self-service efficiencies, economies, you know, operational benefits, you get that from the platform and a customer like Mitel was able to take advantage of that. Being able to use the same platform that they were running in their co-located context and migrate more than a thousand VMs in less than 90 days, something that they weren't able to do for, for over two years. The second aspect of our, you know, our transformation journey that we enable with this service is cloud integration. What that means is the same VPC experience that you get in the, the, the networking global networking that Google cloud has to offer. >>The VMware platform is fully integrated into that. And so the benefits of, you know, having a subnet that can live anywhere in the world, you know, having multi VPC, but more importantly, the benefits of having these Google cloud services like BigQuery and span and cloud operations management at your fingertips in the same layer, three domain, you know, just make an IP call and your data is transformed into BigQuery from your operational databases and car four. The retailer in Europe actually was able to do that with our service. And not only that, you know, do do the operational transform into BigQuery, you know, from their, the data gravity living in VMware on, on VMware engine, but they were able to do it in, you know, cost effective, a manner. They, they saved, you know, over 40% compared to the, the current context and also lower the co increase the agility of operations at the same time. >>Right. And so for them, this was extremely transf transformative. And lastly, we believe in the context of being open, we are also a very partner friendly cloud. And so, you know, customers come bring VMware platform because of all the, it, you know, ecosystem that comes along with it, right. You've got your VM or your Zerto or your rubric, or your capacity for data protection and, and backup. You've got security from Forex, tha fortunate, you know, you've got, you know, like we'd already talked about NetApp storage. So we, you know, we are open in that technology context, ISVs, you know, fully supported >>Integrations key. Yeah, >>Yeah, exactly. And, and, you know, that's how you build a platform, right? Yeah. And so, so we enable that, but, but, you know, we also enable customers getting into the future, going into the future, through their AI, through the AI capabilities and services that are once again available at, at their fingertips. >>Soo, thanks for coming on. Really appreciate it. And, you know, as super clouds, we call it, our multi-cloud comes around the corner, you got the edge exploding, you guys do a great job in networking and security, which is well known. What's your view of this super cloud multi-cloud world. What's different about it? Why isn't it just sass on cloud what's, what's this next gen cloud really about it. You had to kind of kind explain that to, to business folks and technical folks out there. Is it, is it something unique? Do you see a, a refactoring? Is it something that does something different? Yeah. What, what doesn't make it just SAS. >>Yeah. Yeah. No, I think that, you know, there's, there's different use cases that customers have have in mind when they, when they think about multi-cloud. I think the first thing is they don't want to have, you know, all eggs in a single basket. Right. And, and so, you know, it, it helps diversify their risk. I mean, and it's a real problem. Like you, you see outages in, you know, in, in availability zones that take out entire businesses. So customers do wanna make sure that they're not, they're, they're able to increase their availability, increase their resiliency through the use of multiple providers, but I think so, so that's like getting the same thing in different contexts, but at the same time, the context is shifting right. There is some, there's some data sources that originate, you know, elsewhere and there, the scale and the velocity of those sources is so vast, you know, you might be producing video from retail stores and, you know, you wanna make sure, you know, this, this security and there's, you know, information awareness built about those sources. >>And so you want to process that data, add the source and take instant decisions with that proximity. And that's why we believe with the GC and, you know, with, with both, both the edge versions and the hosted versions, GDC stands for Google, Google distributed cloud, where we bring the benefit and value of Google cloud to different locations on the edge, as well as on-prem. And so I think, you know, those kinds of contexts become important. And so I think, you know, we, you know, we are not only do we need to be open and pervasive, you know, but we also need to be compatible and, and, and also have the proximity to where information lives and value lives. >>Minish. Thanks for coming on the cube here at VMware Explorer, formerly world. Thanks for your time. Thank >>You so much. Okay. >>This is the cube. I'm John for Dave ante live day two coverage here on Moscone west lobby for VMware Explorer. We'll be right back with more after the short break.

(bright music) >> "Supermetafragilisticexpialadotious." What's in a name? In an homage to the inimitable Charles Fitzgerald, we've chosen this title for today's session because of all the buzz surrounding "supercloud," a term that we introduced last year to signify a major architectural trend and shift that's occurring in the technology industry. Since that time, we've published numerous videos and articles on the topic, and on August 9th, kicked off "Supercloud22," an open industry event designed to advance the supercloud conversation, gathering input from more than 30 experienced technologists and business leaders in "The Cube" and broader technology community. We're talking about individuals like Benoit Dageville, Kit Colbert, Ali Ghodsi, Mohit Aron, David McJannet, and dozens of other experts. And today, we're pleased to welcome David Linthicum, who's a Chief Strategy Officer of Cloud Services at Deloitte Consulting. David is a technology visionary, a technical CTO. He's an author and a frequently sought after keynote speaker at high profile conferences like "VMware Explore" next week. David Linthicum, welcome back to "The Cube." Good to see you again. >> Oh, it's great to be here. Thanks for the invitation. Thanks for having me. >> Yeah, you're very welcome. Okay, so this topic of supercloud, what you call metacloud, has created a lot of interest. VMware calls it cross-cloud services, Snowflake calls it their data cloud, there's a lot of different names, but recently, you published a piece in "InfoWorld" where you said the following. "I really don't care what we call it, "and I really don't care if I put "my own buzzword into the mix. "However, this does not change the fact "that metacloud is perhaps the most important "architectural evolution occurring right now, "and we need to get this right out of the gate. "If we do that, who cares what it's named?" So very cool. And you also mentioned in a recent article that you don't like to put out new terms out in the wild without defining them. So what is a metacloud, or what we call supercloud? What's your definition? >> Yeah, and again, I don't care what people call it. The reality is it's the ability to have a layer of cross-cloud services. It sits above existing public cloud providers. So the idea here is that instead of building different security systems, different governance systems, different operational systems in each specific cloud provider, using whatever native features they provide, we're trying to do that in a cross-cloud way. So in other words, we're pushing out data integration, security, all these other things that we have to take care of as part of deploying a particular cloud provider. And in a multicloud scenario, we're building those in and between the clouds. And so we've been tracking this for about five years. We understood that multicloud is not necessarily about the particular public cloud providers, it's about things that you build in and between the clouds. >> Got it, okay. So I want to come back to that, to the definition, but I want to tie us to the so-called multicloud. You guys did a survey recently. We've said that multicloud was mostly a symptom of multi-vendor, Shadow Cloud, M&A, and only recently has become a strategic imperative. Now, Deloitte published a survey recently entitled "Closing the Cloud Strategy, Technology, Innovation Gap," and I'd like to explore that a little bit. And so in that survey, you showed data. What I liked about it is you went beyond what we all know, right? The old, "Our research shows that on average, "X number of clouds are used at an individual company." I mean, you had that too, but you really went deeper. You identified why companies are using multiple clouds, and you developed different categories of practitioners across 500 survey respondents. But the reasons were very clear for "why multicloud," as this becomes more strategic. Service choice scale, negotiating leverage, improved business resiliency, minimizing lock-in, interoperability of data, et cetera. So my question to you, David, is what's the problem supercloud or metacloud solves, and what's different from multicloud? >> That's a great question. The reality is that if we're... Well, supercloud or metacloud, whatever, is really something that exists above a multicloud, but I kind of view them as the same thing. It's an architectural pattern. We can name it anything. But the reality is that if we're moving to these multicloud environments, we're doing so to leverage best of breed things. In other words, best of breed technology to provide the innovators within the company to take the business to the next level, and we determine that in the survey. And so if we're looking at what a multicloud provides, it's the ability to provide different choices of different services or piece parts that allows us to build anything that we need to do. And so what we found in the survey and what we found in just practice in dealing with our clients is that ultimately, the value of cloud computing is going to be the innovation aspects. In other words, the ability to take the company to the next level from being more innovative and more disruptive in the marketplace that they're in. And the only way to do that, instead of basically leveraging the services of a particular walled garden of a single public cloud provider, is to cast a wider net and get out and leverage all kinds of services to make these happen. So if you think about that, that's basically how multicloud has evolved. In other words, it wasn't planned. They didn't say, "We're going to go do a multicloud." It was different developers and innovators in the company that went off and leveraged these cloud services, sometimes with the consent of IT leadership, sometimes not. And now we have these multitudes of different services that we're leveraging. And so many of these enterprises are going from 1000 to, say, 3000 services under management. That creates a complexity problem. We have a problem of heterogeneity, different platforms, different tools, different services, different AI technology, database technology, things like that. So the metacloud, or the supercloud, or whatever you want to call it, is the ability to deal with that complexity on the complexity's terms. And so instead of building all these various things that we have to do individually in each of the cloud providers, we're trying to do so within a cross-cloud service layer. We're trying to create this layer of technology, which removes us from dealing with the complexity of the underlying multicloud services and makes it manageable. Because right now, I think we're getting to a point of complexity we just can't operate it at the budgetary limits that we are right now. We can't keep the number of skills around, the number of operators around, to keep these things going. We're going to have to get creative in terms of how we manage these things, how we manage a multicloud. And that's where the supercloud, metacloud, whatever they want to call it, comes that. >> Yeah, and as John Furrier likes to say, in IT, we tend to solve complexity with more complexity, and that's not what we're talking about here. We're talking about simplifying, and you talked about the abstraction layer, and then it sounds like I'm inferring more. There's value that's added on top of that. And then you also said the hyperscalers are in a walled garden. So I've been asked, why aren't the hyperscalers superclouds? And I've said, essentially, they want to put your data into their cloud and keep it there. Now, that doesn't mean they won't eventually get into that. We've seen examples a little bit, Outposts, Anthos, Azure Arc, but the hyperscalers really aren't building superclouds or metaclouds, at least today, are they? >> No, they're not. And I always have the predictions for every major cloud conference that this is the conference that the hyperscaler is going to figure out some sort of a multicloud across-cloud strategy. In other words, building services that are able to operate across clouds. That really has never happened. It has happened in dribs and drabs, and you just mentioned a few examples of that, but the ability to own the space, to understand that we're not going to be the center of the universe in how people are going to leverage it, is going to be multiple things, including legacy systems and other cloud providers, and even industry clouds that are emerging these days, and SaaS providers, and all these things. So we're going to assist you in dealing with complexity, and we're going to provide the core services of being there. That hasn't happened yet. And they may be worried about conflicting their market, and the messaging is a bit different, even actively pushing back on the concept of multicloud, but the reality is the market's going to take them there. So in other words, if enough of their customers are asking for this and asking that they take the lead in building these cross-cloud technologies, even if they're participating in the stack and not being the stack, it's too compelling of a market that it's not going to drag a lot of the existing public cloud providers there. >> Well, it's going to be interesting to see how that plays out, David, because I never say never when it comes to a company like AWS, and we've seen how fast they move. And at the same time, they don't want to be commoditized. There's the layer underneath all this infrastructure, and they got this ecosystem that's adding all this tremendous value. But I want to ask you, what are the essential elements of supercloud, coming back to the definition, if you will, and what's different about metacloud, as you call it, from plain old SaaS or PaaS? What are the key elements there? >> Well, the key elements would be holistic management of all of the IT infrastructure. So even though it's sitting above a multicloud, I view metacloud, supercloud as the ability to also manage your existing legacy systems, your existing security stack, your existing network operations, basically everything that exists under the purview of IT. If you think about it, we're moving our infrastructure into the clouds, and we're probably going to hit a saturation point of about 70%. And really, if the supercloud, metacloud, which is going to be expensive to build for most of the enterprises, it needs to support these things holistically. So it needs to have all the services, that is going to be shareable across the different providers, and also existing legacy systems, and also edge computing, and IoT, and all these very diverse systems that we're building there right now. So if complexity is a core challenge to operate these things at scale and the ability to secure these things at scale, we have to have commonality in terms of security architecture and technology, commonality in terms of our directory services, commonality in terms of network operations, commonality in term of cloud operations, commonality in terms of FinOps. All these things should exist in some holistic cross-cloud layer that sits above all this complexity. And you pointed out something very profound. In other words, that is going to mean that we're hiding a lot of the existing cloud providers in terms of their interfaces and dashboards and things like that that we're dealing with today, their APIs. But the reality is that if we're able to manage these things at scale, the public cloud providers are going to benefit greatly from that. They're going to sell more services because people are going to find they're able to leverage them easier. And so in other words, if we're removing the complexity wall, which many in the industry are calling it right now, then suddenly we're moving from, say, the 25 to 30% migrated in the cloud, which most enterprises are today, to 50, 60, 70%. And we're able to do this at scale, and we're doing it at scale because we're providing some architectural optimization through the supercloud, metacloud layer. >> Okay, thanks for that. David, I just want to tap your CTO brain for a minute. At "Supercloud22," we came up with these three deployment models. Kit Colbert put forth the idea that one model would be your control planes running in one cloud, let's say AWS, but it interacts with and can manage and deploy on other clouds, the Kubernetes Cluster Management System. The second one, Mohit Aron from Cohesity laid out, where you instantiate the stack on different clouds and different cloud regions, and then you create a layer, a common interface across those. And then Snowflake was the third deployment model where it's a single global instance, it's one instantiation, and basically building out their own cloud across these regions. Help us parse through that. Do those seem like reasonable deployment models to you? Do you have any thoughts on that? >> Yeah, I mean, that's a distributed computing trick we've been doing, which is, in essence, an agent of the supercloud that's carrying out some of the cloud native functions on that particular cloud, but is, in essence, a slave to the metacloud, or the supercloud, whatever, that's able to run across the various cloud providers. In other words, when it wants to access a service, it may not go directly to that service. It goes directly to the control plane, and that control plane is responsible... Very much like Kubernetes and Docker works, that control plane is responsible for reaching out and leveraging those native services. I think that that's thinking that's a step in the right direction. I think these things unto themselves, at least initially, are going to be a very complex array of technology. Even though we're trying to remove complexity, the supercloud unto itself, in terms of the ability to build this thing that's able to operate at scale across-cloud, is going to be a collection of many different technologies that are interfacing with the public cloud providers in different ways. And so we can start putting these meta architectures together, and I certainly have written and spoke about this for years, but initially, this is going to be something that may escape the detail or the holistic nature of these meta architectures that people are floating around right now. >> Yeah, so I want to stay on this, because anytime I get a CTO brain, I like to... I'm not an engineer, but I've been around a long time, so I know a lot of buzzwords and have absorbed a lot over the years, but so you take those, the second two models, the Mohit instantiate on each cloud and each cloud region versus the Snowflake approach. I asked Benoit Dageville, "Does that mean if I'm in "an AWS east region and I want to do a query on Azure West, "I can do that without moving data?" And he said, "Yes and no." And the answer was really, "No, we actually take a subset of that data," so there's the latency problem. From those deployment model standpoints, what are the trade-offs that you see in terms of instantiating the stack on each individual cloud versus that single instance? Is there a benefit of the single instance for governance and security and simplicity, but a trade-off on latency, or am I overthinking this? >> Yeah, you hit it on the nose. The reality is that the trade-off is going to be latency and performance. If we get wiggy with the distributed nature, like the distributed data example you just provided, we have to basically separate the queries and communicate with the databases on each instance, and then reassemble the result set that goes back to the people who are recording it. And so we can do caching systems and things like that. But the reality is, if it's distributed system, we're going to have latency and bandwidth issues that are going to be limiting us. And also security issues, because if we're removing lots of information over the open internet, or even private circuits, that those are going to be attack vectors that hackers can leverage. You have to keep that in mind. We're trying to reduce those attack vectors. So it would be, in many instances, and I think we have to think about this, that we're going to keep the data in the same physical region for just that. So in other words, it's going to provide the best performance and also the most simplistic access to dealing with security. And so we're not, in essence, thinking about where the data's going, how it's moving across things, things like that. So the challenge is going to be is when you're dealing with a supercloud or metacloud is, when do you make those decisions? And I think, in many instances, even though we're leveraging multiple databases across multiple regions and multiple public cloud providers, and that's the idea of it, we're still going to localize the data for performance reasons. I mean, I just wrote a blog in "InfoWorld" a couple of months ago and talked about, people who are trying to distribute data across different public cloud providers for different reasons, distribute an application development system, things like that, you can do it. With enough time and money, you can do anything. I think the challenge is going to be operating that thing, and also providing a viable business return based on the application. And so why it may look like a good science experiment, and it's cool unto itself as an architect, the reality is the more pragmatic approach is going to be a leavitt in a single region on a single cloud. >> Very interesting. The other reason I like to talk to companies like Deloitte and experienced people like you is 'cause I can get... You're agnostic, right? I mean, you're technology agnostic, vendor agnostic. So I want to come back with another question, which is, how do you deal with what I call the lowest common denominator problem? What I mean by that is if one cloud has, let's say, a superior service... Let's take an example of Nitro and Graviton. AWS seems to be ahead on that, but let's say some other cloud isn't quite quite there yet, and you're building a supercloud or a metacloud. How do you rationalize that? Does it have to be like a caravan in the army where you slow down so all the slowest trucks can keep up, or are the ways to adjudicate that that are advantageous to hide that deficiency? >> Yeah, and that's a great thing about leveraging a supercloud or a metacloud is we're putting that management in a single layer. So as far as a user or even a developer on those systems, they shouldn't worry about the performance that may come back, because we're dealing with the... You hit the nail on the head with that one. The slowest component is the one that dictates performance. And so we have to have some sort of a performance management layer. We're also making dynamic decisions to move data, to move processing, from one server to the other to try to minimize the amount of latency that's coming from a single component. So the great thing about that is we're putting that volatility into a single domain, and it's making architectural decisions in terms of where something will run and where it's getting its data from, things are stored, things like that, based on the performance feedback that's coming back from the various cloud services that are under management. And so if you're running across clouds, it becomes even more interesting, because ultimately, you're going to make some architectural choices on the fly in terms of where that stuff runs based on the active dynamic performance that that public cloud provider is providing. So in other words, we may find that it automatically shut down a database service, say MySQL, on one cloud instance, and moved it to a MySQL instance on another public cloud provider because there was some sort of a performance issue that it couldn't work around. And by the way, it does so dynamically. Away from you making that decision, it's making that decision on your behalf. Again, this is a matter of abstraction, removing complexity, and dealing with complexity through abstraction and automation, and this is... That would be an example of fixing something with automation, self-healing. >> When you meet with some of the public cloud providers and they talk about on-prem private cloud, the general narrative from the hyperscalers is, "Well, that's not a cloud." Should on-prem be inclusive of supercloud, metacloud? >> Absolutely, I mean, and they're selling private cloud instances with the edge cloud that they're selling. The reality is that we're going to have to keep a certain amount of our infrastructure, including private clouds, on premise. It's something that's shrinking as a market share, and it's going to be tougher and tougher to justify as the public cloud providers become better and better at what they do, but we certainly have edge clouds now, and hyperscalers have examples of that where they run a instance of their public cloud infrastructure on premise on physical hardware and software. And the reality is, too, we have data centers and we have systems that just won't go away for another 20 or 30 years. They're just too sticky. They're uneconomically viable to move into the cloud. That's the core thing. It's not that we can't do it. The fact of the matter is we shouldn't do it, because there's not going to be an economic... There's not going to be an economic incentive of making that happen. So if we're going to create this meta layer or this infrastructure which is going to run across clouds, and everybody agrees on, that's what the supercloud is, we have to include the on-premise systems, including private clouds, including legacy systems. And by the way, include the rising number of IoT systems that are out there, and edge-based systems out there. So we're managing it using the same infrastructure into cloud services. So they have metadata systems and they have specialized services, and service finance and retail and things like doing risk analytics. So it gets them further down that path, but not necessarily giving them a SaaS application where they're forced into all of the business processes. We're giving you piece parts. So we'll give you 1000 different parts that are related to the finance industry. You can assemble anything you need, but the thing is, it's not going to be like building it from scratch. We're going to give you risk analytics, we're giving you the financial analytics, all these things that you can leverage within your applications how you want to leverage them. We'll maintain them. So in other words, you don't have to maintain 'em just like a cloud service. And suddenly, we can build applications in a couple of weeks that used to take a couple of months, in some cases, a couple of years. So that seems to be a large take of it moving forward. So get it up in the supercloud. Those become just other services that are under managed... That are under management on the supercloud, the metacloud. So we're able to take those services, abstract them, assemble them, use them in different applications. And the ability to manage where those services are originated versus where they're consumed is going to be managed by the supercloud layer, which, you're dealing with the governance, the service governance, the security systems, the directory systems, identity access management, things like that. They're going to get you further along down the pike, and that comes back as real value. If I'm able to build something in two weeks that used to take me two months, and I'm able to give my creators in the organization the ability to move faster, that's a real advantage. And suddenly, we are going to be valued by our digital footprint, our ability to do things in a creative and innovative way. And so organizations are able to move that fast, leveraging cloud computing for what it should be leveraged, as a true force multiplier for the business. They're going to win the game. They're going to get the most value. They're going to be around in 20 years, the others won't. >> David Linthicum, always love talking. You have a dangerous combination of business and technology expertise. Let's tease. "VMware Explore" next week, you're giving a keynote, if they're going to be there. Which day are you? >> Tuesday. Tuesday, 11 o'clock. >> All right, that's a big day. Tuesday, 11 o'clock. And David, please do stop by "The Cube." We're in Moscone West. Love to get you on and continue this conversation. I got 100 more questions for you. Really appreciate your time. >> I always love talking to people at "The Cube." Thank you very much. >> All right, and thanks for watching our ongoing coverage of "Supercloud22" on "The Cube," your leader in enterprise tech and emerging tech coverage. (bright music)

(upbeat music) >> Welcome back to Boston, everybody. This is the birthplace of theCUBE. In 2010, May of 2010 at EMC World, right in this very venue, John Furrier called it the chowder and lobster post. I'm Dave Vellante. We're here at RE:INFORCE 2022, Ed Walsh, CEO of ChaosSearch. Doing a drive by Ed. Thanks so much for stopping in. You're going to help me wrap up in our final editorial segment. >> Looking forward to it. >> I really appreciate it. >> Thank you for including me. >> How about that? 2010. >> That's amazing. It was really in this-- >> Really in this building. Yeah, we had to sort of bury our way in, tunnel our way into the Blogger Lounge. We did four days. >> Weekends, yeah. >> It was epic. It was really epic. But I'm glad they're back in Boston. AWS was going to do June in Houston. >> Okay. >> Which would've been awful. >> Yeah, yeah. No, this is perfect. >> Yeah. Thank God they came back. You saw Boston in summer is great. I know it's been hot, And of course you and I are from this area. >> Yeah. >> So how you been? What's going on? I mean, it's a little crazy out there. The stock market's going crazy. >> Sure. >> Having the tech lash, what are you seeing? >> So it's an interesting time. So I ran a company in 2008. So we've been through this before. By the way, the world's not ending, we'll get through this. But it is an interesting conversation as an investor, but also even the customers. There's some hesitation but you have to basically have the right value prop, otherwise things are going to get sold. So we are seeing longer sales cycles. But it's nothing that you can't overcome. But it has to be something not nice to have, has to be a need to have. But I think we all get through it. And then there is some, on the VC side, it's now buckle down, let's figure out what to do which is always a challenge for startup plans. >> In pre 2000 you, maybe you weren't a CEO but you were definitely an executive. And so now it's different and a lot of younger people haven't seen this. You've got interest rates now rising. Okay, we've seen that before but it looks like you've got inflation, you got interest rates rising. >> Yep. >> The consumer spending patterns are changing. You had 6$, $7 gas at one point. So you have these weird crosscurrents, >> Yup. >> And people are thinking, "Okay post-September now, maybe because of the recession, the Fed won't have to keep raising interest rates and tightening. But I don't know what to root for. It's like half full, half empty. (Ed laughing) >> But we haven't been in an environment with high inflation. At least not in my career. >> Right. Right. >> I mean, I got into 92, like that was long gone, right?. >> Yeah. >> So it is a interesting regime change that we're going to have to deal with, but there's a lot of analogies between 2008 and now that you still have to work through too, right?. So, anyway, I don't think the world's ending. I do think you have to run a tight shop. So I think the grow all costs is gone. I do think discipline's back in which, for most of us, discipline never left, right?. So, to me that's the name of the game. >> What do you tell just generally, I mean you've been the CEO of a lot of private companies. And of course one of the things that you do to retain people and attract people is you give 'em stock and it's great and everybody's excited. >> Yeah. >> I'm sure they're excited cause you guys are a rocket ship. But so what's the message now that, Okay the market's down, valuations are down, the trees don't grow to the moon, we all know that. But what are you telling your people? What's their reaction? How do you keep 'em motivated? >> So like anything, you want over communicate during these times. So I actually over communicate, you get all these you know, the Sequoia decks, 2008 and the recent... >> (chuckles) Rest in peace good times, that one right? >> I literally share it. Why? It's like, Hey, this is what's going on in the real world. It's going to affect us. It has almost nothing to do with us specifically, but it will affect us. Now we can't not pay attention to it. It does change how you're going to raise money, so you got to make sure you have the right runway to be there. So it does change what you do, but I think you over communicate. So that's what I've been doing and I think it's more like a student of the game, so I try to share it, and I say some appreciate it others, I'm just saying, this is normal, we'll get through this and this is what happened in 2008 and trust me, once the market hits bottom, give it another month afterwards. Then everyone says, oh, the bottom's in and we're back to business. Valuations don't go immediately back up, but right now, no one knows where the bottom is and that's where kind of the world's ending type of things. >> Well, it's interesting because you talked about, I said rest in peace good times >> Yeah >> that was the Sequoia deck, and the message was tighten up. Okay, and I'm not saying you shouldn't tighten up now, but the difference is, there was this period of two years of easy money and even before that, it was pretty easy money. >> Yeah. >> And so companies are well capitalized, they have runway so it's like, okay, I was talking to Frank Slootman about this now of course there are public companies, like we're not taking the foot off the gas. We're inherently profitable, >> Yeah. >> we're growing like crazy, we're going for it. You know? So that's a little bit of a different dynamic. There's a lot of good runway out there, isn't there? >> But also you look at the different companies that were either born or were able to power through those environments are actually better off. You come out stronger in a more dominant position. So Frank, listen, if you see what Frank's done, it's been unbelievable to watch his career, right?. In fact, he was at Data Domain, I was Avamar so, but look at what he's done since, he's crushed it. Right? >> Yeah. >> So for him to say, Hey, I'm going to literally hit the gas and keep going. I think that's the right thing for Snowflake and a right thing for a lot of people. But for people in different roles, I literally say that you have to take it seriously. What you can't be is, well, Frank's in a different situation. What is it...? How many billion does he have in the bank? So it's... >> He's over a billion, you know, over a billion. Well, you're on your way Ed. >> No, no, no, it's good. (Dave chuckles) Okay, I want to ask you about this concept that we've sort of we coined this term called Supercloud. >> Sure. >> You could think of it as the next generation of multi-cloud. The basic premises that multi-cloud was largely a symptom of multi-vendor. Okay. I've done some M&A, I've got some Shadow IT, spinning up, you know, Shadow clouds, projects. But it really wasn't a strategy to have a continuum across clouds. And now we're starting to see ecosystems really build, you know, you've used the term before, standing on the shoulders of giants, you've used that a lot. >> Yep. >> And so we're seeing that. Jerry Chen wrote a seminal piece on Castles in The Cloud, so we coined this term SuperCloud to connote this abstraction layer that hides the underlying complexities and primitives of the individual clouds and then adds value on top of it and can adjudicate and manage, irrespective of physical location, Supercloud. >> Yeah. >> Okay. What do you think about that concept?. How does it maybe relate to some of the things that you're seeing in the industry? >> So, standing on shoulders of giants, right? So I always like to do hard tech either at big company, small companies. So we're probably your definition of a Supercloud. We had a big vision, how to literally solve the core challenge of analytics at scale. How are you going to do that? You're not going to build on your own. So literally we're leveraging the primitives, everything you can get out of the Amazon cloud, everything get out of Google cloud. In fact, we're even looking at what it can get out of this Snowflake cloud, and how do we abstract that out, add value to it? That's where all our patents are. But it becomes a simplified approach. The customers don't care. Well, they care where their data is. But they don't care how you got there, they just want to know the end result. So you simplify, but you gain the advantages. One thing's interesting is, in this particular company, ChaosSearch, people try to always say, at some point the sales cycle they say, no way, hold on, no way that can be fast no way, or whatever the different issue. And initially we used to try to explain our technology, and I would say 60% was explaining the public, cloud capabilities and then how we, harvest those I guess, make them better add value on top and what you're able to get is something you couldn't get from the public clouds themselves and then how we did that across public clouds and then extracted it. So if you think about that like, it's the Shoulders of giants. But what we now do, literally to avoid that conversation because it became a lengthy conversation. So, how do you have a platform for analytics that you can't possibly overwhelm for ingest. All your messy data, no pipelines. Well, you leverage things like S3 and EC2, and you do the different security things. You can go to environments say, you can't possibly overrun me, I could not say that. If I didn't literally build on the shoulders giants of all these public clouds. But the value. So if you're going to do hard tech as a startup, you're going to build, you're going to be the principles of Supercloud. Maybe they're not the same size of Supercloud just looking at Snowflake, but basically, you're going to leverage all that, you abstract it out and that's where you're able to have a lot of values at that. >> So let me ask you, so I don't know if there's a strict definition of Supercloud, We sort of put it out to the community and said, help us define it. So you got to span multiple clouds. It's not just running in each cloud. There's a metadata layer that kind of understands where you're pulling data from. Like you said you can pull data from Snowflake, it sounds like we're not running on Snowflake, correct? >> No, complimentary to them in their different customers. >> Yeah. Okay. >> They want to build on top of a data platform, data apps. >> Right. And of course they're going cross cloud. >> Right. >> Is there a PaaS layer in there? We've said there's probably a Super PaaS layer. You're probably not doing that, but you're allowing people to bring their own, bring your own PaaS sort of thing maybe. >> So we're a little bit different but basically we publish open APIs. We don't have a user interface. We say, keep the user interface. Again, we're solving the challenge of analytics at scale, we're not trying to retrain your analytics, either analysts or your DevOps or your SOV or your Secop team. They use the tools they already use. Elastic search APIs, SQL APIs. So really they program, they build applications on top of us, Equifax is a good example. Case said it coming out later on this week, after 18 months in production but, basically they're building, we provide the abstraction layer, the quote, I'm going to kill it, Jeff Tincher, who owns all of SREs worldwide, said to the effect of, Hey I'm able to rethink what I do for my data pipelines. But then he also talked about how, that he really doesn't have to worry about the data he puts in it. We deal with that. And he just has to, just query on the other side. That simplicity. We couldn't have done that without that. So anyway, what I like about the definition is, if you were going to do something harder in the world, why would you try to rebuild what Amazon, Google and Azure or Snowflake did? You're going to add things on top. We can still do intellectual property. We're still doing patents. So five grand patents all in this. But literally the abstraction layer is the simplification. The end users do not want to know that complexity, even though they ask the questions. >> And I think too, the other attribute is it's ecosystem enablement. Whereas I think, >> Absolutely >> in general, in the Multicloud 1.0 era, the ecosystem wasn't thinking about, okay, how do I build on top and abstract that. So maybe it is Multicloud 2.0, We chose to use Supercloud. So I'm wondering, we're at the security conference, >> RE: INFORCE is there a security Supercloud? Maybe Snyk has the developer Supercloud or maybe Okta has the identity Supercloud. I think CrowdStrike maybe not. Cause CrowdStrike competes with Microsoft. So maybe, because Microsoft, what's interesting, Merritt Bear was just saying, look, we don't show up in the spending data for security because we're not charging for most of our security. We're not trying to make a big business. So that's kind of interesting, but is there a potential for the security Supercloud? >> So, I think so. But also, I'll give you one thing I talked to, just today, at least three different conversations where everyone wants to log data. It's a little bit specific to us, but basically they want to do the security data lake. The idea of, and Snowflake talks about this too. But the idea of putting all the data in one repository and then how do you abstract out and get value from it? Maybe not the perfect, but it becomes simple to do but hard to get value out. So the different players are going to do that. That's what we do. We're able to, once you land it in your S3 or it doesn't matter, cloud of choice, simple storage, we allow you to get after that data, but we take the primitives and hide them from you. And all you do is query the data and we're spinning up stateless computer to go after it. So then if I look around the floor. There's going to be a bunch of these players. I don't think, why would someone in this floor try to recreate what Amazon or Google or Azure had. They're going to build on top of it. And now the key thing is, do you leave it in standard? And now we're open APIs. People are building on top of my open APIs or do you try to put 'em in a walled garden? And they're in, now your Supercloud. Our belief is, part of it is, it needs to be open access and let you go after it. >> Well. And build your applications on top of it openly. >> They come back to snowflake. That's what Snowflake's doing. And they're basically saying, Hey come into our proprietary environment. And the benefit is, and I think both can win. There's a big market. >> I agree. But I think the benefit of Snowflake's is, okay, we're going to have federated governance, we're going to have data sharing, you're going to have access to all the ecosystem players. >> Yep. >> And as everything's going to be controlled and you know what you're getting. The flip side of that is, Databricks is the other end >> Yeah. >> of that spectrum, which is no, no, you got to be open. >> Yeah. >> So what's going to happen, well what's happening clearly, is Snowflake's saying, okay we've got Snowpark. we're going to allow Python, we're going to have an Apache Iceberg. We're going to have open source tooling that you can access. By the way, it's not going to be as good as our waled garden where the flip side of that is you get Databricks coming at it from a data science and data engineering perspective. And there's a lot of gaps in between, aren't there? >> And I think they both win. Like for instance, so we didn't do Snowpark integration. But we work with people building data apps on top of Snowflake or data bricks. And what we do is, we can add value to that, or what we've done, again, using all the Supercloud stuff we're done. But we deal with the unstructured data, the four V's coming at you. You can't pipeline that to save. So we actually could be additive. As they're trying to do like a security data cloud inside of Snowflake or do the same thing in Databricks. That's where we can play. Now, we play with them at the application level that they get some data from them and some data for us. But I believe there's a partnership there that will do it inside their environment. To us they're just another large scaler environment that my customers want to get after data. And they want me to abstract it out and give value. >> So it's another repository to you. >> Yeah. >> Okay. So I think Snowflake recently added support for unstructured data. You chose not to do Snowpark because why? >> Well, so the way they're doing the unstructured data is not bad. It's JSON data. Basically, This is the dilemma. Everyone wants their application developers to be flexible, move fast, securely but just productivity. So you get, give 'em flexibility. The problem with that is analytics on the end want to be structured to be performant. And this is where Snowflake, they have to somehow get that raw data. And it's changing every day because you just let the developers do what they want now, in some structured base, but do what you need to do your business fast and securely. So it completely destroys. So they have large customers trying to do big integrations for this messy data. And it doesn't quite work, cause you literally just can't make the pipelines work. So that's where we're complimentary do it. So now, the particular integration wasn't, we need a little bit deeper integration to do that. So we're integrating, actually, at the data app layer. But we could, see us and I don't, listen. I think Snowflake's a good actor. They're trying to figure out what's best for the customers. And I think we just participate in that. >> Yeah. And I think they're trying to figure out >> Yeah. >> how to grow their ecosystem. Because they know they can't do it all, in fact, >> And we solve the key thing, they just can't do certain things. And we do that well. Yeah, I have SQL but that's where it ends. >> Yeah. >> I do the messy data and how to play with them. >> And when you talk to one of their founders, anyway, Benoit, he comes on the cube and he's like, we start with simple. >> Yeah. >> It reminds me of the guy's some Pure Storage, that guy Coz, he's always like, no, if it starts to get too complicated. So that's why they said all right, we're not going to start out trying to figure out how to do complex joins and workload management. And they turn that into a feature. So like you say, I think both can win. It's a big market. >> I think it's a good model. And I love to see Frank, you know, move. >> Yeah. I forgot So you AVMAR... >> In the day. >> You guys used to hate each other, right? >> No, no, no >> No. I mean, it's all good. >> But the thing is, look what he's done. Like I wouldn't bet against Frank. I think it's a good message. You can see clients trying to do it. Same thing with Databricks, same thing with BigQuery. We get a lot of same dynamic in BigQuery. It's good for a lot of things, but it's not everything you need to do. And there's ways for the ecosystem to play together. >> Well, what's interesting about BigQuery is, it is truly cloud native, as is Snowflake. You know, whereas Amazon Redshift was sort of Parexel, it's cobbled together now. It's great engineering, but BigQuery gets a lot of high marks. But again, there's limitations to everything. That's why companies like yours can exist. >> And that's why.. so back to the Supercloud. It allows me as a company to participate in that because I'm leveraging all the underlying pieces. Which we couldn't be doing what we're doing now, without leveraging the Supercloud concepts right, so... >> Ed, I really appreciate you coming by, help me wrap up today in RE:INFORCE. Always a pleasure seeing you, my friend. >> Thank you. >> All right. Okay, this is a wrap on day one. We'll be back tomorrow. I'll be solo. John Furrier had to fly out but we'll be following what he's doing. This is RE:INFORCE 2022. You're watching theCUBE. I'll see you tomorrow.

>> From theCUBE studios in Palo Alto in Boston, bringing you data-driven insights from the cube and ETR, this is Breaking Analysis with Dave Vellante. >> Organizations have considerable room to improve their performance without making expensive changes to their talent, their structure, or their fundamental business model. You don't need a slew of consultants to tell you what to do. You already know. What you need is to immediately ratchet up expectations, energy, urgency, and intensity. You have to fight mediocrity every step of the way. Amp it up and the results will follow. This is the fundamental premise of a hard-hitting new book written by Frank Slootman, CEO of Snowflake, and published earlier this year. It's called "Amp It Up, Leading for Hypergrowth "by Raising Expectations, Increasing Urgency, "and Elevating Intensity." Hello and welcome to this week's Wikibon CUBE Insights, powered by ETR. At Snowflake Summit last month, I was asked to interview Frank on stage about his new book. I've read it several times. And if you haven't read it, you should. Even if you have read it, in this Breaking Analysis, we'll dig deeper into the book and share some clarifying insights and nuances directly from Slootman himself from my one-on-one conversation with him. My first question to Slootman was why do you write this book? Okay, it's kind of a common throwaway question. And how the heck did you find time to do it? It's fairly well-known that a few years ago, Slootman put up a post on LinkedIn with the title Amp It Up. It generated so much buzz and so many requests for Frank's time that he decided that the best way to efficiently scale and share his thoughts on how to create high-performing companies and organizations was to publish a book. Now, he wrote the book during the pandemic. And I joked that they must not have Netflix in Montana where he resides. In a pretty funny moment, he said that writing the book was easier than promoting it. Take a listen. >> Denise, our CMO, you know, she just made sure that this process wasn't going to. It was more work for me to promote this book with all these damn podcasts and other crap, than actually writing the book, you know. And after a while, I was like I'm not doing another podcast. >> Now, the book gives a lot of interesting background information on Slootman's career and what he learned at various companies that he led and participated in. Now, I'm not going to go into most of that today, which is why you should read the book yourself. But Slootman, he's become somewhat of a business hero to many people, myself included. Leaders like Frank, Scott McNealy, Jayshree Ullal, and my old boss, Pat McGovern at IDG, have inspired me over the years. And each has applied his or her own approach to building cultures and companies. Now, when Slootman first took over the reins at Snowflake, I published a Breaking Analysis talking about Snowflake and what we could expect from the company now that Slootman and CFO Mike Scarpelli were back together. In that post, buried toward the end, I referenced the playbook that Frank used at Data Domain and ServiceNow, two companies that I followed quite closely as an analyst, and how it would be applied at Snowflake, that playbook if you will. Frank reached out to me afterwards and said something to the effect of, "I don't use playbooks. "I am a situational leader. "Playbooks, you know, they work in football games. "But in the military, they teach you "situational leadership." Pretty interesting learning moment for me. So I asked Frank on the stage about this. Here's what he said. >> The older you get, the more experience that you have, the more you become a prisoner of your own background because you sort of think in terms of what you know as opposed to, you know, getting outside of what you know and trying to sort of look at things like a five-year-old that has never seen this before. And then how would you, you know, deal with it? And I really try to force myself into I've never seen this before and how do I think about it? Because at least they're very different, you know, interpretations. And be open-minded, just really avoid that rinse and repeat mentality. And you know, I've brought people in from who have worked with me before. Some of them come with me from company to company. And they were falling prey to, you know, rinse and repeat. I would just literally go like that's not what we want. >> So think about that for a moment. I mean, imagine coming in to lead a new company and forcing yourself and your people to forget what they know that works and has worked in the past, put that aside and assess the current situation with an open mind, essentially start over. Now, that doesn't mean you don't apply what has worked in the past. Slootman talked to me about bringing back Scarpelli and the synergistic relationship that they have and how they build cultures and the no BS and hard truth mentality they bring to companies. But he bristles when people ask him, "What type of CEO are you?" He says, "Do we have to put a label on it? "It really depends on the situation." Now, one of the other really hard-hitting parts of the book was the way Frank deals with who to keep and who to let go. He uses the Volkswagen tagline of drivers wanted. He says in his book, in companies there are passengers and there are drivers, and we want drivers. He said, "You have to figure out really quickly "who the drivers are and basically throw the wrong people "off the bus, keep the right people, bring in new people "that fit the culture and put them "in the right seats on the bus." Now, these are not easy decisions to make. But as it pertains to getting rid of people, I'm reminded of the movie "Moneyball." Art Howe, the manager of the Oakland As, he refused to play Scott Hatteberg at first base. So the GM, Billy Bean played by Brad Pitt says to Peter Brand who was played by Jonah Hill, "You have to fire Carlos Pena." Don't learn how to fire people. Billy Bean says, "Just keep it quick. "Tell him he's been traded and that's it." So I asked Frank, "Okay, I get it. "Like the movie, when you have the wrong person "on the bus, you just have to make the decision, "be straightforward, and do it." But I asked him, "What if you're on the fence? "What if you're not completely sure if this person "is a driver or a passenger, if he or she "should be on the bus or not on the bus? "How do you handle that?" Listen to what he said. >> I have a very simple way to break ties. And when there's doubt, there's no doubt, okay? >> When there's doubt, there's no doubt. Slootman's philosophy is you have to be emphatic and have high conviction. You know, back to the baseball analogy, if you're thinking about taking the pitcher out of the game, take 'em out. Confrontation is the single hardest thing in business according to Slootman but you have to be intellectually honest and do what's best for the organization, period. Okay, so wow, that may sound harsh but that's how Slootman approaches it, very Belichickian if you will. But how can you amp it up on a daily basis? What's the approach that Slootman takes? We got into this conversation with a discussion about MBOs, management by objective. Slootman in his book says he's killed MBOs at every company he's led. And I asked him to explain why. His rationale was that individual MBOs invariably end up in a discussion about relief of the MBO if the person is not hitting his or her targets. And that detracts from the organizational alignment. He said at Snowflake everyone gets paid the same way, from the execs on down. It's a key way he creates focus and energy in an organization, by creating alignment, urgency, and putting more resources into the most important things. This is especially hard, Slootman says, as the organization gets bigger. But if you do approach it this way, everything gets easier. The cadence changes, the tempo accelerates, and it works. Now, and to emphasize that point, he said the following. Play the clip. >> Every meeting that you have, every email, every encounter in the hallway, whatever it is, is an opportunity to amp things up. That's why I use that title. But do you take that opportunity? >> And according to Slootman, if you don't take that opportunity, if you're not in the moment, amping it up, then you're thinking about your golf game or the tennis match that's going on this weekend or being out on your boat. And to the point, this approach is not for everyone. You're either built for it or you're not. But if you can bring people into the organization that can handle this type of dynamic, it creates energy. It becomes fun. Everything moves faster. The conversations are exciting. They're inspiring. And it becomes addictive. Now let's talk about priorities. I said to Frank that for me anyway, his book was an uncomfortable read. And he was somewhat surprised by that. "Really," he said. I said, "Yeah. "I mean, it was an easy read but uncomfortable "because over my career, I've managed thousands of people, "not tens of thousands but thousands, "enough to have to take this stuff very seriously." And I found myself throughout the book, oh, you know, on the one hand saying to myself, "Oh, I got that right, good job, Dave." And then other times, I was thinking to myself, "Oh wow, I probably need to rethink that. "I need to amp it up on that front." And the point is to Frank's leadership philosophy, there's no one correct way to approach all situations. You have to figure it out for yourself. But the one thing in the book that I found the hardest was Slootman challenged the reader. If you had to drop everything and focus on one thing, just one thing, for the rest of the year, what would that one thing be? Think about that for a moment. Were you able to come up with that one thing? What would happen to all the other things on your priority list? Are they all necessary? If so, how would you delegate those? Do you have someone in your organization who can take those off your plate? What would happen if you only focused on that one thing? These are hard questions. But Slootman really forces you to think about them and do that mental exercise. Look at Frank's body language in this screenshot. Imagine going into a management meeting with Frank and being prepared to share all the things you're working on that you're so proud of and all the priorities you have for the coming year. Listen to Frank in this clip and tell me it doesn't really make you think. >> I've been in, you know, on other boards and stuff. And I got a PowerPoint back from the CEO and there's like 15 things. They're our priorities for the year. I'm like you got 15, you got none, right? It's like you just can't decide, you know, what's important. So I'll tell you everything because I just can't figure out. And the thing is it's very hard to just say one thing. But it's really the mental exercise that matters. >> Going through that mental exercise is really important according to Slootman. Let's have a conversation about what really matters at this point in time. Why does it need to happen? And does it take priority over other things? Slootman says you have to pull apart the hairball and drive extraordinary clarity. You could be wrong, he says. And he admits he's been wrong on many things before. He, like everyone, is fearful of being wrong. But if you don't have the conversation according to Slootman, you're already defeated. And one of the most important things Slootman emphasizes in the book is execution. He said that's one of the reasons he wrote "Amp It Up." In our discussion, he referenced Pat Gelsinger, his former boss, who bought Data Domain when he was working for Joe Tucci at EMC. Listen to Frank describe the interaction with Gelsinger. >> Well, one of my prior bosses, you know, Pat Gelsinger, when they acquired Data Domain through EMC, Pat was CEO of Intel. And he quoted Andy Grove as saying, 'cause he was Intel for a long time when he was younger man. And he said no strategy is better than its execution, which if I find one of the most brilliant things. >> Now, before you go changing your strategy, says Slootman, you have to eliminate execution as a potential point of failure. All too often, he says, Silicon Valley wants to change strategy without really understanding whether the execution is right. All too often companies don't consider that maybe the product isn't that great. They will frequently, for example, make a change to sales leadership without questioning whether or not there's a product fit. According to Slootman, you have to drive hardcore intellectual honesty. And as uncomfortable as that may be, it's incredibly important and powerful. Okay, one of the other contrarian points in the book was whether or not to have a customer success department. Slootman says this became really fashionable in Silicon Valley with the SaaS craze. Everyone was following and pattern matching the lead of salesforce.com. He says he's eliminated the customer service department at every company he's led which had a customer success department. Listen to Frank Slootman in his own words talk about the customer success department. >> I view the whole company as a customer success function. Okay, I'm customer success, you know. I said it in my presentation yesterday. We're a customer-first organization. I don't need a department. >> Now, he went on to say that sales owns the commercial relationship with the customer. Engineering owns the technical relationship. And oh, by the way, he always puts support inside of the engineering department because engineering has to back up support. And rather than having a separate department for customer success, he focuses on making sure that the existing departments are functioning properly. Slootman also has always been big on net promoter score, NPS. And Snowflake's is very high at 72. And according to Slootman, it's not just the product. It's the people that drive that type of loyalty. Now, Slootman stresses amping up the big things and even the little things too. He told a story about someone who came into his office to ask his opinion about a tee shirt. And he turned it around on her and said, "Well, what do you think?" And she said, "Well, it's okay." So Frank made the point by flipping the situation. Why are you coming to me with something that's just okay? If we're going to do something, let's do it. Let's do it all out. Let's do it right and get excited about it, not just check the box and get something off your desk. Amp it up, all aspects of our business. Listen to Slootman talk about Steve Jobs and the relevance of demanding excellence and shunning mediocrity. >> He was incredibly intolerant of anything that he didn't think of as great. You know, he was immediately done with it and with the person. You know, I'm not that aggressive, you know, in that way. I'm a little bit nicer, you know, about it. But I still, you know, I don't want to give into expediency and mediocrity. I just don't, I'm just going to fight it, you know, every step of the way. >> Now, that story was about a little thing like some swag. But Slootman talked about some big things too. And one of the major ways Snowflake was making big, sweeping changes to amp up its business was reorganizing its go-to-market around industries like financial services, media, and healthcare. Here's some ETR data that shows Snowflake's net score or spending momentum for key industry segments over time. The red dotted line at 40% is an indicator of highly elevated spending momentum. And you can see for the key areas shown, Snowflake is well above that level. And we cut this data where responses were greater, the response numbers were greater than 15. So not huge ends but large enough to have meaning. Most were in the 20s. Now, it's relatively uncommon to see a company that's having the success of Snowflake make this kind of non-trivial change in the middle of steep S-curve growth. Why did they make this move? Well, I think it's because Snowflake realizes that its data cloud is going to increasingly have industry diversity and unique value by industry, that ecosystems and data marketplaces are forming around industries. So the more industry affinity Snowflake can create, the stronger its moat will be. It also aligns with how the largest and most prominent global system integrators, global SIs, go to market. This is important because as companies are transforming, they are radically changing their data architecture, how they think about data, how they approach data as a competitive advantage, and they're looking at data as specifically a monetization opportunity. So having industry expertise and knowledge and aligning with those customer objectives is going to serve Snowflake and its ecosystems well in my view. Slootman even said he joined the board of Instacart not because he needed another board seat but because he wanted to get out of his comfort zone and expose himself to other industries as a way to learn. So look, we're just barely scratching the surface of Slootman's book and I've pulled some highlights from our conversation. There's so much more that I can share just even from our conversation. And I will as the opportunity arises. But for now, I'll just give you the kind of bumper sticker of "Amp It Up." Raise your standards by taking every opportunity, every interaction, to increase your intensity. Get your people aligned and moving in the same direction. If it's the wrong direction, figure it out and course correct quickly. Prioritize and sharpen your focus on things that will really make a difference. If you do these things and increase the urgency in your organization, you'll naturally pick up the pace and accelerate your company. Do these things and you'll be able to transform, better identify adjacent opportunities and go attack them, and create a lasting and meaningful experience for your employees, customers, and partners. Okay, that's it for today. Thanks for watching. And thank you to Alex Myerson who's on production and he manages the podcast for Breaking Analysis. Kristin Martin and Cheryl Knight help get the word out on social and in our newsletters. And Rob Hove is our EIC over at Silicon Angle who does some wonderful and tremendous editing. Thank you all. Remember, all these episodes are available as podcasts. Wherever you listen, just search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com. And you can email me at david.vellante@siliconangle.com or DM me @dvellante or comment on my LinkedIn posts. And please do check out etr.ai for the best survey data in enterprise tech. This is Dave Vellante for theCUBE Insights, powered by ETR. Thanks for watching. Be well. And we'll see you next time on Breaking Analysis. (upbeat music)

>>Good morning, everyone. Welcome back to the Cube's coverage of snowflake summit 22 live from Caesar's forum in Las Vegas. Lisa Martin, here with Dave Valante. This is day three of our coverage. We've had an amazing, amazing time. Great conversations talking with snowflake executives, partners, customers. We're gonna be digging into data mesh with data.world. Please welcome John loins, the chief product officer. Great to have you on the program, John, >>Thank you so much for, for having me here. I mean, the summit, like you said, has been incredible, so many great people, so such a good time, really, really nice to be back in person with folks. >>It is fabulous to be back in person. The fact that we're on day four for, for them. And this is the, the solution showcase is as packed as it is at 10 11 in the morning. Yeah. Is saying something >>Yeah. Usually >>Chopping at the bit to hear what they're doing and innovate. >>Absolutely. Usually those last days of conferences, everybody starts getting a little tired, but we're not seeing that at all here, especially >>In Vegas. This is impressive. Talk to the audience a little bit about data.world, what you guys do and talk about the snowflake relationship. >>Absolutely data.world is the only true cloud native enterprise data catalog. We've been an incredible snowflake partner and Snowflake's been an incredible partner to us really since 2018. When we became the first data catalog in the snowflake partner connect experience, you know, snowflake and the data cloud make it so possible. And it's changed so much in terms of being able to, you know, very easily transition data into the cloud to break down those silos and to have a platform that enables folks to be incredibly agile with data from an engineering and infrastructure standpoint, data out world is able to provide a layer of discovery and governance that matches that agility and the ability for a lot of different stakeholders to really participate in the process of data management and data governance. >>So data mesh basically Jamma, Dani lays out the first of all, the, the fault domains of existing data and big data initiatives. And she boils it down to the fact that it's just this monolithic architecture with hyper specialized teams that you have to go through and it just slows everything down and it doesn't scale. They don't have domain context. So she came up with four principles if I may, yep. Domain ownership. So push it out to the businesses. They have the context they should own the data. The second is data as product. We're certainly hearing a lot about that today this week. The third is that. So that makes it sounds good. Push out the, the data great, but it creates two problems. Self-serve infrastructure. Okay. But her premises infrastructure should be an operational detail. And then the fourth is computational governance. So you talked about data CA where do you fit in those four principles? >>You know, honestly, we are able to help teams realize the data mesh architecture. And we know that data mesh is really, it's, it's both a process in a culture change, but then when you want to enact a process in a culture change like this, you also need to select the appropriate tools to match the culture that you're trying to build the process in the architecture that you're trying to build. And the data world data catalog can really help along all four of those axes. When you start thinking first about, let's say like, let's take the first one, you know, data as a product, right? We even like very meta of us from metadata management platform at the end of the day. But very meta of us. When you talk about data as a product, we track adoption and usage of all your data assets within your organization and provide program teams and, you know, offices of the CDO with incredible evented analytics, very detailed that gives them the right audit trail that enables them to direct very scarce data engineering, data architecture resources, to make sure that their data assets are getting adopted and used properly. >>On the, on the domain driven side, we are entirely knowledge graph and open standards based enabling those different domains. We have, you know, incredible joint snowflake customers like Prologis. And we chatted a lot about this in our session here yesterday, where, because of our knowledge graph underpinnings, because of the flexibility of our metadata model, it enables those domains to actually model their assets uniquely from, from group to group, without having to, to relaunch or run different environments. Like you can do that all within one day catalog platform without having to have separate environments for each of those domains, federated governance. Again, the amount of like data exhaust that we create that really enables ambient governance and participatory governance as well. We call it agile data governance, really the adoption of agile and open principles applied to governance to make it more inclusive and transparent. And we provide that in a way that Confederate across those means and make it consistent. >>Okay. So you facilitate across that whole spectrum of, of principles. And so what in the, in the early examples of data mesh that I've studied and actually collaborated with, like with JPMC, who I don't think is who's not using your data catalog, but hello, fresh who may or may not be, but I mean, there, there are numbers and I wanna get to that. But what they've done is they've enabled the domains to spin up their own, whatever data lakes, data, warehouses, data hubs, at least in, in concept, most of 'em are data lakes on AWS, but still in concept, they wanna be inclusive and they've created a master data catalog. And then each domain has its sub catalogue, which feeds into the master and that's how they get consistency and governance and everything else is, is that the right way to think about it? And or do you have a different spin on that? >>Yeah, I, I, you know, I have a slightly different spin on it. I think organizationally it's the right way to think about it. And in absence of a catalog that can truly have multiple federated metadata models, multiple graphs in one platform, I, that is really kind of the, the, the only way to do it, right with data.world. You don't have to do that. You can have one platform, one environment, one instance of data.world that spans all of your domains, enable them to operate independently and then federate across. So >>You just answered my question as to why I should use data.world versus Amazon glue. >>Oh, absolutely. >>And that's a, that's awesome that you've done now. How have you done that? What, what's your secret >>Sauce? The, the secret sauce era is really an all credit to our CTO. One of my closest friends who was a true student of knowledge graph practices and principles, and really felt that the right way to manage metadata and knowledge about the data analytics ecosystem that companies were building was through federated linked data, right? So we use standards and we've built a, a, an open and extensible metadata model that we call costs that really takes the best parts of existing open standards in the semantics space. Things like schema.org, DCA, Dublin core brings them together and models out the most typical enterprise data assets providing you with an ontology that's ready to go. But because of the graph nature of what we do is instantly accessible without having to rebuild environments, without having to do a lot of management against it. It's, it's really quite something. And it's something all of our customers are, are very impressed with and, and, and, and, you know, are getting a lot of leverage out of, >>And, and we have a lot of time today, so we're not gonna shortchange this topic. So one last question, then I'll shut up and let you jump in. This is an open standard. It's not open source. >>No, it's an open built on open standards, built on open standards. We also fundamentally believe in extensibility and openness. We do not want to vertically like lock you into our platform. So everything that we have is API driven API available. Your metadata belongs to you. If you need to export your graph, you know, instantly available in open machine readable formats. That's really, we come from the open data community. That was a lot of the founding of data.world. We, we worked a lot in with the open data community and we, we fundamentally believe in that. And that's enabled a lot of our customers as well to truly take data.world and not have it be a data catalog application, but really an entire metadata management platform and extend it even further into their enterprise to, to really catalog all of their assets, but also to build incredible integrations to things like corporate search, you know, having data assets show up in corporate Wiki search, along with all the, the descriptive metadata that people need has been incredibly powerful and an incredible extension of our platform that I'm so happy to see our customers in. >>So leasing. So it's not exclusive to, to snowflake. It's not exclusive to AWS. You can bring it anywhere. Azure GCP, >>Anytime. Yeah. You know where we are, where we love snowflake, look, we're at the snowflake summit. And we've always had a great relationship with snowflake though, and really leaned in there because we really believe Snowflake's principles, particularly around cloud and being cloud native and the operating advantages that it affords companies that that's really aligned with what we do. And so snowflake was really the first of the cloud data catalogs that we ultimately or say the cloud data warehouses that we integrated with and to see them transition to building really out the data cloud has been awesome. >>Talk about how data world and snowflake enable companies like per lodges to be data companies. These days, every company has to be a data company, but they, they have to be able to do so quickly to be competitive and to, to really win. How do you help them if we like up level the conversation to really impacting the overall business? >>That's a great question, especially right now, everybody knows. And pro is a great example. They're a logistics and supply chain company at the end of the day. And we know how important logistics and supply chain is nowadays and for them and for a lot of our customers. I think one of the advantages of having a data catalog is the ability to build trust, transparency and inclusivity into their data analytics practice by adopting agile principles, by adopting a data mesh, you're able to extend your data analytics practice to a much broader set of stakeholders and to involve them in the process while the work is getting done. One of the greatest things about agile software development, when it became a thing in the early two thousands was how inclusive it was. And that inclusivity led to a much faster ROI on software projects. And we see the same thing happening in data analytics, people, you know, we have amazing data scientists and data analysts coming up with these insights that could be business changing that could make their company significantly more resilient, especially in the face of economic uncertainty. >>But if you have to sit there and argue with your business stakeholders about the validity of the data, about the, the techniques that were used to do the analysis, and it takes you three months to get people to trust what you've done, that opportunity's passed. So how do we shorten those cycles? How do we bring them closer? And that's, that's really a huge benefit that like Prologis has, has, has realized just tightening that cycle time, building trust, building inclusion, and making sure ultimately humans learn by doing, and if you can be inclusive, it, even, it even increases things like that. We all want to, to, to, to help cuz Lord knows the world needs it. Things like data literacy. Yeah. Right. >>So data.world can inform me as to where on the spectrum of data quality, my data set lives. So I can say, okay, this is usable, shareable, you know, exactly of gold standard versus fix this. Right. Okay. Yep. >>Yep. >>That's yeah. Okay. And you could do that with one data catalog, not a bunch of >>Yeah. And trust trust is really a multifaceted and multi multi-angle idea, right? It's not just necessarily data quality or data observability. And we have incredible partnerships in that space, like our partnership with, with Monte Carlo, where we can ingest all their like amazing observability information and display that in a really like a really consumable way in our data catalog. But it also includes things like the lineage who touch it, who is involved in the process of a, can I get a, a, a question answered quickly about this data? What's it been used for previously? And do I understand that it's so multifaceted that you have to be able to really model and present that in a way that's unique to any given organization, even unique within domains within a single organization. >>If you're not, that means to suggest you're a data quality. No, no supplier. Absolutely. But your partner with them and then that you become the, the master catalog. >>That's brilliant. I love it. Exactly. And you're >>You, you just raised your series C 15 million. >>We did. Yeah. So, you know, really lucky to have incredible investors like Goldman Sachs, who, who led our series C it really, I think, communicates the trust that they have in our vision and what we're doing and the impact that we can have on organization's ability to be agile and resilient around data analytics, >>Enabling customers to have that single source of truth is so critical. You talked about trust. That is absolutely. It's no joke. >>Absolutely. >>That is critical. And there's a tremendous amount of business impact, positive business impact that can come from that. What are some of the things that are next for data.world that we're gonna see? >>Oh, you know, I love this. We have such an incredibly innovative team. That's so dedicated to this space and the mission of what we're doing. We're out there trying to fundamentally change how people get data analytics work done together. One of the big reasons I founded the company is I, I really truly believe that data analytics needs to be a team sport. It needs to go from, you know, single player mode to team mode and everything that we've worked on in the last six years has leaned into that. Our architecture being cloud native, we do, we've done over a thousand releases a year that nobody has to manage. You don't have to worry about upgrading your environment. It's a lot of the same story that's made snowflake. So great. We are really excited to have announced in March on our own summit. And we're rolling this suite of features out over the course of the year, a new package of features that we call data.world Eureka, which is a suite of automations and, you know, knowledge driven functionality that really helps you leverage a knowledge graph to make decisions faster and to operationalize your data in, in the data ops way with significantly less effort, >>Big, big impact there. John, thank you so much for joining David, me unpacking what data world is doing. The data mesh, the opportunities that you're giving to customers and every industry. We appreciate your time and congratulations on the news and the funding. >>Ah, thank you. It's been a, a true pleasure. Thank you for having me on and, and I hope, I hope you guys enjoy the rest of, of the day and, and your other guests that you have. Thank you. >>We will. All right. For our guest and Dave ante, I'm Lisa Martin. You're watching the cubes third day of coverage of snowflake summit, 22 live from Vegas, Dave and I will be right back with our next guest. So stick around.

>>We're back at the red hat summit, 2022, the Cube's continuous coverage. This is day one. We're here all day tomorrow as well. My name is Dave LAN. I'm here with Paul Gillon. Matt Hicks is here. He's executive vice president of products and technologies at red hat. Matt. Good to see you. Thanks for coming on. Nice to see you face to >>Face. Thanks. Thanks Dave. Thanks fall. It's uh, good to be here. >>So you took a different tack with your, uh, keynote today, had a homage to ate a love lace and Serena VA Ramian, which was kind of cool. And your, your point was they weren't noted at their time and nobody was there to build on their early ideas. I mean, ate a lovely, I think it was a century before, right. Ram illusion was a, you know, decade plus, but, and you tied that to open source. You can give us your kind of bumper sticker of your premise there. >>Yeah. You know, I think I have a unique seat in this from red hat where we see, we see new engineers that come in that sort of compete on a world stage and open source and the, the best, which is easy to track just in contributions are not necessarily from the background you would expect them from. And, and it, for me, it's always really inspiring. Like you have this potential in, in people and open source is a great model for getting that out. We told the history story, cuz it, I think when you look over history, just some of that potential that's been ignored before. Um, sure. It's happening right now. But getting that tied into open source models, we think can hopefully let us tap into a little more than, than we have in the past. So >>Greatly. So when you're thinking about innovation and specific to open source, is it a case where I wonder, I really know the history here of open source. Maybe you can educate me. Is it the case where open source observes, uh, a de factacto standard let's say, or some other proprietary approach and says, Hey, we can build that in open and that's so the, the inspiration, or is it an innovation flywheel that just invents? >>I think it's both at this stage. So in the, in the early days, if you take something like Linux, it was a little more of, you know, there was the famous memo of like, this is gonna be a hobbyist project. We're just gonna light up X 86 hardware and have an operating system we can work with. That was a little more of like this standards were there, but it was, can we just build a better operating system with it, be >>Better than Unix cuz would live up to the promise of units. >>That's right. Where in Unix you had some standardization to models, but it wasn't open in that same sense. Uh, Linux has gone well beyond a hobbyist project at this point. Uh, but that was maybe that clone model, um, to units these days though, if you take something like Kubernetes or take something like Ansible, that's just more pure innovation, you didn't necessarily have a Kubernetes model that you're building a better version of it was distributed computing and how can we really make that tick and, um, bring a lot of great minds into that to build it. Um, so I think you see both of 'em, which is it's one of the things that makes open source fun. Like it, it has a broad reach at this point. >>There's one major area of software that opensource has not penetrated yet. And that is applications. I mean, we, there have been, you know, sugar CRM there have been open E R P applications and, and such, none of them really taken off and in fact tend to be drawn back to being proprietary. Why do you suppose opensource has been limited to infrastructure and has hasn't branched out further? >>Yeah, I think part of it is, uh, where can you find a, a model where lots of different companies are, are comfortable contributing into, if you have one solution and one domain from one company you're gonna struggle more getting a real vibrant community built around that. When you pick an area like infrastructure or core platforms, you have a lot of hardware providers, the use cases span from traditional apps to AI. You have a lot of places to run that it's a massive companies. So >>Volume really, it, >>It really is. You just have an interest that spans beyond companies and that's where we've seen open source projects really pick up and build critical mass. How about crypto >>Dows? I mean, that's right. Isn't that the, a form of open source? I mean, is it, isn't that the application really what exactly what you're talking about? It is true or >>It, well, if you look at cryptography encryption algorithms even go to, um, quantum going forward, I think a lot of quantum access will be driven in an open source model. The machines themselves, uh, will be machines, but things like kids kit, uh, that is how most people will access that. So it is a powerful model for getting into areas that are, um, pretty bleeding edge on it as well. >>We were talking, go ahead. We were talking before Andy mentioned that hardware and software increasingly intersecting. That was the theme we heard at the, at the keynote this morning. Yeah. Why do you believe that's happening and how do you see that? How does that affect what you do? >>Uh, I, I think the reason that's happening is there is a push to make decisions closer and closer to users on it because on one side, like law of physics and then on the other of it's just a better experience for it. And so whether that is in transportation or it's in telecommunications, so you see this push outside of data centers to be able to get at that data locally for it. Uh, but if that's the draw, I think also we're seeing hardware architectures are changing. There are, um, standards like arm that are lower power that lets you run pretty powerful compute at the edge as well. And I think it's that combination saying we can do a lot at the edge now and that actually benefits us building user experiences in a lot of different domains is, is making this pull to the edge, uh, really quickly. But it's, it's a, it's an exciting time to be seeing that happening >>And, and, and pretty powerful is almost an understatement. When you think about what the innovations that are going on. Right. I mean, in, in, in, in particular, at the edge mm-hmm, <affirmative>, I mean, you're seeing Moore's law be blown. Everybody says Moore's law is dead, but you're seeing the performance of when you combine the GPU and the CPU and the NPU and the Excel. I mean, it blows away anything we've historically known. Yeah. So you think about the innovations in software that occurred as a result of Moore's law. What are the new beachheads that we could potentially see in open source? >>I think when you start taking the, um, AI patterns on this and AI is a broad space, but if you go even to like machine learning of optimization type use cases, you start, uh, leveraging how you're gonna train those models, which gets you into, you know, CPUs and GPU and TPUs in that world. And then you also have the, how am I gonna take that train model, put it on a really lightweight device and efficiently ask that model questions. And that gets you into a different architecture design. Uh, but that combination, I think we're gonna see these domains build differently where you have mass compute training type capabilities, and then push that as close to the user, as you can, to make decisions that are more dynamic than traditional codes. >>So a lot of the AI that's done today is modeling that's done in the cloud. Yep. And what you're talking about at the edge, and you think about, you know, vehicles is real time influencing. Yep. And that's, that's massive amounts of data. It's a different architecture. Right. And requires different hardware presumably and different software. So, and you guys, well, Linux is obviously there. Yeah. >>That's, that is the, where we get excited about things like the GM announcement you are in the square, in that, um, aspect of running compute right at the end user and actually dealing with sensor and data, that's changing there to help, you know, in this case, like driver's assistance capabilities with it. But I think that the innovation we'll see in that space will be limitless on it. So it's, it's a nice combination of it too. And you'll still have traditional applications that are gonna use those models. I think of it almost as it's like the new middleware, we have our traditional middleware techniques that we know and patterns. Um, they will actually be augmented with things like, um, machine learning models and those capabilities to just be more dynamic. So it's a fun time right now seeing >>That conversion a lot of data too. And again, I wonder how much of that is even gonna be persisted prob probably enough, cuz there's gonna be so much of it, how much it'll come back to the cloud a lot, but maybe not most of it, but it's still massive amounts relative to what we've seen before >>It is. And this is, you know, you've heard our announcement around OpenShift streams in those capabilities. So in red hat, what we do, we will always focus on hybrid with it because a lot of that data it'll be dropped at the edge cuz you won't need it, but the data you act on and the data you need, you will probably need at your indice and in your cloud. And maybe even on premise and capabilities like Kafka and the ability to pick and stream and stay consistent. We think there's a set of really exciting services to be able to enable that class of development where, um, hopefully we'll be at the center of, of that. >>You, you announced, uh, today an agreement with GM, uh, to, to build on their all to five platform, uh, auto industry, very proprietary historically, uh, with their technology. Do you think that this is an opportunity to crank that open? >>A absolutely. I think in, I've been involved with opensource for, for a while, but I think all of them started in a very proprietary model. And then you get to a tipping point where open source models can just unlock more innovation than proprietary models and you see 'em tip and flip. And I think in the automotive industry and actually in a lot of other industries, the capabilities of being able to combine hardware and software fast with the latest capabilities, it'll drive more innovation than just sticking to proprietary models. So yeah, I believe it will be one of many things to come there. >>You've been involved in open surf for a while. Like how long of a while people must joke about when they look at you, Matt, they must say, oh, did you start when you were five? Yeah. >>It's >>Uh, you get that a lot. >>I, I do, uh, it's my, my children, I think aged me a bit, but uh, but yeah, for me it was the mid nineties. That's when I started with, uh, with open source. >>It was uh, wow. So >>It's been a long, long >>Run. You made the statement in your keynote, that software development is, is, is messy. I presumably part of your job is to make it less messy. But now we talk about all this, these new beachheads, this new new innovations, a lot of it's unknown. Yeah. And it could be really messy. So who are the, who is there a new breed of developer that's emerging? Are they gonna come over from the cloud developers or is it the, is it the OT crowd and the, and the OT crowd? That's gonna be the new developers. >>I, I wish I knew, but I would say, I think you, I do think you'll get to almost like a laws of physics type challenge where you won't learn everything. You're not gonna know, uh, the depths of 5g implementation and Kubernetes and Linux on that. And so for us, this is where ecosystem providers are really, really critical where you have to know your intersection points, but you also have to partner really well to actually drive innovation in some of these spaces cuz uh, the domains themselves are massive on it. So our areas we're gonna know hybrid, we're gonna know, you know, open source based platforms to enable hybrid. And then we're gonna partner with companies that know their domains and industries really well to bring solutions to customers. So >>I'm curious about partnering, uh, cuz Paul cor may mentioned that as well as, as being critical, do you have sort of a template for partnering or is each partnership unique? >>Um, >>I think at this point, uh, the market's changing so fast that, uh, we do have templates of, uh, who are you going to embed solutions with? Who are you going to co-sell with? And co-create uh, the challenge in technology though, is it shifts so quickly. If you go back five years, maybe even 10 years, public cloud probably wasn't as dominant. Um, as it is now, now we're starting to see the uptick of edge solutions, probably being, having as much draw as public cloud. And so I think for us, the partnership follows the innovation on those curves and finding the right model where that works for customers is the key thing for us. But I wish there was more of a pattern. We could say it stays stable for decades, but I think it changes with the market on, we do that. >>But you know, it's funny cuz you you've, you see every 15 years or so the industry gets disrupted. I mean we certainly saw it with mainframes and PC and then the internet and then the cloud, uh, you guys have kind of been there. Well Linux throughout, I mean, okay. It built the, built the internet, built the cloud, it's building the edge. So it's almost, I don't wanna say your disruption proof cause that's just, that's gonna jinx you, but, but in, but you've architected the products in a way that they're compatible with these new errors. Mm-hmm <affirmative> of industry, >>Everything needs an operating >>System. Everything needs an operating system, but you've seen operating systems come and go, you know, and, and Linux has survived so many different waves. Why, how >>You know, I, I think for us, when you see open source projects, they definitely get to a critical mass where you have so much contribution, so much innovation there that they're gonna be able to follow the trends pretty well. If you look at a Linux, whatever the next hardware innovation that comes out is Linux has enough gravity that, um, it's open, it's successful, you're gonna design to it. The capability will be there. I think you're seeing similar things in Kubernetes now where if you're going to try to drive application innovation, it is a model that gives you a ton of reach. You have thousands of contributors. That's been our model though is find those projects be influential in, 'em be able to drive value in life cycles. But I think it's that open source model that gives us the durability where it can keep changing and tracking to new patterns. So, so >>Yeah, there's been a lot of open source that wasn't able to sustain. So I think you guys obviously have a magic formula. That's true. >>We, there is a, there is some art to picking, I think millions of projects. Uh, but you've gotta watch for that. >>Yeah. Open source is also a place place where failed products go to die. Yeah. <laugh> so you have to be sure you're not, you're not in that corner. >>Yeah. Well >>Look at Kubernetes. I mean the fact that that actually happened is it's astounding to me when you think about it, I mean even red hat was ready to go on a different path. What if that had happened? Who knows? Maybe it never would've maybe to your point about Ava Lovelace, maybe it would've taken a decade to, or run revolution. >>You know, I think in some of these you have to, you have to watch really closely. We obviously have a lot of signals of what will make good long term health. And I, I don't think everyone looks at those the same. We look at 'em from trademark controls and how foundations are structured and um, who the contributors are and the spread of that. And it's not perfect. But I think for us, you have to have those that longevity built in there where you will have a spike of popularity that has the tendency to just, um, fall apart on it. So we've been yeah. Doing that pretty >>Well conditions for a long life is something that's a that's maybe it's an art form. I don't know if it's a data form. It's a culture. Maybe, maybe it's >>Cultural. Yeah. Probably a combination some days I think I'm like this could part art, part science. Yeah. But, uh, but it's certainly a fun space to be in and see that happen. It, um, yeah, it's inspiring to me. Yeah. >>Matt Hicks. Great to have you back on the cube and uh, good job on the keynote really, um, interesting angle that you took. So >>Congratulations. Thanks for having me. >>Yeah. You're very welcome. All right. Keep it right there. Dave ante for Paul Gillon red hat summit, 2022 from Boston. You're watching the cube.

(bright upbeat music) >> Hello, welcome to this CUBE Unstoppable Domain Showcase. I'm John Furrier, host of theCUBE. We've been showcasing all the great content about Web3 and what's going around the corner for Web4. Of course, Unstoppable Domains is one of the big growth stories in the business. Brad Kam, the Co-founder is here with me, of Unstoppable Domains, Brad, great to see you, thanks for coming on this showcase. >> Thanks, pleasure for having me. >> So you have a lot of history in the Web3. They're calling it now, but it's basically crypto and blockchain. You know, the white paper came out and then, you know how it developed was organically. We saw how that happened. Now you're the co-founder of Unstoppable Domains. You're seeing the mainstream, I would say mainstream scene, Superbowl commercials, okay? You're seeing it everywhere. So it is here. Stadiums are named after cryptos, companies. It's here. Hey, it's no longer a fringe, it is reality. You guys are in the middle of it. What's going on with the trend, and where does Unstoppable fit in and where do you guys tie in here? >> I mean, I think that what's been happening in general, this whole revolution around cryptocurrencies and then NFTs and what Unstoppable Domain is doing. It's all around creating this idea that people can own something that's digital. And this hasn't really been possible before Bitcoin. Bitcoin was the first case. You could own money. You don't need a bank, no one else. You know, you can completely control it. No one else can turn you off. Then there was this next phase of the revolution, which is, assets beyond just currencies. So NFTs, digital art. What we're working on is like a decentralized identity, like a username for Web3 and each individual domain name is an NFT. But yeah, it's been a crazy ride over the past 10 years. >> It's fun because, you know, on siliconangle.com, which we founded, we were covering early days of crypto. In fact, our first website, the developer want to be paid in crypto. It's interesting. Price of Bitcoin, I won't say that how low it was. But then you saw the ICO Wave, the token started coming in. You started seeing much more engineering focus, a lot of white papers coming out, a lot of cool ideas. And then now you got this mainstream of this. So I got to ask you, what are the coolest things you guys are working on, because Unstoppable has a solution that solves a problem today, and that people are facing at the same time, it is part of this new architecture. What problem do you guys solve right now that's in market that you're seeing the most traction on? >> Yeah, so it's really about, so whenever you interact with a blockchain, you wind up having to deal with one of these really, really crazy public keys, public addresses. And they're like anywhere from 20 to 40 characters long, they're random, they're impossible to memorize. And going back to even early days in crypto, I think people knew that this tech was not going to go mainstream if you have to copy and paste these things around. If I'm getting ready to send you like a million dollars, I'm going to copy and paste some random string of numbers and letters. I'm going to have no confirmations about who I'm sending it to, and I'm going to hope that it works out. It's just not practical. People have kind of always known there was going to be a solution. And one of the more popular ideas was, doing kind of like what DNS did, which is, instead of having to deal with these crazy IP addresses, this long random string of numbers to find a website, you have a name like a keyword, something that's easy to remember. You know, like a hotels.com or something like that. And so what NFT domains are, is basically the same thing, but for blockchain addresses. And yeah, it's just better and easier. There's this joke that everybody, you know, if you want to send me money, you're going to send me a test transaction of, you know, like a dollar first, just to make sure that I get it. Call me up and make sure that I get it before you go and send the big amount. Just not the way of moving billions of dollars of value is going to work in the future. >> Yeah, and I think one of the things you just point out, make it easier. When you have these new waves, these shifts, we saw it with the web pages. More and more web pages were coming on, more online users. They called it the online populations growing. Here, the same thing's happening. And if the focus is on ease of use, making things simpler to understand, and reducing the step it takes to do things, right? This is kind of what's going on and with the developer community, and what Ethereum has done really well is, brought in the developers. So that's the convergence of all the action. And so, when you (John chuckles) so that's where you're at right now. How do you go forward from here? Obviously, there's business development deals to do, you guys are partnering a lot. What's the strategy? What are some of the things that you can share about some of your business activity that points to how mainstream it is and where it's going? >> So I think the way to think about an NFT domain name is that it's meant to be like your identity on Web3. So, it's going to have a lot of different context. So it's kind of like your Venmo account, where you could send me money to brad.crypto, can be your decentralized website, where you can check out my content at brad.crypto. It can also be my like login kind of like a decentralized Facebook O oth, where I can log into DApps and share information about myself and bring my data along with me. So it's got all of these different things that it can do, but where it's starting is inside of crypto wallets and crypto apps, and they are adopting it for this identity idea. And it's the same form of identity across all your apps. That's the thing that's new here. So, yeah, that's the really big and profound shift that's happening. And the reason why this is going to be maybe even more important than a lot of, you know, your listeners think is that, everyone's going to have a crypto wallet. Every person in the world is going to have a crypto wallet. Every app, every consumer app that you use is going to build one in. Twitter just launched, just built one. Reddit is building one. You're seeing it across all the consumer finance apps. So it's not just the crypto companies that you're thinking of, every app's going to have a wallet. And it's going to really change the way that we use the internet. >> I think there's a couple things you pointed. I want to get your reaction to and thoughts more on this concept of DApps or decentralized applications, DApps or depending on what you call it. This is applications. And that take advantage of the architecture, and then this idea of users owning their own data. And this absolutely reverses the script today. Today, you see Facebook, you see LinkedIn, all these silos, they own the data that you are the product. Here, the users are in control. They have their data, but the apps are being built for it for the paradigm shift here, right? That's what's happening. Is that right? >> Totally, totally. And so, it all starts. I mean, DApp is just this crazy term. It feels like it's this, like really foreign, weird thing. All it means is that you sign in with your wallet instead of signing in with a username and password, where the data is stored inside of that app. Like inside of Facebook. So that's the only real, like, core underneath difference to keep in mind, signing in with the wallet. But that is like a complete sea change in the way the internet works. Because I have this key, this private key, it's on my phone or my device or whatever. And I'm the only one that has it. So, if somebody wanted to hack me, they need to go get access to my device. Two years ago, when Twitter got hacked, Barack Obama and Elon Musk were tweeting the same stuff. That's because Twitter had all the data. And so, you needed to hack Twitter instead of each individual person. It's a completely different security model. It's way better for users to have that. But, if you're thinking from the user perspective, what's going to happen is, is that instead of Facebook storing all of my data, and then me being trapped inside of Facebook, I'm going to store it, and I'm going to move around on the internet, logging in with my Web3 username, my NFT domain name, and I'm going to have all my data with me. And then I could use 100 different Facebooks all in one day. And it would be effortless for me to go and move from one to the other. So, the monopoly situation that we exist in as a society is because of the way data storage works and- >> So that's a huge point. So let's double down on that for one more second. This is a huge point. I want to get your thoughts. So I think people don't understand that in the mainstream having that horizontal traversal or ability to move around with your identity in this case, your Unstoppable Domain and your data allows the user to take it from place to place. It's like going to other apps that could be like Facebook, where the user's in charge. And they're either deciding whether to share their data or not, or they're certainly continuate their data. And this allows for more of a horizontal scalability for the user, not for a company. >> Yeah, and what's going to happen is, as users are building up their reputation. They're building up their identity in Web3. So you have your username and you have your profile and you have certain badges of activities that you've done. And you're building up this reputation. And now apps are looking at that, and they're starting to create social networks and other things to provide me services because it started with the user. And so, the user is starting to collect all this valuable data, and then apps are saying, well, hey, let me give you a special experience based on that. But the real thing, and this is like the core, I mean, this is just like a core capitalist idea, in general. If you have more competition, you get a better experience for users. We have not had competition in Web2 for decades because these companies have become monopolies. And what Web3 is really allowing is, this wide open competition. And that's the core thing. Like, it's not like, you know, it's going to take time for Web3 to get better than Web2. You know, it's very, very early days. But the reason why it's going to work is because of the competitive aspect here. Like it's just so much better for consumers when this happens. >> I would also add to that, first of all, great point, great insight. I would also add that the web presence technology based upon DNS specifically is, first of all, it's asking, so it's not foreign characters, it's not Unicode for the geeks out there. But that's limiting too, it limits you to be on a site. And so, I think the combination of kind of inadequate or antiquated DNS has limitations. So if... And that doesn't help communities, right? So when you're in the communities, you have potentially marketplaces that could be anywhere. So if you have ID, I'm just kind of thinking it forward here. But if you have your own data and your own ID, you can jump into a marketplace, two-sided marketplace anywhere. An app can provide that, if the community's robust, this is kind of where I see the use case going. How do you guys, do you guys agree with that statement and how do you see that ability for the user to take advantage of other competitive or new emerging communities or marketplaces? >> So I think it all comes down. So identity is just this huge problem in Web2. And part of the reason why it's very, very hard for new marketplaces and new communities to emerge is 'cause you need all kinds of trust and reputation. And it's very hard to get real information about the users that you're interacting with. If you're in the Web3 paradigm, then what happens is, is you can go and check certain things on the blockchain to see if they're true. And you can know that they're true 100%. You can know that I have used Uniswap in the past 30 days, and OpenSea in the past 30 days. You can know for sure that this wallet is mine. The same owner of this wallet also owns this other wallet, owns this asset. So having the ability to know certain things about a stranger is really what's going to change behavior. And one of the things that we're really excited about is being able to prove information about yourself without sharing it. So I can tell you, hey, I'm a unique person. I'm an American, I'm not an American, but I don't have to tell you who I am. And you can still know that it's true. And that concept is going to be what enables what you're talking about. I'm going to be able to show up in some new community that was created two hours ago, and we can all trust each other that a certain set of facts are true. And that's possible because- >> And exchange value with smart contracts and other with no middle men involved activities, which is the promise of the new decentralized web. All right, so let me ask you a question on that. Because I think this is key. The anonymous point is huge. If you look at any kind of abstraction layers or any evolution in technology over the years, it's always been about cleaning up the mess or extending capabilities of something that was inadequate. We mentioned DNS, now you got this. There's a lot of problems with Web2, 2.0, social bots. You mentioned bots. Bots are anonymous and they don't have a lot of time in market. So it's easy to start bots, and everyone who does either scraping bots, everyone knows this. What you just pointed out was, in an ops environment that was user choice, but has all the data that could be verified. So it's almost like a blue check mark on Twitter without having your name, kind of- >> It's going to be 100s of check marks, but exactly. 'Cause there's so many different things that you're going to want to communicate to strangers, but that's exactly the right mental model. It's going to be these check marks for all kinds of different contexts. And that's what's going to enable people to trust that they're, you know, you're talking to a real person or you're talking to the type of person you thought you were talking to, et cetera. But yeah, it's, you know, I think that the issues that we have with bots today are because Web2 has failed at solving identity. I think Facebook at one point was deleting half a billion fake accounts per quarter. Something like the entire number of user profiles they were deleting per year. So it's just a total- >> And they spring up like mushrooms. They just pop up, to think that's the problem. I mean, the data that you acquire in these siloed platforms is used by them, the company. So you don't own the data, so you become the product as the cliche goes. But what you guys are saying is, if you have an identity and you pop around to multiple sites, you also have your digital footprints and your exhaust that you own. Okay, that's time, that's reputation data. I mean, you can cut it any way you want, but the point is, it's your stuff over time, that's yours. And that's immutables on the blockchain, you can store it and then make that permanent and add to it. >> Exactly. >> That's a time based thing versus today, bots that are spreading misinformation can get popped up when they get killed. They just start another one. So time actually is a metric for quality here. >> Absolutely. And people already use it in the crypto world to say like, hey, this wallet was created greater than two years ago. This wallet has had transactions for at least three or four years. Like this is probably a real, you know, this is probably a legitimate user. And anybody can look that up. I mean, we can we go look it up together right now on Etherscan, it would take a minute. >> Yeah, (indistinct). Yeah, I'm a big fan, I can tell, I love this product. I think you guys are going to do really well. Congratulations, I'm a big fan. I think this is needed. What are some of the deals you've done? blockchain.com is one and Opera. Can you take us through those deals and why they're working with you? Let's start with blockchain.com. >> Yeah, so the whole thing here is that, this identity standard for Web3 apps need to choose to support it. So, you know, we spent several years as a company working to get as many crypto wallets and browsers and crypto exchanges to support this identity standard. Some of the largest and probably most popular companies to have done this are, blockchain.com, for example, blockchain.com, one of the largest crypto wallets in the world. And you can use your domain names instead of crypto addresses. And this is super cool because blockchain.com in particular focuses on onboarding new users. So they're very focused on how we're going to get the next 4 billion internet users to use this tech. And they said, usernames are going to be essential. Like, how can we onboard this next several billion people if we have to explain to them about all these crazy addresses. And it's not just one, like we want to give you 10, 40 character addresses for all these different contexts. Like, it's just no way people are going to be able to do that without having a user name. So, that's why we're really excited about what blockchain.com's doing. They want to train users that this is the way you should use the tech. >> Yeah, and certainly no one wants to remember. I remember how writing down all my... You know, I was never a big wallet fan 'cause of all the hacks I used to write it down and store it in my safe. But if the house burns down or I kick the can who's going to find it, right? So again, these are all important things. Your key storing it, securing it, super important. Talk about Opera. That's an interesting partnership because it's got a browser that people know what it is. What are they doing different? Almost imagine they're innovating around the identity and what people's experiences with what they touch. >> Yeah, so this is one of those things that's a little bit easier and I strongly encourage everybody to go and try DApps after this. 'Cause this is going to be one of those concepts, it can be a little easier if you try it than if you hear about it. But the concept of a wallet and a browser are kind of merging. So it makes sense to have a wallet inside of your browser. Because when you go to a website, the website's going to want you to sign in with your wallet. So having that be in one app is quite convenient for users. And so Opera was one of the trailblazers, a traditional browser that added a crypto wallet so that you can store money in there. And then also added support for domain names for payments and for websites. So, you can type in brad.crypto and you can send me money, or you can type in brad.crypto into the browser and you can check out my website. I've got a little NFT gallery. You can see my collection up there right now. So that's the idea is that, browsers have this kind of superpower in Web3. And what I think is going to happen, Opera and Brave have been kind of the trailblazers here. What I think is going to happen is that, these traditional browsers are going to wake up and they're going to see that integrating a wallet is critical for them to be able to provide services to consumers. >> I mean, it is an app. I mean, why not make it a DApps as well? Because why wouldn't I want to just send you crypto, like Venmo, you mentioned earlier, which people can understand that concept. Venmo, let me make my cash. Same concept here. But built in to the browser, which is not a browser anymore it's a reader, a DApp reader, basically with a wallet. All right, so what does this mean for you guys and the marketplace? You got Opera pushing the envelope on browsing, changing the experience, enabling the applications to be discovered and navigated and consumed. You got blockchain.com with the wallets and being embedded there. Good distribution. Who are you looking for for partners? How do people partner? Let's just say theCUBE wants to do NFTs, and we want to have a login for our communities, which are all open. How do we partner with you? Or do we? We have to wait or is there a... I mean, take us through the partnership strategy. How do people engage with Unstoppable Domains? >> Yeah, so, I mean, I think that if you're a wallet or a crypto exchange, it's super easy, we would love to have you support being able to send money using domains. We also have all sorts of different kind of marketing activities we can do together. We can give out free stuff to your communities. We have a bunch of education that we do. We're really trying to be this onboarding point to Web3. So there's, I think a lot of cool stuff we can do together on the commercial side and on the marketing side. And then the other category that we didn't talk about was DApps. And we now have this login with ensemble domains, which you kind of alluded to there. And so you can log in with your domain name and then you can give the app permission to get certain information about you or proof of information about you, not the actual information, if you don't want to share it, because it's your choice and you're in control. And so, that would be another thing. Like, if you all launch a DApps, we should absolutely have login with Unstoppable there. >> Yeah, there's so much headroom here. You got a short term solution with exchange. Get that distribution, I get that, that's early days of the foundation, push the distribution, get you guys everywhere. But the real success comes in for the login. I mean, the sign in single sign in concept. I think that's going to be powerful, great stuff. Okay, future, tell us something we don't know about Unstoppable Domains that people might be interested in. >> I think the thing that you're going to hear about a lot from us in the future is going to be around this idea of identity, of being able to prove that you're a human and be able to tell apps that. And apps are going to give you all kinds of special access and rewards and all kinds of other things, because you gave 'em that information. So that's probably, that's the hint I'm going to drop. >> You know, it's interesting, Brad. You bring trust, you bring quality verified data, choose intelligence software and machine learning, AI and access to distributed communities and distributed applications. Interesting to see what the software does with that. Cause it traditionally didn't have that before. I mean, just in mind blowing. I mean, it's pretty crazy. Great stuff. Brad, thanks for coming on. Thanks for sharing the insight. The Co-founder of Unstoppable Domains, Brad Kam. Thanks for stopping by theCUBE's Showcase with Unstoppable Domains. >> Thanks for having me. (bright upbeat music)