(soft music) >> Welcome back to Sin City, guys and girls we're glad you're with us. You've been watching theCUBE all week, we know that. This is theCUBE's live coverage of AWS re:Invent 22, from the Venetian Expo Center where there are tens of thousands of people, and this event if you know it, covers the entire strip. There are over 55,000 people here, hundreds of thousands online. Dave, this has been a fantastic show. It is clear everyone's back. We're hearing phenomenal stories from AWS and it's ecosystem. We got a great customer story coming up next, featured on the main stage. >> Yeah, I mean, you know, post pandemic, you start to think about, okay, how are things changing? And one of the things that we heard from Adam Selipsky, was, we're going beyond digital transformation into business transformation. Okay. That can mean a lot of things to a lot of people. I have a sense of what it means. And I think this next interview really talks to business transformation beyond digital transformation, beyond the IT. >> Excellent. We've got two guests. One of them is an alumni, Scott Mullins joins us, GM, AWS Worldwide Financial Services, and Brad Peterson is here, the EVP, CIO and CTO of NASDAQ. Welcome guys. Great to have you. >> Hey guys. >> Hey guys. Thanks for having us. >> Yeah >> Brad, talk a little bit, there was an announcement with NASDAQ and AWS last year, a year ago, about how they're partnering to transform capital markets. It was a highlight of last year. Remind us what you talked about and what's gone on since then. >> Yeah, so, we are very excited. I work with Adena Friedman, she's my boss, CEO of NASDAQ, and she was on stage with Adam for his first Keynote as CEO of AWS. And we made the commitment that we were going to move our markets to the Cloud. And we've been a long time customer of AWS and everyone said, you know the last piece, the last frontier to be moved was the actual matching where all the messages, the quotes get matched together to become confirmed orders. So that was what we committed to less than a year ago. And we said we were going to move one of our options markets. In the US, we have six of them. And options markets are the most challenging, they're the most high volume and high performance. So we said, let's start with something really challenging and prove we can do it together with AWS. So we committed to that. >> And? Results so far? >> So, I can sit here and say that November 7th so we are live, we're in production and the MRX Exchange is called Mercury, so we shorten it for MRX, we like acronyms in technology. And so, we started with a phased launch of symbols, so you kind of allow yourself to make sure you have all the functionality working then you add some volume on it, and we are going to complete the conversion on Monday. So we are all good so far. And I have some results I can share, but maybe Scott, if you want to talk about why we did that together. >> Yeah. >> And what we've done together over many years. >> Right. You know, Brian, I think it's a natural extension of our relationship, right? You know, you look at the 12 year relationship that AWS and NASDAQ have had together, it's just the next step, in the way that we're going to help the industry transform itself. And so not just NASDAQ's business transformation for itself, but really a blueprint and a template for the entire capital markets industry. And so many times people will ask me, who's using Cloud well? Who's doing well in the Cloud? And NASDAQ is an easy example to point to, of somebody who's truly taking advantage of these capabilities because the Cloud isn't a place, it's a set of capabilities. And so, this is a shining example of how to use these capabilities to actually deliver real business benefit, not just to to your organization, but I think the really exciting part is the market technology piece of how you're serving other exchanges. >> So last year before re:Invent, we said, and it's obvious within the tech ecosystem, that technology companies are building on top of the Cloud. We said, the big trend that we see in the 2020s is that, you know, consumers of IT, historically, your customers are going to start taking their stacks, their software, their data, their services and sassifying, putting it on the Cloud and delivering new services to customers. So when we saw Adena on stage last year, we called it by the way, we called it Super Cloud. >> Yeah. >> Okay. Some people liked the term but I love it. And so yeah, Super Cloud. So when we saw Adena on stage, we said that's a great example. We've seen Capital One doing some similar things, we've had some conversations with US West, it's happening, right? So talk about how you actually do that. I mean, because you've got a lot, you've got a big on-premises stay, are you connecting to that? Is it all in the Cloud? Paint a picture of what the architecture looks like? >> Yeah. And there's, so you started with the business transformation, so I like that. >> Yeah. >> And the Super Cloud designation, what we are is, we own and operate exchanges in the United States and in Europe and in Canada. So we have our own markets that we're looking at modernizing. So we look at this, as a modernization of the capital market infrastructure, but we happen to be the leading technology provider for other markets around the world. So you either build your own or you source from us. And we're by far the leading provider. So a lot of our customers said, how about if you go first? It's kind of like Mikey, you know, give it to Mikey, let him try it. >> See if Mikey likes it. >> Yeah. >> Penguin off the iceberg thing. >> Yeah. And so what we did is we said, to make this easy for our customers, so you want to ask your customers, you want to figure out how you can do it so that you don't disrupt their business. So we took the Edge Compute that was announced a few years ago, Amazon Outposts, and we were one of their early customers. So we started immediately to innovate with, jointly innovate with Amazon. And we said, this looks interesting for us. So we extended the region into our Carteret data center in Northern New Jersey, which gave us all the services that we know and love from Amazon. So our technical operations team has the same tools and services but then, we're able to connect because in the markets what we're doing is we need to connect fairly. So we need to ensure that you still have that fairness element. So by bringing it into our building and extending the Edge Compute platform, the AWS Outpost into Carteret, that allowed us to also talk very succinctly with our regulators. It's a familiar territory, it's all buttoned up. And that simplified the conversion conversation with the regulators. It simplified it with our customers. And then it was up to us to then deliver time and performance >> Because you had alternatives. You could have taken a more mature kind of on-prem legacy stack, figured out how to bolt that in, you know, less cloudy. So why did you choose Outposts? I am curious. >> Well, Outposts looked like when it was announced, that it was really about extending territory, so we had our customers in mind, our global customers, and they don't always have an AWS region in country. So a lot of you think about a regulator, they're going to say, well where is this region located? So finally we saw this ability to grow the Cloud geographically. And of course we're in Sweden, so we we work with the AWS region in Stockholm, but not every country has a region yet. >> And we're working as fast as we can. - Yes, you are. >> Building in every single location around the planet. >> You're doing a good job. >> So, we saw it as an investment that Amazon had to grow the geographic footprint and we have customers in many smaller countries that don't have a region today. So maybe talk a little bit about what you guys had in mind and it's a multi-industry trend that the Edge Compute has four or five industries that you can say, this really makes a lot of sense to extend the Cloud. >> And David, you said it earlier, there's a trend of ecosystems that are coming onto the Cloud. This is our opportunity to bring the Cloud to an ecosystem, to an existing ecosystem. And if you think about NASDAQ's data center in Carteret, there's an ecosystem of NASDAQ's clients there that are there to be with NASDAQ. And so, it was actually much easier for us as we worked together over a really a four year period, thinking about this and how to make this technological transition, to actually bring the capabilities to that ecosystem, rather than trying to bring the ecosystem to AWS in one of our public regions. And so, that's been our philosophy with Outpost all along. It's actually extending our capabilities that our customers know and love into any environment that they need to be able to use that in. And so to Brad's point about servicing other markets in different countries around the world, it actually gives us that ability to do that very quickly, very nimbly and very succinctly and successfully. >> Did you guys write a working backwards document for this initiative? >> We did. >> Yeah, we actually did. So to be, this is one of the fully exercised. We have a couple of... So by the way, Scott used to work at NASDAQ and we have a number of people who have gone from NASDAQ data to AWS, and from AWS to NASDAQ. So we have adopted, that's one of the things that we think is an effective way to really clarify what you're trying to accomplish with a project. So I know you're a little bit kidding on that, but we did. >> No, I was close. Because I want to go to the like, where are we in the milestone? And take us through kind of what we can expect going forward now that we've worked backwards. >> Yep, we did. >> We did. And look, I think from a milestone perspective, as you heard Brad say, we're very excited that we've stood up MRX in production. Having worked at NASDAQ myself, when you make a change and when you stand up a market that's always a moment where you're working with your community, with your clients and you've got a market-wide call that you're working and you're wanting to make sure that everything goes smoothly. And so, when that call went smoothly and that transition went smoothly I know you were very happy, and in AWS, we were also very happy as well that we hit that milestone within the timeframe that Adena set. And that was very important I know to you. >> Yeah. >> And for us as well. >> Yeah. And our commitment, so the time base of this one was by the end of 2022. So November 7th, checked. We got that one done. >> That's awesome. >> The other one is we said, we wanted the performance to be as good or better than our current platform that we have. And we were putting a new version of our derivative or options software onto this platform. We had confidence because we already rolled it to one market in the US then we rolled it earlier this year and that was last year. And we rolled it to our nordic derivatives market. And we saw really good customer feedback. So we had confidence in our software was going to run. Now we had to marry that up with the Outpost platform and we said we really want to achieve as good or better performance and we achieved better performance, so that's noticeable by our customers. And that one was the biggest question. I think our customers understand when we set a date, we test them with them. We have our national test facility that they can test in. But really the big question was how is it going to perform? And that was, I think one of the biggest proof points that we're really proud about, jointly together. And it took both, it took both of us to really innovate and get the platform right, and we did a number of iterations. We're never done. >> Right. >> But we have a final result that says it is better. >> Well, congratulations. - Thank you. >> It sounds like you guys have done a tremendous job. What can we expect in 2023? From NASDAQ and AWS? Any little nuggets you can share? >> Well, we just came from the partner, the partner Keynote with Adam and Ruba and we had another colleague on stage, so Nick Ciubotariu, so he is actually someone who brought digital assets and cryptocurrencies onto the Venmo, PayPal platform. He joined NASDAQ about a year ago and we announced that in our marketplace, the Amazon marketplace, we are going to offer digital custody, digital assets custody solution. So that is certainly going to be something we're excited about in 2023. >> I know we got to go, but I love this story because it fits so great at the Super cloud but we've learned so much from Amazon over the years. Two pieces of teams, we talked about working backwards, customer obsession, but this is a story of NASDAQ pointing its internal capabilities externally. We're already on that journey and then, bringing that to the Cloud. Very powerful story. I wonder what's next in this, because we learn a lot and we, it's like the NFL, we copy it. I think about product market fit. You think about scientific, you know, go to market and seeing that applied to the financial services industry and obviously other industries, it's really exciting to see. So congratulations. >> No, thank you. And look, I think it's an example of Invent and Simplify, that's another Amazon principle. And this is, I think a great example of inventing on behalf of an industry and then continually working to simplify the way that the industry works with all of us. >> Last question and we've got only 30 seconds left. Brad, I'm going to direct it to you. If you had the opportunity to take over the NASDAQ sign in Times Square and say a phrase that summarizes what NASDAQ and AWS are doing together, what would it say? >> Oh, and I think I'm going to put that up on Monday. So we're going to close the market together and it's going to say, "Modernizing the capital market's infrastructure together." >> Very cool. >> Excellent. Drop the mic. Guys, this was fantastic. Thank you so much for joining us. We appreciate you joining us on the show, sharing your insights and what NASDAQ and AWS are doing. We're going to have to keep watching this. You're going to have to come back next year. >> All right. >> For our guests and for Dave Vellante, I'm Lisa Martin. You're watching theCUBE, the leader in live enterprise and emerging tech coverage. (soft music)

(bright music) >> Hello, everyone. Welcome back to live coverage day two or day one, day two for theCUBE, day one for the event. I'm John Furrier, host of theCUBE. It's the keynote analysis segment. Adam just finished coming off stage. I'm here with Dave Vellante and Zeus Kerravala, with principal analyst at ZK Research, Zeus, it's great to see you. Dave. Guys, the analysis is clear. AWS is going NextGen. You guys had a multi-day analyst sessions in on the pre-briefs. We heard the keynote, it's out there. Adam's getting his sea legs, so to speak, a lot of metaphors around ocean. >> Yeah. >> Space. He's got these thematic exploration as he chunked his keynote out into sections. Zeus, a lot of networking in there in terms of some of the price performance, specialized instances around compute, this end-to-end data services. Dave, you were all over this data aspect going into the keynote and obviously, we had visibility into this business transformation theme. What's your analysis? Zeus, we'll start with you. What's your take on what Amazon web service is doing this year and the keynote? What's your analysis? >> Well, I think, there was a few key themes here. The first one is I do think we're seeing better integration across the AWS portfolio. Historically, AWS makes a lot of stuff and it's not always been easy to use say, Aurora and Redshift together, although most customers buy them together. So, they announce the integration of that. It's a lot tighter now. It's almost like it could be one product, but I know they like to keep the product development separately. Also, I think, we're seeing a real legitimization of AWS in a bunch of areas where people said it wasn't possible before. Last year, Nasdaq said they're running in the cloud. The Options Exchange today announced that they're going to be moving to the cloud. Contact centers running the cloud for a lot of real time voice. And so, things that we looked at before and said those will never move to the cloud have now moved to the cloud. And I think, my third takeaway is just AWS is changing and they're now getting into areas to allow customers to do things they couldn't do before. So, if you look at what they're doing in the area of AI, a lot of their AI and ML services before were prediction. And I'm not saying you need an AI, ML to do prediction, was certainly a lot more accurate, but now they're getting into generative data. So, being able to create data where data didn't exist before and that's a whole new use case for 'em. So, AWS, I think, is actually for all the might and power they've had, it's actually stepping up and becoming a much different company now. >> Yeah, I had wrote that post. I had a one-on-one day, got used of the transcript with Adam Selipsky. He went down that route of hey, we going to change NextGen. Oh, that's my word. AWS Classic my word. The AWS Classic, the old school cloud, which a bunch of Lego blocks, and you got this new NextGen cloud with the ecosystems emerging. So, clearly, it's Amazon shifting. >> Yeah. >> But Dave, your breaking analysis teed out the keynote. You went into the whole cost recovery. We heard Adam talk about macro at the beginning of his keynote. He talked about economic impact, sustainability, big macro issues. >> Yeah. >> And then, he went into data and spent most of the time on the keynote on data. Tools, integration, governance, insights. You're all over that. You had that, almost your breaking analysis almost matched the keynote, >> Yeah. >> thematically, macro, cost savings right-sizing with the cloud. And last night, I was talking to some of the marketplace people, we think that the marketplace might be the center where people start managing their cost better. This could have an impact on the ecosystem if they're not in in the marketplace. So, again, so much is going on. >> What's your analogy? >> Yeah, there's so much to unpack, a couple things. One is we get so much insight from theCUBE community plus your sit down 101 with Adam Selipsky allowed us to gather some nuggets, and really, I think, predict pretty accurately. But the number one question I get, if I could hit the escape key a bit, is what's going to be different in the Adam Selipsky era that was different from the Jassy era. Jassy was all about the primitives. The best cloud. And Selipsky's got to double down on that. So, he's got to keep that going. Plus, he's got to do that end-to-end integration and he's got to do the deeper business integration, up the stack, if you will. And so, when you're thinking about the keynote and the spirit of keynote analysis, we definitely heard, hey, more primitives, more database features, more Graviton, the network stuff, the HPC, Graviton for HPC. So, okay, check on that. We heard some better end-to-end integration between the elimination of ETL between Aurora and Redshift. Zeus and I were sitting next to each other. Okay, it's about time. >> Yeah. >> Okay, finally we got that. So, that's good. Check. And then, they called it this thing, the Amazon data zones, which was basically extending Redshift data sharing within your organization. So, you can now do that. Now, I don't know if it works across regions. >> Well, they mentioned APIs and they have the data zone. >> Yep. And so, I don't know if it works across regions, but the interesting thing there is he specifically mentioned integration with Snowflake and Tableau. And so, that gets me to your point, at the end of the day, in order for Amazon, and this is why they win, to succeed, they've got to have this ecosystem really cranking. And that's something that is just the secret sauce of the business model. >> Yeah. And it's their integration into that ecosystem. I think, it's an interesting trend that I've seen for customers where everybody wanted best of breed, everybody wanted disaggregated, and their customers are having trouble now putting those building blocks together. And then, nobody created more building blocks than AWS. And so, I think, under Adam, what we're seeing is much more concerted effort to make it easier for customers to consume those building blocks in an easy way. And the AWS execs >> Yeah. >> I talked to yesterday all committed to that. It's easy, easy, easy. And I think that's why. (Dave laughing) Yeah, there's no question they've had a lead in cloud for a long time. But if they're going to keep that, that needs to be upfront. >> Well, you're close to this, how easy is it? >> Yeah. >> But we're going to have Adrian Cockcroft (Dave laughing) on at the end of the day today, go into one analysis. Now, that- >> Well, less difficult. >> How's that? (indistinct) (group laughing) >> There you go. >> Adrian retired from Amazon. He's a CUBE analyst retiree, but he had a good point. You can buy the bag of Lego blocks if you want primitives >> Yeah. >> or you can buy the toy that's glued together. And it works, but it breaks. And you can't really manage it, and you buy a new one. So, his metaphor was, okay, if the primitives allow you to construct a durable solutions, a lot harder relative to rolling your own, not like that, but also the simplest out-of-the box capability is what people want. They want solutions. We call Adam the solutions CEO. So, I think, you're going to start to see this purpose built specialized services allow the ecosystem to build those toys, so that the customers can have an out-of-the box experience while having the option for the AWS Classic, which is if you want durability, you want to tune it, you want to manage it, that's the way to go for the hardcore. Now, can be foundational, but I just see the solutions things being very much like an out-of-the-box. Okay, throw away, >> Yeah. >> buy a new toy. >> More and more, I'm saying less customers want to be that hardcore assembler of building blocks. And obviously, the really big companies do, but that line is moving >> Yeah. >> and more companies, I think, just want to run their business and they want those prebuilt solutions. >> We had to cut out of the keynote early. But I didn't hear a lot about... The example that they often use is Amazon Connect, the call center solution. >> Yeah. >> I didn't hear a lot to that in the keynote. Maybe it's happening right now, but look, at the end of the day, suites always win. The best of breed does well, (John laughing) takes off, generate a couple billion, Snowflake will grow, they'll get to 10 billion. But you look at Oracle, suites work. (laughs) >> Yeah. >> What I found interesting about the keynote is that he had this thematic exploration themes. First one was space that was like connect the dot, the nebula, different (mumbles) lens, >> Ocean. >> ask the right questions. (Dave laughing) >> Ocean was security which bears more, >> Yeah. >> a lot more needed to manage that oxygen going deep. Are you snorkeling? Are you scuba diving? Barely interesting amount of work. >> In Antarctica. >> Antarctica was the performance around how you handle tough conditions and you've got to get that performance. >> Dave: We're laughing, but it was good. >> But the day, the Ocean Day- >> Those are very poetic. >> I tweeted you, Dave, (Dave laughing) because I sit on theCUBE in 2011. I hate hail. (Dave laughing) It's the worst term ever. It's the day the ocean's more dynamic. It's a lot more flowing. Maybe 10 years too soon, Dave. But he announces the ocean theme and then says we have a Security Lake. So, like lake, ocean, little fun on words- >> I actually think the Security Lake is pretty meaningful, because we were listening to talk, coming over here talking about it, where I think, if you look at a lot of the existing solutions, security solutions there, I describe 'em as a collection of data ponds that you can view through one map, but they're not really connected. And the amount of data that AWS holds now, arguably more than any other company, if they're not going to provide the Security Lake, who is? >> Well, but staying >> Yeah. >> on security for a second. To me, the big difference between Azure and Amazon is the ecosystem. So, CrowdStrike, Okta, Zscaler, name it, CyberArk, Rapid7, they're all part of this ecosystem. Whereas Microsoft competes with all of those guys. >> Yes. Yeah. >> So it's a lot more white space than the Amazon ecosystem. >> Well, I want to get you guys to take on, so in your reaction, because I think, my vision of what what's happening here is that I think that whole data portion's going to be data as code. And I think, the ecosystem harvests the data play. If you look at AWS' key announcements here, Security Lake, price performance, they're going to optimize for those kinds of services. Look at security, okay, Security Lake, GuardDuty, EKS, that's a Docker. Docker has security problems. They're going inside the container and looking at threat detection inside containers with Kubernetes as the runtime. That's a little nuance point, but that's pretty significant, Dave. And they're now getting into, we're talking in the weeds on the security piece, adding that to their large scale security footprint. Security is going to be one of those things where if you're not on the inside of their security play, you're probably going to be on the outside. And of course, the price performance is going to be the killer. The networking piece surprise me. Their continuing to innovate on the network. What does that mean for Cisco? So many questions. >> We had Ajay Patel on yesterday for VMware. He's an awesome middleware guy. And I was asking about serverless and architectures. And he said, "Look, basically, serverless' great for stateless, but if you want to run state, you got to have control over the run time." But the point he made was that people used to think of running containers with straight VMs versus Fargate or Knative, if you choose, or serverless. They used to think of those as different architectures. And his point was they're all coming together. And it's now you're architecting and calling, which service you need. And that's how people are thinking about future architectures, which I think, makes a lot of sense. >> If you are running managed Kubernetes, which everyone's doing, 'cause no one's really building it in-house themselves. >> No. >> They're running it as managed service, skills gaps and a variety of other reasons. This EKS protection is very interesting. They're managing inside and outside the container, which means that gives 'em visibility on both sides, under the hood and inside the application layer. So, very nuanced point, Zeus. What's your reaction to this? And obviously, the networking piece, I'd love to get your thought. >> Well, security, obviously, it's becoming a... It's less about signatures and more of an analytics. And so, things happen inside the container and outside the container. And so, their ability to look on both sides of that allows you to happen threats in time, but then also predict threats that could happen when you spin the container up. And the difficulty with the containers is they are ephemeral. It's not like a VM where it's a persistent workload that you can do analysis on. You need to know what's going on with the container almost before it spins up. >> Yeah. >> And that's a much different task. So, I do think the amount of work they're doing with the containers gives them that entry into that and I think, it's a good offering for them. On the network side, they provide a lot of basic connectivity. I do think there's a role still for the Ciscos and the Aristas and companies like that to provide a layer of enhanced network services that connects multicloud. 'Cause AWS is never going to do that. But they've certainly, they're as legitimate network vendor as there is today. >> We had NetApp on yesterday. They were talking about latency in their- >> I'll tell you this, the analyst session, Steven Armstrong said, "You are going to hear us talk about multicloud." Yes. We're not going to necessarily lead with it. >> Without a mention. >> Yeah. >> But you said it before, never say never with Amazon. >> Yeah. >> We talk about supercloud and you're like, Dave, ultimately, the cloud guys are going to get into supercloud. They have to. >> Look, they will do multicloud. I predict that they will do multicloud. I'll tell you why. Just like in networking- >> Well, customers are asking for it. >> Well, one, they have the, not by design, but by defaulter and multiple clouds are in their environment. They got to deal with that. I think, the supercloud and sky cloud visions, there will be common services. Remember networking back in the old days when Cisco broke in as a startup. There was no real shortest path, first thinking. Policy came in after you connected all the routers together. So, right now, it's going to be best of breed, low latency, high performance. But I think, there's going to be a need in the future saying, hey, I want to run my compute on the slower lower cost compute. They already got segmentation by their announcements today. So, I think, you're going to see policy-based AI coming in where developers can look at common services across clouds and saying, I want to lock in an SLA on latency and compute services. It won't be super fast compared to say, on AWS, with the next Graviton 10 or whatever comes out. >> Yeah. >> So, I think, you're going to start to see that come in. >> Actually, I'm glad you brought Graviton up too, because the work they're doing in Silicon, actually I think, is... 'Cause I think, the one thing AWS now understands is some things are best optimized in Silicon, some at software layers, some in cloud. And they're doing work on all those layers. And Graviton to me is- >> John: Is a home run. >> Yeah. >> Well- >> Dave, they've got more instances, it's going to be... They already have Gravitons that's slower than the other versions. So, what they going to do, sunset them? >> They don't deprecate anything ever. So, (John laughing) Amazon paid $350 million. People believe that it's a number for Annapurna, which is like one of the best acquisitions in history. (group laughing) And it's given them, it's put them on an arm curve for Silicon that is blowing away Intel. Intel's finally going to get Sapphire Rapids out in January. Meanwhile, Amazon just keeps spinning out new Gravitons and Trainiums. >> Yeah. >> And so, they are on a price performance curve. And like you say, no developer ever wants to run on slower hardware, ever. >> Today, if there's a common need for multicloud, they might say, hey, I got the trade off latency and performance on common services if that's what gets me there. >> Sure. >> If there's maybe a business case to do that. >> Well, that's what they're- >> Which by the way, I want to.... Selipsky had strong quote I thought was, "If you're looking to tighten your belt, the cloud is the place >> Yeah. >> to do it." I thought >> I tweeted that. >> that was very strong. >> Yeah. >> Yeah. >> And I think, he's right. And then, the other point I want to make on that is, I think, I don't have any data on this, but I believe believe just based on some of the discussions I've had that most of Amazon's revenue is on demand. Paid by the drink. Those on demand customers are at risk, 'cause they can go somewhere else. So, they're trying to get you into optimized pricing, whether it's reserved instances or one year or three-year subscriptions. And so, they're working really hard at doing that. >> My prediction on that is that's a great point you brought up. My prediction is that the cost belt tightening is going to come in the marketplace, is going to be a major factor as companies want to get their belts tighten. How they going to do that, Dave? They're going to go in the marketplace saying, hey, I already overpaid a three-year commitment. Can I get some cohesively in there? Can I get some of this or that and the other thing? >> Yep. >> You're going to start to see the vendors and the ecosystem. If they're not in the marketplace, that's where I think, the customers will go. There are other choices to either cut their supplier base or renegotiate. I think, it's going to happen in the marketplace. Let's watch. I think, we're going to watch that grow. >> I actually think the optimization services that AWS has to help customers lower spend is a secret sauce for them that they... Customers tell me all the time, AWS comes in, they'll bring their costs down and they wind up spending more with them. >> Dave: Yeah. >> And the other cloud providers don't do that. And that has been almost a silver bullet for them to get customers to stay with them. >> Okay. And this is always the way. You drop the price of storage, you drop the price of memory, you drop the price of compute, people buy more. And in the question, long term is okay. And does AWS get commoditized? Is that where they're going? Or do they continue to thrive up the stack? John, you're always asking people about the bumper sticker. >> Hold on. (John drowns out Dave) Before we get the bumper sticker, I want to get into what we missed, what they missed on the keynote. >> Yeah, there are some blind spots. >> I think- >> That's good call. >> Let's go around the horn and think what did they miss? I'll start, I think, they missed the developer productivity angle. Supply chain software was not talked about at all. We see that at all the other conferences. I thought that could have been weaved in. >> Dave: You mean security in the supply chain? >> Just overall developer productivity has been one of the most constant themes I've seen at events. Who are building the apps? Who are the builders? What are they actually doing? Maybe Werner will bring that up on his last day, but I didn't hear Adam talk about it all, developer productivity. What's your take in this? >> Yeah, I think, on the security side, they announced security data lake. I think, the other cloud providers do a better job of providing insights on how they do security. With AWS, it's almost a black hole. And I know there's a careful line they walk between what they do, what their partners do. But I do think they could be a little clearer on how they operate, much like Azure and GCP. They announce a lot of stuff on how their operations works and things like that. >> I think, platform across cloud is definitely a blind spot for these guys. >> Yeah. >> I think, look at- >> But none of the cloud providers have embraced that, right? >> It's true. >> Yeah. >> Maybe Google a little bit >> Yeah. >> and Microsoft a little bit. Certainly, AWS hasn't at this point in time, but I think, they perceive the likes of Mongo and Snowflake and Databricks, and others as ISVs and they're not. They're platform players that are building across clouds. They're leveraging, they're building superclouds. So, I think that's an opportunity for the ecosystem. And very curious to see how Amazon plays there down the stream. So, John, what do you think is the bumper sticker? We're only in day one and a half here. What do you think so far the bumper sticker is for re:Invent 2022? >> Well, to me, the day one is about infrastructure performance with the whole what's in the data center? What's at the chip level? Today was about data, specialized services, and security. I think that was the key theme here. And then, that's going to sequence into how they're going to reorganize their ecosystem. They have a new leader, Ruba Borno, who's going to be leading the charge. They've integrated all their bespoke fragmented partner network pieces into one leadership. That's going to be really important to hear that. And then, finally, Werner for developers and event-based services, micro services. What that world's going on, because that's where the developers are. And ultimately, they build the app. So, you got infrastructure, data, specialized services, and security. Machine learning with Swami is going to be huge. And again, how do developers code it all up is going to be key. And is it the bag of Legos or the glued toy? (Dave chuckles) So, what do you want? Out-of-the-box or you want to build your own? >> And that's the bottom line is connecting those dots. All they got to be is good enough. I think, Zeus, to your point, >> Yep. >> if they're just good enough, less complicated, the will keep people on the base. >> Yeah. I think, the bumper stickers, the more you buy, the more you're saving. (John laughing) Because from an operational perspective, they are trying to bring down the complexity level. And with their optimization services and the way their credit model works, I do think they're trending down that path. >> And my bumper sticker's ecosystem, ecosystem, ecosystem. This company has 100,000 partners and that is a business model secret weapon. >> All right, there it is. The keynote announced. More analysis coming up. We're going to have the leader of (indistinct) coming up next, here on to break down their perspective, you got theCUBE's analyst perspective here. Thanks for watching. Day two, more live coverage for the next two more days, so stay with us. I'm John Furrier with Dave Vellante and Zeus Kerravala here on theCUBE. Be right back. (bright music)

(upbeat music) >> Welcome back to theCUBE's continuing coverage of Snowflake Summit 22 live from Caesars Forum in Las Vegas. I'm Lisa Martin with Dave Vellante. We've got a couple of guests joining us now. We're going to be talking about financial services. Rinesh Patel joins us, the Global Head of Financial Services for Snowflake, and Jack Berkowitz, Chief Data Officer at ADP. Guys, welcome to the program. >> Thanks, thanks for having us. >> Thanks for having us. >> Talk to us about what's going on in the financial services industry as a whole. Obviously, we've seen so much change in the last couple of years. What does the data experience look like for internal folks and of course, for those end user consumers and clients? >> So, one of the big things happening inside of the financial services industry is overcoming the COVID wait, right? A lot of banks, a lot of institutions like ours had a lot of stuff on-prem. And then the move to the Cloud allows us to have that flexibility to deal with it. And out of that is also all these new capabilities. So the machine learning revolution has really hit the services industry, right? And so it's affecting how our IT teams or our data teams are building applications. Also really affecting what the end consumers get out of them. And so there's all sorts of consumerization of the experience over the past couple of years much faster than we ever expected it to happen. >> Right, we have these expectations as consumers that bleed into our business lives that I can do transactions. It's going to be on the swipe in terms of checking authenticity, fraud detection, et cetera. And of course we don't want things to go back in terms of how brands are serving us. Talk about some of the things that you guys have put in place with Snowflake in the last couple of years, particularly at ADP. >> Yeah, so one of the big things that we've done, is, one of the things that we provide is compensation data. So we issue a thing called the National Employment Report that informs the world as to what's happening in the U.S. economy in terms of workers. And then we have compensation data on top of that. So the thing that we've been able to do with Snowflake is to lower the time that it takes us to process that and get that information out into the fingertips of people. And so people can use it to see what's changed in terms of with the worker changes, how much people are making. And they can get it very, very quickly. And we're able to do that with Snowflake now. Used to take us weeks, now it's in a matter of moments we can get that updated information out to people. >> Interesting. It helps with the talent war and- >> Helps in the talent war, helps people adjust, even where they're going to put supply chain in reaction to where people are migrating. We can have all of that inside of the Snowflake system and available almost instantaneously. >> You guys announced the Financial Data Cloud last year. What was that like? 'Cause I know we had Frank on early, he clearly was driving the verticalization of Snowflake if you will, which is kind of rare for a relatively new software company but what's that been like? Give us the update on where you're at and biggest vertical, right? >> Absolutely, it's been an exciting 12 months. We're a platform, but the journey and the vision is more. We're trying to bring together a fragmented ecosystem across financial services. The aim is really to bring together key customers, key data providers, key solution providers all across the different Clouds that exist to allow them to collaborate with data in a seamless way. To solve industry problems. To solve industry problems like ESG, to solve industry problems like quantitative research. And we're seeing a massive groundswell of customers coming to Snowflake, looking at the Financial Services Data Cloud now to actually solve business problems, business critical problems. That's really driving a lot of change in terms of how they operate, in terms of how they win customers, mitigate risk and so forth. >> Jack, I think, I feel like the only industry that's sometimes more complicated than security, is data. Maybe not, security's still maybe more fragmented- >> Well really the intersection of the two is a nightmare. >> And so as you look out on this ecosystem, how do you as the chief data officer, how do you and your organization, what process do you use to decide, okay, which of the, like a chef, which of these ingredients am I going to put together for my business. >> It's a great question, right? There's been explosion of companies. We kind of look at it in two ways. One is we want to make sure that the software and the data can interoperate because we don't want to be in the business of writing bridge code. So first thing is, is having the ecosystem so that the things are tested and can work together. The other area is, and it's important to us is understanding the risk profile of that company. We process about 20% of the U.S. payroll, another 25% of the taxes. And so there's a risk to us that we have an imperative to protect. So we're looking at those companies are they financed, what's their management team. What's the sales experience like, that's important to us. And so technology and the experience of the company coming together are super important to us. >> What's your purview as a chief data officer, I mean, a lot of CDOs that I know came out of the back office and it was a compliance or data quality. You come out of industry from a technology company. So you're sort of the modern... You're like the modern CDO. >> Thanks. Thanks. >> Dave: What's your role? >> I appreciate that. >> You know what I'm saying though? >> And for a while it was like, oh yeah, compliance. >> So I actually- >> And then all of a sudden, boom, big deal. >> Yeah, I really have two jobs. So I have that job with data governance but a lot of data security. But I also have a product development unit, a massive business in monetization of data or people analytics or these compensation benchmarks or helping people get mortgages. So providing that information, so that people can get their mortgage, or their bank loans, or all this other type of transactional data. *So it's both sides of that equation is my reading inside. >> You're responsible for building data products? >> That's right. >> Directly. >> That's right. I've got a massive team that builds data products. >> Okay. That's somewhat unique in your... >> I think it's where CDOs need to be. So we build data products. We build, and we assist as a hub to allow other business units to build analytics that help them either optimize their cost or increase their sales. And then we help with all that governance and communication, we don't want to divide it up. There's a continuum to it. >> And you're a peer of the CIO and the CISO? >> Yeah, exactly. They're my peers. I actually talk to them almost every day. So I've got the CIO as a peer. >> It's a team. >> I've got the security as a peer and we get things done together. >> Talk about the alignment with business. We've been talking a lot about alignment with the data folks, the business folks, the technical folks to identify the right solutions, to be able to govern data, to monetize it, to create data products. What does that... You mentioned a couple of your cohorts, but on the business side, who are some of those key folks? >> So we're like any other big, big organization. We have lots of different business units. So we work directly with either the operational team or the heads of those business units to divine analytic missions that they'll actually execute. And at the same time, we actually have a business unit that's all around data monetization. And so I work with them every single day. And so these business units will come together. I think the big thing for us is to define value and measure that value as we go. As long as we're measuring that value as we go, then we can continue to see improvements. And so, like I said, sometimes it's bottom line, sometimes it's top line, but we're involved. Data is actually a substrate of the company. It's not a side thing to the company. >> Yeah, you are. >> ADP. >> Yeah but if they say data first but you really are data first. >> Yeah. I mean, our CEO says- >> Data's your product. >> Data's our middle name. And it literally is. >> Well, so what do you do in the Snowflake financial services data Cloud? Are you monetizing? >> Yeah. >> What's the plan? >> Yeah, so we have clients. So part of our data monetization is actually providing aggregate and anonymized information that helps other clients make business decisions. So they'll take it into their analytics. So, supply chain optimization, where should we actually put the warehouses based on the population shifts? And so we're actually using the file distribution capabilities or the information distribution, no longer files, where we use Snowflake to actually be that data cloud for those clients. So the data just pops up for our other clients. >> I think the industry's existed a lot with the physical movement of data. When you physically move data, you also physically move the data management challenges. Where do you store it? How do you map it? How do you concord it? And ultimately data sharing is taking away that friction that exists. So it's easier to be able to make informed decisions with the data at hand across two counterparties. >> Yeah, and there's a benefit to us 'cause it lowers our friction. We can have a conversation and somebody can be... Obviously the contracts have to be signed, but once they get done, somebody's up and running on it within minutes. And where it used to be, as you were saying, the movement of data and loss of control, we never actually lose control of it. We know where it is. >> Or yeah, contracts signed, now you got to go through this long process of making sure everything's cool, or a lot of times it could slow down the sale. >> That's right. >> Let's see how that's going to... Let's do a little advanced work. Now you're working without a contract. Here, you can say, "Hey, we're in the Snowflake data cloud. It's governed, you're a part of the ecosystem." >> Yeah, and the ecosystem we announced, oh gee, I think it's probably almost a year and a half ago, a relationship with ICE, Intercontinental Exchange, where they're actually taking our information and their information and creating a new data product that they in turn sell. So you get this sort of combination. >> Absolutely. The ability to form partnerships and monetize data with your partners vastly increases as a consequence. >> Talk to us about the adoption of the financial services data cloud in the last what, maybe nine months or so, since it was announced? And also in terms of the its value proposition, how does the ADP use case articulate that? >> So, very much so. So in terms of momentum, we're a global organization, as you mentioned, we are verticalized. So we have increasingly more expertise and expertise experience now within financial services that allows us to really engage and accelerate our momentum with the top banks, with the biggest asset managers by AUM, insurance companies, sovereign wealth funds on Snowflake. And obviously those data providers and solution providers that we engage with. So the momentum's really there. We're really moving very, very fast in a great market because we've got great opportunity with the capabilities that we have. I mean, ADP is just one of many use cases that we're working with and collaborations that we're taking to market. So yeah, the opportunity to monetize data and help our partners monetize the data has vastly increased within this space. >> When you think about... Oh go ahead, please. >> Yeah I was just going to say, and from our perspective, as we were getting into this, Snowflake was with us on the journey. And that's been a big deal. >> So when you think about data privacy, governance, et cetera, and public policy, it seems like you have, obviously you got things going on in Europe, and you got California, you have other states, there's increasing in complexity. You guys probably love that. (Dave laughs) More data warehouses, but where are we at with that whole? >> It's a great question. Privacy is... We hold some of the most critical information about people because that's our job to help people get paid. And we respect that as sort of our prime agenda. Part of it deals with the technology. How do you monitor, how do you see, make sure that you comply with all these regulations, but a lot of it has to do with the basic ethics of why you're doing and what you're doing. So we have a data and AI ethics board that meets and reviews our use cases. Make sure not only are we doing things properly to the regulation, but are these the types of products, are these the types of opportunities that we as a company want to stand behind on behalf of the consumers? Our company's been around 75 years. We talk about ourselves as a national asset. We have a trust relationship. We want to ensure that that trust relationship is never violated. >> Are you in a position where you can influence public policy and create more standards or framework. >> We actually are, right. We issue something every month called the National Employment Report. It actually tells you what's happening in the U.S. economy. We also issue it in some overseas countries like France. Because of that, we work a lot with various groups. And we can help shape, either data policy, we're involved in understanding although we don't necessarily want to be out in the front, but we want to learn about what's happening with federal trade commission, EOC, because at the end of the day we serve people, I always joke ADP, it's my grandfather's ADP. Well, it was actually my grandfather's ADP. (Dave laughs) He was a small businessman, and he used a ADP all those years ago. So we want to be part of that conversation because we want to continue to earn that trust every day. >> Well, plus your observation space is pretty wide. >> And you've got context and perspective on that that you can bring. >> We move somewhere between two, two and a half trillion dollars a year through our systems. And so we understand what's happening in the economy. >> What are some of the, oh sorry. >> Can your National Employment Report combined with a little Snowflake magic tell us what the hell's going to happen with this economy? >> It's really interesting you say that. Yeah, we actually can. >> Okay. (panelists laugh) >> I think when you think about the amount of data that we are working with, the types of partners that we're working with, the opportunities are infinite. They really, really are. >> So it's either a magic eight ball or it's a crystal ball, but you have it. >> We think- >> We've just uncovered that here on theCUBE. >> We think we have great partners. We have great data. We have a set of industry problems out there that we're working, collaboration with the community to be able to solve. >> What are some of the upcoming use cases Rinesh, that excite you, that are coming up in financial services- >> Great question. >> That snowflake is just going to knock out of the park. >> So look, I think there's a set of here and now problems that the industry faces, ESG's a good one. If you think about ESG, it means many different things from business ethics, to diversity, to your carbon footprint and every asset manager has to make sure they have now some form of green strategy that reflects the values of their investors. And every bank is looking to put in place sustainable lending to help their corporate customers transition. That's a big data problem. And so we're very much at the center of helping those organizations support those informed investors and help those corporates transition to a more sustainable landscape. >> Let me give you an example on Snowflake, we launched capabilities about diversity benchmarks. The first time in the industry companies can understand for their industry, their size, their location what their diversity profile looks like and their org chart profile looks like to differentiate or at least to understand are they doing the right things inside the business. The ability for banks to understand that and everything else, it's a big deal. And that was built on Snowflake. >> I think it's massive, especially in the context of the question around regulation 'cause we're seeing more and more disclosure agreements come out where regulators are making sure that there's no greenwashing taking place. So when you have really strong sources of data that are standardized, that allow that investment process to ingest that data, it does allow for a better outcome for investors. >> Real data, I mean, that diversity example they don't have to rely on a survey. >> It's not a survey. >> Anecdotes. >> It's coming right out of the transactional systems and it's updated, whenever those paychecks are run, whether it's weekly, whether it's biweekly or monthly, all that information gets updated and it's available. >> So it sounds like ADP is a facilitator of a lot of companies ESG initiatives, at least in part? >> Well, we partner with companies all the time. We have over 900,000 clients and all of them are... We've never spoken to a client who's not concerned about their people. And that's just good business. And so, yeah we're involved in that and we'll see where it goes over time now. >> I think there's tremendous opportunity if you think about the data that the ADP have in terms of diversity, in terms of gender pay gap. Huge, huge opportunity to incorporate that, as I said into the ESG principles and criteria. >> Good, 'cause that definitely is what needs to be addressed. (Lisa laughs) Guys thank you so much for joining Dave and me on the program, talking about Snowflake ADP, what you're doing together, and the massive potential that you're helping unlock with the value of data. We appreciate your insights and your time. >> Thank you for having us. >> Dave: Thanks guys. >> Thank you so much. >> For our guests, and Dave Vellante, I'm Lisa Martin. You're watching theCUBE, live in Las Vegas at Snowflake Summit 22. Dave and I will be right back with our next guest. (upbeat music)

(gentle music) >> Okay. We're back at AWS re:Invent. You're watching theCUBE's continuous coverage. This is day four. Think it's the first time, at re:Invent, we've done four days. This is our ninth year covering re:Invent. Tom Miller is here. He's the senior vice president of alliances. And he's joined by Ankur Jain, who's the global cloud practice lead at Merkle. Guys, good to see you. Thanks for coming on. >> Good to see you. Thank you. >> Thank you. >> Tom, tell us about Merkel, for those who might not be familiar with you. >> Yeah. So, Merkle is a customer experience management company that is under the dentsu umbrella. Dentsu is a global media agency. We represent one of the pillars, which is customer experience management. And they also have media and creative. And what Merkle does is provide that technology to help bring that creative and media together. >> So you're a tech company? >> Yes. >> Right? Okay. So there's some big tailwinds, changes, trends going on in the market. Obviously, the pandemic, the forced march to digital, there's regulation. What are some of the big waves that you guys are seeing, that you're trying to ride? >> So what we're seeing is, as a start, we've got a lot of existing databases with clients that are on-prem, that we manage today, within a SQL environment or so forth. And they need to move that to a cloud environment. To be more flexible, more agile, provide them with more data, be able to follow that customer experience that they want with their clients, that they're all realizing they need, to be in a digital environment. And so, that's a big push for us working with AWS and helping move our clients into that cloud environment. >> And you're relatively you new to the AWS world, right? Maybe you can talk about that, Ankur. >> Well, actually, as a partner, we may be new. But Merkle has been working with AWS for over five years. >> Dave Vellante: As a customer? >> As a customer. >> Yeah. >> So what we did was, last year, we formalized the relationship with AWS to be an advanced partner now. So we are part of the re:Stack program, basically, which is a pool of very select partners. And Merkel comes in with the specialization of marketing. So, as Tom said, you know, we are part of a dentsu umbrella. Our core focus is on customer experience transformation. And how we do that customer experience transformation is through digital transformation, data transformation. And that's where we see AWS being a very good partner to us, to modernize the solutions that Merkle can take to the market. >> So, I mean, your on-prem databases, there's probably a lot of diversity on-prem. (laughs) A lot of tech... When the cloud, you know, more agility, infinite resources. Do you have a tech stack? Are you more of an integrator? Right tool for the right job? Maybe you could describe your technical philosophy. >> Yeah, I could take that. What Tom just described... So let me give you some perspective on what these databases are. These databases are, essentially, Merkle helping big brands, Fortune 100, Fortune 500 brands to modernize their marketing ecosystem. Especially, MarTech ecosystem. So these databases, they house customer touchpoints, customer data from disparate sources. And they, basically, integrate that data in one central place. And then bolt-on analytics, data science, artificial intelligence, machine learning, on top of it. Helping them with those email campaigns or direct mail campaigns, social campaigns. So that's what these databases are all about. And these databases, currently, sit on-prem, on Merkle's own data center. And we have a huge opportunity to kind of take those databases and modernize them. Give all these AI, ML type of capabilities, advanced analytic capabilities, to our customers by using AWS as the platform to kind of migrate that. >> Dave Vellante: And you do that as a service? >> We do that as a service. >> Yes. >> Yes. >> Strategically, >> Yes. >> you're sort of transforming your business- >> Yes. >> to help your customers transform their business. >> Right. >> Right? Take away, it's classic. I mean, it's happening. This theme of, you know, AWS started with taking away the undifferentiated heavy lifting for infrastructure. Now you're seeing Nasdaq, Goldman Sachs, you guys in the media world, essentially building your own clouds, right? That's the strategy. >> Yes. >> Yes. >> Right? >> Absolutely. >> Superclouds, we call 'em. >> Superclouds, yeah. (Dave laughs) It's about helping our clients understand what is it they're trying to accomplish. And, for the most part, they're trying to understand the customer journey, where that customer is, how they're driving that experience with them, and understanding that experience through the journey. And doing that in the cloud makes it tremendously easier and more economical for 'em. >> Yeah, I was listening to the Snowflake earnings call from last night. And they were talking about, you know, a couple of big verticals, one being media. And all they keep talking about was direct-to-consumer, right? You're hearing that a lot. >> Ankur Jain: Yes. >> Media companies want to interact and build community directly. They don't want to necessarily, I mean, you don't want to go through a third-party anymore, if you don't have to. Technology's enabling that, right? Is that, kind of, the play here? >> Yes. Direct-to-consumer is a huge play. Companies which were traditionally brick-and-mortar-based, or relied on a supply chain of dealers and distributors, are now, basically, transforming themselves to be direct-to-consumer. They want to sell directly to the consumer. Personalization becomes a big theme, especially in D2C type of environment. Because, now, those customers are expecting brands to know what's their like, what's their dislike, which products, which services are they interested in. So that's all kind of advanced analytics, machine learning powered solutions. These are big data problems, that all these brands are kind of trying to solve. That's where Merkle is partnering with AWS, to bring all those technologies, and build those next generation solutions for our customers. >> So what kind of initiatives are you working on with AWS? >> So, there are, like, three, four areas that we are working very closely with AWS. Number one, I would say, think about our marketer's friend. You know, and they have a transformation like direct-to-consumer, omnichannel, e-commerce, these type of capabilities in mind. But they don't know where to start. What tools, what technologies will be part of that ecosystem. So that's where Merkle provides consulting services. To give them a roadmap, give them recommendations on how to structure these big, large strategic initiatives. That's number one, we are doing in partnership with AWS. To reach out to our joint customers and help them transform those ecosystems. Number two, as Tom mentioned, migrations. You know, helping chief data officers, chief technology officers, chief marketing officers modernize their environment, by migrating them to cloud. Number three, Merkle has a solution called Merkury, which is essentially all about customer identity. How do we identify a customer across multiple channels? We are modernizing all that solution, making that available on AWS Marketplace for customers to, actually, easily use that solution. And number four, I would say is, helping them set up data foundation. That's through intelligent marketing data lake. You know, leveraging AWS technologies like Glue, Redshift, and actually modernize their data platforms. And number four is more around clean rooms. Which is, bring on your first-party data, join it with Amazon data, to see how those customers are behaving when they are making a purchase on Amazon.com. Which gives insight to these brands, to reshape their marketing strategy to those customers. So those are, like, four, five focus areas. >> No, it's good. So, I was going to ask you about the data and the data strategy. Like, who owns the data? You're kind of alchemists, that... Your clients have first-party data. >> Ankur Jain: Yes. >> And then you might recommend bringing in other data sources. >> Yes. >> And then you're sort of creating this new cocktail. Who owns the data? >> Well, ultimately, client owns the data, because that's their customer's data. To your point on, we help them enrich that data by bringing in third-party data, which is what we call as... So Merkle has a service called DataSource, which is essentially a collection of data that we acquire about customers. Their likes, their dislikes, their buying power, their interests. So we monetize all that data. And the idea is, to take those data assets and make them available on AWS Data Exchange. So that it becomes very easy for brands to use their first-party data, take this third-party data from Merkle, and then, segment their customers much more intelligently. >> And the CMO is your sort of ideal customer profile? >> Yeah. CMO is our main customer profile. And we'll work with the chief data officer, or we'll work with the chief technology officer. We bridge both sides. We can go technology and marketing, and bring them both together. So you have a CMO who's trying to solve for some type of issue. And you have a chief technology officer who wants to improve their infrastructure. And we know how to bring them together into a conversation and help both parties get what they want. >> And I suppose the chief digital officer fits in there too? >> Tom Miller: Yeah, he fits in there too. >> CGO, chief dig. officer, CMO. Sometimes, they're one in the same. Other times, they're mixed. >> Yep. Yep. >> I've seen CIOs and CDOs together. >> Yes. >> Sure. >> It's all data. >> It's all data. (Dave laughs) >> Yeah. Some of the roles that come into play, as Tom mentioned, and you mentioned, CIO, CTO, chief information officer, chief technology officer, chief data officer, more from the IT side. And then we have the CMOs, chief digital officers, from the marketing side. So the secret sauce that Merkle brings to the table is that we know the language, what IT speaks and what business speaks. So when we talked about the business initiatives, like direct-to-consumer, omnichannel, e-commerce, those are more business-driven initiatives. That's where Merkle comes in, to kind of help them with our expertise over the last 30 years, on how to run these strategic initiatives. And then, at the same time, how do we translate those strategic initiatives into IT transformation? Because it does require a lot of IT transformation to happen underneath. That's where AWS also helps us. So we kind of span across both sides of the horizon. >> So you've got data, you've got tools, you've got software, you've got expertise, that now, you're making that available as a service. Is that right? >> That's right. Yes. >> Yes. >> How far are you into that journey, of saasfying your business? >> Well, the cloud journey started almost, I would say, five to seven years ago at Merkle. >> Yeah. Where you began leveraging the cloud? >> That's right. >> Dave Vellante: And then the light bulb went off and- >> So cloud, again, we use cloud in multiple aspects. From general computing perspective, leveraging, you know, fully managed services that AWS offers. So that's one aspect, which is to bring in data from disparate sources, house it, analyze it, and derive intelligence. The second piece, on the cloud side, is SaaS offering, Software as a Service offerings, like Adobe, Salesforce, and other CDP platforms. So Merkle covers a huge spectrum, when it comes to cloud. >> And you got a combination, you have a consulting business, and also- >> So Merkle has multiple service lines. Consulting business is one of them. Where we can help them on how to approach these transformational initiatives, and give them blueprints and roadmaps and strategy. Then we can also help them understand what the customer strategy should be, so that they can market very intelligently to their end customers. Then we have a technology business, which is all about leveraging cloud and advanced analytics. Then we have a data business, the data assets that I was talking about, that we monetize. We have promotions and loyalty, we have media. So we cover multiple services. >> Dave Vellante: Quite a portfolio. >> Yes. >> You mentioned analytics a couple of times, how do you tie that back to the sales function? I would imagine your clients are increasingly asking for analytics, so they can manage their dashboards and make sure they're above the line. How is that evolving? >> Yeah. So that's a very important line. Because, you know, data is data, right? You bring in the data, but what you do with the data, how you ask questions and how you derive intelligence from it, because that's the actionable part. So, few areas. I'll give you one or two examples on how those analytics kind of come into picture. Let's imagine a brand which is trying to sell a particular product or a particular service to a set of customers. Now, who those set of customers are, you know, where they should target this, who their target customers are, what their demographics are, that's all done through analytics. And what I gave you is a very simple example. There are so many advanced examples, you know, that come into artificial intelligence, machine learning, those type of aspects as well. So analytics definitely play a huge role on how these brands need to sell, and personalize the offerings that they want to offer to the customers. >> Used to be, really, pure art, right? It's really becoming- >> Not any more, it's all data driven companies. (Tom laughs) >> It's "Moneyball." >> Yes. Exactly. (Dave laughs) >> Tom Miller: Exactly. >> There's, maybe, still a little bit of art in there, right? It doesn't hurt to have a little creative flair, still. >> Yes. >> But you got to go with the data. >> And that's where the expertise comes in, right? That's where the experience comes in. And how you take that science and combine it with the art, to present it to a end customer, that's exactly, you know, it's a combination. >> And we also take the time to educate our clients on how we're doing it. So it's not done in a black box, so they can learn and grow themselves. Where they may end up developing their own group to handle it, as opposed to outsourcing with Merkle. >> You got to teach 'em how to fish. Last question. Where do you see this in two to three years? Where do you want to take? >> I think future is cloud, AWS being the market leader. I think AWS has a huge role to play. We are very excited to be partners with AWS, I think it's a match made in heaven. AWS sales in, majority of the sales happen in IT. Our focus is marketing. I think if we can bring both the worlds together, I think that will be a very powerful story for us to tell. >> Yeah, that's good news for AWS. If a little of your DNA could rub off on them, it'd be good. >> Tom Miller: Yeah. >> Guys, thanks so much for coming to theCUBE. >> Thanks, Dave. >> It was great to see you. >> Thank you, Dave. >> Appreciate it. >> All right. Thank you for watching everybody. This is Dave Vellante, for theCUBE. Day four, AWS re:Invent. We're theCUBE, the global leader in high-tech coverage. Be right back. (gentle music)

>>Welcome to the cubes, continuing coverage of AWS reinvent 2021. I'm your host, Lisa Martin. We are running one of the industry's most important and largest hybrid tech events of the year. This year with AWS and its ecosystem partners. We have two life studios, two remote studios, and over 100 guests. So stick around as we talk about the next 10 years of cloud innovation, I'm very excited to be joined by another Lisa from Zscaler. Lisa Lorenzen is here with me, the field CTO for the Americas. She's here to talk about ZScaler's mission to make doing business and navigating change a simpler, faster, and more productive experience. Lisa, welcome to the program. >>Thank you. It's a pleasure to be here. >>So let's talk about Zscaler in AWS. Talk to me about the partnership, what you guys are doing together. >>Yeah, definitely. Z scaler is a strategic security ISV partner with AWS. So we provide AWS customers with zero trust, secure remote access to AWS, and this can improve their security posture as well as their user experience with AWS. These scaler recently announced that we are the first and only cloud security service to achieve the FedRAMP PI authorization to operate. And that FedRAMP ZPA service is built on AWS gov cloud. ZScaler's also an AWS marketplace seller where our customers can purchase our zero trust exchange services as well as request or high value security assessments. We're excited about that as we're seeing a rapid increase in customer adoption as these scaler via the AWS marketplace, we vetted our software on AWS edge services that support emerging use cases, including 5g, IOT, and OT. So for example, Zscaler runs on wavelength, outposts, snowball and snowcones, and Zscaler has strategic partnerships with leading AWS service providers and system integration partners, including Verizon NTT, BT, Accenture, Deloitte, and many of the leading national and regional AWS consulting partners. >>Great summary there. So you mentioned something I want to get more understanding on this. It sounds like it's a differentiator for CSO scale. You said that you guys recently announced to the first and only cloud security service to achieve FedRAMP high. Uh, ATO built on AWS gov cloud. Talk to me about and what the significance of that is. >>I L five authorization to operate means that we are able to protect federal assets for the department of defense, as well as for the civilian agencies. It just extends the certification of our cloud by the government to ensure that we meet all of the requirements to protect that military side of the house, as well as the civilian side of the house. >>Got it super important there, let's talk about zero trust. It's a super hot topic. We've seen so many changes to the threat landscape during the pandemic. How are some of the ways that Z scaler and AWS are helping customers tackle this together? >>Well, I'd actually like to answer that by telling a little bit of a story. Um, Growmark is one of our Z scaler and AWS success stories when they had to send everyone home to work from home overnight, the quote that we had from is the users just went home and nothing changed. ZPA made work from anywhere, just work, and they were able to maintain complete business continuity. So even though their employers might have had poor internet service at home, or, you know, 80 challenging infrastructure, if you've got kids on your wifi bunch of kids in the neighborhood doing remote school, everyone's working from home, you don't have the reliability or the, maybe the bandwidth capacity that you would when you're sitting in an office. And Zscaler private access is a cloud delivered zero trust solution that leverages dynamic resilient, TLS encrypted tunnels to connect the user to an application rather than putting an end point on a network. >>And the reason that's important is it makes for a much more reliable and resilient service, even in environments that may not have the best connectivity I live out in the county. I really, some days think that there's a hamster on a wheel somewhere in my cable modem network, and I am a consumer of this, right. I connect to Z scaler over Zscaler private access, I'm protected by Zscaler internet access. And so I access our internal applications that are running in AWS as well this way. And it makes a huge difference. Growmark really started with an SAP migration to AWS, and this was long before the pandemic. So they started out looking for that better user experience and the zero trust capability. They were able to ensure that their SAP environment was dark to the internet, even though it was running in the cloud. And that put them in this position to leverage that zero trust service when the pandemic was upon us, >>That ability or that quote that you mentioned, it just worked was absolutely critical for all of us in every industry. And I'm sure a lot of folks who were trying to manage working from home, the spouses from home kids doing, you know, school online also felt like you with the hamster on the wheel, I'm sure their internet access, but being able to have that business continuity was table-stakes especially early on for most organizations. We saw a lot of digital transformation, a lot of acceleration of it in the last 20 months during the pandemic. Talk to me about how Z scaler helps customers from a digital transformation perspective and maybe what some of the things were that you saw in the last 20 months that have accelerated >>Absolutely. Um, another example, there would be Jefferson health, and really, as we saw during the pandemic, as you say, it accelerated a lot of the existing trends of mobility, but also migration to the cloud. And when you move applications to the cloud, honestly, it's a complex environment and maybe the controls and the risk landscape is not as well. Understood. So Z scaler also has another solution, which is our cloud security posture management. And this is really ensuring that your configuration on your environment, that those workloads run in is controlled, understood correctly, coordinated and configured. So as deference and health migrated to the cloud first model, they were able to leverage the scalers workload posture to measure and control that risk. Again, it's environment where the combination of AWS and Z scaler together gives them a flexible, resilient solution that they can be confident is correctly configured and thoroughly locked down. >>And that's critical for businesses in any organization, especially as quickly as how quickly things changed in the last 20 months or so I do wonder how your customer conversations have has changed as I introduced you as the field CTO of the America's proceeds killer. I'm sure you talk with a lot of customers. How has the security posture, um, zero trust? How has that risen up within the organizational chain? Is that something that the board is concerned about? >>My gosh, yes. And zero trust really has gone through the Gartner hype cycle. You've got the introduction, the peak of interest, the trough of despair, and then really rising back into what's actually feasible. Only zero trust has done that on a timeline of over a decade. When the term was first introduced, I was working with firewall VPN enact technology, and frankly, we didn't necessarily have the flexibility, the scalability, or the resilience to offer true zero trust. You can try to do that with network security controls, but when you're really protecting a user connecting to an application, you've got an abstraction layer mismatch. What we're seeing now is the reemergence of zero trust as a priority. And this was greatly accelerated honestly by the cybersecurity executive order that came out a few months ago from the Biden administration, which made zero trust a priority for the federal government and the public sector, but also raised visibility on zero trust for the private sector as well. >>When we're looking at zero trust as a way to perhaps ward off some of these high profile breaches and outages like the colonial pipeline, whole situation that was based on some legacy technology for remote access that was exploited and led to a breach that they had to take their entire infrastructure offline to mitigate. If we can look at more modern delivery mechanisms and more sophisticated controls for zero trust, that helps the board address a number of challenges ranging from obviously risk management, but also agility and cost reduction in an environment where more than ever belts are being tightened. New ways of delivering applications are being considered. But the ability to innovate is more important than ever. >>It is more important than ever the ability to innovate, but it really changing security landscape. I'm glad to hear that you're seeing, uh, this change as a result of the executive order that president Biden put down in the summer. That's good news. It sounds like there's some progress being made there, but we saw, you mentioned colonial pipeline. We saw a lot in the last 20, 22 months or so with ransomware becoming a household word, also becoming something that is a matter of when companies in any industry get hit and versus if it's no longer kind of that choice anymore. So talk to me about some of the threats and some of the stats that Z scaler has seen particularly in the last 20, 22 months. >>Oh gosh. Well, let's see. I'm just going to focus on the last 12 months, cause that's really where we've got some of the best data. We've seen a 500% increase in ransomware delivered over encrypted channels. And what that means is it's really critical to have scalable SSL inspection that can operate at wire speed without impeding the user experience or delay in critical projects, server communications, activities that need to happen without any introduced in any additional latency. So if you think about what that takes the Z scaler internet access solution is protecting users, outbound access in the same way that Zscaler private access protects access to private resources. So we're really seeing more and more organizations seeing that both of these services are necessary to deliver a comprehensive zero trust. You have to protect and control the outbound traffic to make sure that nothing good leaks out, nothing bad sneaks in. >>And at the same time, you have to protect and control the inbound traffic and inbound is, you know, a much broader definition with apps in the data center in the cloud these days. We're also seeing that 30% of malware is delivered through trusted applications like file shares or collaboration tools. So it's no longer enough to only inspect web traffic. Now you have to be able to really inspect all flavors of traffic when you're doing that outbound protection. So another good example where Z scaler and AWS work together here is in Amazon workspaces. And there's a huge trend towards desktop as a service, for example, and organizations are starting to recognize that they need to protect both the user experience and also the connectivity onward in Amazon workspaces, the same way that they would for a traditional end user device. So we see Z scaler running in the Amazon workspaces instances to protect that outbound traffic and control that inbound traffic as well. >>Another big area is the ransomware infections are not the problem. It's the result. So over half of the ransomware infections include data theft or leakage. And that is a double whammy because you get what's called double extortion where not only do you have to pay to unlock your machines, but you have to pay not to have that stolen data exposed to the rest of the world. So it's more important than ever to be able to break that kill chain as early as possible to ensure that the or the server traffic itself isn't exposed to the initial infection vector. If you do happen to get an infection vector that sneaks through, you need to be able to control the lateral movement so that it doesn't spread in your environment. And then if both of those controls fail, you also need the outbound protection such as CASBY and DLP to ensure that even if they get into the environment, they can't exfiltrate any of the data that they find as a result. We're seeing that the largest security risk today is lateral movement inside the corporate network. And that's one of the things that makes these ransomware double extortion situations, such a problem. >>Last question for you. And we've got about a minute left. I'm curious, you said over 50% of ransomware attacks are now double extortion. How do you guys help customers combat that? So >>We really deliver a solution that eliminates a lot of the attack surface and a lot of the risks. We have no inbound listener, unlike a traditional VPN. So the outbound only connections mean you don't have the external attack surface. You can write these granular policy controls to eliminate lateral movement. And because we integrate with customer's existing identity and access management, we can eliminate the credential exposure that can lead to a larger spread in a compromised environment. We also can eliminate the problem of unpatched gateways, which led to things like colonial pipeline or some of the other major breaches we've seen recently. And we can remove that single point of failure. So you can rely on dynamic optimized traffic distribution for all of these secure services. Basically, what we're trying to do is make it simpler and more secure at the same time, >>Simpler and more secure at the same time is what everyone needs regardless of industry. Lisa, thank you for joining me today, talking about Zscaler in AWS, zero trust the threat landscape that you're seeing, and also how's the scaler and AWS together can help customers mitigate those growing risks. We appreciate your insights and your thoughtfulness. >>Thank you >>For Lisa Lorenzen. I'm Lisa Martin. You're watching the cubes coverage of AWS reinvent stick around more great content coming up next.

(upbeat music playing) >> Welcome to theCUBE's coverage of Couchbase ConnectONLINE Mary Roth, VP of Engineering Operations with Couchbase is here for Couchbase ConnectONLINE. Mary. Great to see you. Thanks for coming on remotely for this segment. >> Thank you very much. It's great to be here. >> Love the fire in the background, a little fireside chat here, kind of happening, but I want to get into it because, Engineering and Operations with the pandemic has really kind of shown that, engineers and developers have been good, working remotely for a while, but for the most part it's impacted companies in general, across the organizations. How did the Couchbase engineering team adapt to the remote work? >> Great question. And I actually think the Couchbase team responded very well to this new model of working imposed by the pandemic. And I have a unique perspective on the Couchbase journey. I joined in February, 2020 after 20 plus years at IBM, which had embraced a hybrid, in-office remote work model many years earlier. So in my IBM career, I live four minutes away from my research lab in Almaden Valley, but IBM is a global company with headquarters on the East Coast, and so throughout my career, I often found myself on phone calls with people around the globe at 5:00 AM in the morning, I quickly learned and quickly adapted to a hybrid model. I'd go into the office to collaborate and have in-person meetings when needed. But if I was on the phone at 5:00 AM in the morning, I didn't feel the need to get up at 4:30 AM to go in. I just worked from home and I discovered I could be more productive there, doing think time work, and I really only needed the in-person time for collaboration. This hybrid model allowed me to have a great career at IBM and raise my two daughters at the same time. So when I joined Couchbase, I joined a company that was all about being in-person and instead of a four minute commute, it was going to be an hour or more commute for me each way. This was going to be a really big transition for me, but I was excited enough by Couchbase and what it offered, that I decided to give it a try. Well, that was February, 2020. I showed up early in the morning on March 10th, 2020 for an early morning meeting in-person only to learn that I was one of the only few people that didn't get the memo. We were switching to a remote working model. And so over the last year, I have had the ability to watch Couchbase and other companies pivot to make this remote working model possible and not only possible, but effective. And I'm really happy to see the results. A remote work model does have its challenges, that's for sure, but it also has its benefits, better work-life balance and more time to interact with family members during the day and more quiet time just to think. We just did a retrospective on a major product release, Couchbase server 7.0, that we did over the past 18 months. And one of the major insights by the leadership team is that working from home actually made people more effective. I don't think a full remote model is the right approach going forward, but a hybrid model that IBM adopted many years ago and that I was able to participate in for most of my career, I believe is a healthier and more productive approach. >> Well, great story. I love the come back and now you take leverage of all the best practices from the IBM days, but how did they, your team and the Couchbase engineering team react? And were there any best practices or key learnings that you guys pulled out of that? >> The initial reaction was not good. I mean, as I mentioned, it was a culture based on in-person, people had to be in in-person meetings. So it took a while to get used to it, but there was a forcing function, right? We had to work remotely. That was the only option. And so people made it work. I think the advancement of virtual meeting technology really helps a lot. Over earlier days in my career where I had just bad phone connections, that was very difficult. But with the virtual meetings that you have, where you can actually see people and interact, I think is really quite helpful. And probably the key. >> What's the DNA of the company there? I mean, every company's got the DNA, Intel's Moore's Law, and what's the engineering culture at Couchbase like, if you could describe it. >> The engineering culture at Couchbase is very familiar to me. We are at our heart, a database company, and I grew up in the database world, which has a very unique culture based on two values, merit and mentorship. And we also focus on something that I like to call growing the next generation. Now database technology started in the late sixties, early seventies, with a few key players and institutions. These key players were extremely bright and they tackled and solved really hard problems with elegant solutions, long before anybody knew they were going to be necessary. Now, those original key players, people like Jim Gray, Bruce Lindsay, Don Chamberlin, Pat Selinger, David Dewitt, Michael Stonebraker. They just love solving hard problems. And they wanted to share that elegance with a new generation. And so they really focused on growing the next generation of leaders, which became the Mike Carey's and the Mohan's and the Lagerhaus's of the world. And that culture grew over multiple generations with the previous generation cultivating, challenging, and advocating for the next, I was really lucky to grow up in that culture. And I've advanced my career as a result, as being part of it. The reason I joined Couchbase is because I see that culture alive and well here. Our two fundamental values on the engineering side, are merit and mentorship. >> One of the things I want to get your thoughts on, on the database questions. I remember, back in the old glory days, you mentioned some of those luminaries, you know, there wasn't many database geeks out there, there was kind of a small community, now, as databases are everywhere. So you see, there's no one database that has rule in the world, but you starting to see a pattern of database, kinds of things are emerging, more databases than ever before, they are on the internet, they are on the cloud, there are none the edge. It's essentially, we're living in a large distributed computing environment. So now it's cool to be in databases because they're everywhere. (laughing) So, I mean, this is kind of where we are at. What's your reaction to that? >> You're absolutely right. There used to be a few small vendors and a few key technologies and it's grown over the years, but the fundamental problems are the same, data integrity, performance and scalability in the face of distributed systems. Those were all the hard problems that those key leaders solved back in the sixties and seventies. They're not new problems. They're still there. And they did a lot of the fundamental work that you can apply and reapply in different scenarios and situations. >> That's pretty exciting. I love that. I love the different architectures that are emerging and allows for more creativity for application developers. And this becomes like the key thing we're seeing right now, driving the business and a big conversation here at the, at the event is the powering of these modern applications that need low latency. There's no more, not many spinning disks anymore. It's all in RAM, all these kinds of different memory, you got centralization, you got all kinds of new constructs. How do you make sense of it all? How do you talk to customers? What's the main core thing happening right now? If you had to describe it. >> Yeah, it depends on the type of customer you're talking to. We have focused primarily on the enterprise market and in that market, there are really fundamental issues. Information for these enterprises is key. It's their core asset that they have and they understand very well that they need to protect it and make it available more quickly. I started as a DBA at Morgan Stanley, back, right out of college. And at the time I think it was, it probably still is, but at the time it was the best run IT shop that I'd ever seen in my life. The fundamental problems that we had to solve to get information from one stock exchange to another, to get it to the SEC are the same problems that we're solving today. Back then we were working on mainframes and over high-speed Datacom links. Today, it's the same kind of problem. It's just the underlying infrastructure has changed. >> Yeah, the key, there has been a big supporter of women in tech. We've done thousands of interviews and why I got you. I want to ask you if you don't mind, career advice that you give women who are starting out in the field of engineering, computer science. What do you wish you knew when you started your career? And if you could be that person now, what would you say? >> Yeah, well, a lot of things I wish I knew then that I know now, but I think there are two key aspects to a successful career in engineering. I actually got started as a math major and the reason I became a math major is a little convoluted. As a girl, I was told we were bad at math. And so for some reason I decided that I had to major in it. That's actually how I got my start, but I've had a great career. And I think there are really two key aspects. First, is that it is a discipline in which respect is gained through merit. As I had mentioned earlier, engineers are notoriously detail-oriented and most are, perfectionists. They love elegant, well thought-out solutions and give respect when they see one. So understanding this can be a very important advantage if you're always prepared and you always bring your A-game to every debate, every presentation, every conversation, you have build up respect among your team, simply through merit. While that may mean that you need to be prepared to defend every point early on, say, in your graduate career or when you're starting, over time others will learn to trust your judgment and begin to intuitively follow your lead just by reputation. The reverse is also true. If you don't bring your A-game and you don't come prepared to debate, you will quickly lose respect. And that's particularly true if you're a woman. So if you don't know your stuff, don't engage in the debate until you do. >> That's awesome advice. >> That's... >> All right, continue. >> Thank you. So my second piece of advice that I wish I could give my younger self is to understand the roles of leaders and influencers in your career and the importance of choosing and purposely working with each. I like to break it down into three types of influencers, managers, mentors, and advocates. So that first group are the people in your management chain. It's your first line manager, your director, your VP, et cetera. Their role in your career is to help you measure short-term success. And particularly with how that success aligns with their goals and the company's goals. But it's important to understand that they are not your mentors and they may not have a direct interest in your long-term career success. I like to think of them as, say, you're sixth grade math teacher. You know, you getting an A in the class and advancing to seventh grade. They own you for that. But whether you get that basketball scholarship to college or getting to Harvard or become a CEO, they have very little influence over that. So a mentor is someone who does have a shared interest in your long-term success, maybe by your relationship with him or her, or because by helping you shape your career and achieve your own success, you help advance their goals. Whether it be the company success or helping more women achieve leadership positions or getting more kids into college on a basketball scholarship, whatever it is, they have some long-term goal that aligns with helping you with your career. And they give great advice. But that mentor is not enough because they're often outside the sphere of influence in your current position. And while they can offer great advice and coaching, they may not be able to help you directly advance. That's the role of the third type of influencer. Somebody that I call an advocate. An advocate is someone that's in a position to directly influence your advancement and champion you and your capabilities to others. They are in influential positions and others place great value in their opinions. Advocates stay with you throughout your career, and they'll continue to support you and promote you wherever you are and wherever they are, whether that's the same organization or not. They're the ones who, when a leadership position opens up will say, I think Mary's the right person to take on that challenge, or we need to move in a new direction, I think Mary's the right person to lead that effort. Now advocates are the most important people to identify early on and often in your career. And they're often the most overlooked. People early on often pay too much attention and rely on their management chain for advancement. Managers change on a dime, but mentors and advocates are there for you for the long haul. And that's one of the unique things about the database culture. Those set of advocates were just there already because they had focused on building the next generation. So I consider, you know, Mike Carey as my father and Mike Stonebraker as my grandfather, and Jim Gray as my great-grandfather and they're always there to advocate for me. >> That's like a schema and a database. You got to have it all right there, kind of teed up. Beautiful. (laughing) Great advice. >> Exactly. >> Thank you for that. That was really a masterclass. And that's going to be great advice for folks, really trying to figure out how to play the cards they have and the situation, and to double down or move and find other opportunities. So great stuff there. I do have to ask you Mary, thanks for coming on the technical side and the product side. Couchbase Capella was launched in conjunction with the event. What is the bottom line for that as, as an Operations and Engineering, built the products and rolled it out. What's the main top line message for about that product? >> Yeah. Well, we're very excited about the release of Capella and what it brings to the table is that it's a fully managed and automated database cloud offering so that customers can focus on development and building and improving their applications and reducing the time to market without having to worry about the hard problems underneath, and the operational database management efforts that come with it. As I mentioned earlier, I started my career as a DBA and it was one of the most sought after and highly paid positions in IT because operating a database required so much work. So with Capella, what we're seeing is, taking that job away from me. I'm not going to be able to apply for a DBA tomorrow. >> That's great stuff. Well, great. Thanks for coming. I really appreciate it. Congratulations on the company and the public offering this past summer in July and thanks for that great commentary and insight on theCUBE here. Thank you. >> Thank you very much. >> Okay. Mary Roth, VP of Engineering Operations at Couchbase part of Couchbase ConnectONLINE. I'm John Furrier, host of theCUBE. Thanks for watching. (upbeat music playing)

>>And welcome to the cubes coverage of Couchbase connect online, Mary Roth, VP of engineering operations with couch basis here for Couchbase connect online. Mary. Great to see you. Thanks for coming on remotely for this segment. >>Thank you very much. It's great to be here. >>Love the fire in the background, a little fireside chat here, kind of happening, but I want to get into shooting, you know, engineering and operations with the pandemic has really kind of shown that, you know, engineers and developers have been good working remotely for a while, but for the most part it's impacted companies in general, across the organizations. How did the Couchbase engineering team adapt to the remote work? >>Uh, great question. Um, and I actually think the Couchbase team responded very well to this new model of working imposed by the pandemic. And I have a unique perspective on the couch space journey. I joined in February, 2020 after 20 plus years at IBM, which had embraced a hybrid in-office rewrote remote work model many years earlier. So in my IBM career, I live four minutes away from my research lab in almond and valley, but IBM is a global company with headquarters on the east coast and SU. So throughout my career, I often found myself on phone calls with people around the globe at 5:00 AM in the morning, I quickly learned and quickly adopted to a hybrid model. I'd go into the office to collaborate and have in-person meetings when needed. But if I was on the phone at >> 5: 00 AM in the morning, um, I didn't feel the need to get up at 4:30 AM to go in. >>I just worked from home and I discovered I could be more productive. They're doing think time work. And I really only needed the in-person time for collaboration. These hybrid model allowed me to have a great career at IBM and raise my two daughters at the same time. So when I joined Couchbase I joined a company that was all about being in-person and instead of a four minute commute, it was going to be an hour or more commute for me each way. This was going to be a really big transition for me, but I was excited enough by couch facing what it offered that I decided to give it a try. Well, that was February, 2020. I showed up early in the morning on March 10th, 2020 for an early morning meeting in person only to learn that I was one of the only few people that didn't get the memo. >>We were switching to a remote remote working model. And so over the last year, I have had the ability to watch cow's face and other companies pivot to make this remote working model possible and not only possible, but effective. And I'm really happy to see the results. Our remote work model does have its challenges that's for sure, but it also has its benefits better work-life balance and more time to interact with family members during the day and more quiet time, just to think we just did a retrospective on a major product release Couchbase server 7.0 that we did over the past 18 months. And one of the major insights by the leadership team is that working from home actually made people more effective. I don't think a full remote model is the right approach going forward, but a hybrid model that IBM adopted many years ago and that I was able to participate in for most of my career, I believe is a healthier and more productive approach. >>Well, great story. I love the, um, the, uh, you come back and now you take leverage all the best practices from the IBM days, but how did the, your team and the Couchbase engineering team react and were there any best practices or key learnings that you guys pulled out of that, >>Uh, the, the initial reaction was not good. I mean, as I mentioned, it was a culture based on in-person people had to be in person in person meetings. So it took a while to get used to it, but the, there was a forcing function, right? We had to work remotely. That was the only option. And so people made it work. I think the advancement of virtual meeting technology really, really helps a lot over earlier days in my career where I had just bad phone connections, that was very difficult. But with the virtual meetings that you have, where you can actually see people and interact, I think is really quite helpful. >>What's the DNA of the culture. What's the DNA. Every company's got the DNA entails Moore's law. Um, and at what's the engineering culture at Couchbase like if you could describe it. >>Uh, the engineering culture at Couchbase is very familiar to me. We are at our heart, a database company, and I grew up in the database world, which has a very unique culture based on two values, merit and mentorship. And we also focus on something that I like to call growing. The next generation. Now database technology started in the late sixties, early seventies with a few key players and institutions. These key players were extremely bright and they tackle it and solve really hard problems with elegant solutions long before anybody knew they were going to be necessary. Now, those original key players, people like Jim gray, Bruce Lindsey, Don Chamberlin, pat Salinger, David Dewitt, Michael Stonebraker. They just love solving hard problems. And they wanted to share that elegance with a new generation. And so they really focused on growing the next generation of leaders, which became the Mike caries and the Mohans and the lower houses of the world. And that culture grew over multiple generations with the previous generation cultivating, challenging and advocating for the next, I was really lucky to grow up in that culture. And I've advanced my career as a result, as being part of it. The reason I joined Couchbase is because I see that culture alive and well, here are two fundamental values on the engineering side, our merit and mentorship. >>One of the things I want to get your thoughts on, on the database questions. I remember, you know, back in the old glory days, you mentioned some of those luminaries, you know, there wasn't many database geeks out there, Zuri kind of small community now is databases are everywhere. So you see there's no one database that's ruling the world, but you starting to see a pattern of database kinds of things, and more emerging, more databases than ever before. They're on the internet, they're on the cloud. There are none the edge it's essentially we're living in a large distributed computing environment. So now it's cool to be in databases cause they're everywhere. So, I mean, this is kind of where we're at. What's your reaction to that? >>Uh, you're absolutely right there. There used to be a, a few small vendors and a few key technologies and it's grown over the years, but the fundamental problems are the same data, integrity, performance and scalability. And in the face of district distributed systems, those were all the hard problems that those key leaders solve back in the sixties and seventies. They're not, they're not new problems. They're still there. And they did a lot of the fundamental work that you can apply and reapply in different scenarios and situations. >>It's pretty exciting. I love that. I love the different architectures that are emerging and allows for more creativity for application developers. And this becomes like the key thing we're seeing right now, driving the business and a big conversation here at the, at the event is the powering, these modern applications that need low latency. There's no more, not many spinning disks anymore. It's all in Ram, all these kinds of different memory, you got decentralization and all kinds of new constructs. How do you make sense of it all? How do you talk to customers? What's the, what's the, what's the main core thing happening right now? If you had to describe it? >>Yeah, it depends on the type of customer you're talking to. Um, we have focused primarily on the enterprise market and in that market, there are really fundamental issues. Information for, for these enterprises is key. It's their core asset that they have and they understand very well that they need to protect it and make it available more quickly. I started as a DBA at Morgan Stanley back, um, right out of college. And at the time I think it was, it probably still is, but at the time it was the best run it shop that I'd ever seen in my life. The fundamental problems that we had to solve to get information from one stock exchange to another, to get it to the sec, um, are the same problems that we're solving today. Back then we were working on mainframes and over high-speed data comm links today, it's the same kind of problem. It's just the underlying infrastructure has changed. >>You know, the key has been a big supporter of women in tech. We've done thousands of interviews on why I got you. I want to ask you, uh, if you don't mind, um, career advice that you give women who are starting out in the field of engineering, computer science, what do you wish you knew when you started your career? And you could be that person now, what would you say? >>Yeah, well, there are a lot of things I wish I knew then, uh, that I know now, but I think there are two key aspects to a successful career in engineering. I actually got started as a math major and the reason I, I became a math major is a little convoluted. Is it as a girl, I was told we were bad at math. And so for some reason I decided that I had to major in it. That's actually how I got my start. Um, but I've had a great career and I think there are really two key aspects first. And is that it is a discipline in which respect is gained through merit. As I had mentioned earlier, engineers are notoriously detail oriented and most of our perfectionist, they love elegant, well thought out solutions and give respect when they see one. So understanding this can be a very important advantage if you're always prepared and you always bring your a game to every debate, every presentation, every conversation you have build up respect among your team, simply through merit. While that may mean that you need to be prepared to defend every point early on say, in your graduate career or when you're starting over time, others will learn to trust your judgment and begin to intuitively follow your lead just by reputation. The reverse is also true. If you don't bring your a game and you don't come prepared to debate, you will quickly lose respect. And that's particularly true if you're a woman. So if you don't know your stuff, don't engage in the debate until you do. That's awesome. >>That's >>Fine. Continue. Thank you. So my second piece of advice that I wish I could give my younger self is to understand the roles of leaders and influencers in your career and the importance of choosing and purposely working with each. I like to break it down into three types of influencers, managers, mentors, and advocates. So that first group are the people in your management chain. It's your first line manager, your director, your VP, et cetera. Their role in your career is to help you measure short-term success. And particularly with how that success aligns with their goals and the company's goals. But it's important to understand that they are not your mentors and they may not have a direct interest in your long-term career success. I like to think of them as say, you're sixth grade math teacher. You know, you're getting an a in the class and advancing to seventh grade. >>They own you for that. Um, but whether you get that basketball scholarship to college or getting to Harvard or become a CEO, they have very little influence over that. So a mentor is someone who does have a shared interest in your longterm success, maybe by your relationship with him or her, or because by helping you shape your career and achieve your own success, you help advance their goals. Whether it be the company success or helping more women achieve, we do put sip positions or getting more kids into college, on a basketball scholarship, whatever it is, they have some long-term goal that aligns with helping you with your career. And they gave great advice. But that mentor is not enough because they're often outside of the sphere of influence in your current position. And while they can offer great advice and coaching, they may not be able to help you directly advance. >>That's the role of the third type of influencer. Somebody that I call an advocate, an advocate is someone that's in a position to directly influence your advancement and champion you and your capabilities to others. They are in influential positions and others place, great value in their opinions. Advocates stay with you throughout your career, and they'll continue to support you and promote you wherever you are and wherever they are, whether that's the same organization or not. They're the ones who, when a leadership position opens up will say, I think Mary's the right person to take on that challenge, or we need to move in a new direction. I think Mary's the right person to lead that effort. Now advocates are the most important people to identify early on and often in your career. And they're often the most overlooked people early on, often pay too much attention and rely on their management chain for advanced managers, change on a dime, but mentors and advocates are there for you for the long haul. And that's one of the unique things about the database culture. Those set of advocates were just there already because they had focused on building the next generation. So I consider, you know, Mike Carey is my father and Mike Stonebraker is my grandfather. And Jim gray is my great-grandfather and they're always there to advocate for me. >>That's like a scheme and a database. You got to have it all white. They're kind of teed up. Beautiful, great advice. >>Thank you for that. That was really a masterclass. And that's going to be great advice for folks really trying to figure out how to play the cards they have a and the situation and to double down or move and find other opportunities. So great stuff there. I do have to ask you Maira, thanks for coming on the technical side and the product side Couchbase Capella was launched, uh, in conjunction with the event. What is, what is the bottom line for that as, as an operations and engineering, you know, built the products and roll it out. What's the main top line message for about that product? >>Yeah, well, we're very excited about the release of Capella and what it brings to the table is that it's a fully managed in an automated database cloud offering so that customers can focus on development and building and improving their applications and reducing the time to market without having to worry about the hard problems underneath and the operational database management efforts that come with it. Uh, as I mentioned earlier, I started my career as a UVA and it was one of the most sought after and highly paid positions in it because operating a database required so much work. So with Capella, what we're seeing is, you know, taking that job away from me, I'm not going to be able to apply for a DBA tomorrow. >>That's great stuff. Well, great. Thanks for coming. I really appreciate congratulations on the company and public offering this past summer in July and thanks for that great commentary and insight on the QPR. Thank you. >>Thank you very much. >>Okay. Mary Ross, VP of engineering operations at Couchbase part of Couchbase connect online. I'm John furry host of the cube. Thanks for watching.

(upbeat music) >> Hey, welcome to this Cube conversation with NetScout. I'm Lisa Martin. Excited to talk to you. Richard Hummel, the manager of threat research for Arbor Networks, the security division of NetScout. Richard, welcome to theCube. >> Thanks for having me, Lisa, it's a pleasure to be here. >> We're going to unpack the sixth NetScout Threat Intelligence Report, which is going to be very interesting. But something I wanted to start with is we know that and yes, you're going to tell us, COVID and the pandemic has had a massive impact on DDoS attacks, ransomware. But before we dig into the report, I'd like to just kind of get some stories from you as we saw last year about this time rapid pivot to work from home, rapid pivot to distance learning. Talk to us about some of the attacks that you saw in particular that literally hit close to home. >> Sure and there's one really good prime example that comes to mind because it impacted a lot of people. There was a lot of media sensation around this but if you go and look, just Google it, Miami Dade County and DDoS, you'll see the first articles that pop up is the entire district school network going down because the students did not want to go to school and launched a DDoS attack. There was something upwards of 190,000 individuals that could no longer connect to the school's platform, whether that's a teacher, a student or parents. And so it had a very significant impact. And when you think about this in terms of the digital world, that impacted very severely, a large number of people and you can't really translate that to what would happen in a physical environment because it just doesn't compute. There's two totally different scenarios to talk about here. >> Amazing that a child can decide, "I don't want to go to school today." And as a result of a pandemic take that out for nearly 200,000 folks. So let's dig into, I said this is the sixth NetScout Threat Intelligence Report. One of the global trends and themes that is seen as evidence in what happened last year is up and to the right. Oftentimes when we're talking about technology, you know, with analyst reports up and to the right is a good thing. Not so in this case. We saw huge increases in threat vectors, more vectors weaponized per attack sophistication, expansion of threats and IOT devices. Walk us through the overall key findings from 2020 that this report discovered. >> Absolutely. And if yo glance at your screen there you'll see the key findings here where we talk about record breaking numbers. And just in 2020, we saw over 10 million attacks, which, I mean, this is a 20% increase over 2019. And what's significant about that number is COVID had a huge impact. In fact, if we go all the way back to the beginning, right around mid March, that's when the pandemic was announced, attacks skyrocketed and they didn't stop. They just kept going up and to the right. And that is true through 2021. So far in the first quarter, typically January, February is the down month that we observe in DDoS attacks. Whether this is, you know, kids going back to school from Christmas break, you have their Christmas routines and e-commerce is slowing down. January, February is typically a slow month. That was not true in 2021. In fact, we hit record numbers on a month by month in both January and February. And so not only do we see 2.9 million attacks in the first quarter of 2021, which, I mean, let's do the math here, right? We've got four quarters, you know, we're on track to hit 12 million attacks potentially, if not more. And then you have this normal where we said 800,000 approximately month over month since the pandemic started, we started 2021 at 950,000 plus. That's up and to the right and it's not slowing down. >> It's not slowing down. It's a trend that it shows, you know, significant impact across every industry. And we're going to talk about that but what are some of the new threat vectors that you saw weaponized in the last year? I mean, you talked about the example of the Miami-Dade school district but what were some of those new vectors that were really weaponized and used to help this up and to the right trend? >> So there's four in particular that we were tracking in 2020 and these nets aren't necessarily new vectors. Typically what happens when an adversary starts using this is there's a proof of concept code out there. In fact, a good example of this would be the RDP over UDP. So, I mean, we're all remotely connected, right? We're doing this over a Zoom call. If I want to connect to my organization I'm going to use some sort of remote capability whether that's a VPN or tunneling in, whatever it might be, right? And so remote desktop is something that everybody's using. And we saw actors start to kind of play around with this in mid 2020. And in right around September, November timeframe we saw a sudden spike. And typically when we see spikes in this kind of activity it's because adversaries are taking proof of concept code, that maybe has been around for a period of time, and they're incorporating those into DDoS for hire services. And so any person that wants to launch a DDoS attack can go into underground forums in marketplaces and they can purchase, maybe it's $10 in Bitcoin, and they can purchase an attack. That leverage is a bunch of different DDoS vectors. And so adversaries have no reason to remove a vector as new ones get discovered. They only have the motivation to add more, right? Because somebody comes into their platform and says, "I want to launch an attack that's going to take out my opponent." It's probably going to look a lot better if there's a lot of attack options in there where I can just go through and start clicking buttons left and right. And so all of a sudden now I've got this complex multi-vector attack that I don't have to pay anything extra for. Adversary already did all the work for me and now I can launch an attack. And so we saw four different vectors that were weaponized in 2020. One of those are notably the Jenkins that you see listed on the screen in the key findings. That one isn't necessarily a DDoS vector. It started out as one, it does amplify, but what happens is Jenkins servers are very vulnerable and when you actually initiate this attack, it tips over the Jenkins server. So it kind of operates as like a DoS event versus DDoS but it still has the same effect of availability, it takes a server offline. And then now just in the first part of 2021 we're tracking multiple other vectors that are starting to be weaponized. And when we see this, we go from a few, you know, incidents or alerts to thousands month over month. And so we're seeing even more vectors added and that's only going to continue to go up into the right. You know that theme that we talked about at the beginning here. >> As more vectors get added, and what did you see last year in terms of industries that may have been more vulnerable? As we talked about the work from home, everyone was dependent, really here we are on Zoom, dependent on Zoom, dependent on Netflix. Streaming media was kind of a lifeline for a lot of us but it also was healthcare and education. Did you see any verticals in particular that really started to see an increase in the exploitation and in the risk? >> Yeah, so let's start, let's separate this into two parts. The last part of the key findings that we had was talking about a group we, or a campaign we call Lazarus Borough Model. So this is a global DDoS extortion campaign. We're going to cover that a little bit more when we talk about kind of extorted events and how that operates but these guys, they started where the money is. And so when they first started targeting industries and this kind of coincides with COVID, so it started several months after the pandemic was announced, they started targeting a financial organizations, commercial banking. They went after stock exchange. Many of you would hear about the New Zealand Stock Exchange that went offline. That's this LBA campaign and these guys taking it off. So they started where the money is. They moved to a financial agation targeting insurance companies. They targeted currency exchange places. And then slowly from there, they started to expand. And in so much as our Arbor Cloud folks actually saw them targeting organizations that are part of vaccine development. And so these guys, they don't care who they hurt. They don't care who they're going after. They're going out there for a payday. And so that's one aspect of the industry targeting that we've seen. The other aspect is you'll see, on the next slide here, we actually saw a bunch of different verticals that we really haven't seen in the top 10 before. In fact, if you actually look at this you'll see the number one, two and three are pretty common for us. We almost always are going to see these kinds of telecommunications, wireless, satellite, broadband, these are always going to be in the top. And the reason for that is because gamers and DDoS attacks associated with gaming is kind of the predominant thing that we see in this landscape. And let's face it, gamers are on broadband operating systems. If you're in Asian communities, often they'll use mobile hotspots. So now you start to have wireless come in there. And so that makes sense seeing them. But what doesn't make sense is this internet publishing and broadcasting and you might say, "Well, what is that?" Well, that's things like Zoom and WebEx and Netflix and these other streaming services. And so we're seeing adversaries going after that because those have become critical to people's way of life. Their entertainment, what they're using to communicate for work and school. So they realized if we can go after this it's going to disrupt something and hopefully we can get some recognition. Maybe we can show this as a demonstration to get more customers on our platform or maybe we can get a payday. In a lot of the DDoS attacks that we see, in fact most of them, are all monetary focused. And so they're looking for a payday. They're going to go after something that's going to likely, you know, send out that payment. And then just walk down the line. You can see COVID through this whole thing. Electronic shopping is number five, right? Everybody turned to e-commerce because we're not going to in-person stores anymore. Electronic computer manufacturing, how many more people have to get computers at home now because they're no longer in a corporate environment? And so you can see how the pandemic has really influenced this industry target. >> Significant influencer and I also wonder too, you know, Zoom became a household name for every generation. You know, we're talking to five generations and maybe the generations that aren't as familiar with computer technology might be even more exploitable because it's easy to click on a phishing email when they don't understand how to look for the link. Let's now unpack the different types of DDoS attacks and what is on the rise. You talked about in the report the triple threat and we often think of that in entertainment. That's a good thing, but again, not here. Explain that triple threat. >> Yeah, so what we're seeing here is we have adversaries out there that are looking to take advantage of every possible angle to be able to get that payment. And everybody knows ransomware is a household name at this point, right? And so ransomware and DDoS have a lot in common because they both attack the availability of network resources, where computers or devices or whatever they might be. And so there's a lot of parallels to draw between the two of these. Now ransomware is a denial of service event, right? You're not going to have tens of thousands of computers hitting a single computer to take it down. You're going to have one exploitation of events. Somebody clicked on a link, there was a brute force attempt that managed to compromise a little boxes, credentials, whatever it might be, ransomware gets put on a system, it encrypts all your files. Well, all of a sudden, you've got this ransom note that says "If you want your files decrypted you're going to send us this amount of human Bitcoin." Well, what adversaries are doing now is they're capitalizing on the access that they already gained. So they already have access to the computer. Well, why not steal all the data first then let's encrypt whatever's there. And so now I can ask for a ransom payment to decrypt the files and I can ask for an extortion to prevent me from posting your data publicly. Maybe there's sensitive corporate information there. Maybe you're a local school system and you have all of your students' data on there. You're a hospital that has sensitive PI on it, whatever it might be, right? So now they're going to extort you to prevent them from posting that publicly. Well, why not add DDoS to this entire picture? Now you're already encrypted, we've already got your files, and I'm going to DDoS your system so you can't even access them if you wanted to. And I'm going to tell you, you have to pay me in order to stop this DDoS attack. And so this is that triple threat and we're seeing multiple different ransomware families. In fact, if you look at one of the slides here, you'll see that there's SunCrypt, there's Ragnar Cryptor, and then Maze did this initially back in September and then more recently, even the DarkSide stuff. I mean, who hasn't heard about DarkSide now with the Colonial Pipeline event, right? So they came out and said, "Hey we didn't intend for this collateral damage but it happened." Well, April 24th, they actually started offering DDoS as part of their tool kits. And so you can see how this has evolved over time. And adversaries are learning from each other and are incorporating this kind of methodology. And here we have triple extortion event. >> It almost seems like triple extortion event as a service with the opportunities, the number of vectors there. And you're right, everyone has heard of the Colonial Pipeline and that's where things like ransomware become a household term, just as much as Zoom and video conferencing and streaming media. Let's talk now about the effects that the threat report saw and uncovered region by region. Were there any regions in particular that were, that really stood out as most impacted? >> So not particularly. So one of the phenomena that we actually saw in the threat report, which, you know, we probably could have talked about it before now but it makes sense to talk about it regionally because we didn't see any one particular region, one particular vertical, a specific organization, specific country, none was more heavily targeted than another. In fact what we saw is organizations that we've never seen targeted before. We've seen industries that have never been targeted before all of a sudden are now getting DDoS attacks because we went from a local on-prem, I don't need to be connected to the internet, I don't need to have my employees remote access. And now all of a sudden you're dependent on the internet which is really, let's face it, that's critical infrastructure these days. And so now you have all of these additional people with a footprint connected to the internet then adversary can figure out and they can poke at it. And so what we saw here is just overall, all industries, all regions saw these upticks. The exception would be in China. We actually, in the Asia Pacific region specifically, but predominantly in China. But that often has to do with visibility rather than a decrease in attacks because they have their own kind of infrastructure in China. Brazil's the same way. They have their own kind of ecosystems. And so often you don't see what happens a lot outside the borders. And so from our perspective, we might see a decrease in attacks but, for all we know, they actually saw an increase in the attacks that is internal to their country against their country. And so across the board, just increases everywhere you look. >> Wow. So let's talk about what organizations can do in light of this. As we are here, we are still doing this program by video conferencing and things are opening up a little bit more, at least in the states anyway, and we're talking about more businesses going back to some degree but there's going to still be some mix, some hybrid of working from home and maybe even distance learning. So what can enterprises do to prepare for this when it happens? Because it sounds to me like with the sophistication, the up and to the right, it's not, if we get attacked, it's when. >> It's when, exactly. And that's just it. I mean, it's no longer something that you can put off. You can't just assume that I've never been DDoS attacked, I'm never going to be DDoS attacked anymore. You really need to consider this as part of your core security platform. I like to talk about defense in depth or a layer defense approach where you want to have a layered approach. So, you know, maybe they target your first layer and they don't get through. Or they do get through and now your second layer has to stop it. Well, if you have no layers or if you have one layer, it's not that hard for an adversary to figure out a way around that. And so preparation is key. Making sure that you have something in place and I'm going to give you an operational example here. One of the things we saw with the LBA campaigns is they actually started doing network of conasense for their targets. And what they would do is they would take the IP addresses belonging to your organization. They would look up the domains associated with that and they would figure out like, "Hey, this is bpn.organization.com or VPN two." And all of a sudden they've found your VPN concentrator and so that's where they're going to focus their attack. So something as simple as changing the way that you name your VPN concentrators might be sufficient to prevent them from hitting that weak link or right sizing the DDoS protection services for your company. Did you need something as big as like OnPrem Solutions? We need hardware. Do you instead want to do a managed service? Or do you want to go and talk to a cloud provider because there's right solutions and right sizes for all types of organizations. And the key here is preparation. In fact, all of the customers that we've worked with for the LBA extortion campaigns, if they were properly prepared they experienced almost no downtime or impact to their business. It's the people like the New Zealand Stock Exchange or their service provider that wasn't prepared to handle the attacks that were sent out them that were crippled. And so preparation is key. The other part is awareness. And that's part of what we do with this threat report because we want to make sure you're aware what adversaries are doing, when new attack vectors are coming out, how they're leveraging these, what industries they're targeting because that's really going to help you to figure out what your posture is, what your risk acceptance is for your organization. And in fact, there's a couple of resources that that we have here on the next slide. And you can go to both both of these. One of them is the threat report. You can view all of the details. And we only scratched the surface here in this Cube interview. So definitely recommend going there but the other one is called Horizon And netscout.com/horizon is a free resource you can register but you can actually see near real-time attacks based on industry and based on region. So if your organization out there and you're figuring, "Well I'm never attacked." Well go look up your industry. Go look up the country where you belong and see is there actually attacks against us? And I think you'll be quite surprised that there's quite a few attacks against you. And so definitely recommend checking these out >> Great resources netscout.com/horizon, netscout.com/threatreport. I do want to ask you one final question. That's in terms of timing. We saw the massive acceleration in digital transformation last year. We've already talked about this a number of times on this program. The dependence that businesses and consumers, like globally in every industry, in every country, have on streaming on communications right now. In terms of timing, though, for an organization to go from being aware to understanding what adversaries are doing, to being prepared, how quickly can an organization get up to speed and help themselves start reducing their risks? >> So I think that with DDoS, as opposed to things like ransomware, the ramp up time for that is much, much faster. There is a finite period of time with DDoS attacks that is actually going to impact you. And so maybe you're a smaller organization and you get DDoS attacked. There's a, probably a pretty high chance that that DDoS attack isn't going to last for multiple days. So maybe it's like an hour, maybe it's two hours, and then you recover. Your network resources are available again. That's not the same for something like ransomware. You get hit with ransomware, unless you pay or you have backups, you have to do the rigorous process of getting all your stuff back online. DDoS is more about as soon as the attack stops, the saturation goes away and you can start to get back online again. So it might not be as like immediate critical that you have to have something but there's also solutions, like a cloud solution, where it's as simple as signing up for the service and having your traffic redirected to their scrubbing center, their detection center. And then you may not have to do anything on-prem yourself, right? It's a matter of going out to an organization, finding a good contract, and then signing up, signing on the dotted line. And so I think that the ramp up time for mitigation services and DDoS protection can be a lot faster than many other security platforms and solutions. >> That's good to know cause with the up and to the right trend that you already said, the first quarter is usually slow. It's obviously not that way as what you've seen in 2021. And we can only expect what way, when we talk to you next year, that the up and to the right trend may continue. So hopefully organizations take advantage of these resources, Richard, that you talked about to be prepared to mediate and protect their you know, their customers, their employees, et cetera. Richard, we thank you for stopping by theCube. Talking to us about the sixth NetScout Threat Intelligence Report. Really interesting information. >> Absolutely; definitely a pleasure to have me here. Lisa, anytime you guys want to do it again, you know where I live? >> Yes. It's one of my favorite topics that you got and I got to point out the last thing, your Guardians of the Galaxy background, one of my favorite movies and it should be noted that on the NetScout website they are considered the Guardians of the Connected World. I just thought that connection was, as Richard told me before we went live, not planned, but I thought that was a great coincidence. Again, Richard, it's been a pleasure talking to you. Thank you for your time. >> Thank you so much. >> Richard Hummel, I'm Lisa Martin. You're watching this Cube conversation. (relaxing music)

(upbeat music) >> Welcome to this Cube Conversation. I am Lisa Martin. Jim Richberg joins me next, public sector CISO at Fortinet. Welcome to the program. Great to see you. >> Okay, good to be with you, Lisa. >> Lots of stuff has happened in the last year. I mean that's an epic understatement, right? But one of the things that... We saw this massive shift to work from home, and now we're... I hope I can say coming out of the pandemic, and we're starting to see this hybrid model of kind of work from anywhere. We also saw the massive spike in ransomware last year. Ransomware now being suddenly a household term. There's so much money in it. From a hybrid approach, what are some of the things that you're seeing? >> So, when we talk about hybrid, what we go back to is not going to be the office that we left. Some of us aren't going back at all. Some of us are going back in. We're not going to have assigned desks. Some of the offices are going to be in different places, and the nature of the work that we've been doing has changed. So it definitely means the new normal isn't going to look like the old normal did before March of 2021. So I tell organizations that they really need to think about what that means in terms of how they structure work, how they structured their networks. Because as you said, Lisa, it's going to be work from anywhere. Some of us are going to go back out on the road. We'll be the road warriors again. So you're not going back to a classic network, in an office with CAT5 Cat 5 cables, connecting everybody's desktop. And some of us are even going to get hired who never ever go to the office. So this is a situation where we really have to think through what this means in terms of how we work, the culture we have as a workplace, and unfortunately, it's not just the enterprise and the workforce that have been innovating. The threat actors have gone hybrid. There was a little pause while they started working from home, figuring out what to do, but the reality is they took us to lunch when they figured out exactly what these vulnerabilities in the small office, home office environment were, and how to exploit them. Lisa, you talked about ransomware rising 700% in the latter half of last year. And this is actually indicative of what I think is the biggest problem we have in cyber security. It's not technology. If you're willing to do a rip and replace and put in state of the art technology, there's some really good solutions. Some of that technology, when it starts incorporating artificial intelligence and automation, actually goes a long way to compensate for the workforce and skills gap we all hear about, 3 million people short. That's a true number. But Lisa, the biggest problem in cyber security from my perspective, and I've been doing this for 35 years, is metrics. We can't measure what's going on and say, "If I do this, this is how it affects the network security and this is how it affects the adversary's behavior." And that's exactly what we saw in this pivot to remote telework. It took networking and security working hand in hand to make that pivot. Because I've seen those two as the centerpiece of their organization. In March of last year, when we all went into lockdown, we would've gone and do shutdown if we haven't had the ability to forward deploy that IT to the home environment. And we can measure our success on the IT side. Did we have enough bandwidth? Did we give them the right platforms? Did the latency mean things froze up or not? We couldn't measure cybersecurity as well. We said, "Okay, due diligence says we'll give you a two-factor authentication, and we're going to do a secure connection back to the office. But then they said we were basically treating it as if you were logged on from your cube or your office, and the reality is you weren't. You were logged in from an environment that your organization had very little, if any, visibility or control into what was going on there, and that's how we got exploited. And because we couldn't measure that, it was only in hindsight that we could see exactly how insecure that was for many organizations. We cut corners. We had to do this to get up and running. That's not a good jumping off point for your status quo going into this hybrid environment in the future. >> So it sounds like you said the ransomware... When I spoke with with Derek Manky, I think about last month or so, ransomware were up 700%. I can only imagine what's happening this year, but one of the things I want to get your perspective on, Jim, is, what's top of mind for both public sector and private sector folks? As you're saying from a measurement perspective, There's a challenge there. There's this hybrid model that's amorphous we'll say. What are some of the things that are top of mind for them, and then how are you helping advise them? Because, as you say, the threat actors got to work pretty quick, so there's a race here. >> Well, top of mind for both of course is ransomware. And the ironic thing is ransomware is not a new phenomenon. It's been with us for a long time. It used to affect retail, one computer at a time, and it was 50 or 100 bucks to decrypt your personal computer. What has changed is the rise of cryptocurrency. It's so easy to monetize the ability to cash out with the victim now. There was a time five to 10 years ago where there were basically three places that were essentially the clearinghouses for this kind of stuff. So government could target those through law enforcement, and that meant that you really had the equivalent of the pawnbroker you needed to watch out for who was the fence that people were going to. Now, come on, cryptocurrency is essentially a fiat currency in some countries. So it's going everywhere. The fact that we have commoditized the ability to do it, you're familiar with ransomware as a service. You don't have to be a coder now. You rent the stuff. Sometimes you pay as much as 80% of the profit to the person you're renting it from. You're basically the mule doing the grunt work, but we've made it so that you don't need to know anything about computer science to carry this kind of crime off. And frankly, we've got some safe haven, some geopolitical safe heavens. It's much like spam was 10 years ago where there were a few countries where probably more traffic coming out as email was spammed in legitimate traffic. And we've got some big nation stages that are basically complicit in allowing this to occur, so safe haven. So this is why ransomware has become such a problem for everybody, and then of course you've got supply chain. You look at solar winds, you look at Microsoft Exchange, Office 365 vulnerability. This again is a problem that's been with us for a long time. It's one that tends to be focused primarily on government customers, because this is something where, yeah, you can do it as a criminal activity, but this really tends to be a game that nation states play against nation state terms. But something like SolarWinds was such an epiphany, was so serious that a lot of organizations said, "Oh my goodness, this attacked the root of trust. This fundamentally got into the system from the inside out." It scared people. And the reality is something like that infected far more people than were actively exploited. I've talked to some people in both the public sector at the state level, and in private sector who say, "Yes, my organization was compromised by this, but we weren't affected." So from my perspective, we were collateral damage. We were caught in the crossfire of a war between nation states. Do we want to spend our scarce cyber security resources trying to mitigate that kind of sophisticated threat? No, not when we know we've got ransomware, when we've got these vulnerabilities in the work from anywhere environment. That's where I want to put my next dollars. So it's been a health conversation with some of them as to what's most concerning to them and what they want to prioritize in mitigation. >> So if we look at some of the executive orders, Jim, that have come down, ransomware I said became a household word. I'm pretty sure my mom even knows the term ransomware, the Colonial Pipeline, the meat packing, where we're starting to see, wow, this is not just, as you said earlier in the beginning, isolated incidents or attacks. This is now affecting infrastructure, potentially public health and safety. Talk to me about some of the executive orders. What do you think they're going to do and where should agencies start? This race is going on. Like you said, they've got to be able to prioritize how they defend themselves. >> So two things to keep in mind when you look at an executive order. An executive order is the chief executive telling the executive branch what to do. If you look at the last executive order that President Biden signed on the 12th of May, people became seized with the fact that, "Oh my goodness, it tells the private sector it has to give threat information, it has to give breach information to the federal government, it has to change what it does in supply chain." You go no. It says when the federal government is your customer, when you're selling them a service, you have to do this. But otherwise, you don't do, by an executive order, something... It doesn't have the force of law. It just is the way you tell the executive branch to behave. So use that executive order as a case on point. Very large, very complex executive order that touched a lot of these things, ransomware, supply chain issues. The problem is you put a whole lot of good ideas in one executive order. You put a whole lot of aggressive time frame. Some things had to be done in 30, 45 days, 60 days, which is two weeks from now. It's crazy because one thing an executive order doesn't do is give you more money. The only way a government agency can spend money on this is if it aligned with the program it already had, or it has contingency funds, reserved funds to do it. So the problem is you take an executive order, you cram it full of good ideas, and you have too many good ideas. So the reality is this executive order tells the government to do a lot of things at once, and it has to by law, well, by the president's direction, focus on all this at once. But if I could pick and choose these, I would say start with the section that said focus on modernizing the cybersecurity of the federal government. There's goodness to come out of that. It has zero trust architecture. Federal government did a great idea of articulating what that was, even years before we called it zero trust. Federal government was segmenting its networks. It had need-to-know access. It was doing things. I come from the national security community. That was just the way we worked. We didn't call it anything fancy like zero trust. We didn't trust anybody. That's the way it worked in the spy business. But zero trust architecture, accelerating migration to the cloud, putting in multi-factor authentication and encryption of data at rest and in transit, deploying endpoint detection and response. Those are things in the executive order that if agencies could focus on those and make progress on implementing those, thumbs up, you have appreciably increased security without even touching the harder things that unfortunately are going to distract people like supply chain, and definitions of what critical software is and the cyber safety board. All good things, but the problem is if you try to do everything at once, the reality is you end up making progress on, appreciable progress on nothing. >> Right, which obviously we don't have the time for that. I'm curious getting your point, because one of the challenges with respect, well, threat vectors with respect to cybersecurity is people. With this shift to home, we had people using corporate devices on home networks and random devices, and now we've got this, as we talked about earlier, this hybrid approach coming back. But how much can zero trust help agencies really educate or really help defend form the human error that is often the cause of getting ransomware through email or an attachment. >> So, Lisa, that is exactly... We're handicapped by the name because zero trust sounds like I don't trust you, you're not trustworthy, rather than trust should be based on the transaction. Like if you need to read data to a file, why am I giving the ability to write to the file or, even worse, delete the file? Just give you what you need to get the job done. And this is tech that is your safety net. It's not Big Brother. When you do real-time monitoring as part of dynamic zero trust, it looks at it and says, "Well, Lisa is doing something she doesn't normally do with this application. Did she make a mistake? Did she say reply all on this, which was sending inside data to outside people on the email list? Do I at least want to ask her? Hey, Lisa, did you mean to do that?" So if you can educate people to say this is the organization looking out for you, it's looking over your shoulder as a friend. It's not here to be checking up on you. Language matters, and it's like we call things insider threat, recognizing that far more damage in an organization happens from people making mistakes. It's insider risk that we need to manage. An organization of any appreciable size has bad apples. That's just a law of nature. But when we call it.... I'm dealing with the insider threat. I've been in government. I've been shot at in some of my dicey situations. I want to avoid being attacked. I want to avoid threats. If I'm an organization, I don't want to avoid my insiders. That's my workforce. That's my biggest asset. They bring risk by their behavior. I need to manage that, but that's constructive. Don't make an adversarial by typecasting them all as threats. They're humans. They make mistakes. You can help them avoid some of those mistakes through technology, and zero trust gets into that. >> Got it. And then last question for you. Here we are, July 1st, crazy. Half a year has gone already. What are some of the things that you're expecting that are going to happen the rest of the year? What can organizations... You talked about some of the things they can implement now. Some of the things seems to be sort of like back to basics. But anything that you see on the horizon in the next six to nine months that organizations really need to be focused on? >> So as they put together their posture for operating in the new normal, I said security and IT were successful in getting us where we got in the pivot to remote telework because they worked hand in hand. So find things like that that you can use to demonstrate to your organization that you really are in the middle of the mix. So as we make this pivot to software defined networking. Because again, if we're going back to offices that are different, places with different kinds of infrastructure, we don't want to pull cable. We don't want to do that. Software-defined networking is a good way to do it, and there are different ways to do software-defined networking, some of which are inherently secure. So pick that one. In software-defined networking, the users love the fact that it gives them better latency, better performance on the apps they care about. The front office likes the fact that they get flexibility for continuity of operations, and they save money. This is the example of something that you can pick that allows you to say, "I'm giving you great performance and great security." Cloud is the same way. People understand I think at this point how to operate in a cloud, the challenge comes in saying, "I'm operating in multiple clouds." I need to say I don't really care. I don't really care where the data go or the compute resource is. I just need to connect the user, the device, data, and resources, regardless of location. And that's where this big approach to say, you know, it's about convergence. It's about convergence of IT and security, and really it's about convergence of computing to say, "I don't care if it's edge computing, or cloud computing, or work from home." It's all just computing, and we've got to connect, and we've got to enable that to be secure. That's the priority that if you take that mindset, thinking about the problem going forward, I think will allow CIOs and CISOs to say, "Look, we're making a difference for the organization, performance, cost, and security." >> Performance, cost, and security. It also sounds like a bit of a cultural change there, which is always challenging, but certainly that convergence as you mentioned, we've seen it be successful, and it's something that sounds now more important than ever. Jim, thank you so much for joining me on the program today, sharing all of your insights, some of the things that you're seeing in what organizations can do to protect themselves from this big threat of ransomware that probably isn't going anywhere anytime soon. >> I wouldn't expect it to, but it's been a pleasure talking to you, Lisa, and we'll have to look back and see how accurate we were with this crystal ball. >> Good, yeah. Jim, great to have you on the program. For Jim Richberg, I'm Lisa Martin. You're watching this Cube Conversation. (gentle music)

(upbeat music) >> From around the globe, it's theCUBE! With digital coverage of Postgres Vision 2021, brought to you by EDB. >> Welcome back to Postgres Vision 21, where theCUBE is covering the innovations in open source trends in this new age of application development and how to leverage open source database technologies to create world-class platforms that are cost-effective and also scale. My name is Dave Vellante, and with me is Roberto Giordano, who is the End User Computing, Corporate, and Database Services Manager at Borsa Italiana, the Italian Stock Exchange. Roberto, great to have you. Thanks for coming on. >> Thanks Dave, and thanks to the interview friend for the invitation. >> Okay, and we're going to dig in to the great customer story here. First, Roberto, tell us a little bit more about Borsa Italiana and your role at the organization. >> Absolutely. Well, as you mentioned, Borsa is the Italian Stock Exchange. We used to be part of the London Stock Exchange, but last month we left that group, and we joined another group called Euronext, so we are now part of another group, I would say. And right now within Euronext, Euronext provide the biggest liquidity pool in Europe, just to mention something. And basically we provide the market infrastructure to our customers across Europe and the whole world. So probably if it happens for you to buy a little of, I don't know, Ferrari for instance, probably use our infrastructure. >> So I wonder if you could talk about the key drivers in the exchange business in Italy. I don't know how closely you follow what's going on in the United States, but it's crypto madness, there's the Reddit army driving up stocks that have big short positions, and of course the regulators have to look at that, and there's a big debate going on. Well, I don't know what's it like in Italy, but what are the key drivers that are really informing the priorities for your technology strategy? >> Well, you mentioned, for instance, the stereotypical cases that are a little bit of laterally to the global markets and also to our markets as a it professional running market infrastructure is our first the goal to provide an infrastructure that is reliable and be with the lowest possible latency. So we are very focused on performance and reliability just to mention the two main drivers within our systems. >> Well, and you have end-user computing in your title and we're going to get into the database discussion, but I presumably with with COVID you had to pivot and that that piece of your job was escalated in 2020, I would imagine. And you mentioned latency which is a key factor in obviously in database access but that must've been a big challenge last year. >> Well, it was really a challenge, but basically we move just within a weekend, the wall organization working remotely. And it has been like this since February, 2020. Think about the challenge of moving almost 1000 people that used to come to the office every day to start to work remotely. And as within my team of the end user computing this was really a challenge but it was a good one at the end. We, we, we succeeded and everything work. It's fine from our perspective, no news is is a good news, you know, because normally when something doesn't work, we are on newspapers. So if you didn't heard about us it means that everything worked out just fine. >> Yeah. It's amazing, Roberto. We both in the technology business that you'll be you're a practitioner observer, but I mean if you're in the tech business most companies actually pivoted quite well. You're have always been a digital business, different. I mean, if you're a Ferrari and making cars and you can't get semiconductors, but but most technology companies actually made the transition you know, quite amazingly, let's get into the, the case study a bit of it. I wonder if you could paint a picture of your organization's infrastructure and applications what it looks like and and particularly your database infrastructure what does that look like? >> Well, we are a multi-vendor shop. So we would like to pick the right technology for for the right service. This means that my database services teams currently manage several different technology where possible that plays a big role in, in, in our portfolio. And because we, we, we currently support both the open source, fully open source version of Postgres, but also the EDB distribution in particular we prefer to use EDB distribution where we did specific functionalities that just EDB provide. And we, when we need a first class level of support that EDB in recent year was able to provide to us. >> When you say full functioning, are you talking about things like acid compliance, two phase commits? I mean, all these enterprise capabilities, is that right? Or maybe you could be >> Just too much just to mention one, for instance we recently migrated our wire intrasite availability solution using the ADB fail-over manager. That is an additional component that just it'll be provide. >> Yeah. Okay. So, so par recovery obviously is, is and so that's a solution that you to get from the EDB distro as opposed to having to build it yourself with open source tooling. >> Yeah, correct. Well, basically sterically, we used to rely on OSTP clustering from, from, from that perspective. But over the years we found that even if it's a technology that works fine, it has been around for four decades. And so on. We faced some challenges internally because within my team we don't own also the operative system layers. So we want a solution that was 100% within our control and perimeter. So just few months ago we asked the EDB EDB folks if they can provide something. And after a couple of meetings also with their pre-sales engineers, we found the the right solution for us. So we launched long story short, just a quick proof of concept to a tissue test together, again using the ADB consultancy. And, and then we, beginning of this year, we, we went live with the first mission critical service using this brand new technology, well brand new technology for us. You know, it'd be created a few years ago >> And I do have some follow-up questions but I want to understand what catalyzed the, you know what was the motivation for going with an open source database? I mean, you're, you're a great example because you have your multi-vendor so you have experienced with all of it, the full spectrum. What was it about open source database generally EDB specifically that triggered the, the choice? >> Well thanks for the question. It is, this is one of the, or one of the questions that I always, like. I think what really drove us was the right combination between easy to use, so simplicity and also good value for money. So we like to pick the right database technology for the right kind of service slash budget that the survey says and, and the open source solution for a specific service. It, it, it's, it's our, you know, first, first, first choice. So we are not going to say a company that use just one technology. We like to take the best of breed that the market can offer. In some cases, the open source and Postgres in particular is, is our choice. How involved was >> The line of business in this both the decision and the implementation? Was it kind of invisible to them, or this was really more of a technology decision based on the your interpretation of the requirements I'm interested in who was involved and how you actually got it done? >> Well, I, I think this decision was transplant for, for, for, for the business at the end of the day don't really have that kind of visibility. You know, they just provide requirements in particular in terms of performance and rehabil area, the reliability. And so, so this this is something they are not really involved about. And obviously if they, if we are in opposition to save a little bit of money everybody's at the, even the business >> No. So what did you have to do? So that makes sense to me, I figured that was the case. Who would, who were the stakeholders on your team? I mean, what kind of technical resources did you require an implementation resources? What take us through what the project if you will look like, wh how did you do it? >> Well, it's a combination of database expertise. I got the pleasure to run a team that is paid by very, very senior, very, very skilled database services professional that are able to support more than one more than what the county and also are very open to innovation and changes. Plus obviously we need also the development teams the relevant development teams on board, when you when you run this kind of transformations and it looks like also, they liked the idea to use PostgreSQL for for this specific service I got in mind. So it, it, it was quite, quite easy, not be discussion. You know. >> What was the, what was the elapsed time from from when you said, okay, we're in, you know signed the agreement we're going here you made the decision to actually getting into production. >> Well, as I mentioned, we, we, we were on we're on services and application that are really focused on high availability and performance. So generally speaking, we are not a peak organization. Also we run a business that is highly regulated. So as you know, as you can imagine we are an organization that don't have a lot of appetite for risk, you know, so generally speaking in order to run this kind of transformation is a matter of several months, I will say six nine months to have something delivered in that space. >> Okay. Well, that's, I mean, that's reasonable. I mean, if you could do it inside of a year that's I think quite good especially in the highly regulated industry. And then you mentioned kind of the fail over the high availability Cape Cape capabilities. Were there other specific EDB tools that that you utilize to sort of address the objectives? >> Yeah, absolutely. We were in particular, we used Postgres enterprise, AKA Pam. Okay. And very recently we were involved within ADB about per se specifically developing one functionality that, that that we needed back in the day. I think together with Bart these are the free EDB specific tools that, that we, that that we use right now. >> And, and I'm, I'm interested in, I want to get to the business impact and I know it's early days for you but the real motivation was to save money and simplify. I would actually, I would imagine your developers were happy because they get to use modern tooling and open source. But, but really though if your industry is bottom line, right, I mean that's really what the, the business case was all about. But I wonder if you could add some color there in terms of the business impact that you expect. And then, I mean I don't know how much visibility you have now but anything you can share with us. >> Well, thinking about the EFM implementation that the business impact the, was that in case of a failure or the DBA team that a services team is it is able to provide a solution that is within our 100% within our perimeter. So this means that we are fully accountable for it. So in a nutshell, when you run a service, the less people the less teams you have to involve the more control you can deliver. And in some, again, very critical services that is a great value. >> Okay. So, and, and where do you want to take this? I mean, how do you see w what's your, if you're thinking about your Postgres and, and generally an EDB you know, roadmap, where do you want it to go? >> Well, I stay to, to trends within within the organization, the, the, the, the the first one is about migrating more existing services to open source solution for database is going to be, is going to be prosperous. And other trends that I see within my organization is about designing applications, not really to be, to to use PostgreSQL as the base, as it does a base layer. I think both trends are more or less surroundings at the same state right now. >> Yeah. A lot of the audience members at Postgres vision 21 is just like you they they're managing day-to-day infrastructure. They're there they're expert practitioners. What advice would you give to somebody that is thinking about, you know taking this journey, maybe if you had to do something over again maybe what would you do differently? How can you help your peers here? >> Well, I think in particular, if you are going to say a big organization that runs a highly regulated business in some cases, you are a little bit afraid of open source because there is this, I can say general consideration about the lack of enterprise level support. I would like to say that it is just about the past because they're around bunch of companies like EDB that are we're a hundred percent capable of providing enterprise level of support, even on, on, on even on the open source distribution of Paul's presser. Obviously Dan is you're going to go with their specific distribution. The level of support is going to be even more accurate but as we know, it could be currently is they across say main contributor of the pollsters community. And I think is, is that an insurance for every organization? >> Your advice is don't be afraid. >> Yeah. My advice is done is absolutely, don't be, don't be afraid. And if, if, if I can, if we can mention about also about, you know, the cloud called technologies this is also another, another topic where if possible I would like to suggest to not being afraid EDB as every every I would say organization within the it industry is really pushing for it. And I think for a very, for, for a lot of cases not all of them, but a lot of cases, there is a great value about the design services application to be cloud native or migrating existing application into the cloud. >> Okay. But, but being a highly regulated industry and being a, you know, very much aware of the the narrative around open source, et cetera, you, you must've had just a little piece of your mind saying, okay I have to manage this risk. So there's anything specifically you did with managing the risks that you would advise? Was it, was it or is it really just about good change management? >> I think it was mainly about a good change management when you got, you know the relevant stakeholders that you need on board and we are, everybody's going the same direction. That basically is about executing. >> Excellent. Well, Roberto, I really appreciate your time and your knowledge that you share with the audience. So thanks so much for coming on the cube. >> Thank you, Dave. It was a great pleasure. >> And thank you for watching the cubes continuous coverage of Postgres vision 21. We'll be right back. (upbeat music)

(upbeat music) >> From around the globe, it's theCUBE! With digital coverage of Postgres Vision 2021, brought to you by EDB. >> Welcome back to Postgres Vision 21, where theCUBE is covering the innovations in open source trends in this new age of application development and how to leverage open source database technologies to create world-class platforms that are cost-effective and also scale. My name is Dave Vellante, and with me is Roberto Giordano, who is the End User Computing, Corporate, and Database Services Manager at Borsa Italiana, the Italian Stock Exchange. Roberto, great to have you. Thanks for coming on. >> Thanks Dave, and thanks to the interview friend for the invitation. >> Okay, and we're going to dig in to the great customer story here. First, Roberto, tell us a little bit more about Borsa Italiana and your role at the organization. >> Absolutely. Well, as you mentioned, Borsa is the Italian Stock Exchange. We used to be part of the London Stock Exchange, but last month we left that group, and we joined another group called Euronext, so we are now part of another group, I would say. And right now within Euronext, Euronext provide the biggest liquidity pool in Europe, just to mention something. And basically we provide the market infrastructure to our customers across Europe and the whole world. So probably if it happens for you to buy a little of, I don't know, Ferrari for instance, probably use our infrastructure. >> So I wonder if you could talk about the key drivers in the exchange business in Italy. I don't know how closely you follow what's going on in the United States, but it's crypto madness, there's the Reddit army driving up stocks that have big short positions, and of course the regulators have to look at that, and there's a big debate going on. Well, I don't know what's it like in Italy, but what are the key drivers that are really informing the priorities for your technology strategy? >> Well, you mentioned, for instance, the stereotypical cases that are a little bit of laterally to the global markets and also to our markets as a it professional running market infrastructure is our first the goal to provide an infrastructure that is reliable and be with the lowest possible latency. So we are very focused on performance and reliability just to mention the two main drivers within our systems. >> Well, and you have end-user computing in your title and we're going to get into the database discussion, but I presumably with with COVID you had to pivot and that that piece of your job was escalated in 2020, I would imagine. And you mentioned latency which is a key factor in obviously in database access but that must've been a big challenge last year. >> Well, it was really a challenge, but basically we move just within a weekend, the wall organization working remotely. And it has been like this since February, 2020. Think about the challenge of moving almost 1000 people that used to come to the office every day to start to work remotely. And as within my team of the end user computing this was really a challenge but it was a good one at the end. We, we, we succeeded and everything work. It's fine from our perspective, no news is is a good news, you know, because normally when something doesn't work, we are on newspapers. So if you didn't heard about us it means that everything worked out just fine. >> Yeah. It's amazing, Roberto. We both in the technology business that you'll be you're a practitioner observer, but I mean if you're in the tech business most companies actually pivoted quite well. You're have always been a digital business, different. I mean, if you're a Ferrari and making cars and you can't get semiconductors, but but most technology companies actually made the transition you know, quite amazingly, let's get into the, the case study a bit of it. I wonder if you could paint a picture of your organization's infrastructure and applications what it looks like and and particularly your database infrastructure what does that look like? >> Well, we are a multi-vendor shop. So we would like to pick the right technology for for the right service. This means that my database services teams currently manage several different technology where possible that plays a big role in, in, in our portfolio. And because we, we, we currently support both the open source, fully open source version of PostgreSQL, but also the EDB distribution in particular we prefer to use DDB distribution where we did specific functionalities that just EDB provide. And we, when we need a first class level of support that ADB in in recent year was able to provide to us. >> When you say full functioning, are you talking about things like acid compliance, two phase commits? I mean, all these enterprise capabilities, is that right? Or maybe you could be >> Just too much just to mention one, for instance we recently migrated our wire intrasite availability solution using the ADB fail-over manager. That is an additional component that just it'll be provide. >> Yeah. Okay. So, so par recovery obviously is, is and so that's a solution that you to get from the EDB distro as opposed to having to build it yourself with open source tooling. >> Yeah, correct. Well, basically sterically, we used to rely on OSTP clustering from, from, from that perspective. But over the years we found that even if it's a technology that works fine, it has been around for four decades. And so on. We faced some challenges internally because within my team we don't own also the operative system layers. So we want a solution that was 100% within our control and perimeter. So just few months ago we asked the EDB EDB folks if they can provide something. And after a couple of meetings also with their pre-sales engineers, we found the the right solution for us. So we launched long story short, just a quick proof of concept to a tissue test together, again using the ADB consultancy. And, and then we, beginning of this year, we, we went live with the first mission critical service using this brand new technology, well brand new technology for us. You know, it'd be created a few years ago >> And I do have some follow-up questions but I want to understand what catalyzed the, you know what was the motivation for going with an open source database? I mean, you're, you're a great example because you have your multi-vendor so you have experienced with all of it, the full spectrum. What was it about open source database generally EDB specifically that triggered the, the choice? >> Well thanks for the question. It is, this is one of the, or one of the questions that I always, like. I think what really drove us was the right combination between easy to use, so simplicity and also good value for money. So we like to pick the right database technology for the right kind of service slash budget that the survey says and, and the open source solution for a specific service. It, it, it's, it's our, you know, first, first, first choice. So we are not going to say a company that use just one technology. We like to take the best of breed that the market can offer. In some cases, the open source and Pasquesi in particular is, is our choice. How involved was >> The line of business in this both the decision and the implementation? Was it kind of invisible to them, or this was really more of a technology decision based on the your interpretation of the requirements I'm interested in who was involved and how you actually got it done? >> Well, I, I think this decision was transplant for, for, for, for the business at the end of the day don't really have that kind of visibility. You know, they just provide requirements in particular in terms of performance and rehabil area, the reliability. And so, so this this is something they are not really involved about. And obviously if they, if we are in opposition to save a little bit of money everybody's at the, even the business >> No. So what did you have to do? So that makes sense to me, I figured that was the case. Who would, who were the stakeholders on your team? I mean, what kind of technical resources did you require an implementation resources? What take us through what the project if you will look like, wh how did you do it? >> Well, it's a combination of database expertise. I got the pleasure to run a team that is paid by very, very senior, very, very skilled database services professional that are able to support more than one more than what the county and also are very open to innovation and changes. Plus obviously we need also the development teams the relevant development teams on board, when you when you run this kind of transformations and it looks like also, they liked the idea to use PostgreSQL for for this specific service I got in mind. So it, it, it was quite, quite easy, not be discussion. You know. >> What was the, what was the elapsed time from from when you said, okay, we're in, you know signed the agreement we're going here you made the decision to actually getting into production. >> Well, as I mentioned, we, we, we were on we're on services and application that are really focused on high availability and performance. So generally speaking, we are not a peak organization. Also we run a business that is highly regulated. So as you know, as you can imagine we are an organization that don't have a lot of appetite for risk, you know, so generally speaking in order to run this kind of transformation is a matter of several months, I will say six nine months to have something delivered in that space. >> Okay. Well, that's, I mean, that's reasonable. I mean, if you could do it inside of a year that's I think quite good especially in the highly regulated industry. And then you mentioned kind of the fail over the high availability Cape Cape capabilities. Were there other specific EDB tools that that you utilize to sort of address the objectives? >> Yeah, absolutely. We were in particular, we used Postgres enterprise, AKA Pam. Okay. And very recently we were involved within ADB about per se specifically developing one functionality that, that that we needed back in the day. I think together with Bart these are the free EDB specific tools that, that we, that that we use right now. >> And, and I'm, I'm interested in, I want to get to the business impact and I know it's early days for you but the real motivation was to save money and simplify. I would actually, I would imagine your developers were happy because they get to use modern tooling and open source. But, but really though if your industry is bottom line, right, I mean that's really what the, the business case was all about. But I wonder if you could add some color there in terms of the business impact that you expect. And then, I mean I don't know how much visibility you have now but anything you can share with us. >> Well, thinking about the EFM implementation that the business impact the, was that in case of a failure or the DBA team that a services team is it is able to provide a solution that is within our 100% within our perimeter. So this means that we are fully accountable for it. So in a nutshell, when you run a service, the less people the less teams you have to involve the more control you can deliver. And in some, again, very critical services that is a great value. >> Okay. So, and, and where do you want to take this? I mean, how do you see w what's your, if you're thinking about your Postgres and, and generally an EDB you know, roadmap, where do you want it to go? >> Well, I stay to, to trends within within the organization, the, the, the, the the first one is about migrating more existing services to open source solution for database is going to be, is going to be prosperous. And other trends that I see within my organization is about designing applications, not really to be, to to use PostgreSQL as the base, as it does a base layer. I think both trends are more or less surroundings at the same state right now. >> Yeah. A lot of the audience members at Postgres vision 21 is just like you they they're managing day-to-day infrastructure. They're there they're expert practitioners. What advice would you give to somebody that is thinking about, you know taking this journey, maybe if you had to do something over again maybe what would you do differently? How can you help your peers here? >> Well, I think in particular, if you are going to say a big organization that runs a highly regulated business in some cases, you are a little bit afraid of open source because there is this, I can say general consideration about the lack of enterprise level support. I would like to say that it is just about the past because they're around bunch of companies like EDB that are we're a hundred percent capable of providing enterprise level of support, even on, on, on even on the open source distribution of Paul's presser. Obviously Dan is you're going to go with their specific distribution. The level of support is going to be even more accurate but as we know, it could be currently is they across say main contributor of the pollsters community. And I think is, is that an insurance for every organization? >> Your advice is don't be afraid. >> Yeah. My advice is done is absolutely, don't be, don't be afraid. And if, if, if I can, if we can mention about also about, you know, the cloud called technologies this is also another, another topic where if possible I would like to suggest to not being afraid EDB as every every I would say organization within the it industry is really pushing for it. And I think for a very, for, for a lot of cases not all of them, but a lot of cases, there is a great value about the design services application to be cloud native or migrating existing application into the cloud. >> Okay. But, but being a highly regulated industry and being a, you know, very much aware of the the narrative around open source, et cetera, you, you must've had just a little piece of your mind saying, okay I have to manage this risk. So there's anything specifically you did with managing the risks that you would advise? Was it, was it or is it really just about good change management? >> I think it was mainly about a good change management when you got, you know the relevant stakeholders that you need on board and we are, everybody's going the same direction. That basically is about executing. >> Excellent. Well, Roberto, I really appreciate your time and your knowledge that you share with the audience. So thanks so much for coming on the cube. >> Thank you, Dave. It was a great pleasure. >> And thank you for watching the cubes continuous coverage of Postgres vision 21. We'll be right back. (upbeat music)

(upbeat music) >> Hey, welcome to this Cube conversation with NetScout. I'm Lisa Martin. Excited to talk to you. Richard Hummel, the manager of threat research for Arbor Networks, the security division of NetScout. Richard, welcome to theCube. >> Thanks for having me, Lisa, it's a pleasure to be here. >> We're going to unpack the sixth NetScout Threat Intelligence Report, which is going to be very interesting. But something I wanted to start with is we know that and yes, you're going to tell us, COVID and the pandemic has had a massive impact on DDoS attacks, ransomware. But before we dig into the report, I'd like to just kind of get some stories from you as we saw last year about this time rapid pivot to work from home, rapid pivot to distance learning. Talk to us about some of the attacks that you saw in particular that literally hit close to home. >> Sure and there's one really good prime example that comes to mind because it impacted a lot of people. There was a lot of media sensation around this but if you go and look, just Google it, Miami Dade County and DDoS, you'll see the first articles that pop up is the entire district school network going down because the students did not want to go to school and launched a DDoS attack. There was something upwards of 190,000 individuals that could no longer connect to the school's platform, whether that's a teacher, a student or parents. And so it had a very significant impact. And when you think about this in terms of the digital world, that impacted very severely, a large number of people and you can't really translate that to what would happen in a physical environment because it just doesn't compute. There's two totally different scenarios to talk about here. >> Amazing that a child can decide, "I don't want to go to school today." And as a result of a pandemic take that out for nearly 200,000 folks. So let's dig into, I said this is the sixth NetScout Threat Intelligence Report. One of the global trends and themes that is seen as evidence in what happened last year is up and to the right. Oftentimes when we're talking about technology, you know, with analyst reports up and to the right is a good thing. Not so in this case. We saw huge increases in threat vectors, more vectors weaponized per attack sophistication, expansion of threats and IOT devices. Walk us through the overall key findings from 2020 that this report discovered. >> Absolutely. And if yo glance at your screen there you'll see the key findings here where we talk about record breaking numbers. And just in 2020, we saw over 10 million attacks, which, I mean, this is a 20% increase over 2019. And what's significant about that number is COVID had a huge impact. In fact, if we go all the way back to the beginning, right around mid March, that's when the pandemic was announced, attacks skyrocketed and they didn't stop. They just kept going up and to the right. And that is true through 2021. So far in the first quarter, typically January, February is the down month that we observe in DDoS attacks. Whether this is, you know, kids going back to school from Christmas break, you have their Christmas routines and e-commerce is slowing down. January, February is typically a slow month. That was not true in 2021. In fact, we hit record numbers on a month by month in both January and February. And so not only do we see 2.9 million attacks in the first quarter of 2021, which, I mean, let's do the math here, right? We've got four quarters, you know, we're on track to hit 12 million attacks potentially, if not more. And then you have this normal where we said 800,000 approximately month over month since the pandemic started, we started 2021 at 950,000 plus. That's up and to the right and it's not slowing down. >> It's not slowing down. It's a trend that it shows, you know, significant impact across every industry. And we're going to talk about that but what are some of the new threat vectors that you saw weaponized in the last year? I mean, you talked about the example of the Miami-Dade school district but what were some of those new vectors that were really weaponized and used to help this up and to the right trend? >> So there's four in particular that we were tracking in 2020 and these nets aren't necessarily new vectors. Typically what happens when an adversary starts using this is there's a proof of concept code out there. In fact, a good example of this would be the RDP over UDP. So, I mean, we're all remotely connected, right? We're doing this over a Zoom call. If I want to connect to my organization I'm going to use some sort of remote capability whether that's a VPN or tunneling in, whatever it might be, right? And so remote desktop is something that everybody's using. And we saw actors start to kind of play around with this in mid 2020. And in right around September, November timeframe we saw a sudden spike. And typically when we see spikes in this kind of activity it's because adversaries are taking proof of concept code, that maybe has been around for a period of time, and they're incorporating those into DDoS for hire services. And so any person that wants to launch a DDoS attack can go into underground forums in marketplaces and they can purchase, maybe it's $10 in Bitcoin, and they can purchase an attack. That leverage is a bunch of different DDoS vectors. And so adversaries have no reason to remove a vector as new ones get discovered. They only have the motivation to add more, right? Because somebody comes into their platform and says, "I want to launch an attack that's going to take out my opponent." It's probably going to look a lot better if there's a lot of attack options in there where I can just go through and start clicking buttons left and right. And so all of a sudden now I've got this complex multi-vector attack that I don't have to pay anything extra for. Adversary already did all the work for me and now I can launch an attack. And so we saw four different vectors that were weaponized in 2020. One of those are notably the Jenkins that you see listed on the screen in the key findings. That one isn't necessarily a DDoS vector. It started out as one, it does amplify, but what happens is Jenkins servers are very vulnerable and when you actually initiate this attack, it tips over the Jenkins server. So it kind of operates as like a DoS event versus DDoS but it still has the same effect of availability, it takes a server offline. And then now just in the first part of 2021 we're tracking multiple other vectors that are starting to be weaponized. And when we see this, we go from a few, you know, incidents or alerts to thousands month over month. And so we're seeing even more vectors added and that's only going to continue to go up into the right. You know that theme that we talked about at the beginning here. >> As more vectors get added, and what did you see last year in terms of industries that may have been more vulnerable? As we talked about the work from home, everyone was dependent, really here we are on Zoom, dependent on Zoom, dependent on Netflix. Streaming media was kind of a lifeline for a lot of us but it also was healthcare and education. Did you see any verticals in particular that really started to see an increase in the exploitation and in the risk? >> Yeah, so let's start, let's separate this into two parts. The last part of the key findings that we had was talking about a group we, or a campaign we call Lazarus Borough Model. So this is a global DDoS extortion campaign. We're going to cover that a little bit more when we talk about kind of extorted events and how that operates but these guys, they started where the money is. And so when they first started targeting industries and this kind of coincides with COVID, so it started several months after the pandemic was announced, they started targeting a financial organizations, commercial banking. They went after stock exchange. Many of you would hear about the New Zealand Stock Exchange that went offline. That's this LBA campaign and these guys taking it off. So they started where the money is. They moved to a financial agation targeting insurance companies. They targeted currency exchange places. And then slowly from there, they started to expand. And in so much as our Arbor Cloud folks actually saw them targeting organizations that are part of vaccine development. And so these guys, they don't care who they hurt. They don't care who they're going after. They're going out there for a payday. And so that's one aspect of the industry targeting that we've seen. The other aspect is you'll see, on the next slide here, we actually saw a bunch of different verticals that we really haven't seen in the top 10 before. In fact, if you actually look at this you'll see the number one, two and three are pretty common for us. We almost always are going to see these kinds of telecommunications, wireless, satellite, broadband, these are always going to be in the top. And the reason for that is because gamers and DDoS attacks associated with gaming is kind of the predominant thing that we see in this landscape. And let's face it, gamers are on broadband operating systems. If you're in Asian communities, often they'll use mobile hotspots. So now you start to have wireless come in there. And so that makes sense seeing them. But what doesn't make sense is this internet publishing and broadcasting and you might say, "Well, what is that?" Well, that's things like Zoom and WebEx and Netflix and these other streaming services. And so we're seeing adversaries going after that because those have become critical to people's way of life. Their entertainment, what they're using to communicate for work and school. So they realized if we can go after this it's going to disrupt something and hopefully we can get some recognition. Maybe we can show this as a demonstration to get more customers on our platform or maybe we can get a payday. In a lot of the DDoS attacks that we see, in fact most of them, are all monetary focused. And so they're looking for a payday. They're going to go after something that's going to likely, you know, send out that payment. And then just walk down the line. You can see COVID through this whole thing. Electronic shopping is number five, right? Everybody turned to e-commerce because we're not going to in-person stores anymore. Electronic computer manufacturing, how many more people have to get computers at home now because they're no longer in a corporate environment? And so you can see how the pandemic has really influenced this industry target. >> Significant influencer and I also wonder too, you know, Zoom became a household name for every generation. You know, we're talking to five generations and maybe the generations that aren't as familiar with computer technology might be even more exploitable because it's easy to click on a phishing email when they don't understand how to look for the link. Let's now unpack the different types of DDoS attacks and what is on the rise. You talked about in the report the triple threat and we often think of that in entertainment. That's a good thing, but again, not here. Explain that triple threat. >> Yeah, so what we're seeing here is we have adversaries out there that are looking to take advantage of every possible angle to be able to get that payment. And everybody knows ransomware is a household name at this point, right? And so ransomware and DDoS have a lot in common because they both attack the availability of network resources, where computers or devices or whatever they might be. And so there's a lot of parallels to draw between the two of these. Now ransomware is a denial of service event, right? You're not going to have tens of thousands of computers hitting a single computer to take it down. You're going to have one exploitation of events. Somebody clicked on a link, there was a brute force attempt that managed to compromise a little boxes, credentials, whatever it might be, ransomware gets put on a system, it encrypts all your files. Well, all of a sudden, you've got this ransom note that says "If you want your files decrypted you're going to send us this amount of human Bitcoin." Well, what adversaries are doing now is they're capitalizing on the access that they already gained. So they already have access to the computer. Well, why not steal all the data first then let's encrypt whatever's there. And so now I can ask for a ransom payment to decrypt the files and I can ask for an extortion to prevent me from posting your data publicly. Maybe there's sensitive corporate information there. Maybe you're a local school system and you have all of your students' data on there. You're a hospital that has sensitive PI on it, whatever it might be, right? So now they're going to extort you to prevent them from posting that publicly. Well, why not add DDoS to this entire picture? Now you're already encrypted, we've already got your files, and I'm going to DDoS your system so you can't even access them if you wanted to. And I'm going to tell you, you have to pay me in order to stop this DDoS attack. And so this is that triple threat and we're seeing multiple different ransomware families. In fact, if you look at one of the slides here, you'll see that there's SunCrypt, there's Ragnar Cryptor, and then Maze did this initially back in September and then more recently, even the DarkSide stuff. I mean, who hasn't heard about DarkSide now with the Colonial Pipeline event, right? So they came out and said, "Hey we didn't intend for this collateral damage but it happened." Well, April 24th, they actually started offering DDoS as part of their tool kits. And so you can see how this has evolved over time. And adversaries are learning from each other and are incorporating this kind of methodology. And here we have triple extortion event. >> It almost seems like triple extortion event as a service with the opportunities, the number of vectors there. And you're right, everyone has heard of the Colonial Pipeline and that's where things like ransomware become a household term, just as much as Zoom and video conferencing and streaming media. Let's talk now about the effects that the threat report saw and uncovered region by region. Were there any regions in particular that were, that really stood out as most impacted? >> So not particularly. So one of the phenomenon that we actually saw in the threat report, which, you know, we probably could have talked about it before now but it makes sense to talk about it regionally because we didn't see any one particular region, one particular vertical, a specific organization, specific country, none was more heavily targeted than another. In fact what we saw is organizations that we've never seen targeted before. We've seen industries that have never been targeted before all of a sudden are now getting DDoS attacks because we went from a local on-prem, I don't need to be connected to the internet, I don't need to have my employees remote access. And now all of a sudden you're dependent on the internet which is really, let's face it, that's critical infrastructure these days. And so now you have all of these additional people with a footprint connected to the internet then adversary can figure out and they can poke it. And so what we saw here is just overall, all industries, all regions saw these upticks. The exception would be in China. We actually, in the Asia Pacific region specifically, but predominantly in China. But that often has to do with visibility rather than a decrease in attacks because they have their own kind of infrastructure in China. Brazil's the same way. They have their own kind of ecosystems. And so often you don't see what happens a lot outside the borders. And so from our perspective, we might see a decrease in attacks but, for all we know, they actually saw an increase in the attacks that is internal to their country against their country. And so across the board, just increases everywhere you look. >> Wow. So let's talk about what organizations can do in light of this. As we are here, we are still doing this program by video conferencing and things are opening up a little bit more, at least in the states anyway, and we're talking about more businesses going back to some degree but there's going to still be some mix, some hybrid of working from home and maybe even distance learning. So what can enterprises do to prepare for this when it happens? Because it sounds to me like with the sophistication, the up and to the right, it's not, if we get attacked, it's when. >> It's when, exactly. And that's just it. I mean, it's no longer something that you can put off. You can't just assume that I've never been DDoS attacked, I'm never going to be DDoS attacked anymore. You really need to consider this as part of your core security platform. I like to talk about defense in depth or a layer defense approach where you want to have a layered approach. So, you know, maybe they target your first layer and they don't get through. Or they do get through and now your second layer has to stop it. Well, if you have no layers or if you have one layer, it's not that hard for an adversary to figure out a way around that. And so preparation is key. Making sure that you have something in place and I'm going to give you an operational example here. One of the things we saw with the LBA campaigns is they actually started doing network of conasense for their targets. And what they would do is they would take the IP addresses belonging to your organization. They would look up the domains associated with that and they would figure out like, "Hey, this is bpn.organization.com or VPN two." And all of a sudden they've found your VPN concentrator and so that's where they're going to focus their attack. So something as simple as changing the way that you name your VPN concentrators might be sufficient to prevent them from hitting that weak link or right sizing the DDoS protection services for your company. Did you need something as big as like OnPrem Solutions? We need hardware. Do you instead want to do a managed service? Or do you want to go and talk to a cloud provider because there's right solutions and right sizes for all types of organizations. And the key here is preparation. In fact, all of the customers that we've worked with for the LBA extortion campaigns, if they were properly prepared they experienced almost no downtime or impact to their business. It's the people like the New Zealand Stock Exchange or their service provider that wasn't prepared to handle the attacks that were sent out them that were crippled. And so preparation is key. The other part is awareness. And that's part of what we do with this threat report because we want to make sure you're aware what adversaries are doing, when new attack vectors are coming out, how they're leveraging these, what industries they're targeting because that's really going to help you to figure out what your posture is, what your risk acceptance is for your organization. And in fact, there's a couple of resources that that we have here on the next slide. And you can go to both both of these. One of them is the threat report. You can view all of the details. And we only scratched the surface here in this Cube interview. So definitely recommend going there but the other one is called Horizon And netscout.com/horizon is a free resource you can register but you can actually see near real-time attacks based on industry and based on region. So if your organization out there and you're figuring, "Well I'm never attacked." Well go look up your industry. Go look up the country where you belong and see is there actually attacks against us? And I think you'll be quite surprised that there's quite a few attacks against you. And so definitely recommend checking these out >> Great resources netscout.com/horizon, netscout.com/threatreport. I do want to ask you one final question. That's in terms of timing. We saw the massive acceleration in digital transformation last year. We've already talked about this a number of times on this program. The dependence that businesses and consumers, like globally in every industry, in every country, have on streaming on communications right now. In terms of timing, though, for an organization to go from being aware to understanding what adversaries are doing, to being prepared, how quickly can an organization get up to speed and help themselves start reducing their risks? >> So I think that with DDoS, as opposed to things like ransomware, the ramp up time for that is much, much faster. There is a finite period of time with DDoS attacks that is actually going to impact you. And so maybe you're a smaller organization and you get DDoS attacked. There's a, probably a pretty high chance that that DDoS attack isn't going to last for multiple days. So maybe it's like an hour, maybe it's two hours, and then you recover. Your network resources are available again. That's not the same for something like ransomware. You get hit with ransomware, unless you pay or you have backups, you have to do the rigorous process of getting all your stuff back online. DDoS is more about as soon as the attack stops, the saturation goes away and you can start to get back online again. So it might not be as like immediate critical that you have to have something but there's also solutions, like a cloud solution, where it's as simple as signing up for the service and having your traffic redirected to their scrubbing center, their detection center. And then you may not have to do anything on-prem yourself, right? It's a matter of going out to an organization, finding a good contract, and then signing up, signing on the dotted line. And so I think that the ramp up time for mitigation services and DDoS protection can be a lot faster than many other security platforms and solutions. >> That's good to know cause with the up and to the right trend that you already said, the first quarter is usually slow. It's obviously not that way as what you've seen in 2021. And we can only expect what way, when we talk to you next year, that the up and to the right trend may continue. So hopefully organizations take advantage of these resources, Richard, that you talked about to be prepared to mediate and protect their you know, their customers, their employees, et cetera. Richard, we thank you for stopping by theCube. Talking to us about the sixth NetScout Threat Intelligence Report. Really interesting information. >> Absolutely; definitely a pleasure to have me here. Lisa, anytime you guys want to do it again, you know where I live? >> Yes. It's one of my favorite topics that you got and I got to point out the last thing, your Guardians of the Galaxy background, one of my favorite movies and it should be noted that on the NetScout website they are considered the Guardians of the Connected World. I just thought that connection was, as Richard told me before we went live, not planned, but I thought that was a great coincidence. Again, Richard, it's been a pleasure talking to you. Thank you for your time. >> Thank you so much. >> Richard Hummel, I'm Lisa Martin. You're watching this Cube conversation. (relaxing music)

(upbeat music) >> 2020 was the most unpredictable year of our lives, a forced shutdown of global economies left everyone have the conclusion that the tech industry spending would decline and of course it did, but you'd hardly know it if you watch the stock market and the momentum of several well-positioned companies. Those firms that had products and services that catered to the pivot to work from home, SAS based solutions were focused on business resiliency and cloud saw huge growth. The forced match to digital turned a buzzword into reality overnight, where if you weren't a digital business, you were out of business. And one of the companies participating in that growth trend was Veeam. Veeam virtual is scheduled to take place on May 25th and 26th. And it's one of our favorite physical events and the Cube will be there again as a virtual participant. One of our traditions prior to VeeamON has always been to bring in an executive into the Cube and talk not only about what to expect at the show, but what's happening in the market. And with me is many times Cube alum Danny Allan is the chief technology officer at Veeam. Danny welcome is always great to see you. >> I am delighted to be here again. Disappointed it's virtual, but excited to talk with you. >> Yeah, me too. You know, it's coming. It's getting jabbed but you know, you look at the surprises here. I mean, look at the chip shortage, you know everybody thought, Oh, well stop ordering chips. I mean furniture, et cetera, cars. And it's just kind of crazy. What was your expectation going into the pandemic and what did you actually see looking back? >> Well, it's funny, you never know what's going to happen. And for the first few weeks I would say there's a lot of disruption because all of a sudden you have people who've been going into an office for a long time, working from home and you know, from an R&D perspective at Veeam those people weren't used to working from home. So there's a lot of uncertainty I'll say for the first three or four weeks but what very quickly picked up was the opportunity. I'll say to focus more specifically on delivering things for our customers. And one of the things obviously that just exploded was use of digital technologies like Slack and Microsoft teams. And as you say, Veeam was well positioned to help customers as they move towards this new normal, as they say. >> So what were some of the growth vectors that you guys saw specifically that were helping your customers going to get get through this time? >> Yeah well, people always associate Veeam with knowing data protection for the virtual environment but two things really stood out last year as our emerging markets. One was Office365, and I think that's due to the uptake of Microsoft teams. I mean, if you look at the Microsoft results, you can see that people are doing SaaS. And we were very well positioned to take advantage of that. Help customers move towards collaborating online. So that was a huge growth vector for us. And the second one was cloud. We had more data moving to cloud than ever before in Veeam history. And that continues on into 2021. >> You guys, well, yeah, let's talk more about that set SAS piece of your business. You were very early on in terms of SAS data protection. You kind of had to educate the market. People are like, well, why do I need to back up my SAS doesn't the cloud provider do that? And then you sort of you had to educate, so it was you were early and but it's really paid off. Maybe talk about how that trend has benefited some of your customers. >> Yeah. So if you go back four years, we didn't even have data protection for Office365. And over the last four years, we've emerged into the market leader the largest in protection for Office365. And as you say, it was about education. Early on people knew that they needed to protect exchange when they ran it on premises. And when they first went to the cloud there was this expectation of, Hey Microsoft or my provider will do that for me. And very quickly they realized that's not the case and there's still the same threats. It might not be hardware failure, but certainly misconfiguration or deleted items or ransomware in 2021, sorry, 2020 was massive. And so we do data protection for Exchange, for SharePoint online, for one drive, and most recently for Microsoft teams. And so that data protection obviously helps organizations as they adopt Office365 and SaaS technologies. >> I sent him my last breaking analysis. When you look at the ETR data, Veeam has been really steady. You know, some competitors spike up and come down, others, you know, maybe aren't doing so well or the larger established players don't have as much momentum. It just seems like Veeam even though you cross the billion dollar revenue mark, you've been able to keep that spending momentum up. And I think it's, I would observe it's a function of your ability to identify that the waves and ride those waves and anticipate them. We just talked about SAS, talked about virtualization. You were there cloud, we'll talk about that more as well, plus your execution. It seems like since the acquisition by insight you guys have continued to execute. I wonder if you could help the audience understand how do you think about the phases that Veeam has gone through in its ascendancy and where you're headed? >> Yeah. And so I look at it as three things, it's having the right product, but it's not just enough to have the right product, the right product it's the right timing and it's the right execution. So if you think about where Veeam started, it was all in data protection for vSphere, for the hypervisor. And that was right at the time when VMware was taking off and the modernized data center was being virtualized. And so that helped us grow, I'll say into a $600 million company, but then about four years ago, we see the ascendancy of SaaS and specifically Office365. And so, you know, we weren't first to market but I would argue the timing with the best product, with the right execution has turned that into a massive a very significant contribution to our bottom line. And then actually the third wave through 2020 is the adoption of cloud. We moved last year, 242 petabytes into cloud storage and already in the first quarter of 2021, we've moved to 100 petabytes. So there's this massive adoption or migration of data into the cloud. And Veeam has been positioned with the right product, at the right time, with the right execution, to take advantage of that. >> So I wonder if you could help us quantify that IDC data you know, the IDC did a good job quantifying the market. Maybe you could share with us sort of your position there, maybe some of the growth that we're seeing. Can you add some color to that? >> Yeah. We have some very exciting results from the recent IDC report. So in the second half of 2020, we saw 17.9% year over year growth in our revenue. That was actually triple the closest competitor. And our sequential growth was over 21%. So massive growth and all of that is in the second half of the year, 563 million in revenue. So over a billion dollar company. So these aren't just, you know, 20% growth on small numbers. This is on a very significant number. And we see that continuing forward, we'll be announcing some things I'm sure at VMR coming up in a few weeks here, but that trend continues. And again, it's the right product, right time, with the right execution. >> Cloud continues to roll on. You're seeing, you know, solid weather. If you add them all up the big four 30 plus percent growth you're seeing Azure, even higher growth. You know, AWS is huge, Google growing, Google cloud, probably in the 60 to 70% range. So cloud still hot, it's kind of gone mainstream but there's still feels like there's a long way to go there. What's happening in cloud? You guys, again, leaning in, riding that wave. What can you tell us? >> We are leaning in, you're going to see some things coming up at Veeam related to that. But two things I would say, one is we're in the marketplace of all three of the major hyperscalers. So there's a Veeam backup for AWS, Veeam backup for Azure, and a Veeam backup for GCP. And not only is there products that are purpose-built for those clouds in the marketplace, all three of them have integrations to the core Veeam platform. And so this isn't just standalone products while it is in the marketplace, it's integrated into the full strategy around modern data protection for the organizations. And so I am thrilled about some of the things that we're going to be showing in there but we're leaning in very closely with those. We think we're in early days, like I say maybe first, second year, and it will be the next decade as they truly emerge into their dominant position. But even more than cloud if you asked me what I get excited about looking forward certainly cloud adoption is massive, but Kubernetes, that's what's enabling some of the models of both on-prem and cloud hosted. And we're clearly doing some things there as well. >> So I'm glad you brought that up because I think the first time I ever sort of stumbled into a company that was actually doing data protection for containers was out of a VeeamON event. It was one of your exhibitors. And I was like, Hmm, that's an interesting name. And yeah, of course he ended up buying the company. But so, you know, it's funny, right? Because containers have been around forever. And then when you started to see Kubernetes come to for, containers are really ephemeral they really didn't, you know, they weren't persistent but they didn't have state, but that's changing. I wonder if you could give us your perspective as to how you're thinking about that whole space. >> I truly believe that the third big wave of technology transformation, the first was around physical systems and mainframes and things. And then we went into the virtualized era. I think that the third world is not the cloud. I actually think it is containers. Now why containers? Because as you mentioned, Dave, they're a femoral, they're designed for the world of consumption. Everything else is designed for you, install it. And then you build to the high watermark. The whole thing about containers is that they're a femoral and they're built for the consumption model. The other thing about containers is that they're highly portable. So you can run it on premises with OpenShift but then you can move it to GKE or HKS or EKS or any of the big cloud platforms. So it definitely aligns with organization's desire to modernize and to choose the infrastructure of best choice. Now, at the same time, the reason why they haven't taken off I would argue as quickly as they could have is because they've been really complex, in early days the complexity of containers was very difficult, but the model, the platform or ecosystem is evolving, they are becoming more simple. And what is happening is IT operations teams are now considering the developer, their customer and they're building self-service models for the developers to be more productive. So I think of this as platform apps and certainly backup and security is a part of this but it is moving and we're seeing traction actually faster than it would have predicted in early 2020. >> Yeah. We've been putting forth this vision of a layer that abstracts the complexity of the underlying clouds whether it's on prem, across clouds, eventually the edge and containers are linchpin to enabling that. Let's talk about VeeamON 2021. Show us a little leg, give us a preview. >> So we always come with the excitement and we always come with showing a sneak peek of what's to come. So certainly we're going to celebrate some of the big successes. We brought version 11 to market earlier this year that had security capabilities around ransomware type, continuous data protection it at a whole lot of things. So we're going to celebrate some of the products have already recently launched but we're also going to give a sneak peek of what's coming over 2021. Now, if you ask me what that is, we talk an awful lot about cloud. So you should expect to see things around Veeam backup for AWS and Azure and GCP. You should expect to see things around our Kubernetes data protection with our casting Cape 10 product, you should expect to see evolution of capabilities with our SaaS data protection with Office365. So we're going to give a sneak peek of lots of things to come. And as always, we bring lots of innovation to the market. It's not just another checkbox theme has always said, how can we do it differently? How can we do a better? And then we're going to show that to our customers at VeeamON. >> Well, we're always super excited to participate in the Veeam community. We've always had a lot of fun. They're great events. Yes, it's virtual, but you guys always have an interesting spin on things and make it fun. It's May 25th and 26th. It starts at 9:00 AM Eastern time. You go to Veeam V-E-E-A-M.com and sign up, make sure you do that and check out all the content. The Cube of course will be there. I will be interviewing executives, customers, partners. There's tons of content for practitioners. And, you know, as always you guys got the great demos and always a few surprises. So Danny, really looking forward to that and really appreciate your time and the Cube today. >> Thank you, Dave. >> All right. And thank you for watching. This is Dave Vellante for the Cube. Again, May 25th and 26th 9:00 AM. Eastern time, go to veeam.com and sign up. We'll see you there. (upbeat music)

>>from around the globe. It's the Cube with digital coverage of AWS reinvent 2020 sponsored by Intel, AWS and our community partners. Welcome to the Virtual Cube and our coverage of aws reinvent 2020. I'm Lisa Martin. I'm joined by Ali Siddiqui, the chief product officer of BMC Software. We're gonna be talking about what BMC and A W s are doing together. Ali, it's great to have you on the Cube. Thank >>you, Lisa. Get great to be here and be part off AWS treatment. Exciting times. >>They are exciting times. That is true. No, never a dull moment these days, right? So all he talked to me a little bit. About what? A w what BMC is doing with AWS. Let's dig into what you're doing there on the technology front and unpack the benefits that you're delivering to customers. Great >>questions, Lisa. So at BMC, we really have a close partnership with AWS. It's really about BMC. Placido Blue s better together for our customers. That's what it's really about. We have a global presence, probably the largest, uh, off any window out there in this in our industry with 15 data centers, AWS data centers around the globe. We just announced five more in South Africa. Brazil Latin Um, a P J. A couple of them amia across the globe. Really? The presence is very strong with these, uh, data centers because that lets us offered local presence, Take care of GDP are and we have great certification. That is Aw, sock to fedramp. I'll four Haifa dram. We even got hip certifications as well as a dedicated Canada certifications for our customers. Thanks to our partnership, close partnership with the WS and on all these datas into the cross. In addition, for our customers, really visibility into aws seamless capability toe do multi cloud management is key and with a recent partnership with AWS around specifically AWS >>s >>S m, which gives customers cream multi cloud capabilities around multi cloud management, total visibility seamlessly in AWS and all their services whether it's easy toe s s s three sage maker, whatever services they have, we let them discover on syphilis. Lee give them visibility into that. >>That 360 degree visibility is really key to understand the dependencies right between the software in the services and help customers to optimize their investments in a W s assume correct. >>Exactly. With the AWS s s m and r E I service management integration. We really give deep visibility on the dependency, how they're being used, what services are being impacted and and really, AWS s system is a key, unique technology which we've integrated with them very, very happy with the results are customers are getting from it. >>Can you share some of those results? Operational efficiencies, Cost savings? Yeah, >>Yeah, least another great question. So when I look at the general picture off E I service management in the eye ops, which we run with AWS across all these global dinner senses and specifically with AWS S S M people are able to do customers. And this is like the talkto hyper scale, as we're talking about, as well as large telcos like Ericsson and and some of the leading, uh, industry retail Or or, you know, other customers we have They're getting great value because they're able to do service modeling, automatically use ascend to get true deep visibility seamlessly to do service discovery with for for for all the assets that they run or using our S service management in the eye ops capabilities. It really is the neck shin and it's disrupting the service idea Some traditional service management industry with what we offering now with the service management, AWS s, S M and other AWS Cloud needed capabilities such as sage Maker and AWS, Lex and connect that we leverage in our AI service management ai absolution. We recently announced that as a >>single >>unified platform which allows our customers to go on BMC customers and joined with AWS customers to go on this autonomous digital enterprise journey Uh, this announcement was done by our CEO of BMC. I'm in Say it in BMC Exchange recently, where we basically launched a single lady foundation, a single platform for observe ability, engagement with automation >>for the autonomous digital enterprise. I presume I'd like to understand to, from your perspective, this disruption that you're enabling. How is it helping your customers not just survive this viral disruption that we're all living with but be able thio, get the disability into their software and services, really maximize and optimize their cloud investments so that their business can operate well during these unprecedented times, meet their customer demands, exceed them and meet their customers. Where? There. How is this like an accelerator of that >>great question, Lisa. So when we say autonomous digital enterprise, this is the journey All our customers they're taking on its focus on three trips, agility, customer center, city and action ability. So if you think about our solutions with AWS, really, it's s of its management. AI ops enables these enterprises to go on this autonomous digital enterprise journey where they can offer great engagement to the employees. All CEOs really care about employee engagement. Happy employees make for more revenue for for those enterprises, as well as offer great customer experience for the customers. Uh, using our AI service management and AI ops combined. 80 found in this single platform, which we are calling 80 foundation. >>Yeah, go ahead. Sorry. >>No, go ahead, please. >>I was going to say I always look at the employee experience, and the customer experience is absolutely inextricably linked with the employee experience is hampered. That's bride default. Almost going to impact the customer experience. And right now, I don't know if it's even possible to say both the employee experience and the customer experience are even mawr essential to really get right because now we've got this. You know this big scatter That happened a few months ago with some companies that were completely 100% on site to remote being able, needing to give their employees access to the tools to do their jobs properly so that they can deliver products and services and solutions that customers need. So I always see those two employees. Customer experience is just inextricably linked. >>Absolutely. That's correct, especially in this time, even if the new pandemic these epidemics time, uh, the chief human resource offers. The CEOs are really thick focused on keeping the employees engaged and retaining top talent. And that's where our yes service management any other solution helps them really do. Use our digital assistance chat boards, which are powered by a W X and Lex and AWS connect and and and our integration with, uh, helix control them, which is another service we launched on AWS Helix Control them, which is our South version off a leading SAS product automation product out there, a swell as RP integrations we bring to the table, which really allows them toe take employing, give management to the next level And that's top of mind for all CEOs and being driven by line of business like chief human resource officers. Such >>a great point. Are you? Are you finding that mawr of your conversations with customers are at that sea level as they look to things like AI ops to help find you in their business that it's really that that sea level not concerned but priority to ensure that we're doing everything we can within our infrastructure, wherever where our software and services are to really ensure that we're delivering and exceeding customer expectations? That a very tumultuous time? >>Yes, What we're finding is, uh, really at the CEO level CEO level the sea level. It's about machine learning ai adopting that more than the enterprise and specifically in our capabilities when I say ai ops. So those are around root cause predictive I t. And even using ai NLP for self service for self service is a big part, and we offer key capabilities. We just did an acquisition come around, which lets them do knowledge management self service. So these are specific capabilities, predictability, ai ops and knowledge management. Self service that we offer that really is resonating very well with CEOs who are looking to transform their I T systems and in I t ops and align it with business is much better and really do innovation in this area. So that's what's happening, and it's great to see that we will do that. Exact capabilities that come with R E Foundation. The unified platform forms of ability and lets customers go on this autonomous digital enterprise journey without keeping capabilities. >>Do you see this facilitating the autonomous digital enterprise as as a way to separate the winners and losers of tomorrow as so much of the world has changed and some amount of this is going to be permanent, imagine that's got to be a competitive advantage to customers in any industry. >>We believe enterprises that have the growth mindset and and want to go into the next generation, and that's most of them. Toe, to be honest, are really looking at the ready autonomous digital price framework that we offer and work with our customers on the way to grow revenue to get more customer centric, increase employee engagement. That's what we see happening in the industry, and that's where our capabilities with 80 Foundation as well as Helix. Whether it's Felix Air Service management, he likes a Iot or now recently launched Helix Control them really enable them toe keep their existing, uh, you know, tools as well as keep their existing investments and move the ICTY ops towards the next generation off tooling and as well as increase employee engagement with our leading industry leading digital assistant chat board and and SMS management solution that that's what we see. And that's the journey we're taking with most of our customers and really, the ones with the growth mindset are really being distinguished as the front runs >>talk to me about some validation from the customer's perspective, the industry's perspective. What are you guys hearing about? What you're doing s BMC and with a w s >>so validation from customer that I just talked about great validation. As I said, talk to off the hyper skills users for proactive problem management. Proactive incident management ai ops a same time independent validation from Gardner we are back wear seven years and I don't know in a row So seven years the longest street in Gartner MQ for I t s m and we are a leader in that for seven years the longest run so far by any vendor. We are scoring the top in the top number one position in 12 of the 15 critical capabilities. As you know, Gardner, I d s m eyes really about the critical capability that where most customers look. So that's a big independent validation. Where we score 12 off the way were number one in 12 of the 15 capability. So that was the awesome validation from Gardner and I. D. S M. We also recently E Mei Enterprise Management Associates published a new report on AI Ops and BMT scored the top spot on the charts with Business impact and business alignment. Use cases categories for AI ops. So think about what that means. It's really about your business, right? So So we being the top of the chart for business impact and business alignment for ai ops radar report from Enterprise Management associated with a create independent validation that we can point toe off our solutions and what it is, really, because we partner very closely with our customers. We also got a couple of more awards than we want a lot more, but just to mention two more I break breakthrough, which is a nursery leading third party sources out there for chat boards and e i base chat board solution lamed BMC Helix Chat Board as the best chat board solution out there. Uh, SAS awards another industry analysts from independent from which really, uh really shows the how we're getting third parties and independents to talk about our solutions named BMC SAS per ticket and event management, which is really a proactive problem and proactive incident solution Revolution system as as the best solution out there for ticketing and event management. >>So a lot of accolades. A. Yes. It sounds like a lot of alcohol. A lot of validation. How do customers get How do you get started? So customers looking to come to BMC to really understand get that 3 60 degree visibility. How did they get started? >>Uh, well, they can start with our BMC Discovery, which integrates very tightly with AWS s s M toe. Basically get the full visibility off assets from network to storage toe aws services. Whether there s three. Uh, easy to, uh doesn't matter what services they did. A Kafka service they're using whatever. So the hundreds of services they're using weaken seamlessly do that. So that's one way to do that. Just start with BMC Helix Discovery. Thea Other one is with BMC Knowledge Management on BMC Self Service. That's a quick win for most of our customers. I ai service management, tooling That's the Third Way and I I, off stooling with BMC, Helix Monitor and AI ops that we offer pretty much the best in the industry in those that customers can start So the many areas, and now with BMC, control them. If they want to start with automation, that's a great way to start with BMC control them, which is our SAS solution off industry leading automation product called Controlling. >>And so, for just last question from a go to market perspective, it sounds like direct through BMC Channel partners. What about through a. W. S? >>Yes, absolutely. I mean again, we it's all about BMC and AWS better together we offer cloud native AWS services for our solutions, use them heavily, and I just mentioned whether that S S M or chat boards or any of the above or sage maker for machine learning I and customers can contact the local AWS Rep toe to start learning about BMC and AWS. Better together. >>Excellent. Well, Ali, thank you for coming on the program, talking to us about what BMC is doing to help your customers become that autonomous digital enterprise that we think up tomorrow. They're going to need to be to have that competitive edge. I've enjoyed talking to you >>same year. Thank you so much, Lisa. Really. It's about our customers and partnering with AWS. So very proud of Thank you so much. >>Excellent for Ali Siddiqui. I'm Lisa Martin and you're watching the Cube.

>> Announcer: From around the globe, it's theCUBE with digital coverage of AWS reInvent 2020 sponsored by Intel, AWS and our community partners. >> Hi, and welcome to theCUBE virtual and our coverage of AWS reInvent 2020. I'm your host Rebecca Knight. Joining me is Sachin Dhoot, he is the vice president for data and platform engineering at Ellie Mae. Thank you so much for coming on theCUBE, Sachin. >> Nice to be here. >> So we are talking today about Ellie Mae's journey towards data monetization. Before we begin though, I want you to give our viewers a little bit, tell our viewers a little bit about yourself and your role at Ellie Mae. >> Sure. So I'm the vice president for data and platform engineering at Ellie Mae. A little bit about Ellie Mae before I talk about myself. So Ellie Mae, which is now part of ICE Mortgage Technology, a division of Intercontinental exchange is the leading cloud based loan origination platform for the mortgage industry. Our technology solutions actually enable lenders to originate more loans, lower origination cost and reduce the time to close. Or when ensuring the highest degree of compliance quality and efficiency. Our mission as we call it here internally is to automate everything 'automatable' for the residential mortgage industry. So that's what we do here. And we take great pride in doing that. >> Everything automatable, I love it. >> Yes. And if you have gone through the mortgage process, you'll see the number of papers you have to sign. And so we are on the journey to automate as much as possible in this. So as part of this, my charter here so I'm the vice president of data and platform engineering. Like I said, I lead and I'm responsible for all AWS based platform and data solutions including our highly secure, scalable data platform and the global, literally. Just to give you a magnitude of how much data we are talking about; so currently Ellie Mae in its platform stores data of nearly 50% of all US for mortgages. So that's the scale which we are talking about and I'm responsible for having the AWS based data platform to support that. >> So in terms of the data monetization journey like most innovations, it starts with a problem. What was the problem that you were trying to solve here? >> Yes, that's a great question. So earlier in our initial design what used to happen is the customers had access to their loan origination system and data in it. And the way they had access to the data was writing some customer SDK applications to actually export our data from their production systems. So this had its own share of challenges. Like for example, if I wrote some inefficient queries to export out the data, since they were acting on the same production database it used to slow down their loan origination system. Plus they did not get access to all of their data. And we had heard it loud and clear from our customers that not only did they need access to the data, but they also wanted us to manage their data. They did not want to get into managing the database or schema changes and all of that. Plus we also had such a rich industry data set. We are talking about 50% of all US home mortgages. So they were also very interested in using that data to get actionable insights about the industry, about their competitive advantages and develop some innovative services on top of it. So those were the challenges which we were trying to solve. >> So what was the original architecture like you're describing what sounds like a very poor experience for Ellie Mae and the lenders themselves. It sounds clunky and cumbersome. And then also leaving a lot on the table because as you said, it was a rich dataset. What was the original architecture? >> So the original architecture was not a cloud-based architecture. We were in our own private data center and every customer had their own database to work with. So, and it wasn't great architecture at that time when the technologies had not evolved. And we had a highly successful product as a result of that but when it came to data it was not a very good experience for them. So why did their loan origination system was working great? The access to the data was not to the extent what we wanted. >> So using best-in-class technologies from AWS tell us a little bit about the new product. >> Yes. So, our journey really started when we heard all of the customer's feedback and the requirements. Then we basically went back to the drawing board. We said, yes, we have a highly successful encompass product in the market, but we also want to solve this problem without affecting their experience with the loan origination system. So that was the challenge which we had taken internally. So what we did was we evaluated quite a bit of cloud providers and technology stacks and the parameters which we had put in that time because of the scale of data was, we needed unlimited scalability and reliability of any provider. We needed a secure data storage including the personally identifiable information protection. So as you can imagine, we deal with loan mortgages, I mean the mortgage and we pretty much have so much of PII data as we call it. Security is on the forefront for us. So we needed a cloud provider which could match up with that expectation. We needed.. >> AWS, was it? >> AWS was definitely it and there were some other parameters which also we were able to check because of that highly scalable and performance data Lake. We needed a big data Lake for this, storage compute separation. We also needed ability to seamlessly import data from any applications internal or external, right? And AWS absolutely gave us all of this. And we did evaluate a lot of cloud vendors and AWS came up on the top. So AWS along with persistent technologies actually helped us with this evaluation and the development of the data platform. >> So tell our viewers a little bit now about data connect and what it is for lenders now. >> Yeah. So what we did was as any cloud technology, we first developed a common platform and then we started building data connect solutions on top of it, right? So we created solutions based on the customer's needs. So one solution which we have is what we call as the data connects future products. In this, they can replicate, customers can replicate their data from the cloud, from their private data Lake into their warehouse, or they can access reports and run analytical queries directly on our warehouse which is again in the cloud. So all the solutions that are available depending on the customer's needs but that is all separate from the loan origination system. So we made sure that we are not impacting that existing business while creating this new solutions in the market. And all of these were built on AWS. >> But you also took things a step further and explored what was possible if you aggregated data from all lenders the resulting being insights. Tell our viewers a little bit about insights and what it allows. >> Absolutely. So that was a very cool product which we came up with. So again, because of the rich data set, which we have, right? We are in the position right now to aggregate the data and come up with actionable insights on top of the data. And so we call this product insights. This is our latest offering from Ellie Mae, again based off AWS and the data platform. So this product gives us information about the industry dreams on how the mortgage industry is going in US. It gives the lenders the ability to compare themselves with their peers and with the industry. So they can actually benchmark themselves and decide whether they are doing great, not great, what do they have to change? And this is all in near real time. So this is not like a month old data and all that. So that's the beauty of this product. >> And what are you hearing from customers? Because as you said, that real-time benchmarking and understanding how they're doing relative to their rivals is a game changer. It is and customers are super excited about it. We just launched this few months back and we are seeing amazing adoption for this product. In fact, just not the adoption side of things, we are also seeing so many new use cases and requirements coming from the customer now that they understand we have such a massive data and this data can scale and it's not impacted their business. They just want to add more and more things to it so that it can solve their problem. So it gives a unique opportunity for us where we can monetize more but we can also help solve lenders problems. >> Right. Helping them solve the challenges that they're facing. Talk a little bit more about the primary benefits of the solution, the unlimited scalability, the fact that it's fully managed, the storage compute separation. Tell our viewers a little bit more about the benefits. So the benefits about the solutions are, the customers or lenders don't have to worry about how it is managed. It is all taken care of. They just how to access it when they need it. It is available on demand. It is available 24/7. In this time, this year has been especially very busy for us where the interest rates have dropped and the loan volume and the loan applications have just gone through the roof. But I'm very proud to say that Ellie Mae stack or, all of the data solutions, and in fact, all of our other products, they are able to scale and they have been able to scale to the record volume this year, all because of how we have designed it using the AWS technology stack. So the customers really benefit. They just need to focus on their business. They don't have to worry about underlying infrastructure or how things are going to scale if their volume is going to go up or not or is there any security issues of that? We take care of all of those things and this is all a self provision just web based access for some of our products. So they don't even have to do a lot of customization to get hold of these products. >> So I want to ask what's next for you. You just referenced the fact that Ellie Mae's incredibly busy with record mortgage applications, of course, companies and people around the globe are still grappling with the COVID-19 pandemic. What are some of the big trends you're seeing and what's next for Ellie Mae in the coming coming year? >> We have a exciting and a very rich roadmap coming up. So as I started this interview, I said, Ellie Mae is now part of ICE mortgage technology, which is a Intercontinental exchange division. So as part of this transition, which happened recently, we also have under our umbrella, two companies called MERS and Simplifile, which actually touch so if you take MERS as an example, it touches close to 80% of US loans for home mortgages. So we have such a unique opportunity now to not only expand our data set, make it more rich, and then come up with more additional use cases which are going to help solve customer's problem and also make them competitive in the market. So we have a lot of good opportunity related to data and I feel a lot confident because of the data platform and the technology stack we to use. We will be able to handle all of those things. >> Sachin, tell our viewers a little bit about the partners that are helping you on this data monetization journey. >> So AWS definitely helped us in the initial parts in evaluating the design and the solution architects came in and worked with us. But along with that, I would definitely want to mention Persistent Technologies. They came up with a lot of good design suggestions on how we should develop the data platform and the solutions on top of it. Those insights product, which I talked about is done along with their help. So I'm very happy with the partnership I have with the Persistent Technologies and AWS. >> Excellent, well, Sachin Dhoot, thank you so much for coming on theCUBE. I really appreciate talking to you >> Same here, nice talking to you. >> Stay tuned for more of theCUBE virtual coverage at AWS reInvent. (upbeat music)

>>Yeah, yeah, >>Hello. We're back with Today's the last session in the creating engaging analytics experiences for all track breaking down data silos. A conversation with Snowflake on Western Union Earlier today, we did a few deep dives into the thought spot product with sessions on thoughts about one. Thoughts were everywhere on spot. Take you to close out this track. We're joined by industry leading experts Christian Kleinerman s VP of product at Snowflake and Tom Matzzie, Pharaoh, chief data officer at Western Union, for a thought provoking conversation on data transformation on how to avoid the pitfalls of traditional analytics. They'll be discussing in key challenges faced by organizations, why user engagement matters and looking towards the future of the industry. No Joining Thomas and Christian in conversation is Angela Cooper, vice president of customer success at Thought spot. Thank you all for being here today. We're so excited for what is what this conversation has in store. Handing it over now to Christian to kick things off. >>Hi. So, a few years ago, when when someone asked about Snowflake, the most common answer, it was like, what is snowflake and what do you do? Hopefully in the last couple off months, things have changed and and here I am showing a couple of momentum data points on, uh, where we have accomplished here it Snowflake. So we we have received Ah, a lot of attention and buzz. Recently, we were listed in the New York Stock Exchange And we even though we still think of ourselves as a small start up company, we have crossed the 2000 employees mark. More important, we count with 3 3000 plus amazing customers. And something that we obsess about is the a satisfaction of our customers. We really are working hard. The laboring technology that having a platform for better decisions, better analytics and then the promoters course off 71 depicted here is a testament of that. And last, but certainly not least about snowflake. It's very important that we know that we succeed with our partners. We know that we don't go to market by ourselves. We actually have Ah, fantastic set of partners and of course, thoughts. But it is one of our most important partners. >>Good morning. Good afternoon. Eso Amman Thomas affair on the chief kid officer here at Western Union. It's gonna be a background of a Western union and what we, uh, what we do and how we service our customers. So today we are in over 200 countries and territories worldwide. We have a 550,000 retail Asian network to service all of our customers, uh, needs from what he transfer and picking up in a depositing cash. We also have our digital transformation underway, where we now have educate abilities up and running and over 35 countries with paled options to accounts in over 120 countries. We think about our overall business and how support are over our customers and our services. It really has transformed over the past 12 months with Cove it and it's part of that We have to be able to really accelerate our transformation on a digital front to help to enable in the super those customers going forward. Eso as part of that, You know, a big, big help in a big supporter of that transformation has been snowflake and has been thought spot as part of that transformation. If you go the next to the next slide are our current, uh B I in our illegal tools right to date, uh, have been very useful up until the last one or two years. As data explodes and as as our customer needs transform and as our solutions and our time to act in our time to react in the overall market becomes faster and faster, we need to be able to basically look across our entire company, our entire organization and cross functionally to visit to leverage data leverage our insights to really basically pivot our overall business and our overall model to support our customers and our and to enable those services and products going forward. So as part of that, snowflakes been a huge part of that journey, right, allowing us to consolidate over our 30 plus data stores across the company on able to really leverage that overall data and insights to drive, uh, quick reaction right with the pivot, our business offered to enable new services and improve customer experiences going forward and then being able to use a snowflake and then being put the applications on top of that like thought spot, which allows, uh, users that are both technical and nontechnical to the go in and just, um, ask the question as if the searching on Google or Yahoo or being they can just ask any question they want and then get the results back in real time, made that business call and then really go forward through these is this larger ecosystem as a whole. It's really enabled us to really transform our business and supporter customers going forward. >>Wonderful. Thank you, Tom. Thank you, Christian, for the overview of both snowflake and Western Union. Both have big presence in Denver, which is where Tom and I are tonight. Um, I'm here. I'm the vice president of customer success for Thought spot, and I wanted to ask both of you some questions about the industry and specific things that you're facing within Western Union. So first I was hoping Christian that you could talk to me a little bit about Snowflake has thousands of customers at this point, servicing essentially located data sets. But what are you seeing? Has been the top challenges that businesses air facing and how it snowflake uniquely positioned to help. Yeah, >>so certainly the think the challenges air made. I would say that the macro challenge above everything is how to turn data into a competitive differentiator, their study after study that says companies that embrace data and insights and analytics they are outperforming their competitors. So that would be my macro challenge. Once you go into the next level, maybe I can think of three elements. The first one Tom already perfectly teed up the topic of of silence and the reality For most organizations, data is fragmented across different database systems. Even filed systems in some instances transactional databases, analytical data bases and what customers expect is to have, ah, unified experience like I am dealing with company extra company. Why? And I really don't care if behind the scenes there's 10 different teams or 100 different systems. I just want a unified experience. And the Congress is true. The opportunity to deliver personalized custom experiences is reliant on a single view of the day. The other topic that comes to mind this is the one of data governance, Um, as data becomes more important than a reorganization, understanding the constraints and security and privacy also become critical to not only advanced data capability but do it doing so responsibly and within the norms off regulation and the last one which is something court to tow our vision. We are pioneering the concept of the data cloud and the challenge that that we're addressing there is the problem around access to data, right. You can no longer as an organization think of making decisions just on your own data. But there's lots of data collaboration, data enrichment. Maybe I wanna put my data in context. And that's what we're trying to simplify and democratize access and simplify connecting to the data that improves decisions on all three fronts. Obviously, we're obsessed. That's no bling on on tearing down the silos on delivering a solution that is very focused on data governance. And for sure, the data cloud simplifies access to data. >>Wonderful. Now, I know we we really focused on those data silos is a business challenge. But Tom, going through your digital transformation journey are there specific challenges that you faced with Western Union That thought spot and snowflake have helped you overcome? >>Yeah. So? So first off fully agree what Christian just said, right? Those are absolutely, you know, problems that we faced. And we've had overcome, um, service, any company right being able to the transforming to modernize the cloud. Um, for us, one of the biggest things is being able to not just access our information, but have it in a way that it can be consumed, right? Have it in a way that it could be understood, right? Have it in a way that we can then drive business business decision points and and be able to use that information to either fix a problem that we see or better service our customers or offer a product that we're seeing right now is a miss in the marketplace to service in a underserved community or underserved, um, customer base. Also, from our standpoint, being able toe look, um um, uh and predict in forecast what's going to happen and be able to use that information and use our insights to then be proactive and thio in either, You know, be thoughtful about how do we shift our focus, or how do we then change our strategy to take advantage of that for that forecast in that position that we're seeing into the future? >>Wonderful. I've heard from many customers you could not have predicted what was going to happen to our businesses in the year 2020 with the traditional models and especially with what did you say? 30 plus different data silos. Being able to do that type of prediction across those systems must have been very, very difficult. You also mentioned going through a digital transformation at Western Union. So can you talk to me, Tom? A little bit about kind of present day? And why? Why is it important to enable your frontline knowledge workers with the right data at the right time with the right technology? >>Yeah, so? So you're spot on, by the way. But, uh, no one predicted that that we would have a pandemic that would literally consume the entire globe right And change how consumers, um uh, use and buy services and products, or how economies would either shut down or at the reopening shut down again. And then how different interests to be impacted by this? Right. So, uh, what we learned and what we were able to pivot was being able to do exactly what you just said, right. Being able to understand what's happening the date of the right time, right then being able to with the right technology with the right capabilities, understand? what's happening. I understand. Then what should our pivot be? And how should we then go focus on that pivot to go into go and transform? I think it's e. It's more than just just the front lines. Also, our executives. It's also are back office operations, right, because as you think through this, right as customers were having issues right, go into retail locations that were closed. It end of Q one Earlier, Q two. We obviously had a a large surplus right of phone calls coming into our call centers, asking for help, asking for How can we transact better? Where can we go? Right? How do we handle the operationally? Right? As we had a massive surge onto our digital platform where we were, we had 100% increase year over year in Q one and Q two. How do we make sure that our platform the technology can scale right and still provide the right S L A's and and and and the right, um uh, support to our internal customers as well as our extra customers in the future? Eso so really interesting, though, you know, on on on the front line side, our sales staff, right? And even our front line associates with our agent locations A to retail side, you know, for us, is really around. How do we best support them? So how do we partner with them to understand? You know, when a certain certain governments or certain, uh, regions were going toe lock down, how do we support them to keep them open, right. How do we make them a essential service going forward? How do we enable them? Right, the Wright systems or technology to do things a bit differently than they have in the past to adopt right with the changing times. But, you know, I'll tell you the amount of transformation in the basement we've done this year, I think you know, has a massive and actually on Lee, you know, created a larger wave for us to actually ride into the future as we can, to base to innovate, you know, in partnership with both thought spot and with the snowflake into the future. >>Absolutely. I've seen many, many a industry analyst reports talking about how companies now in 2020 have accelerated that digital transformation movement because of current day. In current time, Christian What are you seeing with the rest of the industry and other global companies about enabling data across the globe at the right time? >>Yeah, so I can't agree more with with with with what? Tom said. And he gave some very, um, compelling and very riel use cases where the timeliness of data and and and and and at the right time concept make a big difference. Right? They aske part of our data marketplace with snowflake with deliver, for example, um, up to date low ladies information on, uh, covert 19 data sets where we're infection spiking. And what were the trends? And the use case was very, very riel. Every single company was trying to make sense of the numbers. Uh, all machine learning models were sort of like, out of whack, because no trends and no patterns may make sense anymore. And it was They need to be able to join my data and my activity with this health data set and make decisions at the right time. Imagine if if the cycle to makes all these decisions waas Ah, monthlong. You would never catch up, right? And he speaks to tow a concept that it that is, um, dear, it wasa snowflake and is the lifetime value data right? The notion of ableto act on a piece of data on an event at the right time and obviously with the slow laden see it's possible, makes a big difference. And and there is no end of example. Stomach gives her all again very compelling ones. Um, there's many others, but if you're running a marketing campaign and would you want to know five minutes later that it's not working out, you're burning your daughters? Or would you want to know the next day? Or if someone is going to give you you have a subscription based business and you're going toe, for example, have a model that predicts the turn of your customer? How useful is if you find out Hey, your customer is gonna turn, but you found out two months later. Once probably you are really toe action and change the outcome. Eyes different and and and this order to manage that I'm talking about days or months are not uncommon. Many organizations today, and that's where the topic of right technology matters. Um, I love asking questions about Do you know, an organization and customers. Do you run data, transformations and ingests at two and three in the morning? And the most common answer is yes. And then you start asking why. And usually the answer is some flavor off technology made me do it and a big part of what we're trying to do, like what we're pioneering is. How about ingesting data, transforming data enriching data when the business needs it at the right time with the right timeliness? Not when the technology had cycles. So they were Scipio available, so the importance can't be overstated. There is value in in in analyzing understanding data on time, and we provide technology and platform to any of this. >>That's such a good point. Christian. We ended up on Lee doing processes and loading in the middle of the night because that's what the technology at that time would allow. You couldn't have the concurrency. You couldn't have, um, data happening all at the same time. And so wonderful point that stuff like enables. I think another piece that's interesting that you guys a hit on is that it's important to have the same user experiencing user interface at the right time. And so what I found talking to customers. And Tom what? You and I have discussed this. When you have 30 different data sets and you have a interface that's different, you have a legacy reports system. Maybe you have excel on top of another. You have thought spot on one. You have your dashboard of choice on another, those different sources in different ways. To view that data, it can all be so disjointed. And the combination of thought spot with snowflake and all the data in one place with a centralized, unified user experience just helps users take advantage off the insights that they need right at that right moment. So kind of finishing up for our last question for today I'm interested to hear about Christian will go back to you quickly about what do you see from snowflakes? Perspective is ahead. Future facing for data and analytics. >>One of the topics you just alluded toe Angela, which is the fact that many data sets are gonna be part of the processes by which we make decisions and that that's where were the experience with thoughts but a single unified search experience for a single unified. Um automatic insects, which is what's para que does That is the future, right? I I don't think that x many years from now on, and I think that that X is a small number. Organizations are going to say I had some business activity. I collected some data. I did some analysis and I have conclusions because it always has to be okay, put it in context or look at industry trends and look at other activity that can help him make more sense about my data. The example of tracking they covert are breaking is ah, timely one. But you can always say go on, put it in context with, I don't know, maybe the GDP of the country or the adoption of a platform and things like that. So I think that's ah big trend on having multiple data sets. Contributing towards better decisions towards better product experience is for better services. And, of course, Snowflake is trying to do its part, is doing its part with vision and simplify answers today and the answer on hot spot simplifying blending the interface so that would be super useful. The other big piece, of course, is, um, Predictive Analytics people Talk machine Learning and AI, which is a little bit to buzz worthy. But it is true that we have the technology to drive predictions and and do a better job of understanding behaviors off what's supposed to happen based on understanding the best and the last one. If if if I'm allowed one. Exco What's ahead for data industry, which sounds obvious, but But we're not all the way. There is both cloud the adoption and moving to the cloud as well as the topic of multi Cloud. Increasingly, I think we we finally shifted conversations from Should I go to the cloud or not? Now it's How fast do I do it? And increasingly what we hear is I may want to take the best of the different clouds and how doe I go in and and and embrace a multi cloud reality without having to learn 100 plus different services and nuances of services on on every car and this work technologies like snowflake and thoughts about that can can support a different multiple deployment are being well received by different customs, nerve fault, >>Tom industry trends, or one thing I know. Western Union is really leading in the digital transformation and in your space, What's next for Western Union? >>Yeah, so just add on Requip Thio Christian before I dive into a Western Union use case just to your point. Christian, I really see a convergence happening between how people today work or or manage their personal life, where the applications, the user experiences and the responses are at your fingertips. Easy to use don't need to learn different tools. It's just all there, right, whether you're an android user or an apple user rights, although your fingertips I ask you the same innovation and transmission happening now on the work side, where I see to your point right a convergence happening where not just that the technology teams but even the business teams. They wanna have that same feature, that same functionality, where all their insights their entire way to interact with the business with the business teams with their data with their systems with their products for their services are at their fingertips right where they can go and they can make a change on an iPad or an iPhone and instant effect. They can go change a rule. They could go and modify Uh uh, an algorithm. They can go and look at expanding their product base, and it's just there. It's instant now. This would take time, right? Because this is going to be a transformational journey right across many different industries, but it's part of that. I really see that type of instant gratification, uh, satisfaction, that type of being able to instantly get those insights. Be able thio to really, you know, do what you do on your personal life in your work life every single day. That trend is absolutely it's actually happening. And it's kind of like tag team that into what we're doing at Western Union is exactly that we are actually transforming how our business teams, uh, in our technology teams are able to interact with our customers, interact with our products, interact with our services, interact with our data and our systems instantly. Right? Perfect example that it's that spot where they could go on typing any question they want. And they instigate an answer like that that that was unheard of a year ago, at least for our business. Right being able to to to go and put in in a new rule and and have it flow through the rules engine and have an instant customer impact that's coming right. Being able to instantly change or configure a new product or service with new fee structure and launch in 15 minutes. That's coming, right? All these new transformations about how do we actually better, uh, leverage our capabilities, our products and our services to meet those customer demands instantly. That's where I see the industry going the next couple of years. >>Wonderful. Um, excited to have both of you on the panel this afternoon. So thank you so much for joining us, Christian and Tom as just a quick wrap up. I, you know, learned quite a bit about industry trends and the problems facing companies today. And from the macro view with snowflake and thousands of customers and thought spots, customers and Western Union. The underlying theme is data unity, right? No more fragmented silos, no more fragmented user experiences, but truly bringing everything together in a governed safe way for users. Toe have trust in the data to have trust in what to answer and what insight is being put in front of them. And all of this pulled together so that businesses can make those better decisions more informed and more personalized. Consumer like experiences for your customers in modern technology stacks. So again, thank you both today for joining us, and we look forward to many more conversations in the future. Thank you >>for having me very happy to be here. >>Thank you so much. >>Thanks. >>Thank you, Angela. And thank you, Tom and Christian for sharing your stories. It was really interesting to hear how the events of this year have prompted Western Union to accelerate their digital transformation with snowflake and thought spot and just reflecting on alot sessions in this track, I love seeing how we're making the search experience even easier and even more consumer like in that first session and then moving on to the second session with our customer Hayes. It was really impressive to see how quickly they'd embedded thought spot into their own MD audit product. And then, of course, we heard about Spot Ike, which is making it easier for everybody to get to the Y faster with automated insights. So I'm afraid that wraps up the sessions in this track. We've come to an end, But remember to join us for the exciting product roadmap session coming right up. And then after that, put your questions to the speakers that you've heard in Track two in I'll meet the Experts Roundtable, creating engaging analytics experiences for all. Now all that remains is for me to say thank you for joining us. We really appreciate you taking the time. I hope it's been interesting and valuable. And if it has, we'd love to pick up with you for a 1 to 1 conversation Bye for now.