>> From "theCube" Studios in Palo Alto in Boston bringing you data-driven insights from "theCube" and ETR. This is "Breaking Analysis" with Dave Vellante. >> As an independent pure play company, Palo Alto Networks has earned its status as the leader in security. You can measure this in a variety of ways. Revenue, market cap, execution, ethos, and most importantly, conversations with customers generally. In CISO specifically, who consistently affirm this position. The company's on track to double its revenues in fiscal year 23 relative to fiscal year 2020. Despite macro headwinds, which are likely to carry through next year, Palo Alto owes its position to a clarity of vision and strong execution on a TAM expansion strategy through acquisitions and integration into its cloud and SaaS offerings. Hello and welcome to this week's "Wikibon Cube Insights" powered by ETR and this breaking analysis and ahead of Palo Alto Ignite the company's user conference, we bring you the next chapter on top of the last week's cybersecurity update. We're going to dig into the ETR data on Palo Alto Networks as we promised and provide a glimpse of what we're going to look for at "Ignite" and posit what Palo Alto needs to do to stay on top of the hill. Now, the challenges for cybersecurity professionals. Dead simple to understand. Solving it, not so much. This is a taxonomic eye test, if you will, from Optiv. It's one of our favorite artifacts to make the point the cybersecurity landscape is a mosaic of stovepipes. Security professionals have to work with dozens of tools many legacy combined with shiny new toys to try and keep up with the relentless pace of innovation catalyzed by the incredibly capable well-funded and motivated adversaries. Cybersecurity is an anomalous market in that the leaders have low single digit market shares. Think about that. Cisco at one point held 60% market share in the networking business and it's still deep into the 40s. Oracle captures around 30% of database market revenue. EMC and storage at its peak had more than 30% of that market. Even Dell's PC market shares, you know, in the mid 20s or even over that from a revenue standpoint. So cybersecurity from a market share standpoint is even more fragmented perhaps than the software industry. Okay, you get the point. So despite its position as the number one player Palo Alto might have maybe three maybe 4% of the total market, depending on what you use as your denominator, but just a tiny slice. So how is it that we can sit here and declare Palo Alto as the undisputed leader? Well, we probably wouldn't go that far. They probably have quite a bit of competition. But this CISO from a recent ETR round table discussion with our friend Eric Bradley, summed up Palo Alto's allure. We thought pretty well. The question was why Palo Alto Networks? Here's the answer. Because of its completeness as a platform, its ability to integrate with its own products or they acquire, integrate then rebrand them as their own. We've looked at other vendors we just didn't think they were as mature and we already had implemented some of the Palo Alto tools like the firewalls and stuff and we thought why not go holistically with the vendor a single throat to choke, if you will, if stuff goes wrong. And I think that was probably the primary driver and familiarity with the tools and the resources that they provided. Now here's another stat from ETR's Eric Bradley. He gave us a glimpse of the January survey that's in the field now. The percent of IT buyers stating that they plan to consolidate redundant vendors, it went from 34% in the October survey and now stands at 44%. So we fo we feel this bodes well for consolidators like Palo Alto networks. And the same is true from Microsoft's kind of good enough approach. It should also be true for CrowdStrike although last quarter we saw softness reported on in their SMB market, whereas interestingly MongoDB actually saw consistent strength from its SMB and its self-serve. So that's something that we're watching very closely. Now, Palo Alto Networks has held up better than most of its peers in the stock market. So let's take a look at that real quick. This chart gives you a sense of how well. It's a one year comparison of Palo Alto with the bug ETF. That's the cyber basket that we like to compare often CrowdStrike, Zscaler, and Okta. Now remember Palo Alto, they didn't run up as much as CrowdStrike, ZS and Okta during the pandemic but you can see it's now down unquote only 9% for the year. Whereas the cyber basket ETF is off 27% roughly in line with the NASDAQ. We're not showing that CrowdStrike down 44%, Zscaler down 61% and Okta off a whopping 72% in the past 12 months. Now as we've indicated, Palo Alto is making a strong case for consolidating point tools and we think it will have a much harder time getting customers to switch off of big platforms like Cisco who's another leader in network security. But based on the fragmentation in the market there's plenty of room to grow in our view. We asked breaking analysis contributor Chip Simington for his take on the technicals of the stock and he said that despite Palo Alto's leadership position it doesn't seem to make much difference these days. It's all about interest rates. And even though this name has performed better than its peers, it looks like the stock wants to keep testing its 52 week lows, but he thinks Palo Alto got oversold during the last big selloff. And the fact that the company's free cash flow is so strong probably keeps it at the one 50 level or above maybe bouncing around there for a while. If it breaks through that under to the downside it's ne next test is at that low of around one 40 level. So thanks for that, Chip. Now having get that out of the way as we said on the previous chart Palo Alto has strong opinions, it's founder and CTO, Nir Zuk, is extremely clear on that point of view. So let's take a look at how Palo Alto got to where it is today and how we think you should think about his future. The company was founded around 18 years ago as a network security company focused on what they called NextGen firewalls. Now, what Palo Alto did was different. They didn't try to stuff a bunch of functionality inside of a hardware box. Rather they layered network security functions on top of its firewalls and delivered value as a service through software running at the time in its own cloud. So pretty obvious today, but forward thinking for the time and now they've moved to a more true cloud native platform and much more activity in the public cloud. In February, 2020, right before the pandemic we reported on the divergence in market values between Palo Alto and Fort Net and we cited some challenges that Palo Alto was happening having transitioning to a cloud native model. And at the time we said we were confident that Palo Alto would make it through the knot hole. And you could see from the previous chart that it has. So the company's architectural approach was to do the heavy lifting in the cloud. And this eliminates the need for customers to deploy sensors on prem or proxies on prem or sandboxes on prem sandboxes, you know for instance are vulnerable to overwhelming attacks. Think about it, if you're a sandbox is on prem you're not going to be updating that every day. No way. You're probably not going to updated even every week or every month. And if the capacity of your sandbox is let's say 20,000 files an hour you know a hacker's just going to turn up the volume, it'll overwhelm you. They'll send a hundred thousand emails attachments into your sandbox and they'll choke you out and then they'll have the run of the house while you're trying to recover. Now the cloud doesn't completely prevent that but what it does, it definitely increases the hacker's cost. So they're going to probably hit some easier targets and that's kind of the objective of security firms. You know, increase the denominator on the ROI. All right, the next thing that Palo Alto did is start acquiring aggressively, I think we counted 17 or 18 acquisitions to expand the TAM beyond network security into endpoint CASB, PaaS security, IaaS security, container security, serverless security, incident response, SD WAN, CICD pipeline security, attack service management, supply chain security. Just recently with the acquisition of Cider Security and Palo Alto by all accounts takes the time to integrate into its cloud and SaaS platform called Prisma. Unlike many acquisitive companies in the past EMC was a really good example where you ended up with a kind of a Franken portfolio. Now all this leads us to believe that Palo Alto wants to be the consolidator and is in a good position to do so. But beyond that, as multi-cloud becomes more prevalent and more of a strategy customers tell us they want a consistent experience across clouds. And is going to be the same by the way with IoT. So of the next wave here. Customers don't want another stove pipe. So we think Palo Alto is in a good position to build what we call the security super cloud that layer above the clouds that brings a common experience for devs and operational teams. So of course the obvious question is this, can Palo Alto networks continue on this path of acquire and integrate and still maintain best of breed status? Can it? Will it? Does it even have to? As Holger Mueller of Constellation Research and I talk about all the time integrated suites seem to always beat best of breed in the long run. We'll come back to that. Now, this next graphic that we're going to show you underscores this question about portfolio. Here's a picture and I don't expect you to digest it all but it's a screen grab of Palo Alto's product and solutions portfolios, network cloud, network security rather, cloud security, Sassy, CNAP, endpoint unit 42 which is their threat intelligence platform and every imaginable security service and solution for customers. Well, maybe not every, I'm sure there's more to come like supply chain with the recent Cider acquisition and maybe more IoT beyond ZingBox and earlier acquisition but we're sure there will be more in the future both organic and inorganic. Okay, let's bring in more of the ETR survey data. For those of you who don't know ETR, they are the number one enterprise data platform surveying thousands of end customers every quarter with additional drill down surveys and customer round tables just an awesome SaaS enabled platform. And here's a view that shows net score or spending momentum on the vertical axis in provision or presence within the ETR data set on the horizontal axis. You see that red dotted line at 40%. Anything at or over that indicates a highly elevated net score. And as you can see Palo Alto is right on that line just under. And I'll give you another glimpse it looks like Palo Alto despite the macro may even just edge up a bit in the next survey based on the glimpse that Eric gave us. Now those colored bars in the bottom right corner they show the breakdown of Palo Alto's net score and underscore the methodology that ETR uses. The lime green is new customer adoptions, that's 7%. The forest green at 38% represents the percent of customers that are spending 6% or more on Palo Alto solutions. The gray is at that 40 or 8% that's flat spending plus or minus 5%. The pinkish at 5% is spending is down on Palo Alto network products by 6% or worse. And the bright red at only 2% is churn or defections. Very low single digit numbers for Palo Alto, that's a real positive. What you do is you subtract the red from the green and you get a net score of 38% which is very good for a company of Palo Alto size. And we'll note this is based on just under 400 responses in the ETR survey that are Palo Alto customers out of around 1300 in the total survey. It's a really good representation of Palo Alto. And you can see the other leading companies like CrowdStrike, Okta, Zscaler, Forte, Cisco they loom large with similar aspirations. Well maybe not so much Okta. They don't necessarily rule want to rule the world. They want to rule identity and of course the ever ubiquitous Microsoft in the upper right. Now drilling deeper into the ETR data, let's look at how Palo Alto has progressed over the last three surveys in terms of market presence in the survey. This view of the data shows provision in the data going back to October, 2021, that's the gray bars. The blue is July 22 and the yellow is the latest survey from October, 2022. Remember, the January survey is currently in the field. Now the leftmost set of data there show size a company. The middle set of data shows the industry for a select number of industries in the right most shows, geographic region. Notice anything, yes, Palo Alto up across the board relative to both this past summer and last fall. So that's pretty impressive. Palo Alto network CEO, Nikesh Aurora, stressed on the last earnings call that the company is seeing somewhat elongated deal approvals and sometimes splitting up size of deals. He's stressed that certain industries like energy, government and financial services continue to spend. But we would expect even a pullback there as companies get more conservative. But the point is that Nikesh talked about how they're hiring more sales pros to work the pipeline because they understand that they have to work harder to pull deals forward 'cause they got to get more approvals and they got to increase the volume that's coming through the pipeline to account for the possibility that certain companies are going to split up the deals, you know, large deals they want to split into to smaller bite size chunks. So they're really going hard after they go to market expansion to account for that. All right, so we're going to wrap by sharing what we expect and what we're going to probe for at Palo Alto Ignite next week, Lisa Martin and I will be hosting "theCube" and here's what we'll be looking for. First, it's a four day event at the MGM with the meat of the program on days two and three. That's day two was the big keynote. That's when we'll start our broadcasting, we're going for two days. Now our understanding is we've never done Palo Alto Ignite before but our understanding it's a pretty technically oriented crowd that's going to be eager to hear what CTO and founder Nir Zuk has to say. And as well CEO Nikesh Aurora and as in addition to longtime friend of "theCube" and current president, BJ Jenkins, he's going to be speaking. Wendy Whitmore runs Unit 42 and is going to be several other high profile Palo Alto execs, as well, Thomas Kurian from Google is a featured speaker. Lee Claridge, who is Palo Alto's, chief product officer we think is going to be giving the audience heavy doses of Prisma Cloud and Cortex enhancements. Now, Cortex, you might remember, came from an acquisition and does threat detection and attack surface management. And we're going to hear a lot about we think about security automation. So we'll be listening for how Cortex has been integrated and what kind of uptake that it's getting. We've done some, you know, modeling in from the ETR. Guys have done some modeling of cortex, you know looks like it's got a lot of upside and through the Palo Alto go to market machine, you know could really pick up momentum. That's something that we'll be probing for. Now, one of the other things that we'll be watching is pricing. We want to talk to customers about their spend optimization, their spending patterns, their vendor consolidation strategies. Look, Palo Alto is a premium offering. It charges for value. It's expensive. So we also want to understand what kind of switching costs are customers willing to absorb and how onerous they are and what's the business case look like? How are they thinking about that business case. We also want to understand and really probe on how will Palo Alto maintain best of breed as it continues to acquire and integrate to expand its TAM and appeal as that one-stop shop. You know, can it do that as we talked about before. And will it do that? There's also an interesting tension going on sort of changing subjects here in security. There's a guy named Edward Hellekey who's been in "theCube" before. He hasn't been in "theCube" in a while but he's a security pro who has educated us on the nuances of protecting data privacy, public policy, how it varies by region and how complicated it is relative to security. Because securities you technically you have to show a chain of custody that proves unequivocally, for example that data has been deleted or scrubbed or that metadata does. It doesn't include any residual private data that violates the laws, the local laws. And the tension is this, you need good data and lots of it to have good security, really the more the better. But government policy is often at odds in a major blocker to sharing data and it's getting more so. So we want to understand this tension and how companies like Palo Alto are dealing with it. Our customers testing public policy in courts we think not quite yet, our government's making exceptions and policies like GDPR that favor security over data privacy. What are the trade-offs there? And finally, one theme of this breaking analysis is what does Palo Alto have to do to stay on top? And we would sum it up with three words. Ecosystem, ecosystem, ecosystem. And we said this at CrowdStrike Falcon in September that the one concern we had was the pace of ecosystem development for CrowdStrike. Is collaboration possible with competitors? Is being adopted aggressively? Is Palo Alto being adopted aggressively by global system integrators? What's the uptake there? What about developers? Look, the hallmark of a cloud company which Palo Alto is a cloud security company is a thriving ecosystem that has entries into and exits from its platform. So we'll be looking at what that ecosystem looks like how vibrant and inclusive it is where the public clouds fit and whether Palo Alto Networks can really become the security super cloud. Okay, that's a wrap stop by next week. If you're in Vegas, say hello to "theCube" team. We have an unbelievable lineup on the program. Now if you're not there, check out our coverage on theCube.net. I want to thank Eric Bradley for sharing a glimpse on short notice of the upcoming survey from ETR and his thoughts. And as always, thanks to Chip Symington for his sharp comments. Want to thank Alex Morrison, who's on production and manages the podcast Ken Schiffman as well in our Boston studio, Kristen Martin and Cheryl Knight they help get the word out on social and of course in our newsletters, Rob Hoof, is our editor in chief over at Silicon Angle who does some awesome editing, thank you to all. Remember all these episodes they're available as podcasts. Wherever you listen, all you got to do is search "Breaking Analysis" podcasts. I publish each week on wikibon.com and silicon angle.com where you can email me at david.valante@siliconangle.com or dm me at D Valante or comment on our LinkedIn post. And please do check out etr.ai. They've got the best survey data in the enterprise tech business. This is Dave Valante for "theCube" Insights powered by ETR. Thanks for watching. We'll see you next week on "Ignite" or next time on "Breaking Analysis". (upbeat music)

(soft electronic music) >> Good afternoon guys and gals. Welcome back to theCube's Live coverage of AWS re:Invent 2022. We've been in Sin City since Monday night, giving you a load of content. I'm sure you've been watching the whole time, so you already know. Lisa Martin here with John Furrier. John, we love having these conversations at AWS re:Invent. So many different topics of conversation. We also love talking to AWS's partner ecosystem. There's so much emphasis on it, so much growth and innovation. >> Yeah, and the thing is we got two great leaders from a very popular company that's doing very well. Security, security's a big part of the story. Data and security. Taking up all the keynote time, you're hearing a lot of it. This company's a company we've been following from the beginning. Doing really good stuff in open source, cloud native, security, shifting-left. Snyk's just a great company. With the CTO and the head of the product organization, these guys have the keys to the kingdom in security. We're going to have a great conversation. >> Yeah, we are. Both from Snyk, Manoj Nair joins us, rejoins us, for your, I believe, 11th visit. Chief Product Officer of Snyk. Adi Sharabani, Chief Technology Officer. Welcome guys. Great to have you. >> Yeah, thank you. >> Great to be back. >> So what's going on at Snyk? I know we get to talk to you often, but Manoj, give us the lowdown on what are some of the things that are new since we last connected with Snyk. >> A lot of innovation going on. We just had a major launch last month and you know when we talked to our customers three big themes are happening in parallel. One is the shift to going from traditional development to, really, DevOps, but we need to make that DevSecOps and Snyk was ahead of, that was the genesis of Snyk, but we're still, you know, maybe 15, 20% of organizations have realized that. So that one big theme. Supply chain security, top of mind for everyone. And then really, cloud and, you know, how do you really take advantage of cloud. Cloud is code. So our innovation map to those three big themes, we have done a lot in terms of that shift-left. And Adi will talk about, kind of, some of our original, like, you know, thinking behind that. But we flipped the security paradigm on its head. Was to make sure developers loved what they were, you know, experiencing with Snyk. And oh, by the way, they're fixing security issues. The second one, supply chain. So you know, SBOMs and everyone hears about this and executive orders, what do you do? Who does what with that? So we launched a few things in terms of simplifying that. You can go to our website and, you know, just upload your SBOM. It'll tell you using the best security intelligence data. In fact, the same data is used by AWS inside their products, inside Inspector. So we use that data from Snyk's intelligence to light up and tell you what vulnerabilities do your third party code have. Even things that you might not be scanning. And then the last one is really code to cloud. Cloud is code. So we have brought the ability to monitor your cloud environments all the way into your platform and the security engineering teams, rather than later on and after the fact. Those are some of the big ones that we're working on. >> Lisa: Lots going on. >> Yeah. >> Lisa: Wow. >> Lots going on there. I mean, SBOMs, Software Bill of Materials. I mean, who would've thought in the developer community, going back a decade, that we'd be talking about bill of materials, open source becomes so popular. You guys are cloud native. Developer productivity's a hot trend. Not much going on here, talking about developer productivity. Maybe Werner, keynote tomorrow will talk about it. Software supply chain, huge security risk. You guys are in the front lines. I want to understand, if you can share, why is Snyk successful? Everyone is hearing about you guys. Your business is doing great. What's the secret sauce of your success? Why are you guys so successful? >> I think that, you know, I've been doing application security for more than two decades now and in the past we always saw the potential associated with transferring, shifting-left in a sense, before the term, right? Taking those security solutions out of the hands of the security people and putting it in the hands of developers. It's speeds up the process. It's very, very clear to anyone. The problem was that we always looked at it the wrong way. We did shift-left, and shift-left is not enough because in my terminology shift-left, meaning let's take those security solution put it earlier in the cycle, but that's not enough because the developer is not speaking those terms. The developer is not a security persona. The security persona is thinking in terms of risk. What are the risks that a specific issue creates? The developer is thinking in terms of the application. What would be the impact on application of a change I would might make into it. And so the root cause of Snyk success, in my opinion, is the fact that from the get-go we scratch that, we build a solution for the developer that is based on how the workflows of the developer, whether it's the ID, whether it's the change management, the pull request. Whether it's integration with the Gits and so on. And whether it's with integration with the cloud and the interaction with the cloud providers. And doing that properly, addressing the developers how they want to context, to get, with the context they want to get as part of the issues, with the workflows they want to get. That's kind of the secret sauce, in a sense. And very easy maybe to say, but very, very hard to implement properly. >> This is huge. I want to unpack that. I want to just, great call out, great description. This is huge. This is a, we're seeing the past three years in particular, maybe three with the pandemic. Okay, maybe go a couple years earlier, then. The developers' behavior is driving the change. And you know, if you look at the past three DockerCons we've covered, we've been powering that site, been following that community very closely since the beginning, as well. It just seems in the past three to four years that the developers choices at scale, not what they're buying or who's pushing tools to them, has been one big trend. >> Yeah. >> They're setting the pace. >> Developer is the king. >> If it's self-service, we've seen self-service. Whether it's freemium to paid, that works. This is the new equation. Developer, developer choice is critical. So self-service they want. And two, the language barrier or jargon between or mindsets between security and developers. Okay, so DevOps brings IT into the workflow. Check. DevSecOps brings in there. You guys crack the code on that, is that what you're saying? >> Yes, and it's both the product, like how do you use the solution, as well as the go to market. How do you consume the solution? And you alluded to that with the PLG motion, that I think Synk has done the superb job at and that really helped our businesses. >> Okay, so Manoj, product, you got the keys to the kingdom, you got the product roadmap. I could imagine, and what I'd love to get your reaction too Adi, if you don't mind. If you do that, what you've done, the consequence of that is now security teams and the data teams can build guardrails. We're reporting a lot of that in the queue. We're hearing that we can provide guardrails. So the velocity of the developer seems to be increasing. Do you see that? Is that a consequence? >> That's something that we actually measure in the product. Right, so Snyk's focus is not finding issues, it's fixing issues. So one of the things we have been able to heuristically look at our thousands of customers and say, they're fixing issues 27 days faster than they were prior to Snyk. So, you know, I'm a Formula one fan. Guardrails, you say. I say there's a speed circuit. Developers love speed. We give them the speed. We give the security teams the ability to sit on those towers and, you know, put the right policies and guardrails in place to make sure that it's not speed without safety. >> And then I'm sure you guys are in the luxury box now, partying while the developers are (Lisa laughing) no more friction, no more fighting, right? >> The culture is changing. I had a discussion with a Fortune 50 CISO a month ago, and they told me, "Adi, it's the first time in my life where the development teams are coming to me, asking me, hey I want you to buy us this security solution." And for, that was mind blowing for him, right? Because it really changes the discussion with the security teams and the development teams >> Before Lisa jumps in, well how long, okay, let me ask you that question on that point. When did that tipping point change, culturally? Was it just the past few years? Has there, has DevOps kind of brought that in, can you? >> Yeah, I think it's a journey that happened together with Snyk's, kind of, growth. So if three years ago it was the very early adopters that were starting to consume that. So companies that are very, you know, modern in the way they developed and so on. And we saw it in our business. In the early days, most of our business came from the high tech industry. And now it's like everywhere. You have manufacturing, you have banks, you have like every segment whatsoever. >> Talk about that cultural shift. That's really challenging for organizations to achieve. Are you seeing, so that, that CISO was quite surprised that the developer came and said, this is what I want. Are you seeing more of that cultural changes? Is that becoming pervasive? >> Yeah, so I think that the root cause of that is that, you mentioned the growth, like the increased speed of velocity in applications. We have 30 million developers in the world today. 30 millions. By the end of the decade it's going to be 45 millions and all of them are using open source, third party code. Look at what's going on here in the event, right? This accelerates the speed for which they develop. So with that, what happened in the digital transformation world, the organizations are facing that huge growth, exponential growth in the amount of technology and products that are being built by their teams. But the way they manage that before, from a security perspective, just doesn't scale. And it breaks and it breaks and it breaks. This is why you need a different approach. A solution that is based on the developers, who are the ones that created the problems and the ones that will be responsible of fixing the issues. This is why we are kind of centering ourselves around them. >> And the world has changed, right? What is cloud? It's code, it's not infrastructure. Old infrastructure, hosted infrastructure. So if cloud is code and cloud native applications are all code and they're being deployed with Terraform packages and cloud formations, that's code. Why take an old school approach of scanning it outside-in. I talked to CISO today who said, I feel bad that, you know, our policy makes it such that a terraform change takes six months. What did I do? I made cloud look like infrastructure. >> Yeah, it's too slow. >> So that, you know, so both sides, you know, CISOs want something that the business, you know, accepts and adopts and it's, culture changes happen because the power is with the developers because all of this is code, and we enabled that whole seamless journey, all the way from code to cloud. So it's kind, you know, I think that this is a part of it. It's by direction, it's a bridge and both sides are meeting in the middle here. >> It's a bridge. I'm curious, how are you facilitating that bridge? You, we talk about the developers being the kings and queens and really so influential in business decisions these days. And you're talking about the developers now embracing Snyk. But you're also talking to CISOs. Is your customer conversation level changing as a result of security folks understanding why it needs to shift-left. >> We had a breakfast meeting with customers, prospects and everyone, I think this morning. It was interesting, we were remarking. There are CTOs, VPs of engineering, CISOs, VPs of AppSec. And it was such a rich conversation on both sides, right? So just the joy of facilitating that conversation and dialogue. CISOs, and so the levels are changing. It started for us in CTOs and VPs of engineering and now it's both because, you know, one of the things Adi talks about is, like, that security has to become development aware. And that's starting to be like the reality. Me getting another solution, with maybe a better acronym than the old acronym, but it's still outside-in, it's scan based. I light up up the Christmas tree, who is going to fix it? And with the speed of cloud, now I got throw in more lights. Those lights are no longer valid. >> The automation. >> The automation without prioritization and actual empowerment is useless. >> All right, I know we got a couple minutes left, but I want to get into that point about automation because inside-out, you've made me think about this. I want to get your thought Adi, if you don't mind. The integration challenges now are much more part of the ecosystem, more joint engineering. You mentioned these meetings are not just salesperson and customer buyer, it's teams are talking to each other. There's a lot of that going on. How do you guys look at that? Because now the worst things that I hear and when I talk to customers is, I hate the word PenTest and AppSec review. It slows things down. People want to go faster. So how do you guys look at that? What's Snyk doing around making the AppSec review process, integration across companies, work better? >> So I'll give you an example from the cloud and then I will relate to the AppSec. And this relates to what you mentioned before. We had a discussion yesterday with a CISO that said, we are scanning the cloud, we are opening the lights, we see this issue. Now what do I do? Who needs to fix this? So they have this long process of finding the actual team that is required to fix it. Now they get to the team and they say, why didn't you tell me about it when I developed it? The same goes for AppSec, right? The audit is a very late stage of the game. You want to make sure that the testing, that the policies, everything is under the same structure, the same policies. So when you do the same thing, it's part of the first time of code that you create, it's part of the change management, it's part of the build, it's part of the deployment and it's part of the audit. And you have everything together being done under the same platform. And this is, kind of, one of the strengths that we bring to the table. The discussion changes because now you have an aligned strategy, rather than kind of blocks that we have, kind of, mashed up together. >> So the new workflow, it's a new workflow, basically, in the mindset of the customer. They got to get their arms around that thing. If we don't design it in, the wheels could come off the bus at the 11th hour. >> Adi: Yeah. >> And everything slows down. >> I had a discussion with Amazon today, actually, that they had an internal discussion and they said, like, some of the teams were like, why have you blocked my app from being released? And they said, have you ever scanned your app? Have you ever looked at your, like, and, and they're like, if you haven't, then you're not really onboard with the platform and it just breaks. This is what happens. >> Great conversation. I know we don't, I wish we had more time. We'll do a follow up on theCube for sure. Should we get into the new twist? >> I've got one final question for you guys. We're making some Instagram reels, so think about your elevator pitch in 30 seconds. And I want to ask you about Snyk's evolution. Manoj, I want to start with you. What is that elevator pitch about Snyk's evolution to the end user customer? >> Empower developers, help them go faster, more productive and do it in a way that security is really built in, not bolted on. And that's really, you know, from a, the evolution and the power that we are giving is make the organization more productive because security is just happening as a part of making the developer more productive. >> Awesome. And Adi, question for you, how, your elevator pitch on how Snyk is really an enabler for CISOs these days? >> Yeah, so I always ask the CISO first of all, are you excited about the way your environment looks like today? Do you need to have a cultural change? Because if you need to have a cultural change, if you want to get those two teams working closely together, we are here to enable that. And it goes from the product, it goes from our education pieces that we can talk about in another section, and it works around the language that we build to allow and enable that discussion. >> Awesome. Guys, that was a double mic drop for both of you. >> Manoj: Thank you. >> Adi: Thank you, Lisa. >> Thank you so much for joining John and me, talking about what's happening with Snyk, what you're enabling customers to do and how, really, you're enabling cultural change. That's hard to do. That's awesome stuff guys. And congratulations on your 11th and your first Cube. >> Second, second, >> Second. >> Adi: I will be here more, but (laughs) >> You got it, you got it. You have to come back because we have too much to talk about. >> Adi: Exactly. (laughs) >> Thanks guys, we appreciate it. >> If we can without Manoj, so I can catch up. (Manoj laughs) >> Okay. We'll work on that. >> Bring you in the studio. (everyone laughing) >> Exactly. >> Eight straight interviews. (John and Lisa laughing) >> We hope you've enjoyed this conversation. We want to thank our guests. For John Furrier, I'm Lisa Martin. You're watching theCUBE, the leader in emerging and enterprise tech coverage. (soft electronic music)

>>Hello, welcome to the Cube here in Palo Alto, California for a special presentation on Cloud native at scale, enabling super cloud modern applications with Platform nine. I'm John Furr, your host of The Cube. We had a great lineup of three interviews we're streaming today. Meor Ma Makowski, who's the co-founder and VP of Product of Platform nine. She's gonna go into detail around Arlon, the open source products, and also the value of what this means for infrastructure as code and for cloud native at scale. Bickley the chief architect of Platform nine Cube alumni. Going back to the OpenStack days. He's gonna go into why Arlon, why this infrastructure as code implication, what it means for customers and the implications in the open source community and where that value is. Really great wide ranging conversation there. And of course, Vascar, Gort, the CEO of Platform nine, is gonna talk with me about his views on Super Cloud and why Platform nine has a scalable solutions to bring cloudnative at scale. So enjoy the program. See you soon. Hello everyone. Welcome to the cube here in Palo Alto, California for special program on cloud native at scale, enabling next generation cloud or super cloud for modern application cloud native developers. I'm John Furry, host of the Cube. A pleasure to have here, me Makoski, co-founder and VP of product at Platform nine. Thanks for coming in today for this Cloudnative at scale conversation. Thank >>You for having me. >>So Cloudnative at scale, something that we're talking about because we're seeing the, the next level of mainstream success of containers Kubernetes and cloud native develop, basically DevOps in the C I C D pipeline. It's changing the landscape of infrastructure as code, it's accelerating the value proposition and the super cloud as we call it, has been getting a lot of traction because this next generation cloud is looking a lot different, but kind of the same as the first generation. What's your view on super cloud as it fits to cloud native as scales up? >>Yeah, you know, I think what's interesting, and I think the reason why Super Cloud is a really good, in a really fit term for this, and I think, I know my CEO was chatting with you as well, and he was mentioning this as well, but I think there needs to be a different term than just multi-cloud or cloud. And the reason is because as cloud native and cloud deployments have scaled, I think we've reached a point now where instead of having the traditional data center style model where you have a few large distributions of infrastructure and workload at a few locations, I think the model is kind of flipped around, right? Where you have a large number of microsites, these microsites could be your public cloud deployment, your private on-prem infrastructure deployments, or it could be your edge environment, right? And every single enterprise, every single industry is moving in that direction. And so you gotta rougher that with a terminology that, that, that indicates the scale and complexity of it. And so I think supercloud is a, is an appropriate term for that. >>So you brought a couple of things I want to dig into. You mentioned edge nodes. We're seeing not only edge nodes being the next kind of area of innovation, mainly because it's just popping up everywhere. And that's just the beginning. Wouldn't even know what's around the corner. You got buildings, you got iot, ot, and IT kind of coming together, but you also got this idea of regions, global infras infrastructures, big part of it. I just saw some news around CloudFlare shutting down a site here. There's policies being made at scale, These new challenges there. Can you share because you can have edge. So hybrid cloud is a winning formula. Everybody knows that it's a steady state. Yeah. But across multiple clouds brings in this new un engineered area, yet it hasn't been done yet. Spanning clouds. People say they're doing it, but you start to see the toe in the water, it's happening, it's gonna happen. It's only gonna get accelerated with the edge and beyond globally. So I have to ask you, what is the technical challenges in doing this? Because there's something business consequences as well, but there are technical challenges. Can you share your view on what the technical challenges are for the super cloud or across multiple edges and regions? >>Yeah, absolutely. So I think, you know, in in the context of this, the, this, this term of super cloud, I think it's sometimes easier to visualize things in terms of two access, right? I think on one end you can think of the scale in terms of just pure number of nodes that you have deploy a number of clusters in the Kubernetes space. And then on the other axis you would have your distribution factor, right? Which is, do you have these tens of thousands of nodes in one site or do you have them distributed across tens of thousands of sites with one node at each site? Right? And if you have just one flavor of this, there is enough complexity, but potentially manageable. But when you are expanding on both these access, you really get to a point where that scale really needs some well thought out, well structured solutions to address it, right? A combination of homegrown tooling along with your, you know, favorite distribution of Kubernetes is not a strategy that can help you in this environment. It may help you when you have one of this or when you, when you scale, is not at the level. >>Can you scope the complexity? Because I mean, I hear a lot of moving parts going on there, the technology's also getting better. We we're seeing cloud native become successful. There's a lot to configure, there's a lot to install. Can you scope the scale of the problem? Because we're talking about at scale Yep. Challenges here. Yeah, >>Absolutely. And I think, you know, I I like to call it, you know, the, the, the problem that the scale creates, you know, there's various problems, but I think one, one problem, one way to think about it is, is, you know, it works on my cluster problem, right? So I, you know, I come from engineering background and there's a, you know, there's a famous saying between engineers and QA and the support folks, right? Which is, it works on my laptop, which is I tested this chain, everything was fantastic, it worked flawlessly on my machine, on production, It's not working. The exact same problem now happens and these distributed environments, but at massive scale, right? Which is that, you know, developers test their applications, et cetera within the sanctity of their sandbox environments. But once you expose that change in the wild world of your production deployment, right? >>And the production deployment could be going at the radio cell tower at the edge location where a cluster is running there, or it could be sending, you know, these applications and having them run at my customer site where they might not have configured that cluster exactly the same way as I configured it, or they configured the cluster, right? But maybe they didn't deploy the security policies, or they didn't deploy the other infrastructure plugins that my app relies on. All of these various factors are their own layer of complexity. And there really isn't a simple way to solve that today. And that is just, you know, one example of an issue that happens. I think another, you know, whole new ball game of issues come in the context of security, right? Because when you are deploying applications at scale in a distributed manner, you gotta make sure someone's job is on the line to ensure that the right security policies are enforced regardless of that scale factor. So I think that's another example of problems that occur. >>Okay. So I have to ask about scale, because there are a lot of multiple steps involved when you see the success of cloud native. You know, you see some, you know, some experimentation. They set up a cluster, say it's containers and Kubernetes, and then you say, Okay, we got this, we can figure it. And then they do it again and again, they call it day two. Some people call it day one, day two operation, whatever you call it. Once you get past the first initial thing, then you gotta scale it. Then you're seeing security breaches, you're seeing configuration errors. This seems to be where the hotspot is in when companies transition from, I got this to, Oh no, it's harder than I thought at scale. Can you share your reaction to that and how you see this playing out? >>Yeah, so, you know, I think it's interesting. There's multiple problems that occur when, you know, the two factors of scale, as we talked about, start expanding. I think one of them is what I like to call the, you know, it, it works fine on my cluster problem, which is back in, when I was a developer, we used to call this, it works on my laptop problem, which is, you know, you have your perfectly written code that is operating just fine on your machine, your sandbox environment. But the moment it runs production, it comes back with p zeros and pos from support teams, et cetera. And those issues can be really difficult to triage us, right? And so in the Kubernetes environment, this problem kind of multi folds, it goes, you know, escalates to a higher degree because you have your sandbox developer environments, they have their clusters and things work perfectly fine in those clusters because these clusters are typically handcrafted or a combination of some scripting and handcrafting. >>And so as you give that change to then run at your production edge location, like say your radio cell tower site, or you hand it over to a customer to run it on their cluster, they might not have not have configured that cluster exactly how you did, or they might not have configured some of the infrastructure plugins. And so the things don't work. And when things don't work, triaging them becomes nightmarishly hard, right? It's just one of the examples of the problem, another whole bucket of issues is security, which is, is you have these distributed clusters at scale, you gotta ensure someone's job is on the line to make sure that these security policies are configured properly. >>So this is a huge problem. I love that comment. That's not not happening on my system. It's the classic, you know, debugging mentality. Yeah. But at scale it's hard to do that with error prone. I can see that being a problem. And you guys have a solution you're launching. Can you share what Arlon is this new product? What is it all about? Talk about this new introduction. >>Yeah, absolutely. Very, very excited. You know, it's one of the projects that we've been working on for some time now because we are very passionate about this problem and just solving problems at scale in on-prem or at in the cloud or at edge environments. And what arlon is, it's an open source project, and it is a tool, it's a Kubernetes native tool for complete end to end management of not just your clusters, but your clusters. All of the infrastructure that goes within and along the site of those clusters, security policies, your middleware, plug-ins, and finally your applications. So what our LA you do in a nutshell is in a declarative way, it lets you handle the configuration and management of all of these components in at scale. >>So what's the elevator pitch simply put for what dissolves in, in terms of the chaos you guys are reigning in, what's the, what's the bumper sticker? Yeah, what >>Would it do? There's a perfect analogy that I love to reference in this context, which is think of your assembly line, you know, in a traditional, let's say, you know, an auto manufacturing factory or et cetera, and the level of efficiency at scale that that assembly line brings, right? Our line, and if you look at the logo we've designed, it's this funny little robot. And it's because when we think of online, we think of these enterprise large scale environments, you know, sprawling at scale, creating chaos because there isn't necessarily a well thought through, well structured solution that's similar to an assembly line, which is taking each component, you know, addressing them, manufacturing, processing them in a standardized way, then handing to the next stage. But again, it gets, you know, processed in a standardized way. And that's what arlon really does. That's like the deliver pitch. If you have problems of scale of managing your infrastructure, you know, that is distributed. Arlon brings the assembly line level of efficiency and consistency for >>Those. So keeping it smooth, the assembly on things are flowing. See c i CD pipe pipelining. Exactly. So that's what you're trying to simplify that ops piece for the developer. I mean, it's not really ops, it's their ops, it's coding. >>Yeah. Not just developer, the ops, the operations folks as well, right? Because developers, you know, there is, developers are responsible for one picture of that layer, which is my apps, and then maybe that middleware of applications that they interface with, but then they hand it over to someone else who's then responsible to ensure that these apps are secure properly, that they are logging, logs are being collected properly, monitoring and observability integrated. And so it solves problems for both >>Those teams. Yeah. It's DevOps. So the DevOps is the cloud needed developer's. That's right. The option teams have to kind of set policies. Is that where the declarative piece comes in? Is that why that's important? >>Absolutely. Yeah. And, and, and, and you know, ES really in introduced or elevated this declarative management, right? Because, you know, s clusters are Yeah. Or your, yeah, you know, specifications of components that go in Kubernetes are defined a declarative way, and Kubernetes always keeps that state consistent with your defined state. But when you go outside of that world of a single cluster, and when you actually talk about defining the clusters or defining everything that's around it, there really isn't a solution that does that today. And so Arlon addresses that problem at the heart of it, and it does that using existing open source well known solutions. >>And do I want to get into the benefits? What's in it for me as the customer developer? But I want to finish this out real quick and get your thoughts. You mentioned open source. Why open source? What's the, what's the current state of the product? You run the product group over at Platform nine, is it open source? And you guys have a product that's commercial? Can you explain the open source dynamic? And first of all, why open source? Yeah. And what is the consumption? I mean, open source is great, People want open source, they can download it, look up the code, but maybe wanna buy the commercial. So I'm assuming you have that thought through, can you share open source and commercial relationship? >>Yeah, I think, you know, starting with why open source? I think it's, you know, we as a company, we have, you know, one of the things that's absolutely critical to us is that we take mainstream open source technologies components and then we, you know, make them available to our customers at scale through either a SaaS model or on-prem model, right? But, so as we are a company or startup or a company that benefits, you know, in a massive way by this open source economy, it's only right, I think in my mind that we do our part of the duty, right? And contribute back to the community that feeds us. And so, you know, we have always held that strongly as one of our principles. And we have, you know, created and built independent products starting all the way with fision, which was a serverless product, you know, that we had built to various other, you know, examples that I can give. But that's one of the main reasons why opensource and also open source, because we want the community to really firsthand engage with us on this problem, which is very difficult to achieve if your product is behind a wall, you know, behind, behind a block box. >>Well, and that's, that's what the developers want too. And what we're seeing in reporting with Super Cloud is the new model of consumption is I wanna look at the code and see what's in there. That's right. And then also, if I want to use it, I'll do it. Great. That's open source, that's the value. But then at the end of the day, if I wanna move fast, that's when people buy in. So it's a new kind of freemium, I guess, business model. I guess that's the way that long. But that's, that's the benefit. Open source. This is why standards and open source is growing so fast. You have that confluence of, you know, a way for developers to try before they buy, but also actually kind of date the application, if you will. We, you know, Adrian Karo uses the dating met metaphor, you know, Hey, you know, I wanna check it out first before I get married. Right? And that's what open source, So this is the new, this is how people are selling. This is not just open source, this is how companies are selling. >>Absolutely. Yeah. Yeah. You know, I think, and you know, two things. I think one is just, you know, this, this, this cloud native space is so vast that if you, if you're building a close flow solution, sometimes there's also a risk that it may not apply to every single enterprises use cases. And so having it open source gives them an opportunity to extend it, expand it, to make it proper to their use case if they choose to do so, right? But at the same time, what's also critical to us is we are able to provide a supported version of it with an SLA that we, you know, that's backed by us, a SAS hosted version of it as well, for those customers who choose to go that route, you know, once they have used the open source version and loved it and want to take it at scale and in production and need, need, need a partner to collaborate with, who can, you know, support them for that production >>Environment. I have to ask you now, let's get into what's in it for the customer. I'm a customer. Yep. Why should I be enthused about Arla? What's in it for me? You know? Cause if I'm not enthused about it, I'm not gonna be confident and it's gonna be hard for me to get behind this. Can you share your enthusiastic view of, you know, why I should be enthused about Arlo? I'm a >>Customer. Yeah, absolutely. And so, and there's multiple, you know, enterprises that we talk to, many of them, you know, our customers, where this is a very kind of typical story that you hear, which is we have, you know, a Kubernetes distribution. It could be on premise, it could be public clouds, native Kubernetes, and then we have our C I C D pipelines that are automating the deployment of applications, et cetera. And then there's this gray zone. And the gray zone is well before you can you, your CS c D pipelines can deploy the apps. Somebody needs to do all of that groundwork of, you know, defining those clusters and yeah. You know, properly configuring them. And as these things, these things start by being done hand grown. And then as the, as you scale, what typically enterprises would do today is they will have their home homegrown DIY solutions for this. >>I mean, the number of folks that I talk to that have built Terra from automation, and then, you know, some of those key developers leave. So it's a typical open source or typical, you know, DIY challenge. And the reason that they're writing it themselves is not because they want to. I mean, of course technology is always interesting to everybody, but it's because they can't find a solution that's out there that perfectly fits the problem. And so that's that pitch. I think Ops FICO would be delighted. The folks that we've talk, you know, spoken with, have been absolutely excited and have, you know, shared that this is a major challenge we have today because we have, you know, few hundreds of clusters on ecos Amazon, and we wanna scale them to few thousands, but we don't think we are ready to do that. And this will give us the >>Ability to, Yeah, I think people are scared. Not sc I won't say scare, that's a bad word. Maybe I should say that they feel nervous because, you know, at scale small mistakes can become large mistakes. This is something that is concerning to enterprises. And, and I think this is gonna come up at co con this year where enterprises are gonna say, Okay, I need to see SLAs. I wanna see track record, I wanna see other companies that have used it. Yeah. How would you answer that question to, or, or challenge, you know, Hey, I love this, but is there any guarantees? Is there any, what's the SLAs? I'm an enterprise, I got tight, you know, I love the open source trying to free fast and loose, but I need hardened code. >>Yeah, absolutely. So, so two parts to that, right? One is Arlan leverages existing open source components, products that are extremely popular. Two specifically. One is Arlan uses Argo cd, which is probably one of the highest and used CD open source tools that's out there. Right's created by folks that are as part of into team now, you know, really brilliant team. And it's used at scale across enterprises. That's one. Second is Alon also makes use of Cluster api cappi, which is a Kubernetes sub-component, right? For lifecycle management of clusters. So there is enough of, you know, community users, et cetera, around these two products, right? Or, or, or open source projects that will find Arlan to be right up in their alley because they're already comfortable, familiar with Argo cd. Now Arlan just extends the scope of what City can do. And so that's one. And then the second part is going back to a point of the comfort. And that's where, you know, platform line has a role to play, which is when you are ready to deploy online at scale, because you've been, you know, playing with it in your DEF test environments, you're happy with what you get with it, then Platform nine will stand behind it and provide that >>Sla. And what's been the reaction from customers you've talked to Platform nine customers with, with that are familiar with, with Argo and then rlo? What's been some of the feedback? >>Yeah, I, I think the feedback's been fantastic. I mean, I can give you examples of customers where, you know, initially, you know, when you are, when you're telling them about your entire portfolio of solutions, it might not strike a card right away. But then we start talking about Arlan and, and we talk about the fact that it uses Argo adn, they start opening up, they say, We have standardized on Argo and we have built these components, homegrown, we would be very interested. Can we co-develop? Does it support these use cases? So we've had that kind of validation. We've had validation all the way at the beginning of our land before we even wrote a single line of code saying this is something we plan on doing. And the customer said, If you had it today, I would've purchased it. So it's been really great validation. >>All right. So next question is, what is the solution to the customer? If I asked you, Look it, I have, I'm so busy, my team's overworked. I got a skills gap. I don't need another project that's, I'm so tied up right now and I'm just chasing my tail. How does Platform nine help me? >>Yeah, absolutely. So I think, you know, one of the core tenets of Platform nine has always been been that we try to bring that public cloud like simplicity by hosting, you know, this in a lot of such similar tools in a SaaS hosted manner for our customers, right? So our goal behind doing that is taking away or trying to take away all of that complexity from customers' hands and offloading it to our hands, right? And giving them that full white glove treatment, as we call it. And so from a customer's perspective, one, something like arlon will integrate with what they have so they don't have to rip and replace anything. In fact, it will, even in the next versions, it may even discover your clusters that you have today and you know, give you an inventory. And that will, >>So if customers have clusters that are growing, that's a sign correct call you guys. >>Absolutely. Either they're, they have massive large clusters, right? That they wanna split into smaller clusters, but they're not comfortable doing that today, or they've done that already on say, public cloud or otherwise. And now they have management challenges. So >>Especially operationalizing the clusters, whether they want to kind of reset everything and remove things around and reconfigure Yep. And or scale out. >>That's right. Exactly. And >>You provide that layer of policy. >>Absolutely. >>Yes. That's the key value here. >>That's right. >>So policy based configuration for cluster scale up, >>Well profile and policy based declarative configuration and lifecycle management for clusters. >>If I asked you how this enables supercloud, what would you say to that? >>I think this is one of the key ingredients to super cloud, right? If you think about a super cloud environment, there's at least few key ingredients that that come to my mind that are really critical. Like they are, you know, life saving ingredients at that scale. One is having a really good strategy for managing that scale, you know, in a, going back to assembly line in a very consistent, predictable way so that our lot solves then you, you need to compliment that with the right kind of observability and monitoring tools at scale, right? Because ultimately issues are gonna happen and you're gonna have to figure out, you know, how to solve them fast. And arlon by the way, also helps in that direction, but you also need observability tools. And then especially if you're running it on the public cloud, you need some cost management tools. In my mind, these three things are like the most necessary ingredients to make Super Cloud successful. And you know, our alarm fills in >>One. Okay. So now the next level is, Okay, that makes sense. Is under the covers kind of speak under the hood. Yeah. How does that impact the app developers and the cloud native modern application workflows? Because the impact to me, seems the apps are gonna be impacted. Are they gonna be faster, stronger? I mean, what's the impact if you do all those things, as you mentioned, what's the impact of the apps? >>Yeah, the impact is that your apps are more likely to operate in production the way you expect them to, because the right checks and balances have gone through, and any discrepancies have been identified prior to those apps, prior to your customer running into them, right? Because developers run into this challenge to their, where there's a split responsibility, right? I'm responsible for my code, I'm responsible for some of these other plugins, but I don't own the stack end to end. I have to rely on my ops counterpart to do their part, right? And so this really gives them, you know, the right tooling for that. >>So this is actually a great kind of relevant point, you know, as cloud becomes more scalable, you're starting to see this fragmentation gone of the days of the full stack developer to the more specialized role. But this is a key point, and I have to ask you because if this RLO solution takes place, as you say, and the apps are gonna be stupid, they're designed to do, the question is, what did does the current pain look like of the apps breaking? What does the signals to the customer Yeah. That they should be calling you guys up into implementing Arlo, Argo and, and all the other goodness to automate? What are some of the signals? Is it downtime? Is it, is it failed apps, Is it latency? What are some of the things that Yeah, absolutely would be indications of things are effed up a little bit. Yeah. >>More frequent down times, down times that are, that take longer to triage. And so you are, you know, the, you know, your mean times on resolution, et cetera, are escalating or growing larger, right? Like we have environments of customers where they're, they have a number of folks on in the field that have to take these apps and run them at customer sites. And that's one of our partners. And they're extremely interested in this because they're the, the rate of failures they're encountering for this, you know, the field when they're running these apps on site, because the field is automating their clusters that are running on sites using their own script. So these are the kinds of challenges, and those are the pain points, which is, you know, if you're looking to reduce your meantime to resolution, if you're looking to reduce the number of failures that occur on your production site, that's one. And second, if you are looking to manage these at scale environments with a relatively small, focused, nimble ops team, which has an immediate impact on your budget. So those are, those are the signals. >>This is the cloud native at scale situation, the innovation going on. Final thought is your reaction to the idea that if the world goes digital, which it is, and the confluence of physical and digital coming together, and cloud continues to do its thing, the company becomes the application, not where it used to be supporting the business, you know, the back office and the maybe terminals and some PCs and handhelds. Now if technology's running, the business is the business. Yeah. Company's the application. Yeah. So it can't be down. So there's a lot of pressure on, on CSOs and CIOs now and boards is saying, How is technology driving the top line revenue? That's the number one conversation. Yep. Do you see that same thing? >>Yeah. It's interesting. I think there's multiple pressures at the CXO CIO level, right? One is that there needs to be that visibility and clarity and guarantee almost that, you know, that the, the technology that's, you know, that's gonna drive your top line is gonna drive that in a consistent, reliable, predictable manner. And then second, there is the constant pressure to do that while always lowering your costs of doing it, right? Especially when you're talking about, let's say retailers or those kinds of large scale vendors, they many times make money by lowering the amount that they spend on, you know, providing those goods to their end customers. So I think those, both those factors kind of come into play and the solution to all of them is usually in a very structured strategy around automation. >>Final question. What does cloudnative at scale look like to you? If all the things happen the way we want 'em to happen, The magic wand, the magic dust, what does it look like? >>What that looks like to me is a CIO sipping at his desk on coffee production is running absolutely smooth. And his, he's running that at a nimble, nimble team size of at the most, a handful of folks that are just looking after things, but things are >>Just taking care of the CIO doesn't exist. There's no ciso, they're at the beach. >>Yep. >>Thank you for coming on, sharing the cloud native at scale here on the cube. Thank you for your time. >>Fantastic. Thanks for >>Having me. Okay. I'm John Fur here for special program presentation, special programming cloud native at scale, enabling super cloud modern applications with Platform nine. Thanks for watching. Welcome back everyone to the special presentation of cloud native at scale, the cube and platform nine special presentation going in and digging into the next generation super cloud infrastructure as code and the future of application development. We're here with Bickley, who's the chief architect and co-founder of Platform nine Pick. Great to see you Cube alumni. We, we met at an OpenStack event in about eight years ago, or later, earlier when OpenStack was going. Great to see you and great to see congratulations on the success of platform nine. >>Thank you very much. >>Yeah. You guys have been at this for a while and this is really the, the, the year we're seeing the, the crossover of Kubernetes because of what happens with containers. Everyone now has realized, and you've seen what Docker's doing with the new docker, the open source Docker now just the success Exactly. Of containerization, right? And now the Kubernetes layer that we've been working on for years is coming, bearing fruit. This is huge. >>Exactly. Yes. >>And so as infrastructures code comes in, we talked to Bacar talking about Super Cloud, I met her about, you know, the new Arlon, our, our lawn, and you guys just launched the infrastructures code is going to another level, and then it's always been DevOps infrastructures code. That's been the ethos that's been like from day one, developers just code. Then you saw the rise of serverless and you see now multi-cloud or on the horizon, connect the dots for us. What is the state of infrastructure as code today? >>So I think, I think I'm, I'm glad you mentioned it, everybody or most people know about infrastructures code. But with Kubernetes, I think that project has evolved at the concept even further. And these dates, it's infrastructure is configuration, right? So, which is an evolution of infrastructure as code. So instead of telling the system, here's how I want my infrastructure by telling it, you know, do step A, B, C, and D instead with Kubernetes, you can describe your desired state declaratively using things called manifest resources. And then the system kind of magically figures it out and tries to converge the state towards the one that you specified. So I think it's, it's a even better version of infrastructures code. >>Yeah. And that really means it's developer just accessing resources. Okay. That declare, Okay, give me some compute, stand me up some, turn the lights on, turn 'em off, turn 'em on. That's kind of where we see this going. And I like the configuration piece. Some people say composability, I mean now with open source so popular, you don't have to have to write a lot of code, this code being developed. And so it's into integration, it's configuration. These are areas that we're starting to see computer science principles around automation, machine learning, assisting open source. Cuz you got a lot of code that's right in hearing software, supply chain issues. So infrastructure as code has to factor in these new dynamics. Can you share your opinion on these new dynamics of, as open source grows, the glue layers, the configurations, the integration, what are the core issues? >>I think one of the major core issues is with all that power comes complexity, right? So, you know, despite its expressive power systems like Kubernetes and declarative APIs let you express a lot of complicated and complex stacks, right? But you're dealing with hundreds if not thousands of these yamo files or resources. And so I think, you know, the emergence of systems and layers to help you manage that complexity is becoming a key challenge and opportunity in, in this space. >>That's, I wrote a LinkedIn post today was comments about, you know, hey, enterprise is a new breed. The trend of SaaS companies moving our consumer comp consumer-like thinking into the enterprise has been happening for a long time, but now more than ever, you're seeing it the old way used to be solve complexity with more complexity and then lock the customer in. Now with open source, it's speed, simplification and integration, right? These are the new dynamic power dynamics for developers. Yeah. So as companies are starting to now deploy and look at Kubernetes, what are the things that need to be in place? Because you have some, I won't say technical debt, but maybe some shortcuts, some scripts here that make it look like infrastructure is code. People have done some things to simulate or or make infrastructure as code happen. Yes. But to do it at scale Yes. Is harder. What's your take on this? What's your view? >>It's hard because there's a per proliferation of methods, tools, technologies. So for example, today it's very common for DevOps and platform engineering tools, I mean, sorry, teams to have to deploy a large number of Kubernetes clusters, but then apply the applications and configurations on top of those clusters. And they're using a wide range of tools to do this, right? For example, maybe Ansible or Terraform or bash scripts to bring up the infrastructure and then the clusters. And then they may use a different set of tools such as Argo CD or other tools to apply configurations and applications on top of the clusters. So you have this sprawl of tools. You, you also have this sprawl of configurations and files because the more objects you're dealing with, the more resources you have to manage. And there's a risk of drift that people call that where, you know, you think you have things under control, but some people from various teams will make changes here and there and then before the end of the day systems break and you have no idea of tracking them. So I think there's real need to kind of unify, simplify, and try to solve these problems using a smaller, more unified set of tools and methodologies. And that's something that we try to do with this new project. Arlon. >>Yeah. So, so we're gonna get into Arlan in a second. I wanna get into the why Arlon. You guys announced that at AR GoCon, which was put on here in Silicon Valley at the, at the community meeting by in two, they had their own little day over there at their headquarters. But before we get there, vascar, your CEO came on and he talked about Super Cloud at our in AAL event. What's your definition of super cloud? If you had to kind of explain that to someone at a cocktail party or someone in the industry technical, how would you look at the super cloud trend that's emerging? It's become a thing. What's your, what would be your contribution to that definition or the narrative? >>Well, it's, it's, it's funny because I've actually heard of the term for the first time today, speaking to you earlier today. But I think based on what you said, I I already get kind of some of the, the gist and the, the main concepts. It seems like super cloud, the way I interpret that is, you know, clouds and infrastructure, programmable infrastructure, all of those things are becoming commodity in a way. And everyone's got their own flavor, but there's a real opportunity for people to solve real business problems by perhaps trying to abstract away, you know, all of those various implementations and then building better abstractions that are perhaps business or applications specific to help companies and businesses solve real business problems. >>Yeah, I remember that's a great, great definition. I remember, not to date myself, but back in the old days, you know, IBM had a proprietary network operating system, so of deck for the mini computer vendors, deck net and SNA respectively. But T C P I P came out of the osi, the open systems interconnect and remember, ethernet beat token ring out. So not to get all nerdy for all the young kids out there, look, just look up token ring, you'll see, you've probably never heard of it. It's IBM's, you know, connection for the internet at the, the layer two is Amazon, the ethernet, right? So if T C P I P could be the Kubernetes and the container abstraction that made the industry completely change at that point in history. So at every major inflection point where there's been serious industry change and wealth creation and business value, there's been an abstraction Yes. Somewhere. Yes. What's your reaction to that? >>I think this is, I think a saying that's been heard many times in this industry and, and I forgot who originated it, but I think that the saying goes like, there's no problem that can't be solved with another layer of indirection, right? And we've seen this over and over and over again where Amazon and its peers have inserted this layer that has simplified, you know, computing and, and infrastructure management. And I believe this trend is going to continue, right? The next set of problems are going to be solved with these insertions of additional abstraction layers. I think that that's really a, yeah, it's gonna >>Continue. It's interesting. I just, when I wrote another post today on LinkedIn called the Silicon Wars AMD stock is down arm has been on a rise. We remember pointing for many years now that arm's gonna be hugely, it has become true. If you look at the success of the infrastructure as a service layer across the clouds, Azure, aws, Amazon's clearly way ahead of everybody. The stuff that they're doing with the silicon and the physics and the, the atoms, the pro, you know, this is where the innovation, they're going so deep and so strong at ISAs, the more that they get that gets come on, they have more performance. So if you're an app developer, wouldn't you want the best performance and you'd wanna have the best abstraction layer that gives you the most ability to do infrastructures, code or infrastructure for configuration, for provisioning, for managing services. And you're seeing that today with service MeSHs, a lot of action going on in the service mesh area in in this community of, of co con, which will be a covering. So that brings up the whole what's next? You guys just announced our lawn at Argo Con, which came out of Intuit. We've had Mariana Tessel at our super cloud event. She's the cto, you know, they're all in the cloud. So they contributed that project. Where did Arlon come from? What was the origination? What's the purpose? Why our lawn, why this announcement? >>Yeah, so the, the inception of the project, this was the result of us realizing that problem that we spoke about earlier, which is complexity, right? With all of this, these clouds, these infrastructure, all the variations around and, you know, compute storage networks and the proliferation of tools we talked about the Ansibles and Terraforms and Kubernetes itself. You can, you can think of that as another tool, right? We saw a need to solve that complexity problem, and especially for people and users who use Kubernetes at scale. So when you have, you know, hundreds of clusters, thousands of applications, thousands of users spread out over many, many locations, there, there needs to be a system that helps simplify that management, right? So that means fewer tools, more expressive ways of describing the state that you want and more consistency. And, and that's why, you know, we built our lawn and we built it recognizing that many of these problems or sub problems have already been solved. So Arlon doesn't try to reinvent the wheel, it instead rests on the shoulders of several giants, right? So for example, Kubernetes is one building block, GI ops, and Argo CD is another one, which provides a very structured way of applying configuration. And then we have projects like cluster API and cross plane, which provide APIs for describing infrastructure. So arlon takes all of those building blocks and builds a thin layer, which gives users a very expressive way of defining configuration and desired state. So that's, that's kind of the inception of, And >>What's the benefit of that? What does that give the, what does that give the developer, the user, in this case, >>The developers, the, the platform engineer, team members, the DevOps engineers, they get a a ways to provision not just infrastructure and clusters, but also applications and configurations. They get a way, a system for provisioning, configuring, deploying, and doing life cycle management in a, in a much simpler way. Okay. Especially as I said, if you're dealing with a large number of applications. >>So it's like an operating fabric, if you will. Yes. For them. Okay, so let's get into what that means for up above and below the the, this abstraction or thin layer below as the infrastructure. We talked a lot about what's going on below that. Yeah. Above our workloads. At the end of the day, you know, I talk to CXOs and IT folks that are now DevOps engineers. They care about the workloads and they want the infrastructures code to work. They wanna spend their time getting in the weeds, figuring out what happened when someone made a push that that happened or something happened. They need observability and they need to, to know that it's working. That's right. And is my workloads running effectively? So how do you guys look at the workload side of it? Cuz now you have multiple workloads on these fabric, >>Right? So workloads, so Kubernetes has defined kind of a standard way to describe workloads and you can, you know, tell Kubernetes, I want to run this container this particular way, or you can use other projects that are in the Kubernetes cloud native ecosystem like K native, where you can express your application in more at a higher level, right? But what's also happening is in addition to the workloads, DevOps and platform engineering teams, they need to very often deploy the applications with the clusters themselves. Clusters are becoming this commodity. It's, it's becoming this host for the application and it kind of comes bundled with it. In many cases it is like an appliance, right? So DevOps teams have to provision clusters at a really incredible rate and they need to tear them down. Clusters are becoming more, >>It's kinda like an EC two instance, spin up a cluster. We very, people used words like that. That's >>Right. And before arlon you kind of had to do all of that using a different set of tools as, as I explained. So with Armon you can kind of express everything together. You can say I want a cluster with a health monitoring stack and a logging stack and this ingress controller and I want these applications and these security policies. You can describe all of that using something we call a profile. And then you can stamp out your app, your applications and your clusters and manage them in a very, so >>Essentially standard creates a mechanism. Exactly. Standardized, declarative kind of configurations. And it's like a playbook. You deploy it. Now what's there is between say a script like I'm, I have scripts, I could just automate scripts >>Or yes, this is where that declarative API and infrastructures configuration comes in, right? Because scripts, yes you can automate scripts, but the order in which they run matters, right? They can break, things can break in the middle and, and sometimes you need to debug them. Whereas the declarative way is much more expressive and powerful. You just tell the system what you want and then the system kind of figures it out. And there are these things about controllers which will in the background reconcile all the state to converge towards your desire. It's a much more powerful, expressive and reliable way of getting things done. >>So infrastructure has configuration is built kind of on, it's as super set of infrastructures code because it's >>An evolution. >>You need edge's code, but then you can configure the code by just saying do it. You basically declaring and saying Go, go do that. That's right. Okay, so, alright, so cloud native at scale, take me through your vision of what that means. Someone says, Hey, what does cloud native at scale mean? What's success look like? How does it roll out in the future as you, not future next couple years? I mean people are now starting to figure out, okay, it's not as easy as it sounds. Could be nice, it has value. We're gonna hear this year coan a lot of this. What does cloud native at scale >>Mean? Yeah, there are different interpretations, but if you ask me, when people think of scale, they think of a large number of deployments, right? Geographies, many, you know, supporting thousands or tens or millions of, of users there, there's that aspect to scale. There's also an equally important a aspect of scale, which is also something that we try to address with Arran. And that is just complexity for the people operating this or configuring this, right? So in order to describe that desired state and in order to perform things like maybe upgrades or updates on a very large scale, you want the humans behind that to be able to express and direct the system to do that in, in relatively simple terms, right? And so we want the tools and the abstractions and the mechanisms available to the user to be as powerful but as simple as possible. So there's, I think there's gonna be a number and there have been a number of CNCF and cloud native projects that are trying to attack that complexity problem as well. And Arlon kind of falls in in that >>Category. Okay, so I'll put you on the spot road that CubeCon coming up and obviously this will be shipping this segment series out before. What do you expect to see at Coan this year? What's the big story this year? What's the, what's the most important thing happening? Is it in the open source community and also within a lot of the, the people jogging for leadership. I know there's a lot of projects and still there's some white space in the overall systems map about the different areas get run time and there's ability in all these different areas. What's the, where's the action? Where, where's the smoke? Where's the fire? Where's the piece? Where's the tension? >>Yeah, so I think one thing that has been happening over the past couple of cons and I expect to continue and, and that is the, the word on the street is Kubernetes is getting boring, right? Which is good, right? >>Boring means simple. >>Well, well >>Maybe, >>Yeah, >>Invisible, >>No drama, right? So, so the, the rate of change of the Kubernetes features and, and all that has slowed but in, in a, in a positive way. But there's still a general sentiment and feeling that there's just too much stuff. If you look at a stack necessary for hosting applications based on Kubernetes, there are just still too many moving parts, too many components, right? Too much complexity. I go, I keep going back to the complexity problem. So I expect Cube Con and all the vendors and the players and the startups and the people there to continue to focus on that complexity problem and introduce further simplifications to, to the stack. >>Yeah. Vic, you've had an storied career, VMware over decades with them obviously in 12 years with 14 years or something like that. Big number co-founder here at Platform. Now you guys have been around for a while at this game. We, man, we talked about OpenStack, that project you, we interviewed at one of their events. So OpenStack was the beginning of that, this new revolution. And I remember the early days it was, it wasn't supposed to be an alternative to Amazon, but it was a way to do more cloud cloud native. I think we had a cloud ERO team at that time. We would to joke we, you know, about, about the dream. It's happening now, now at Platform nine. You guys have been doing this for a while. What's the, what are you most excited about as the chief architect? What did you guys double down on? What did you guys tr pivot from or two, did you do any pivots? Did you extend out certain areas? Cuz you guys are in a good position right now, a lot of DNA in Cloud native. What are you most excited about and what does Platform nine bring to the table for customers and for people in the industry watching this? >>Yeah, so I think our mission really hasn't changed over the years, right? It's been always about taking complex open source software because open source software, it's powerful. It solves new problems, you know, every year and you have new things coming out all the time, right? OpenStack was an example when the Kubernetes took the world by storm. But there's always that complexity of, you know, just configuring it, deploying it, running it, operating it. And our mission has always been that we will take all that complexity and just make it, you know, easy for users to consume regardless of the technology, right? So the successor to Kubernetes, you know, I don't have a crystal ball, but you know, you have some indications that people are coming up of new and simpler ways of running applications. There are many projects around there who knows what's coming next year or the year after that. But platform will a, platform nine will be there and we will, you know, take the innovations from the the community. We will contribute our own innovations and make all of those things very consumable to customers. >>Simpler, faster, cheaper. Exactly. Always a good business model technically to make that happen. Yes. Yeah, I think the, the reigning in the chaos is key, you know, Now we have now visibility into the scale. Final question before we depart this segment. What is at scale, how many clusters do you see that would be a watermark for an at scale conversation around an enterprise? Is it workloads we're looking at or, or clusters? How would you, Yeah, how would you describe that? When people try to squint through and evaluate what's a scale, what's the at scale kind of threshold? >>Yeah. And, and the number of clusters doesn't tell the whole story because clusters can be small in terms of the number of nodes or they can be large. But roughly speaking when we say, you know, large scale cluster deployments, we're talking about maybe hundreds, two thousands. >>Yeah. And final final question, what's the role of the hyperscalers? You got AWS continuing to do well, but they got their core ias, they got a PAs, they're not too too much putting a SaaS out there. They have some SaaS apps, but mostly it's the ecosystem. They have marketplaces doing over $2 billion billions of transactions a year and, and it's just like, just sitting there. It hasn't really, they're now innovating on it, but that's gonna change ecosystems. What's the role the cloud play in the cloud native of its scale? >>The, the hyperscalers, >>Yeahs Azure, Google. >>You mean from a business perspective? Yeah, they're, they have their own interests that, you know, that they're, they will keep catering to, they, they will continue to find ways to lock their users into their ecosystem of services and, and APIs. So I don't think that's gonna change, right? They're just gonna keep, >>Well they got great I performance, I mean from a, from a hardware standpoint, yes, that's gonna be key, right? >>Yes. I think the, the move from X 86 being the dominant way and platform to run workloads is changing, right? That, that, that, that, and I think the, the hyperscalers really want to be in the game in terms of, you know, the the new risk and arm ecosystems and the platforms. >>Yeah, not joking aside, Paul Morritz, when he was the CEO of VMware, when he took over once said, I remember our first year doing the cube. Oh the cloud is one big distributed computer, it's, it's hardware and he got software and you got middleware and he kind over, well he's kind of tongue in cheek, but really you're talking about large compute and sets of services that is essentially a distributed computer. >>Yes, >>Exactly. It's, we're back on the same game. Vic, thank you for coming on the segment. Appreciate your time. This is cloud native at scale special presentation with Platform nine. Really unpacking super cloud Arlon open source and how to run large scale applications on the cloud Cloud Native Phil for developers and John Furrier with the cube. Thanks for Washington. We'll stay tuned for another great segment coming right up. Hey, welcome back everyone to Super Cloud 22. I'm John Fur, host of the Cuba here all day talking about the future of cloud. Where's it all going? Making it super multi-cloud clouds around the corner and public cloud is winning. Got the private cloud on premise and edge. Got a great guest here, Vascar Gorde, CEO of Platform nine, just on the panel on Kubernetes. An enabler blocker. Welcome back. Great to have you on. >>Good to see you >>Again. So Kubernetes is a blocker enabler by, with a question mark. I put on on that panel was really to discuss the role of Kubernetes. Now great conversation operations is impacted. What's interest thing about what you guys are doing at Platform nine? Is your role there as CEO and the company's position, kind of like the world spun into the direction of Platform nine while you're at the helm? Yeah, right. >>Absolutely. In fact, things are moving very well and since they came to us, it was an insight to call ourselves the platform company eight years ago, right? So absolutely whether you are doing it in public clouds or private clouds, you know, the application world is moving very fast in trying to become digital and cloud native. There are many options for you do on the infrastructure. The biggest blocking factor now is having a unified platform. And that's what we, we come into, >>Patrick, we were talking before we came on stage here about your background and we were gonna talk about the glory days in 2000, 2001, when the first as piece application service providers came out, kind of a SaaS vibe, but that was kind of all kind of cloudlike. >>It wasn't, >>And and web services started then too. So you saw that whole growth. Now, fast forward 20 years later, 22 years later, where we are now, when you look back then to here and all the different cycles, >>I, in fact you, you know, as we were talking offline, I was in one of those ASPs in the year 2000 where it was a novel concept of saying we are providing a software and a capability as a service, right? You sign up and start using it. I think a lot has changed since then. The tooling, the tools, the technology has really skyrocketed. The app development environment has really taken off exceptionally well. There are many, many choices of infrastructure now, right? So I think things are in a way the same but also extremely different. But more importantly now for any company, regardless of size, to be a digital native, to become a digital company is extremely mission critical. It's no longer a nice to have everybody's in the journey somewhere. >>Everyone is going digital transformation here. Even on a so-called downturn recession that's upcoming inflation's here. It's interesting. This is the first downturn in the history of the world where the hyperscale clouds have been pumping on all cylinders as an economic input. And if you look at the tech trends, GDPs down, but not tech. >>Nope. >>Cuz the pandemic showed everyone digital transformation is here and more spend and more growth is coming even in, in tech. So this is a unique factor which proves that that digital transformation's happening and company, every company will need a super cloud. >>Everyone, every company, regardless of size, regardless of location, has to become modernize their infrastructure. And modernizing Infras infrastructure is not just some new servers and new application tools, It's your approach, how you're serving your customers, how you're bringing agility in your organization. I think that is becoming a necessity for every enterprise to survive. >>I wanna get your thoughts on Super Cloud because one of the things Dave Ante and I want to do with Super Cloud and calling it that was we, I, I personally, and I know Dave as well, he can, I'll speak from, he can speak for himself. We didn't like multi-cloud. I mean not because Amazon said don't call things multi-cloud, it just didn't feel right. I mean everyone has multiple clouds by default. If you're running productivity software, you have Azure and Office 365. But it wasn't truly distributed. It wasn't truly decentralized, it wasn't truly cloud enabled. It didn't, it felt like they're not ready for a market yet. Yet public clouds booming on premise. Private cloud and Edge is much more on, you know, more, more dynamic, more real. >>Yeah. I think the reason why we think super cloud is a better term than multi-cloud. Multi-cloud are more than one cloud, but they're disconnected. Okay, you have a productivity cloud, you have a Salesforce cloud, you may have, everyone has an internal cloud, right? So, but they're not connected. So you can say okay, it's more than one cloud. So it's you know, multi-cloud. But super cloud is where you are actually trying to look at this holistically. Whether it is on-prem, whether it is public, whether it's at the edge, it's a store at the branch. You are looking at this as one unit. And that's where we see the term super cloud is more applicable because what are the qualities that you require if you're in a super cloud, right? You need choice of infrastructure, you need, but at the same time you need a single pain, a single platform for you to build your innovations on regardless of which cloud you're doing it on, right? So I think Super Cloud is actually a more tightly integrated orchestrated management philosophy we think. >>So let's get into some of the super cloud type trends that we've been reporting on. Again, the purpose of this event is to, as a pilots, to get the conversations flowing with with the influencers like yourselves who are running companies and building products and the builders, Amazon and Azure are doing extremely well. Google's coming up in third cloudworks in public cloud. We see the use cases on premises use cases. Kubernetes has been an interesting phenomenon because it's become from the developer side a little bit, but a lot of ops people love Kubernetes. It's really more of an ops thing. You mentioned OpenStack earlier. Kubernetes kind of came out of that open stack. We need an orchestration and then containers had a good shot with, with Docker. They re pivoted the company. Now they're all in an open source. So you got containers booming and Kubernetes as a new layer there. What's the, what's the take on that? What does that really mean? Is that a new defacto enabler? It >>Is here. It's for here for sure. Every enterprise somewhere else in the journey is going on. And you know, most companies are, 70 plus percent of them have won two, three container based, Kubernetes based applications now being rolled out. So it's very much here, it is in production at scale by many customers. And the beauty of it is, yes, open source, but the biggest gating factor is the skill set. And that's where we have a phenomenal engineering team, right? So it's, it's one thing to buy a tool >>And just be clear, you're a managed service for Kubernetes. >>We provide, provide a software platform for cloud acceleration as a service and it can run anywhere. It can run in public private. We have customers who do it in truly multi-cloud environments. It runs on the edge, it runs at this in stores are thousands of stores in a retailer. So we provide that and also for specific segments where data sovereignty and data residency are key regulatory reasons. We also un OnPrem as an air gap version. >>Can you give an example on how you guys are deploying your platform to enable a super cloud experience for your >>Customer? Right. So I'll give you two different examples. One is a very large networking company, public networking company. They have, I dunno, hundreds of products, hundreds of r and d teams that are building different, different products. And if you look at few years back, each one was doing it on a different platforms but they really needed to bring the agility and they worked with us now over three years where we are their build test dev pro platform where all their products are built on, right? And it has dramatically increased their agility to release new products. Number two, it actually is a light out operation. In fact the customer says like, like the Maytag service person cuz we provide it as a service and it barely takes one or two people to maintain it for them. >>So it's kinda like an SRE vibe. One person managing a >>Large 4,000 engineers building infrastructure >>On their tools, >>Whatever they want on their tools. They're using whatever app development tools they use, but they use our platform. >>What benefits are they seeing? Are they seeing speed? >>Speed, definitely. Okay. Definitely they're speeding. Speed uniformity because now they're building able to build, so their customers who are using product A and product B are seeing a similar set of tools that are being used. >>So a big problem that's coming outta this super cloud event that we're, we're seeing and we've heard it all here, ops and security teams cuz they're kind of too part of one theme, but ops and security specifically need to catch up speed wise. Are you delivering that value to ops and security? Right. >>So we, we work with ops and security teams and infrastructure teams and we layer on top of that. We have like a platform team. If you think about it, depending on where you have data centers, where you have infrastructure, you have multiple teams, okay, but you need a unified platform. Who's your buyer? Our buyer is usually, you know, the product divisions of companies that are looking at or the CTO would be a buyer for us functionally cio definitely. So it it's, it's somewhere in the DevOps to infrastructure. But the ideal one we are beginning to see now many large corporations are really looking at it as a platform and saying we have a platform group on which any app can be developed and it is run on any infrastructure. So the platform engineering teams, >>You working two sides of that coin. You've got the dev side and then >>And then infrastructure >>Side side, okay. >>Another customer like give you an example, which I would say is kind of the edge of the store. So they have thousands of stores. Retail, retail, you know food retailer, right? They have thousands of stores that are on the globe, 50,000, 60,000. And they really want to enhance the customer experience that happens when you either order the product or go into the store and pick up your product or buy or browse or sit there. They have applications that were written in the nineties and then they have very modern AIML applications today. They want something that will not have to send an IT person to install a rack in the store or they can't move everything to the cloud because the store operations has to be local. The menu changes based on, It's a classic edge. It's classic edge. Yeah. Right. They can't send it people to go install rack access servers then they can't sell software people to go install the software and any change you wanna put through that, you know, truck roll. So they've been working with us where all they do is they ship, depending on the size of the store, one or two or three little servers with instructions that >>You, you say little servers like how big one like a net box box, like a small little >>Box and all the person in the store has to do like what you and I do at home and we get a, you know, a router is connect the power, connect the internet and turn the switch on. And from there we pick it up. >>Yep. >>We provide the operating system, everything and then the applications are put on it. And so that dramatically brings the velocity for them. They manage >>Thousands of them. True plug and play >>Two, plug and play thousands of stores. They manage it centrally. We do it for them, right? So, so that's another example where on the edge then we have some customers who have both a large private presence and one of the public clouds. Okay. But they want to have the same platform layer of orchestration and management that they can use regardless of the location. So >>You guys got some success. Congratulations. Got some traction there. It's awesome. The question I want to ask you is that's come up is what is truly cloud native? Cuz there's lift and shift of the cloud >>That's not cloud native. >>Then there's cloud native. Cloud native seems to be the driver for the super cloud. How do you talk to customers? How do you explain when someone says what's cloud native, what isn't cloud native? >>Right. Look, I think first of all, the best place to look at what is the definition and what are the attributes and characteristics of what is truly a cloud native, is CNC foundation. And I think it's very well documented where you, well >>Con of course Detroit's >>Coming here, so, so it's already there, right? So, so we follow that very closely, right? I think just lifting and shifting your 20 year old application onto a data center somewhere is not cloud native. Okay? You can't put to cloud native, you have to rewrite and redevelop your application and business logic using modern tools. Hopefully more open source and, and I think that's what Cloudnative is and we are seeing a lot of our customers in that journey. Now everybody wants to be cloudnative, but it's not that easy, okay? Because it's, I think it's first of all, skill set is very important. Uniformity of tools that there's so many tools there. Thousands and thousands of tools you could spend your time figuring out which tool to use. Okay? So I think the complexities there, but the business benefits of agility and uniformity and customer experience are truly them. >>And I'll give you an example. I don't know how clear native they are, right? And they're not a customer of ours, but you order pizzas, you do, right? If you just watch the pizza industry, how dominoes actually increase their share and mind share and wallet share was not because they were making better pizzas or not, I don't know anything about that, but the whole experience of how you order, how you watch what's happening, how it's delivered. There were a pioneer in it. To me, those are the kinds of customer experiences that cloud native can provide. >>Being agility and having that flow to the application changes what the expectations of the, for the customer. >>Customer, the customer's expectations change, right? Once you get used to a better customer experience, you learn >>Best car. To wrap it up, I wanna just get your perspective again. One of the benefits of chatting with you here and having you part of the Super Cloud 22 is you've seen many cycles, you have a lot of insights. I want to ask you, given your career where you've been and what you've done and now the CEO platform nine, how would you compare what's happening now with other inflection points in the industry? And you've been, again, you've been an entrepreneur, you sold your company to Oracle, you've been seeing the big companies, you've seen the different waves. What's going on right now put into context this moment in time around Super >>Cloud. Sure. I think as you said, a lot of battles. Cars being been, been in an asp, been in a realtime software company, being in large enterprise software houses and a transformation. I've been on the app side, I did the infrastructure right and then tried to build our own platforms. I've gone through all of this myself with a lot of lessons learned in there. I think this is an event which is happening now for companies to go through to become cloud native and digitalize. If I were to look back and look at some parallels of the tsunami that's going on is a couple of paddles come to me. One is, think of it, which was forced to honors like y2k. Everybody around the world had to have a plan, a strategy, and an execution for y2k. I would say the next big thing was e-commerce. I think e-commerce has been pervasive right across all industries. >>And disruptive. >>And disruptive, extremely disruptive. If you did not adapt and adapt and accelerate your e-commerce initiative, you were, it was an existence question. Yeah. I think we are at that pivotal moment now in companies trying to become digital and cloudnative that know that is what I see >>Happening there. I think that that e-commerce was interesting and I think just to riff with you on that is that it's disrupting and refactoring the business models. I think that is something that's coming out of this is that it's not just completely changing the game, it's just changing how you operate, >>How you think, and how you operate. See, if you think about the early days of eCommerce, just putting up a shopping cart didn't made you an eCommerce or an E retailer or an e e customer, right? Or so. I think it's the same thing now is I think this is a fundamental shift on how you're thinking about your business. How are you gonna operate? How are you gonna service your customers? I think it requires that just lift and shift is not gonna work. >>Mascar, thank you for coming on, spending the time to come in and share with our community and being part of Super Cloud 22. We really appreciate, we're gonna keep this open. We're gonna keep this conversation going even after the event, to open up and look at the structural changes happening now and continue to look at it in the open in the community. And we're gonna keep this going for, for a long, long time as we get answers to the problems that customers are looking for with cloud cloud computing. I'm Sean Feer with Super Cloud 22 in the Cube. Thanks for watching. >>Thank you. Thank you, John. >>Hello. Welcome back. This is the end of our program, our special presentation with Platform nine on cloud native at scale, enabling the super cloud. We're continuing the theme here. You heard the interviews Super Cloud and its challenges, new opportunities around the solutions around like Platform nine and others with Arlon. This is really about the edge situations on the internet and managing the edge multiple regions, avoiding vendor lock in. This is what this new super cloud is all about. The business consequences we heard and and the wide ranging conversations around what it means for open source and the complexity problem all being solved. I hope you enjoyed this program. There's a lot of moving pieces and things to configure with cloud native install, all making it easier for you here with Super Cloud and of course Platform nine contributing to that. Thank you for watching.

>>The Cube presents UI Path Forward five, brought to you by UI Path. >>Hi everybody. Welcome to Las Vegas. We're here in the Venetian, formerly the Sans Convention Center covering UI Path Forward five. This is the fourth time the Cube has covered forward, not counting the years during Covid, but UiPath was one of the first companies last year to bring back physical events. We did it at the Bellagio last year, Lisa Martin and myself. Today, my co-host is David Nicholson, coming off of last week's awesome CrowdStrike show back here in Vegas. David talking about UI path. UI path is a company that had a very strange path, as I wrote one time to IPO this company that was founded in 2005 and was basically a development shop. And then they realized they got lightning in a bottle with this RPA thing. Yeah. And Daniel Deez, the founder of the company, just really drove it hard and they really didn't do any big kind of VC raise for several years. >>And then all of a sudden, boom, the rocket ship took off, kind of really got out over their skis a little bit, but then got to IPO and, and has had a very successful sort of penetration into the market. The IPO obviously has not gone as well. We can talk about that, but, but they've hit a billion dollars in arr. There aren't a lot of companies that, you know, have hit a billion dollars in ARR that quickly. These guys had massive valuations that were cut back, obviously with the, with the downturn, but also some execution misuses. But the one thing about UiPath, Dave, is they've been very successful at penetrating customers. And that's the thing you always get at forward customer stories. And the other thing I'll, I'll, I'll add is that it started out with the narrative was, oh, automation software, robots, they're gonna take away jobs. The opposite has happened, the zero unemployment. Now basically we're heading into a recession, we're actually probably in a recession. And so how do you combat a recession? You put automation to work and gain if, if, if, if inflation is five to 7% and you can get 20% from automation. Well, it's a good roi. But you sat in the keynotes, it was really your first exposure to the company. What were your thoughts? >>Yeah, I think the whole subject is interesting. I think if you've been involved in tech for a while, the first thing you think of is, well, hold on a second. Isn't this just high tech scripting? Aren't you essentially just automating stuff? How, how cool can that possibly be? >>Well, it kinda was in the >>Beginning. Yeah, yeah. But, but, but when you dig into it, to your, to your point about the concern about displacing human beings, the first things that can automate it are the mundane and the repetitive tasks, which then frees individuals up frontline individuals who are doing those tasks to do more strategic things for the business. So when you, when we, you know, one of the things that was talked about in the keynote was this idea of an army of citizen developers within an organization. Not, you know, not just folks who are innovating and automating at the core of enterprise applications, but also folks out on the front line automating the tasks that are interfering with their productivity. So it seems like it's a win-win for, for everybody throughout the enterprise. >>Yeah. So let's take a, let's take folks through the, the keynote to, basically we learned there are 3,500 people here, roughly, you know, we're in the Venetian and we do a lot of shows at, at the Venetian, formerly the San Convention Center. The one thing about UiPath, they, they are a cool company. Yeah, they are orange colors, kinda like pure storage, but they got the robots moving around. The setup is very nice, it's very welcoming and very cool, but 300 3500 attendees, including partners and UiPath employees, 250 sessions. They've got a CIO, automation council and a pickleball court inside this hall, which pickleball is, you know, all the rage. So Bobby, Patrick and Mary Telo kicked it off. Bobby's the cmo, Mary's the head of branding, and Bobby raised four themes. It it, this is a tool that it's, this is RPA is going from a tool to a way of operating and innovating. >>The second thing is, the big news here is the UI path business platform, something like that. They're calling, but they're talking about about platform and they're really super gluing that to digital transformation. The third is really outcomes shifting from tactical. I have a robot, a software robot on my desk doing, you know, mimicking what I do with the script to something that's transformative. We're seeing this operationalized very deeply. We'll go into some examples. And then the fourth theme is automation is being featured as a strategic line item in annual reports. Bobby Patrick, as he left the stage, I think he was commenting on my piece where I said that RPA automation is more discretionary than some other things. He said, this is not discretionary, it's strategic. You know, unfortunately when you're heading into a recession, you can, you can put off some of the more strategic items. However, the flip side of that, Dave, is as they were saying before, if you're gonna, if if you're, if you're looking at five to 7% inflation may be a way to attack that is with automation. Yeah. >>There's no question, there's no question that automation is a way to attack that. There's no question that automation is critical moving forward. There's no question that we have moved. We're in the, you know, we're, we're still in the age of cloud, but automation is gonna be absolutely critical. The question is, what will UI path's role be in that market? And, and, and when you hear, when you hear UI path talk about platform versus tool sets and things like that, that's a critical differentiator because if they are just a tool, then why wouldn't someone exploit a tool that is within an application environment instead of exploiting a platform? So what I'm gonna be looking for in terms of the, the folks we talked to over the next few days is this question of, you know, make the case that this is actually a platform that extends across all kinds of application environments. If they can't seize that high ground moving forward, it's it's gonna be, it's gonna be tough for them. >>Well, they're betting the company on >>That, that's Rob Ensslin coming in. That's why he's part of the, the equation. But >>That platform play is they are betting the company. And, and the reason is, so the, the, the history here is in the early days of this sort of RPA craze, Automation Anywhere and UI path went out, they both raised a ton of money. UI Path rocketed out to the lead. They had a much e easier to install, you know, Automation Anywhere, Blue Prism, some of the other legacy business process folks, you know, kind of had on-prem, Big Stacks, UiPath came in a really simple self-serve platform and took off and really got a foothold in the market. And then started building or or making some of these acquisitions like Process Gold, like cloud elements, which is API automation. More recently Reiner, We, which is natural language processing. We heard them up on the stage today and they've been putting that together to do not just rpa but process mining, task mining, you know, document automation, et cetera. >>And so Rob Ins insulin was brought in from Google, formerly Google and SAP, to really provide that sort of financial and go to market expertise as well as Shim Gupta who's, who's the cfo. So they, they, and they were kinda late with that. They sort of did all this post ipo. I wish they had done it, you know, somewhat beforehand, but they're sort of bringing in that adult supervision supervision that's necessary. Rob Sland, I thought was very cogent. He was assertive on stage, he was really clear, he was energetic. He talked about the phases, e r p, Internet cloud and the now automation is a new S-curve. He quoted a Forester analyst talking about that. He also had a great quote. He said, you know, the old adage better, faster, cheaper, pick two. He said, You don't have to do that anymore with automation. He cited reports from analysts, 50% efficiency improvement, 40% productivity improvement, 40% improvement in customer satisfaction. >>And then what I always, again, love about UiPath is they're no shortage of customers. They do as good a job as anybody, and I think I would say the best of, of, of getting customers to talk about their experiences. You'll see that on the cube all this week, talked about Changi airport from Singapore. They're adding 50 able to service 50 million new customers, new travelers with no new headcount company called Vital or retail. And how you say that a hundred thousand employees having access to it. Uber, 150% ROI in one year. New York state getting 1.2 million relief checks out in two weeks and identifying potentially 12 billion in fraud. They also talk about 25% of the, of the UI path finance team is digital. And they've, they've only incremented headcount, you know, very slightly one and a half times their revenue's grown. What a 10 x? And really he talked about how to, for how to turn automation into a force multiplier for growth. And to your point, I think that's their challenge. What were your thoughts on Rob ens insulin's keynote? >>First of all, in addition to his background, Rob brings a brand with him. Rob Ensslin is a brand, and that brand is enterprise overarching platform. Someone you go to for that platform play, not for a tool set. And again, I'll, I'll say it again. It's critically important that they, that they demonstrate this to the marketplace, that they are a platform worth embracing as opposed to simply a tool set. Because the large enterprise software providers are going to provide their own tool sets within their platforms. And if you can't convince someone that it's worth doing two things instead of one thing, you're, you're, you're never gonna make it. So I've had experiences with Rob when he was at Google. He's, he's, he's the right person for the job and I, and I I I buy into his strategy and narrative about where we are and the critical nature of automation question remains, will you I path to be able to benefit from that trend. >>So a couple things on that. So your point about sap, you know, is right on EY was up on stage. They, EY is a huge SAP customer and they chose UI path to automate their SAP installation, right? And they're going all in with UI path as a partner. Of course. I I often like to say that the global system integrators, they like to eat at the trough, right? When you see GSIs like EY and others coming into the ecosystem, that means there's business being done. We saw Orange up on stage, which was really interesting. >>Javier from Spain. Yeah. Yep. >>Talking about he had this really cool dashboard and then Ted Coomer was talking about the business automation platform and all the different chapters and the evolution. They've gotta get to a platform play because the thing I failed to mention is Microsoft a couple years ago made a tuck in acquisition and got it to this market really providing individual automations and making it, you know, it's Microsoft, they're gonna make it really easy to add it really >>Cheaply. SAP would tell you that they have the same thing and, >>And then, and then just grow from that. So UiPath has to pivot to a platform play. They started this back in 2019, but as you know, it takes a long time to integrate stuff. Okay. So they're, they're, they're working through that. But this is, you know, Rob ends and put up on the, the slide go big, I, I tweeted, took a page outta Michael Dell. Go big or go home. Final thoughts before we break? >>I think go big or go home is pretty much sums it up. I mean this is, this is an existential mission that UiPath is on right now, starting to stay forward. They need to seize that high ground of platform versus tool set. Otherwise they will never get beyond where they are now. I I I, I do wanna mention too, to folks in the audience, there's a huge difference between a billion dollar valuation and a billion dollars in revenue every year. So, so, you know, these, these guys have reached a milestone, there's no question about that. But to get to that next level platform, platform, platform, and I know we'll be, we'll be probing our guests on that question over the next couple years. >>Yeah. And the key is obviously gonna be keep servicing the customers, you know, all the financial machinations and you know, they reduced yesterday their guidance from the high end being 25% ARR growth down to roughly 20% when you, when you factor out currency conversions. UiPath has a lot of business overseas. They're taking that overseas revenue and converting it back to dollars though dollars are appreciated. So they're less of them. I know this is kind of the inside baseball, but, but we're gonna get into that over the next two days. Dave Ante and Dave, you're watching the Cubes coverage of UI path forward, five from Las Vegas. We'll be right back, right after this short break.

>>Hello, everyone. Welcome to the cubes presentation of the a startup showcase. This is our season two episode four of the ongoing series covering exciting hot startups from the a AWS ecosystem. And here we talk about cybersecurity. I'm John furrier, your host we're joined by Carl Mattson, CISO, chief information security officer of no name security, keep alumni. We just chatted with you at reinforce a business event. We're here to talk about securing APIs from code to production. Carl, thanks for joining. >>Good to see you again. Thanks for the invitation, John. >>You know, one of the hottest topics right now about APIs is, you know, it's a double edged sword, you know, on one hand, it's the goodness of cloud APIs make the cloud. That's the API first. Now you're starting to see them all over the place. Is APIs everywhere, securing them and manage them. It's really a top conversation at many levels. One, you're gonna have a great API, but if you're gonna manipulate the business logic, that's a problem too. So a lot going on with APIs, they're the underpinnings of the modern enterprise. So take us through your view here. How are you guys looking at this? You want to continue to use APIs, they're critical connective tissue in the cloud, but you also gotta have good plumbing. Where, what do you do? How do you secure that? How do you manage it? How do you lock it down? >>Yeah, so the, the more critical APIs become the more important it becomes to look at the, the API as really a, a, a unique class of assets, because the, the security controls we employ from configuration management and asset management, application security, both testing and, and protection like, like EDR, the, the, the platforms that we use to control our environments. They're, they're, they're poorly suited for APIs. And so >>As the API takes prominence in the organization, it goes from this sort of edge case of, of, of a utility now to like a real, a real crown jewel asset. And we have to have, you know, controls and, and technologies in place and, and, and skilled teams that can really focus in on those controls that are, that are unique to the API, especially necessary when the API is carrying like business critical workloads or sensitive data for customers. So we really have to, to sharpen our tools, so to speak, to, to focus on the API as the centerpiece of a, of an application security program, >>You know, you guys have a comprehensive view. I know the philosophy of the company is rooted in, in, in API life cycle development management runtime. Can you take a minute to explain and give an overview of no name security? And then I wanna jump into specifically the security platform and the capabilities. >>Sure. So we're an API security company just under three years old now. And, and we we've taken a new look at the API, looking at it from a, from a, a full lifecycle perspective. So it, it, isn't new to application security professionals that APIs are, are a software asset that needs to be tested for security, vulnerabilities, security testing prior to moving into production. But the reality is, is the API security exposures that are hitting the news almost every day. A lot of those things have to do with things like runtime errors and misconfigurations or changes made on the fly, cuz APIs are, are changed very rapidly. So in order for us to counter API risks, we have to look at the, the full life cycle from, from the moment the developer begins, coding the source code level through the testing gates, through the, the operational configuration. And then to that really sophisticated piece of looking at the business logic. And, and as you mentioned, the, the business logic of the API is, is unique and can be compromised with, with exploits that, that are specific to an API. So looking at the whole continuum of API controls, that's what we focused on. >>It's interesting, you know, we've had APIs for a while. I mean, I've never heard and seen so much activity now more than ever around APIs and security. Why is it recently we're seeing this conversation increase with specific solutions and why are we seeing more breaches and concerns about security? Because APIs are hardened. I mean, like, what's the big deal. Why now what's the big focus? Why is APIs becoming more in the conversation for CSOs and companies to secure? And why is it a problem? >>Well, take, take APIs that we had, you know, eight, 10 years ago, most of those were, were internally facing APIs. And so there were a lot of elements of the API design that we would not have put in place if we had intended that to be public facing authentication and authorization. That that was, is we kind of get away with a little bit of sloppy hygiene when it's internal to the network. But now that we're exposing those APIs and we're publishing APIs to the world, there's a degree of precision required. So when we, when we put an API out there for public consumption, the stakes are just much higher. The level of precision we need the business criticality, just the operational viability and the integrity of that API has to be precise in a way that really wasn't necessary when the API was sort of a general purpose internal network utility as it was in the past. And then the other, other area of course, is then just the sheer use of a API at the infrastructure layer. So you think about AWS, for example, most of the workloads in the modern cloud, they communicate and talk via API. And so those are even if they're internally facing APIs misconfigurations can occur and they could be public facing, or they could be compromised. And so we wanna look at all, all of the sort of facets of APIs, because now there's so much at stake with getting API security, right. >>You know, this brings up the whole conversation around API to API, and you guys talk about life cycle, right? The full life cycle of an API. Can you take me through that and what you mean by that? Because, you know, some people will say, Hey, APIs are pretty straightforward. You got source code, you can secure it. Code scanning, do a pen test. We're done why the full cycle approach is it because APIs are talking to third parties? Is it because what I mean, what's the reason what, what's the focus, why full life cycle of an API? Why should a company take this approach? >>Sure. So there's, there's really three sort of primary control areas that we look at for, for APIs as like what I call the traditional controls. There would be those to, to test and ensure that the source code itself has as quality or is, is secure. And that can, that can, of course, usually a step one. And that's, that's an important thing to, to do, but let's say let's for the sake of discussion that API that is designed securely is deployed into production, but the production environment in which it's deployed, doesn't protect that API the way that the developer intended. So a great example would be if an API gateway doesn't enforce the authentication policy intended by the developer. And so there we have, there's not the developer's fault. Now we have a misconfiguration in production. And so that's a, that's a type of example also where now a, an attacker can send a sort of a single request to that API without authentication or with, you know, misformed authentication types and, and succeed resulting in data. >>The waft didn't protect against it. It was secure code. And so when we look at the sequence of API controls, they all really have to be in sync because source code is really the first and most important job, but good, good API design and source code doesn't solve all challenges for their production environment. We have to look at the whole life cycle in order to counter the risk IBM's research last year in its X worth survey, estimated that 60% of all API breaches are due to misconfiguration, not to source code design. And so that's really where we have to marry the two of the runtime protection configuration management with the, the, the source code testing and design. >>It's, it's interesting, you know, we've all been around the block, we've seen the early days and you know, it was really great back in the day you sling an API, Hey, you know, Carl, you have an API for that. Oh, sure. I'll bang it out tonight. You know? So, so the, you know, they've gotten better, I'm over simplifying, but you get the idea they've been kind of really cool to work with and connect with systems. It's now plumbing. Okay. So organizations have, are dealing with this, they're dealing with APIs and more of them, how do they know where they stand? Is there like a API discovery capability? What do they do? What does a CSO do? What does a staff do saying, okay, you know what? We don't wanna stop the API movement cuz that's key to the cloud. How do we reign it in? How do we reign in the chaos? What do they do? Is there playbook? What does, how does an organization know exactly where it stands with the state of their APIs? >>Yeah. That, and that's usually where we started a discussion with a, with a customer is, is, is a diagnosis, right? Because when we, when we look at sort of diagnosing what our API risk exposure, the, you know, the, the first critical control is always know your assets and, and that we, we have to discover them. So we, we, we employ usually discovery as the very first step to see the full ecosystem of APIs, whether they're internal, external facing, whether they're routed through a gateway or whether they're routed through a WF, we have to see the full picture and then analyze that API footprint in terms of its network context, it's vulnerabilities, it's configuration qualities so that we can see a picture of where we are now in, in any particular organization, we may find that there's a, a, a, a high quality of source code. >>Perhaps the gaps are in configuration, or we may see the reverse. And so we, we don't necessarily make an assumption about what we'll find, but we know that that observability is really the, the first step in that, in that process is just to really get a firm sort of objective understanding of, of where the APIs are. And, and the really important part about the, the observability to the API inventory is to do it with the context also of the sense of the data types. Because, you know, for example, we see organizations, our own research showed that for organizations over 10,000 employees, the average population of APIs is over 25,000 in each organization, 25,000 AP thousand APIs is an extraordinary amount to, to even contemplate a human understanding of. So we have to fingerprint our APIs. We have to look at the sensitive data types so that we can apply our intellect and our resources towards protecting those APIs, which have, which are carrying sensitive data, or which are carrying critical workloads, because there are a lot of APIs that still remain today, even sort of internally facing utilities, work courses that keep the lights on, but not particularly high risk when it comes to sensitive data. >>So that, that, that triage process of like really honing in on the, on the high risk activity or the high risk APIs that they're carrying sensitive data, and then then sort of risk exposure assessing them and to see where an organization is. That's always the first step, >>You know, it's interesting. I like your approach of having this security platform that gives the security teams, the ability to kinda let the developers do their thing and, and then have this kind of security ops kind of platform to watch and monitor and any potential attacks. So I can see the picture there. I have to ask you though, as a CSO, I mean, what's different now, because back in the old days where API's even on the radar and two, there's a big discussion around software supply chain. This kind of this API is now a new area. As you'd been referring to people, stealing data, things are in transit with APIs. What is the, the big picture, if you had to kind of scope out the magnitude of like the API problem and, and relevance for a fellow CSO, how, how would you have that conversation? You'd be like, Hey, APIs are outta control. You gotta reign it in. Or is it a 10 and a 10? Is it a eight? I mean, yep. Take me through a conversation you're having with security teams or other CSOs around the magnitude of the scoped scoping the problem. >>Yeah. So I, I think of the, the, the API sort of problem space has a lot of echoes to the, to the conversations and the thought processes we were having about public cloud adoption a few years ago. Right. But there was, there were early adopters of public cloud and, and over the course of time, there was sort of a, an acquiescence to public cloud services. And now we have like actually like robust enterprise grade controls available in public cloud. And now we're all racing to get there. If we, if we have anything in the data center left, we're, we're trying to get to the public cloud as fast as possible. And so I think organization by organization, you'll, you'll see a, a, a reminiscent sort of trajectory of, of API utilization, because like an application we're out of gone are the days of the monolithic application, where it's a single, you know, a single website with one code base. >>And I kind of compare that to the data center, this comparison, which is the monolithic application is now sort of being decomposed into microservices and APIs. There are different differences in terms of how far along that decomposition into microservices and organization is. But we definitely see that the, that that trend continues and that applications in the, you know, three to five to 10 year timeframe, they increasingly become only APIs. So that an organization's app development team is almost exclusively creating APIs as, as the, as the output of software development. Whereas there's a, there's a journey to, towards that path that we see. And so, so a security team looking at this problem set, what I, you know, advise for, for a CISO. The looking at this maybe for the first time is to think about this as this is the competency that we, our security teams need to have. That competency may, may be at different degrees of criticality, depending on where that company is in transition. But it's not a, it's not a question of if it's a question of when and how fast do we need to develop this competency in a team because our applications will become almost exclusively APIs over time, just like our infrastructures are on the way to becoming almost exclusively public cloud hosted over time. >>Yeah. I mean, get on the API bus basically is the message like, look it, if you're not on this, you're gonna have a lot of problems. So in a way there's a proactive nature here for security teams at the same time, it's still out there and growing, I mean, the DevOps movement was essentially kind of cavalier, very Maverick oriented, sling APIs around no problem, Linga Franco connecting to other systems and API to an endpoint to another application. That's what it was. And so as it matures, it becomes much more of a, as you say, connective tissue in the cloud native world, this is real. You agree with that obviously? >>Yeah, absolutely. I mean, I think that the, I think that these, these API connections are, are, are the connective tissue of most of what we do right now. Even if we are, are not, you know, presently conscious of it, but they're, they're increasingly gonna become more and more central. So that's, that's, that's a, that's a journey whether, whether the, the focus on API security is to let's say, put the toothpaste back in the tube for something that's already broken, or whether it is preventative or prep preparing for where the organization goes in the future. But both of those, both of those are true. Or both of those are valid reasons to emphasize the investment in API security as a, as a talent processes, technologies all the above. >>Okay. You sold me on I'm the customer for a minute. Okay. And now I'm gonna replay back to you. Hey, Carl, love it. You sold me on this. I'm gonna get out front we're we're in lift and shift mode, but we can see APIs as we start building out our cloud native. And, but I'm really trying to hire a team. I got a skills gap here too. Yep. That's one customer. Yep. The other customers, Hey man, we've been on this train for a while. Kyle. We, we, we feel you, we in DevOps pioneer, we're now scaling out. We got all kinds of sprawl, API sprawl. How do I reign it in? And what do you guys do? What's your answer to those scenarios from a security platform perspective and how does that, what's the value proposition in those scenarios? >>I think the value proposition of what we've done is really to, to lean into the API as the, as the answer key to the problem set. So, you know, whether it's integrating security testing into a code repo, or a C I C D pipeline, we can automate security testing and we can do that very efficiently in, in such a way that one applic when a one API security specialist with the right tools, it ins insulates the organization from having to go out and hire 10 more people, because they've all, all of a sudden have this explosive growth and development. There's so much about API security that can capitalize on automation and capitalize on API integrations. So the API integrations with web application firewalls, with SIM systems, those types of workflows that we can automate really do empower a team to, to use automation to scale and to approach the problem set without needing to go to the, the, sort of the impossible ask of growing these growing teams of people with special skills and, and who aren't available anyways, or they're extremely expensive. So we definitely see ourselves as, as a, as a sort of leaning into the API as, as part of the answer and creating opportunities for automation. >>Yeah. So I got one more kind of customer role play here. I says, I love this. This is a great conversation. You know, there's always the, the person in the room, Carl, hold on, boss. This is gonna complicate everything on the network layer, application changes. There's a lot of risks here. I'm nervous. What's your, how do you guys handle that objection that comes up all the time. You know, the, the person that's always blocking deals like, oh, it's risky implementing no name or this approach. How do you, how do you address the frictionless nature of developers? Wanna try stuff now they wanna get it in and they wanna try things. How do you answer the quote, complication or risk to network and application changes? >>Sure. Two, two really specific answers. The, the first is, is for the developers. We wanna put a API security in their hands because when they can, when they can test and model the security risks on their APIs, while they're developing, like in their IDE and in their code repos, they can iterate through security fixes and bugs like lightning fast. And they, and developers Le really appreciate that. They appreciate having the instant feedback loop within their workspace, within their workbench. So developers love being able to self-service security. And we want to empower developers to, to do that. Self-service rather than tossing code over the fence and waiting two weeks for the security team to test it, then tossing it back with a list of bugs and defects that annoys everybody. It's an inefficient. So >>For the record, just for the record, you guys are self-service to the developers. >>Yeah. Self-service to the developers. And that's really by customer sort of configuration choices. There are configuration choices that have, for example, the security team, establishing policy, establishing boundaries for testing activities that allow the developers to test source code iterate through, you know, defect, fixes, things like that. And then perhaps you establish like a firm control gate that says that, you know, vulnerabilities of, of medium and above are a, have to be remediated prior to that code committing to the next gate. That's the type of control that the security policy owner can can apply, but yes, the developers can self-service service and the, and the security team can set the threshold by which the, the, the, the source code moves through the SDLC. Everybody will. Yep. Exactly. And, and, but we're, we have to, we have to practice that too, because that's a, that's a new way of, of, of the security team and the developers interacting. >>So we, we, we, we have to have patterns that that teams can then adopt procedurally because we aren't, we aren't yet accustomed to having a lot of procedures that work that way. So yeah, we, we have templates, we've got professional services that we want to help those teams get that, that equation, right? Because it it's a, it's a truly win-win situation when you can really stick the landing on getting the developers, the self-service options with the security team, having the confidence level that the controls are employed. And then on, on the network side, by the way, I, I too am mortified of breaking infrastructure and, and which is exactly why, you know, what, what we do architecturally out of band is, is really a, a game changer because there are technologies we can put in, in line, there are disruptors and operational risks that we can incur when we are, where we utilizing a technology that, that can break things, can break business, critical traffic. >>So what we do is we lean into the, the, the sort of the network nodes and the, and the hosts that the organization already has identifying those APIs, creating the behavioral models that really identify misuse in progress, and then automate, blocking, but doing that out of, out of band, that's really important. That's how I feel about our infrastructure. I, I don't want sort of unintended disruption. I want, I want to utilize a platform that's out of band that I can use. That's much more lightweight than, you know, putting another box in, in the network line. Yeah, >>What's interesting is what you're talking about is kind of the new school of thought. And the script has flipped. The old school was solve complexity with more complexity, get in the way, inject some measurements, software agents on the network, get in the way and the developer, Hey, here's a new tool. We agreed in a, in a vacuum, go do this. I think now more than ever, developers are setting the agenda on, on, on the tooling, if it's, and it has to be self-service at our super cloud event that was validated across the board. That if it's self-service, it's gotta be self-service for the developer. Otherwise they won't use it pretty much. >>Oh, well, I couldn't agree more. And the other part too, is like, no matter what business we're in the security business is, is yeah, it has to honor like the, the, the business need for innovation. We have to honor the business need for, for, for speed. And we have to do our best to, to, to empower the, the sort of the strategy and empower the intent that the developers are, are delivering on. And yes, we need to be, we need to be seeking every opportunity to, to lift that developer up and, and give them the tools sort of in the moment we wanna wrap the developer in armor, not wake them down with an anchor. And that's the, that's the thing that we, we want to keep striving towards is, is making that possible for the security team. >>So you guys are very relevant right now. APIs are the favorite environment for hackers was seeing that with breaches and in the headlines every day, I love this comprehensive approach, developer focused op security team enablement, operationally relevant to all, all, all parties. I have to ask you, how do you answer and, and talk about the competition, cuz with the rise of this trend, a lot of more people entering this market, how should a customer decide between no name and everyone else pitch in API security? What's the, is there nuances? Is there differences? How do you compare what's the differentiation? >>Yeah, I think, you know, the, the, the first thing to mention is that, you know, companies that are in the space of API security, we, we have a lot more in common. We probably have differences cause we're focused on the same problems, but there's, there's really two changes that we've made bringing to market an API platform. Number one is to look full lifecycle. So it used to be that you could buy, you know, DAST and SAS software testing tools, no name has API testing in, so, you know, for source code and for pipeline integrations along with then the runtime and posture management, which is really the production network. And so we really do think that we span east west a much broader set of controls for the API. And then the second characteristic is, is architectural fit. Particularly in a runtime production environment, you have to have a solution that does, does not create significant disruptions. >>It doesn't require agent deployment that can maximize the, the, the infrastructure that an organization already has. So we think our, you know, a big advantage for us in, in the production environment is that we can, we can adapt to the contour of the customer. We don't have to have the customer adapt to the contour of our architecture. So that flexibility really serves well, particularly with complex organizations, global organizations or those that have on, you know, data centers and, and, and public cloud and, and multiple varieties. So our ability to sort of adapt to a customer's architecture really makes us sort of like a universal tool for organizations. And we think that's really, you know, bears out in the, in the customers, in the large organizations and enterprises that have adapted us because we can adapt really any condition. >>Yeah. And that's great alignment too, from an execution consumption standpoint, it's gotta be fast with a developer. You gotta be frictionless as much as possible. Good stuff there. I have to ask you Carl, as, as you are a CISO chief information security officer, you know, your peers are out there. They're they're, they got, man there's so much going on around them. They gotta manage the current, protect the future and architect, the next level infrastructure for security. What do you, what do you see out there as a CSO with your peers in the marketplace? You know, practitioners, you know, evaluating companies, evaluating technologies, managing the threat landscape, unlimited surface area, evolving with the edge coming online, what's on their mind. How do you see it? What's your, what's your view there? What's your vision if you were, if you were in the hot seat in a big organization, I mean, obviously you're got a hot seat there with no name, but you're also, you know, you're seeing both sides of the coin at no name, you know, the CISO. So are they the frog and boiling water right now? Or like, like what's going on in their world right now? How would you describe the state of, of the CISO in cyber security? >>Yeah, there's, there's, there's two kind of tactical themes. I think almost every CISO shares the, the, the, the, the first tactical theme is, is I as a CISO. I probably know there's a technology out there to solve a little bit of every problem possible. Like, that's you objectively true. But what I don't wanna do is I don't wanna buy 75 technologies when I could buy 20 platforms or 12 that could solve that problem set. So the first thing I wanna do is as I, I want to communicate what we do from the perspective of, of like a single platform that does multiple things from source code testing, to posture and configuration to runtime defense, because I, a CISO's sensibilities is, is, is, is challenged by having 15 technologies. I really just want a couple to manage because it's complexity that we're managing when we're managing all these technologies. >>Even if something works for a point problem set, I, I don't want another technology to implement and manage. That's, that's just throwing money. Oftentimes at, at suboptimal, you know, we're not getting the results when we just throw tools at a problem. So the, that that platform concept is I think really appealing cuz every CSO is looking to consider, how do I reduce the number of technologies that I have? The second thing is every organization faces the challenge of talent. So what are, what are my options for talent, for mitigating? What is sort of, I, I can't hire enough qualified people at a remotely reasonable price to staff, what I'd like to. So I have to pursue both the utilizing third parties who have expertise in professional services that I can deploy to, to, to, to solve my problems, but also then to employing automation. So, you know, the, a great example would be if I have a team that has a, you know, a five person application security team, and now next year, my applications security or my, my applications team is gonna develop three times the number of, of applications and APIs. >>I can't scale my team by a factor of three, just to meet that demand. I have to pursue automation opportunities. And so we really want to measure the, the, the successes that we can achieve with automation so that a CISO can look at us as, as an answer to complexity rather than as a source of new complexity, because it is true that we're overwhelmed with the options at our disposal. Most of those options create more complexity than they solve for. And, and, you know, I pursue that in, in my practice, which is to, is to figure out how to sort of limit the complexity of what is already very complicated, you know, role and protecting an organization. >>Got it. And when you, when, when the CSO says Carl, what's in it for me with no name, what's the answer, what's the bumper bumper sticker. >>It, it's reducing complexity. It's making a very sophisticated problem. Set, simple to solve for APIs are a, are a class of assets that there's an answer for that answer includes automation and includes professional services. And we can, we can achieve a high degree of sophistication relatively speaking with a low amount of effort. When we look across our security team, this is a, this is a solvable problem space and, and we can do so pretty efficiently. >>Awesome. Well call, thank you so much for showcasing no name. And the last minute we have here, give a quick plug for the company, give a little stats, some factoids that people might be interested in. How big is the company? What are you guys doing enthusiastic about the solution? Share some, yep. Give the plug. >>Sure. We're, we're, we're a company of just about 300 employees now all across the globe, Asia Pacific, north America, Europe, and the middle east, you know, tremendous success with the release of our, of our software testing module, which we call active testing. We have such a variety of ways also to, to sort of test and take Nona for a test drive from sandboxes to POVs and, and some really amazing opportunities to, to show and tell and have the organizations diagnose quickly where, where they are. And so we, we love to, we love to, to, to show off the platform and, and let people take it for a test drive. So, you know, no name, security.com and any, anywhere in the world, you are, we can, we can deploy a, a, a sales engineer who can help show you the platform and, and show you all the things that, that we can, we can offer for the organization. >>Carl, great insight. Thank you again for sharing the stats and talk about the industry and really showcasing some of the key things you guys are doing in the industry for customers. We really appreciate it. Thanks for coming on. >>Thanks John. Appreciate it. >>Okay. That's the, this is the ADBU startup showcase. John fur, your host season two, episode four of this ongoing series covering the exciting new growing startups from the AWS ecosystem in cybersecurity. Thanks for watching.

>>Hello, everyone. Welcome to the AWS startup showcase. This is season two, episode four, the ongoing series covering exciting startups from the AWS ecosystem to talk about cybersecurity. I'm your host, John furrier. And today I'm excited for this keynote presentation and I'm joined by John Ramsey, vice president of AWS security, John, welcome to the cubes coverage of the startup community within AWS. And thanks for this keynote presentation, >>Happy to be here. >>So, John, what do you guys, what do you do at AWS? Take, take minutes to explain your role, cuz it's very comprehensive. We saw at AWS reinforce event recently in Boston, a broad coverage of topics from Steven Schmid CJ, a variety of the executives. What's your role in particular at AWS? >>If you look at AWS, there are, there is a shared security responsibility model and CJ, the C the CSO for AWS is responsible for securing the AWS portion of the shared security responsibility model. Our customers are responsible for securing their part of the shared security responsible, responsible model. For me, I provide services to those customers to help them secure their part of that model. And those services come in different different categories. The first category is threat detection with guard. We that does real time detection and alerting and detective is then used to investigate those alerts to determine if there is an incident vulnerability management, which is inspector, which looks for third party vulnerabilities and security hub, which looks for configuration vulnerabilities and then Macy, which does sensitive data discovery. So I have those sets of services underneath me to help provide, to help customers secure their part of their shared security responsibility model. >>Okay, well, thanks for the call out there. I want to get that out there because I think it's important to note that, you know, everyone talks inside out, outside in customer focus. 80 of us has always been customer focused. We've been covering you guys for a long time, but you do have to secure the core cloud that you provide and you got great infrastructure tools technology down to the, down to the chip level. So that's cool. You're on the customer side. And right now we're seeing from these startups that are serving them. We had interviewed here at the showcase. There's a huge security transformation going on within the security market. It's the plane at 35,000 feet. That's engines being pulled out and rechange, as they say, this is huge. And, and what, what's it take for your, at customers with the enterprises out there that are trying to be more cyber resilient from threats, but also at the same time, protect what they also got. They can't just do a wholesale change overnight. They gotta be, you know, reactive, but proactive. How does it, what, what do they need to do to be resilient? That's the >>Question? Yeah. So, so I, I think it's important to focus on spending your resources. Everyone has constrained security resources and you have to focus those resources in the areas and the ways that reduce the greatest amount of risk. So risk really can be summed up is assets that I have that are most valuable that have a vulnerability that a threat is going to attack in that world. Then you wanna mitigate the threat or mitigate the vulnerability to protect the asset. If you have an asset that's vulnerable, but a threat isn't going to attack, that's less risky, but that changes over time. The threat and vulnerability windows are continuously evolving as threats, developing trade craft as vulnerabilities are being discovered as new software is being released. So it's a continuous picture and it's an adaptive picture where you have to continuously monitor what's happening. You, if you like use the N framework cybersecurity framework, you identify what you have to protect. >>That's the asset parts. Then you have to protect it. That's putting controls in place so that you don't have an incident. Then you from a threat perspective, then you ha to de detect an incident or, or a breach or a, a compromise. And then you respond and then you remediate and you have to continuously do that cycle to be in a position to, to de to have cyber resiliency. And one of the powers of the cloud is if you're building your applications in a cloud native form, you, your ability to respond can be very surgical, which is very important because then you don't introduce risk when you're responding. And by design, the cloud was, is, is architected to be more resilient. So being able to stay cyber resilient in a cloud native architecture is, is important characteristic. >>Yeah. And I think that's, I mean, it sounds so easy. Just identify what's to be protected. You monitor it. You're protected. You remediate sounds easy, but there's a lot of change going on and you got the cloud scale. And so you got security, you got cloud, you guys's a lot of things going on there. How do you think about security and how does the cloud help customers? Because again, there's two things going on. There's a shared responsibility model. And at the end of the day, the customer's responsible on their side. That's right, right. So that's right. Cloud has some tools. How, how do you think about going about security and, and where cloud helps specifically? >>Yeah, so really it's about there, there's a model called observe, orient, decide an actor, the ULO and it was created by John Boyd. He was a fighter pilot in the Korean war. And he knew that if I could observe what the opponent is doing, orient myself to my goals and their goals, make a decision on what the next best action is, and then act, and then follow that UTI loop, or, or also said a sense sense, making, deciding, and acting. If I can do that faster than the, than the enemy, then I can, I will win every fight. So in the cyber world, being in a position where you are observing and that's where cloud can really help you, because you can interrogate the infrastructure, you can look at what's happening, you can build baselines from it. And then you can look at deviations from, from the norm. It's just one way to observe this orient yourself around. Does this represent something that increases risk? If it does, then what's the next best action that I need to take, make that decision and then act. And that's also where the cloud is really powerful, cuz there's this huge con control plane that lets you lets you enable or disable resources or reconfigure resources. And if you're in, in the, in the situation where you can continuously do that very, very rapidly, you can, you can outpace and out maneuver the adversary. >>Yeah. You know, I remember I interviewed Steven Schmidt in 2014 and at that time everybody was poo pooing. Oh man, the cloud is so unsecure. He made a statement to me and we wrote about this. The cloud is more secure and will be more secure because it can be complicated to the hacker, but also easy for the, for provisioning. So he kind of brought up this, this discussion around how cloud would be more secure turns out he's right. He was right now. People are saying, oh, the cloud's more secure than, than standalone. What's different John now than not even going back to 2014, just go back a few years. Cloud is helpful, is more interrogation. You mentioned, this is important. What's, what's changed in the cloud per se in AWS that enables customers and say third parties who are trying to comply and manage risk as well. So you have this shared back and forth. What's different in the cloud now than just a few years ago that that's helping security. >>Yeah. So if you look at the, the parts of the shared responsibility model, AWS is the further up the stack you go from just infrastructure to platforms, say containers up to serverless the, the, we are taking more of the responsibility of that, of that stack. And in the process, we are investing resources and capabilities. For example, guard duty takes an S audit feed for containers to be able to monitor what's happening from a container perspective. And then in server list, really the majority of what, what needs to be defended is, is part of our responsibility model. So that that's an important shift because in that world, we have a very large team in our world. We have a very large team who knows the infrastructure who knows the threat and who knows how to protect customers all the way up to the, to the, to the boundary. And so that, that's a really important consideration. When you think about how you design your design, your applications is you want the developers to focus on the business logic, the business value and let, but still, also the security of the code that they're writing, but let us take over the rest of it so that you don't have to worry about it. >>Great, good, good insight there. I want to get your thoughts too. On another trend here at the showcase, one of the things that's emerging besides the normal threat landscape and the compliance and whatnot is API protection. I mean APIs, that's what made the cloud great. Right? So, you know, and it's not going away, it's only gonna get better cuz we live in an interconnected digital world. So, you know, APIs are gonna be lingual Franko what they say here. Companies just can't sit back and expect third parties complying with cyber regulations and best practices. So how do security and organizations be proactive? Not just on API, it's just a, a signal in my mind of, of, of more connections. So you got shared responsibility, AWS, your customers and your customers, partners and customers of connection points. So we live in an interconnected world. How do security teams and organizations be proactive on the cyber risk management piece? >>Yeah. So when it comes to APIs, the, the thing you look for is the trust boundaries. Where are the trust boundaries in the system between the user and the, in the machine, the machine and another machine on the network, the API is a trust boundary. And it, it is a place where you need to facilitate some kind of some form of control because what you're, what could happen on the trust boundaries, it could be used to, to attack. Like I trust that someone's gonna give me something that is legitimate, but you don't know that that a actually is true. You should assume that the, the one side of the trust boundary is, is malicious and you have to validate it. And by default, make sure that you know, that what you're getting is actually trustworthy and, and valid. So think of an API is just a trust boundary and that whatever you're gonna receive at that boundary is not gonna be legitimate in that you need to validate, validate the contents of, of whatever you receive. >>You know, I was noticing online, I saw my land who runs S3 a us commenting about 10 years anniversary, 10, 10 year birthday of S3, Amazon simple storage service. A lot of the customers are using all their applications with S3 means it's file repository for their application, workflow ingesting literally thousands and trillions of objects from S3 today. You guys have about, I mean, trillions of objects on S3, this is big part of the application workflow. Data security has come up as a big discussion item. You got S3. I mean, forget about the misconfiguration about S3 buckets. That's kind of been reported on beyond that as application workflows, tap into S3 and data becomes the conversation around securing data. How do you talk to customers about that? Because that's also now part of the scaling of these modern cloud native applications, managing data on Preem cross in flight at rest in motion. What's your view on data security, John? >>Yeah. Data security is also a trust boundary. The thing that's going to access the data there, you have to validate it. The challenge with data security is, is customers don't really know where all their data is or even where their sensitive data is. And that continues to be a large problem. That's why we have services like Macy, which are whose job is to find in S3 the data that you need to protect the most because it's because it's sensitive. Getting the least privilege has always been the, the goal when it comes, when it comes to data security. The problem is, is least privilege is really, really hard to, to achieve because there's so many different common nations of roles and accounts and org orgs. And, and so there, there's also another technology called access analyzer that we have that helps customers figure out like this is this the right, if are my intended authorizations, the authorizations I have, are they the ones that are intended for that user? And you have to continuously review that as a, as a means to make sure that you're getting as close to least privilege as you possibly can. >>Well, one of the, the luxuries of having you here on the cube keynote for this showcase is that you also have the internal view at AWS, but also you have the external view with customers. So I have to ask you, as you talk to customers, obviously there's a lot of trends. We're seeing more managed services in areas where there's skill gaps, but teams are also overloaded too. We're hearing stories about security teams, overwhelmed by the solutions that they have to deploy quickly and scale up quickly cost effectively the need for in instrumentation. Sometimes it's intrusive. Sometimes it agentless sensors, OT. I mean, it's getting crazy at re Mars. We saw a bunch of stuff there. This is a reality, the teams aspect of it. Can you share your experiences and observations on how companies are organizing, how they're thinking about team formation, how they're thinking about all these new things coming at them, new environments, new scale choices. What, what do you seeing on, on the customer side relative to security team? Yeah. And their role and relationship to the cloud and, and the technologies. >>Yeah, yeah. A absolutely it. And we have to remember at the end of the day on one end of the wire is a black hat on the other end of the wire is a white hat. And so you need people and, and people are a critical component of being able to defend in the context of security operations alert. Fatigue is absolutely a problem. The, the alerts, the number of alerts, the volume of alerts is, is overwhelming. And so you have to have a means to effectively triage them and get the ones into investigation that, that you think will be the most, the, the most significant going back to the risk equation, you found, you find those alerts and events that are, are the ones that, that could harm you. The most. You'll also one common theme is threat hunting. And the concept behind threat hunting is, is I don't actually wait for an alert I lean in and I'm proactive instead of reactive. >>So I find the system that I at least want the hacker in. I go to that system and I look for any anomalies. I look for anything that might make me think that there is a, that there is a hacker there or a compromise or some unattended consequence. And the reason you do that is because it reduces your dwell time, time between you get compromised to the time detect something, which is you, which might be, you know, months, because there wasn't an alert trigger. So that that's also a very important aspect for, for AWS and our security services. We have a strategy across all of the security services that we call end to end, or how do we move from APIs? Because they're all API driven and security buyers generally not most do not ha have like a development team, like their security operators and they want a solution. And so we're moving more from APIs to outcomes. So how do we stitch all the services together in a way so that the time, the time that an analyst, the SOC analyst spends or someone doing investigation or someone doing incident response is the, is the most important time, most valuable time. And in the process of stitching this all together and helping our customers with alert, fatigue, we'll be doing things that will use sort of inference and machine learning to help prioritize the greatest risk for our customers. >>That's a great, that's a great call out. And that brings up the point of you get the frontline, so to speak and back office, front office kind of approach here. The threats are out there. There's a lot of leaning in, which is a great point. I think that's a good, good comment and insight there. The question I have for you is that everyone's kind of always talks about that, but there's the, the, I won't say boring, the important compliance aspect of things, you know, this has become huge, right? So there's a lot of blocking and tackling that's needed behind the scenes on the compliance side, as well as prevention, right? So can you take us through in your mind how customers are looking at the best strategies for compliance and security, because there's a lot of work you gotta get done and you gotta lay out everything as you mentioned, but compliance specifically to report is also a big thing for >>This. Yeah. Yeah. Compliance is interesting. I suggest taking a security approach to compliance instead of a compliance approach to security. If you're compliant, you may not be secure, but if you're secure, you'll be compliant. And the, the really interesting thing about compliance also is that as soon as something like a, a, a category of control is required in, in some form of compliance, compliance regime, the effectiveness of that control is reduced because the threats go well, I'm gonna presume that they have this control. I'm gonna presume cuz they're compliant. And so now I'm gonna change my tactic to evade the control. So if you only are ever following compliance, you're gonna miss a whole set of tactics that threats have developed because they presume you're compliant and you have those controls in place. So you wanna make sure you have something that's outside of the outside of the realm of compliance, because that's the thing that will trip them up. That's the thing that they're not expecting that threats not expecting and that that's what we'll be able to detect them. >>Yeah. And it almost becomes one of those things where it's his fault, right? So, you know, finger pointing with compliance, you get complacent. I can see that. Can you give an example? Cause I think that's probably something that people are really gonna want to know more about because it's common sense. But can you give an example of security driving compliance? Is there >>Yeah, sure. So there's there they're used just as an example, like multifactor authentication was used everywhere that for, for banks in high risk transactions, in real high risk transactions. And then that like that was a security approach to compliance. Like we said, that's a, that's a high net worth individual. We're gonna give them a token and that's how they're gonna authenticate. And there was no, no, the F F I C didn't say at the time that there needed to be multifactor authentication. And then after a period of time, when account takeover was, was on the rise, the F F I C the federally financial Institute examiner's council, something like that said, we, you need to do multifactor authentication. Multifactor authentication was now on every account. And then the threat went down to, okay, well, we're gonna do man in the browser attacks after the user authenticates, which now is a new tactic in that tactic for those high net worth individuals that had multifactor didn't exist before became commonplace. Yeah. And so that, that, that's a, that's an example of sort of the full life cycle and the important lesson there is that security controls. They have a diminishing halflife of effectiveness. They, they need to be continuous and adaptive or else the value of them is gonna decrease over time. >>Yeah. And I think that's a great call up because agility and speed is a big factor when he's merging threats. It's not a stable, mature hacker market. They're evolving too. All right. Great stuff. I know your time's very valuable, John. I really appreciate you coming on the queue. A couple more questions for you. We have 10 amazing startups here in the, a AWS ecosystem, all private looking grade performance wise, they're all got the kind of the same vibe of they're kind of on something new. They're doing something new and clever and different than what was, what was kind of done 10 years ago. And this is where the cloud advantage is coming in cloud scale. You mentioned that some of those things, data, so you start to see new things emerge. How, how would you talk to CSOs or CXOs that are watching about how to evaluate startups like these they're, they're, they're somewhat, still small relative to some of the bigger players, but they've got unique solutions and they're doing things a little bit differently. How should some, how should CSOs and Steve evaluate them? How can startups work with the CSOs? What's your advice to both the buyer and the startup to, to bring their product to the market. And what's the best way to do that? >>Yeah. So the first thing is when you talk to a CSO, be respected, be respectful of their time like that. Like, they'll appreciate that. I remember when I was very, when I just just started, I went to talk to one of the CISOs as one of the five major banks and he sat me down and he said, and I tried to tell him what I had. And he was like son. And he went through his book and he had, he had 10 of every, one thing that I had. And I realized that, and I, I was grateful for him giving me an explanation. And I said to him, I said, look, I'm sorry. I wasted your time. I will not do that again. I apologize. I, if I can't bring any value, I won't come back. But if I think I can bring you something of value now that I know what I know, please, will you take the meeting? >>He was like, of course. And so be respectful of their time. They know what the problem is. They know what the threat is. You be, be specific about how you're different right now. There is so much confusion in the market about what you do. Like if you're really have something that's differentiated, be very, very specific about it. And don't be afraid of it, like lean into it and explain the value to that. And that, that, that would, would save a, a lot of time and a lot and make the meeting more valuable for the CSO >>And the CISOs. Are they evaluate these startups? How should they look at them? What are some kind of markers that you would say would be good, kind of things to look for size of the team reviews technology, or is it doesn't matter? It's more of a everyone's environment's different. What >>Would your, yeah. And, you know, for me, I, I always look first to the security value. Cause if there isn't security value, nothing else matters. So there's gotta be some security value. Then I tend to look at the management team, quite frankly, what are, what are the, what are their experiences and what, what do they know that that has led them to do something different that is driving security value. And then after that, for me, I tend to look to, is this someone that I can have a long term relationship with? Is this someone that I can, you know, if I have a problem and I call them, are they gonna, you know, do this? Or are they gonna say, yes, we're in, we're in this together, we'll figure it out. And then finally, if, if for AWS, you know, scale is important. So we like to look at, at scale in terms of, is this a solution that I can, that I can, that I can get to, to the scale that I needed at >>Awesome. Awesome. John Ramsey, vice president of security here on the cubes. Keynote. John, thank you for your time. I really appreciate, I know how busy you are with that for the next minute, or so share a little bit of what you're up to. What's on your plate. What are you thinking about as you go out to the marketplace, talk to customers what's on your agenda. What's your talk track, put a plug in for what you're up to. >>Yeah. So for, for the services I have, we, we are, we are absolutely moving. As I mentioned earlier, from APIs to outcomes, we're moving up the stack to be able to defend both containers, as well as, as serverless we're, we're moving out in terms of we wanna get visibility and signal, not just from what we see in AWS, but from other places to inform how do we defend AWS? And then also across, across the N cybersecurity framework in terms of we're doing a lot of, we, we have amazing detection capability and we have this infrastructure that we could respond, do like micro responses to be able to, to interdict the threat. And so me moving across the N cybersecurity framework from detection to respond. >>All right, thanks for your insight and your time sharing in this keynote. We've got great 10 great, amazing startups. Congratulations for all your success at AWS. You guys doing a great job, shared responsibility that the threats are out there. The landscape is changing. The scale's increasing more data tsunamis coming every day, more integration, more interconnected, it's getting more complex. So you guys are doing a lot of great work there. Thanks for your time. Really appreciate >>It. Thank you, John. >>Okay. This is the AWS startup showcase. Season two, episode four of the ongoing series covering the exciting startups coming out of the, a AWS ecosystem. This episode's about cyber security and I'm your host, John furrier. Thanks for watching.

>>The cube presents HPE discover 2022 brought to you by HPE. >>Hey everyone. Welcome back to the Cube's coverage of HPE. Discover 22 live from the Sans expo center in Las Vegas. Lisa Martin, here with Dave Velante. We've an alumni back joining us to talk about high performance computing and AI, Justin ARD, EVP, and general manager of HPC and AI at HPE. That's a mouthful. Welcome back. >>It is no, it's great to be back and wow, it's great to be back in person as well. >>It's it's life changing to be back in person. The keynote this morning was great. The Dave was saying the energy that he's seen is probably the most out of, of any discover that you've been at and we've been feeling that and it's only day one. >>Yeah, I, I, I agree. And I think it's a Testament to the places in the market that we're leading the innovation we're driving. I mean, obviously the leadership in HPE GreenLake and, and enabling as a service for, for every customer, not just those in the public cloud, providing that, that capability. And then obviously what we're doing at HPC and AI breaking, uh, you know, breaking records and, uh, advancing the industry. So >>I just saw the Q2 numbers, nice revenue growth there for HPC and AI. Talk to us about the lay of the land what's going on, what are customers excited about? >>Yeah. You know, it's, it's a, it's a really fascinating time in this, in this business because we're, you know, we just, we just delivered the first, the world's first exo scale system. Right. And that's, uh, you know, that's a huge milestone for our industry, a breakthrough, you know, 13 years ago, we did the first Petta scale system. Now we're doing the first exo scale system, huge advance forward. But what's exciting too, is these systems are enabling new applications, new workloads, breakthroughs in AI, the beginning of being able to do proper quantum simulations, which will lead us to a much, you know, brighter future with quantum and then actually better and more granular models, which have the ability to really change the world. >>I was telling Lisa that during the pandemic we did, uh, exo scale day, it was like this co yep. You know, produce event. And we weren't quite at exo scale yet, but we could see it coming. And so it was great to see in frontier and, and the keynote you guys broke through that, is that a natural evolution of HPC or is this we entering a new era? >>Yeah, I, I think it's a new era and I think it's a new era for a few reasons because that, that breakthrough really, it starts to enable a different class of use cases. And it's combined with the fact that I think, you know, you look at where the rest of the enterprises data set has gone, right? We've got a lot more data, a lot more visibility to data. Um, but we don't know how to use it. And now with this computing power, we can start to create new insights and new applications. And so I think this is gonna be a path to making HPC more broadly available. And of course it introduces AI models at scale. And that's, that's really critical cause AI is a buzzword. I mean, lots of people say they're doing AI, but when you know, to, to build true intelligence, not, not effectively, you know, a machine that learns data and then can only handle that data, but to build true intelligence where you've got something that can continue to learn and understand and grow and evolve, you need this class of system. And so I think we're at, we're at the forefront of a lot of exciting innovation. H how, >>In terms of innovation, how important is it that you're able to combine as a service and HPC? Uh, what does that mean for, for customers for experimentation and innovation? >>You know, a couple things I've been, I've actually been talking to customers about that over the last day and a half. And, you know, one is, um, you think about these, these systems are, they're very large and, and they're, they're pretty, you know, pretty big bets if you're a customer. So getting early access to them right, is, is really key, making sure that they're, they can migrate their software, their applications, again, in our space, most of our applications are custom built, whether you're a, you know, a government or a private sector company, that's using these systems, you're, you're doing these are pretty specialized. So getting that early access is important. And then actually what we're seeing is, uh, with the growth and explosion of insight that we can enable. And some of the diversity of, you know, new, um, accelerator partners and new processors that are on the market is actually the attraction of diversity. And so making things available where customers can use multimodal systems. And we've seen that in this era, like our customer Lumi and Finland number, the number three fastest system in the world actually has two sides to their system. So there's a compute side, dense compute side and a dense accelerator side. >>So Oak Ridge national labs was on stage with Antonio this morning, the, the talking about frontier, the frontier system, I thought what a great name, very apropo, but it was also just named the number one to the super computing, top 500. That's a pretty big accomplishment. Talk about the impact of what that really means. >>Yeah. I, I think a couple things, first of all, uh, anytime you have this breakthrough of number one, you see a massive acceleration of applications. And if you really, if you look at the applications that were built, because when the us department of energy funded these Exoscale products or platforms, they also funded app a set of applications. And so it's the ability to get more accurate earth models for long term climate science. It's the ability to model the electrical grid and understand better how to build resiliency into that grid. His ability is, um, Dr. Te Rossi talked about a progressing, you know, cancer research and cancer breakthroughs. I mean, there's so many benefits to the world that we can bring with these systems. That's one element. The other big part of this breakthrough is actually a list, a lesser known list from the top 500 called the green 500. >>And that's where we measure performance over power consumption. And what's a huge breakthrough in this system. Is that not only to frontier debut at number one on the top 500, it's actually got the top two spots, uh, because it's got a small test system that also is up there, but it's got the top two spots on the green 500 and that's actually a real huge breakthrough because now we're doing a ton more computation at far lesser power. And that's really important cuz you think about these systems, ultimately you can, you can't, you know, continue to consume power linearly with scaling up performance. There's I mean, there's a huge issue on our impact on our environment, but it's the impact to the power grid. It's the impact to heat dissipation. There's a lot of complexities. So this breakthrough with frontier also enables us no pun intended to really accelerate, you know, the, the capacity and scale of these systems and what we can deliver. >>It feels like we're entering a new Renaissance of HPC. I mean, I'm old enough to remember. I, it was, it wasn't until recently my wife, not recently, maybe five, six years ago, my wife threw out my, my green thinking machines. T-shirt that Danny Hillis gave you guys probably both too young to remember, but you had thinking machines, Ken to square research convex tried to mini build a mini computer HPC. Okay. And there was a lot of innovation going on around that time and then it just became too expensive and, and, and other things X 86 happened. And, and, but it feels like now we're entering a, a new era of, of HPC. Is that valid or is it true? What's that mean for HPC as an industry and for industry? >>Yeah, I think, I think it's a BR I think it's a breadth. Um, it's a market that's opening and getting much more broader the number of applications you can run, you know, and we've traditionally had, you know, scientific applications, obviously there's a ton in energy and, and you know, physics and some of the traditional areas that obviously the department of energy sponsor, but, you know, we saw this with, with even the COVID pandemic, right? Our, our supercomputers were used to identify the spike protein to, to help and validate and test these vaccines and bring them to market and record time. We saw some of the benefits of these breakthroughs. And I think it's this combination of that, that we actually have the data, you know, it's, it's digital, it's captured, um, we're capturing it at, you know, at the edge, we're capturing it and, and storing it obviously more broadly. So we have the access to the data and now we have the compute power to run it. And the other big thing is the techniques around artificial intelligence. I mean, what we're able to do with neural networks, computer vision, large language models, natural language processing. These are breakthroughs that, um, one require these large systems, but two, as you give them a large systems, you can actually really enable acceleration of how sophisticated these, these applications can get. >>Let's talk about the impact of the convergence of HPC and AI. What are some of the things that you're seeing now and what are some of the things that we're gonna see? >>Yeah. So, so I, one thing I like to talk about is it's, it's really, it's not a convergence. I think it's it. Sometimes it gets a little bit oversimplified. It's actually, it's traditional modeling and simulation leveraging machine learning to, to refine the simulation. And this is a, is one of the things we talk about a lot in AI, right? It's using machine learning to actually create code in real time, rather than humans doing it, that ability to refine the model as you're running. So we have an example. We did a, uh, we, we actually launched an open source solution called smart SIM. And the first application of that was climate science. And it's what it's doing is it's actually learning the data from the model as the simulation is running to provide more accurate climate prediction. But you think about that, that could be run for, you know, anything that has a complex model. >>You could run that for financial modeling, you can use AI. And so we're seeing things like that. And I think we'll continue to see that the other side of that is using modeling and simulation to actually represent what you see in AI. So we were talking about the grid. This is one of the Exoscale compute projects you could actually use once you actually get, get the data and you can start modeling the behavior of every electrical endpoint in a city. You know, the, the meter in your house, the substation, the, the transformers, you can start measuring the FX of that. You can then build equations. Well, once you build those equations, you can then take a model, cuz you've learned what actually happens in the real world, build the equation. And then you can provide that to someone who doesn't need a extra scale supercomputer to run it, but that, you know, your local energy company can better understand what's happening and they'll know, oh, there's a problem here. We need to shift the grid or respond more, more dynamically. And hopefully that avoids brownouts or, you know, some of the catastrophic outages we've >>Seen so they can deploy that model, which, which inherently has that intelligence on sort of more cost effective systems and then apply it to a much broader range. Do any of those, um, smart simulations on, on climate suggest that it's, it's all a hoax. You don't have to answer that question. <laugh> um, what, uh, >>The temperature outside Dave might, might give you a little bit of an argument to that. >>Tell us about quantum, what's your point of view there? Is it becoming more stable? What's H HPE doing there? >>Yeah. So, so look, I think there's, there's two things to understand with quantum there's quantum hardware, right? Fundamentally, um, how, um, how that runs very differently than, than how we run traditional computers. And then there's the applications. And ultimately a quantum application on quantum hardware will be far more efficient in the future than, than anything else. We, we see the opportunity for, uh, much like we see with, you know, with HPC and AI, we just talked about for quantum to be complimentary. It runs really well with certain applications that fabricate themselves as quantum problems and some great examples are, you know, the, the life sciences, obviously quantum chemistry, uh, you see some, actually some opportunities in, in, uh, in AI and in other areas where, uh, quantum has a very, very, it, it just lends itself more naturally to the behavior of the problem. And what we believe is that in the short term, we can actually model quantum effectively on these, on these super computers, because there's not a perfect quantum hardware replacement over time. You know, we would anticipate that will evolve and we'll see quantum accelerators much. Like we see, you know, AI accelerators today in this space. So we think it's gonna be a natural evolution in progression, but there's certain applications that are just gonna be solved better by quantum. And that's the, that's the future we'll we'll run into. And >>You're suggesting if I understood it correctly, you can start building those applications and, and at least modeling what those applications look like today with today's technology. That's interesting because I mean, I, I think it's something rudimentary compared to quantum as flash storage, right? When you got rid of the spinning disc, it changed the way in which people thought about writing applications. So if I understand it, new applications that can take advantage of quantum are gonna change the way in which developers write, not one or a zero it's one and virtually infinite <laugh> combinations. >>Yeah. And I actually, I think that's, what's compelling about the opportunity is that you can, if you think about a lot of traditional the traditional computing industry, you always had to kind of wait for the hardware to be there, to really write, write, and test the application. And we, you know, we even see that with our customers and HPC and, and AI, right? They, they build a model and then they, they actually have to optimize it across the hardware once they deploy it at scale. And with quantum what's interesting is you can actually, uh, you can actually model and, and, and make progress on the software. And then, and then as the hardware becomes available, optimize it. And that's, you know, that's why we see this. We talk about this concept of quantum accelerators as, as really interesting, >>What are the customer conversations these days as there's been so much evolution in HPC and AI and the technology so much change in the world in the last couple of years, is it elevating up the CS stack in terms of your conversations with customers wanting to become familiar with Exoscale computing? For example? >>Yeah. I, I think two things, uh, one, one is we see a real rise in digital sovereignty and Exoscale and HPC as a core fund, you know, fundamental foundation. So you see what, um, you know, what Europe is doing with the, the, the Euro HPC initiative, as one example, you know, we see the same kind of leadership coming out of the UK with the system. We deployed with them in Archer two, you know, we've got many customers across the globe deploying next generation weather forecasting systems, but everybody feels, they, they understand the foundation of having a strong supercomputing and HPC capability and competence and not just the hardware, the software development, the scientific research, the, the computational scientists to enable them to remain competitive economically. It's important for defense purposes. It's important for, you know, for helping their citizens, right. And providing, you know, providing services and, and betterment. >>So that's one, I'd say that's one big theme. The other one is something Dave touched on before around, you know, as a service and why we think HP GreenLake will be, uh, a beautiful marriage with our, with our HPC and AI systems over time, which is customers also, um, are going to scale up and build really complex models. And then they'll simplify them and deploy them in other places. And so there's a number of examples. We see them, you know, we see them in places like oil and gas. We see them in manufacturing where I've gotta build a really complex model, figure out what it looks like. Then I can reduce it to a, you know, to a, uh, certain equation or application that I can then deploy. So I understand what's happening and running because you, of course, as much as I would love it, you're not gonna have, uh, every enterprise around the world or every endpoint have an exit scale system. Right. So, so that ability to, to, to really provide an as a service element with HP GreenLake, we think is really compelling. >>HP's move into HPC, the acquisitions you've made it really have become a differentiator for the company. Hasn't it? >>Yeah. And I, and I think what's unique about us today. If you look at the landscape is we're, we're really the only system provider globally. Yeah. You know, there are, there are local players that we compete with. Um, but we are the one true global system provider. And we're also the only, I would say the only holistic innovator at the system level to, to, you know, to credit my team on the work they're doing. But, you know, we're, we're also very committed to open standards. We're investing in, um, you know, in a number of places where we contribute the dev the software assets to open source, we're doing work with standards bodies to progress and accelerate the industry and enable the ecosystem. And, uh, and I think that, you know, ultimately the, the, the last thing I'd say is we, we are so connected in, um, with, through our, through the legacy or the, the legend of H Hewlett Packard labs, which now also reports into me that we have these really tight ties into advanced research and that some of that advanced research, which isn't just, um, around kind of core processing Silicon is really critical to enabling better applications, better use cases and accelerating the outcomes we see in these systems going forward. >>Can >>You double click on that? I, I, I wasn't aware that kind of reported into your group. Yeah. So, you know, the roots of HP are invent, right? Yeah. HP labs are, are renowned. It kinda lost that formula for a while. And now it's sounds like it's coming back. What, what, what are some of the cool things that you guys are working on? Well, >>You know, let me, let me start with a little bit of recent history. So we just talked about the exo scale program. I mean, that was a, that's a great example of where we had a public private partnership with the department of energy and it, and it wasn't just that we, um, you know, we built a system and delivered it, but if you go back a decade ago, or five years ago, there were, there were innovations that were built, you know, to accelerate that system. One is our Slingshot fabric as an example, which is a core enable of, of acceler, you know, of, of this accelerated computing environment, but others in software applications and services that allowed us to, you know, to really deliver a, a complete solution into the market. Um, today we're looking at things around trustworthy and ethical AI, so trustworthy AI in the sense that, you know, the models are accurate, you know, and that's, that's a challenge on two dimensions, cuz one is the, model's only as good as the data it's studying. >>So you need to validate that the data's accurate and then you need to really study how, you know, how do I make sure that even if the data is accurate, I've got a model that then, you know, is gonna predict the right things and not call a, a dog, a cat, or a, you know, a, a cat, a mouse or whatever that is. But so that's important. And, uh, so that's one area. The other is future system architectures because, um, as we've talked about before, Dave, you have this constant tension between the fabric, uh, you know, the interconnect, the compute and the, and the storage and, you know, constant, constantly balancing it. And so we're really looking at that, how do we do more, you know, shared memory access? How do we, you know, how do we do more direct rights? Like, you know, looking at some future system architectures and thinking about that. And we, you know, we think that's really, really critical in this part of the business because these heterogeneous systems, and not saying I'm gonna have one monolithic application, but I'm gonna have applications that need to take advantage of different code, different technologies at different times. And being able to move that seamlessly across the architecture, uh, we think is gonna be the, you know, a part of the, the hallmark of the Exoscale era, including >>Edge, which is a completely different animal. I think that's where some disruption is gonna gonna bubble up here in the next decade. >>So, yeah know, and, and that's, you know, that's the last thing I'd say is, is we look at AI at scale, which is another core part of the business that can run on these large clusters. That means getting all the way down to the edge and doing inference at scale, right. And, and inference at scale is, you know, I, I was, um, about a month ago, I was at the world economic forum. We were talking about the space economy and it's a great, you know, to me, it's the perfect example of inference, because if you get a set of data that you know, is, is out at Mars, it doesn't matter whether, you know, whether you wanna push all that data back to, uh, to earth for processing or not. You don't really have a choice, cuz it's just gonna take too long. >>Don't have that time. Justin, thank you so much for spending some of your time with Dave and me talking about what's going on with HBC and AI. The frontier just seems endless and very exciting. We appreciate your time on your insights. >>Great. Thanks so much. Thanks. >>Yes. And don't call a dog, a cat that I thought I learned from you. A dog at no, Nope. <laugh> Nope. <laugh> for Justin and Dave ante. I'm Lisa Martin. You're watching the Cube's coverage of day one from HPE. Discover 22. The cube is, guess what? The leader, the leader in live tech coverage will be right back with our next guest.

>> Welcome back to New York City everybody. This is The Cube's coverage of MongoDB World 2022, Dev Ittycheria, here is the president and CEO of MongoDB. Thanks for spending some time with us. >> It's Great to be here Dave, thanks for having me. >> You're very welcome. So your keynotes this morning, I was hearkening back to Steve Ballmer, running around the stage screaming, developers, developers, developers. You weren't jumping around like a madman, but the message was the same. And you've not deviated from that message. I remember when it was 10th Gen, so you've been consistent. >> Yes. >> Why is Mongo DB so alluring to developers? >> Yeah, because I would say the reason we're so popular Dave is that our whole business was founded on the ethos, so making developers incredibly productive. Just getting the infrastructure out of the way so that the developers is really focused on what's important and that's building great applications that transform their business. And the way you do that is you look at where they spend most of the time. and they spend most of the time working with data. How do you present data, the right data, the right time, at the right place, and the right way. And when you remove the friction of working with data, you unleash so much more productivity, which people just say, oh my goodness, I can move so much faster. Product leaders can get products out the door faster than the competitors. Senior level executives can seize new opportunities or respond to new threats. And that was so profound during COVID when everyone had to think about pivoting their business. >> When you came to MongoDB, why did you choose this company? What was it that excited you about it? >> I get that question a lot. I would say conventional wisdom would suggest that MongoDB was not a great choice. There weren't that many companies who were very successful in open source, Red Hat was the only one. No one had really built a deep technology company in New York city. They say, you got to do it in the valley. And database companies need a lot of capital. Now turns out that raising capital of this past decade was a lot easier, but it still takes a lot of time, and a lot of capitals, you have to have a lot of patience. When I did my diligence, I was actually a VC before I joined MongoDB. The whole next generation database segment was really taking off. And actually I looked at some competing investments to MongoDB, and when I did my diligence, it was clear even then. And this is circa 2012, that MongoDB is way ahead in terms of customer attraction, commercials, and even kind of developer mind share. And so I ended up passing those investments. and then lo and behold, I got a call from a very senior executive recruiter who said, Dev, you got to take a meeting with MongoDB, there's something really interesting going on. And they had raised a lot of capital and they had just not been able to kind of really execute in terms of the opportunity. And they realized they needed to make a change. And so one thing led to another. One of the things that really actually convinced me, is when I did my diligence, I realized the customers they had loved MongoDB. They just really weren't executing on all cylinders. And I always believe you never bet against a company whose customers love the product. And said, that's something here. The second thing I would say is open source. Yes, is true that open source was not very successful, but that was open source 1.0. Open source 2.0, the technology is much better than the commercial options. And so that convinced me. And then New York, I lived in New York a big part of my life. I think New York's a fabulous place to build a business. There's so much talent, your customers are right... You walk out the door, there's customers all over the place. And getting to Europe is very easy, Almost like flying to the west coast. So it's a very central place to build a business. >> And it's easier to fix execution, wouldn't you say? And maybe even go to market than it is to fix a product that customers really don't love. >> Correct, it's much easier to fix leadership issues, culture issues, execution issues. Nailing product market fit is very, very hard. And there were signs, there's still some issues, there's still some rough spots, but there a lot of signs that this company was very, very close, and that's why I took the bet. >> And this is before there was that huge influx of capital into the separating compute from storage and the whole cloud thing, which is interesting. Because you take a company like Cloudera, they got caught up in that and got kind of washed over. And I guess you could argue Hortonworks did too, and they could have dead ended both. And then that just didn't work. But it's interesting to see Mongo, the market kind of came to you. And that really does speak to the product. It wasn't a barrier for you. You guys have obviously a lot of work to get into the cloud with Atlas, but it seemed like a natural fit with the product. It wasn't like a complete fork. >> Well, I think the challenge that we had was we had a lot of adoption, but we had tough time commercializing the business. And at some point I had to tell the all employees, it's great that we have all these people who are using MongoDB, but if you don't start generating revenue, our investors are going to get tired of subsidizing this company. So I had to try and change the culture. And as you imagine, the engineers didn't really like the salespeople, the salespeople thought the engineers didn't really want to make any money. And what I said, like, let's all galvanize around customers and let's make them really excited and try and create a lot of value. And so we just put a lot more discipline in terms of how we prosecuted deals. We put a lot more discipline in terms of what are the problems we're trying to solve. And one thing led to another, we started building the business brick by brick. And one of the things that became clear for me was that the old open source model of trying to find that happy medium between what you give away and what you charge for, is always a tough game. Like because finding that where the paywall is, if you give away too much new features, you don't make any money. If you don't give away enough, you don't have any adoption. So you're caught in this catch-22. The best way to monetize open source, is open source as a service. And we saw Amazon do that frankly. We learned a lot from how Amazon did that. And one of the advantages that MongoDB had that I didn't fully appreciate when I joined the company, but I was very grateful. It is that they had a much more restrictive license. Which we ended up actually changing and made it even more restrictive, which allowed us to perfect ourselves from being cannibalized by the cloud providers, so that we could build our own business using our own IP that we had invested in and create a cloud service. >> That was a huge milestone. And of course you have great relationships with all the cloud providers, but it got contentious there for a while, but, you give the cloud providers an inch, they're going to take a mile. That's just the way, they're aggressive like that. But thank you for going through the history with me a little bit, because when you go back to the IPO, IPO was 2017, right? >> Correct. >> I always tell young investors, my kids especially, don't buy a stock at IPO, you're going to have a better chance, but the window from Mongo was very narrow. So, you didn't really get a much better chance a little bit. And then it's been a rocket ship since then. Sure, there's been some volatility, but you look at some of the big IPOs, like Facebook, or Snap, or even Snowflake, there was better opportunities. But you guys have executed really, really well. That's part of your ethos in your management team. And it came across on the earnings call recently. >> Yep. >> It was very optimistic, yet at the same time you set cautious tones and you got, I think high marks. >> Yes. >> For some of that caution but that execution. So talk about where you feel the business is today given the economic uncertainty? >> Well, what I'd say is we feel really good about the long term. We feel like the secular trends are really in our favor. Software's fundamentally transforming every industry. And people want to use modern software to either automate inefficient processes, enable new capabilities, drive better customer experiences. And the level of performance and scale you need for today's modern applications is profoundly different than applications yesterday. So we think we're well positioned for that. What we said on the earnings call was that we started seeing a moderation of growth, slight moderation of growth in our low end of the business in Europe. It was in our self-serve business and in the SMB space for the NQ1, towards the end of Q1. And we saw a little bit of that show up in the self-serve business in may in Q2. And that's why while we raised guidance, we basically quantified the impact, which is roughly about 30 to 35 million for the year, based on what we saw. And in that assumption, we assumed like... We just can't assume it's going to only be at the low in the market, probably some effect at the enterprise market. Maybe not as much, but there'll be some effect. So we need to factor that in. And we wanted to help kind of investors have some sort of framework to think about what the impact is. We don't want to be one of those companies that said absolutely nothing. And we don't want to be one of those companies that just waves the hand, but then it wasn't really that useful for investors. >> Yeah, I thought it was substantive. You talked about those market trends, you cited three things. The developers recognize that there are limits to legacy RDBMS. You talked about the, what I call point solutions creep. And then the document model is the best for developers. >> Great. >> And when the conversation turned to consumption, everybody's concerned about consumption obviously. You said... My take, somewhat insulated from that because you're running mission critical apps. It's not discretionary. My question to you is, should we rethink the definition of mission-critical? You think of Oracle mission critical running a bank. Mission -critical today in this digital world seems to be different, is that fair? >> Gosh, when's the last time you ever saw a website down? Like if you're running like any kind of digital channel, or engaging with the customers, or your partners, or your suppliers, you need to be up all the time. And so you need a very resilient, highly available data platform. It needs to be highly performance as you add more users, you need to be scale. And we saw a lot of that when COVID hit. Like companies had to completely repovit. And we talked about some examples where like a health and beauty retailer who was all kind of basically retail, had to suddenly pivot to e-commerce strategy. We've had streaming and gaming companies suddenly saw this massive influx of data that they scaled their operations very, very quickly. So I would say anytime you're engaging with customers, customers they're so used to the kind of the consumer facing applications. I almost joke like slow is the old down. If you're not performant, it doesn't matter. They're going to abandon you and go somewhere else. So if you're an e-commerce site and you're not performing well and not serving up the right skews, depending on what they're looking for, they're going to go somewhere else. >> So it's a click away. You talk about a hundred billion TAM, maybe that's even undercounted as you start to bring new capabilities in there. But there's no lack of market for you. >> Correct. >> How do you think about the market opportunity? >> Well, we believe... Again, software is transforming so many industries. IDC says that 715 million applications will be built over the next two to three years by 2025. To put that number of perspective, that's more apps that will be built the next three to four years than were built in the last 40. The rate and pace of innovation is as exploding. And people are building custom applications. Yes, Workday, Salesforce, other companies, commercial companies are great companies, but my competitors can use Workday or Salesforce, some of those commercial companies. That doesn't gimme a competitive advantage, what gives me a competitive advantage is building custom software that better engage my customers, that transforms my business in adding new capabilities or drives more efficiency. And the applications are only getting smarter. And so you're seeing that innovation explode and that plays to our strength. People need platforms like MongoDB to build the next generation of applications. >> So Atlas is now roughly 60% of your business, think is growing at 85%. So it's at least the midterm future. But my question to you is, is it the future? 'Cause when we start to think about the edge, it's not necessarily the cloud. You're not going to be able to go that round trip and the latency. And we had Verizon on earlier, talking about what they're doing with 5G, and the Mobile Edge. Is Mongo positioning for that edge? And is our definition of cloud changing? Where it's not just OnPrem and across clouds, but it's also out to the edge, this continuous experience. >> So I'll make two points. One, definitely we believe the applications of the future will be mobile first or purely mobile. Because one with the advent of 5G, the distinction between mobile and web is going to blur, with a hundred times faster networking speeds. But the second point I make is that how that shows up on our revenue on our income table will look like Atlas. Because we don't charge nothing for the end point, it's basically driving consumption of the back end. And so we've introduced a bunch of very, very sophisticated capabilities to synchronized data from the edge to the backend and vice versa with things like flexible sync. So we see so many customers now using that capability, whether you're field service technicians, whether you're a mobile first company, et cetera. So that will drive Atlas revenue. So on an income statement, it'll look like Atlas, but we're obviously addressing those broader set of mobile needs. >> You talk a lot about product market fit former VC, of course, Mark Andreen says, product market fit you kind of know when you see it, your hair's on fire, you can't buy a service. How do you know when you have product market fit? >> Well, one, we have the luxury of lots of customers. So they tell us pretty clearly when they're happy, and we can see that by usage behavior. Now the other benefit of a cloud service, is we can see the level of activity. We can see the level of engagement. We can see how much data they're consuming. We can see all the actions they're taking. So you get the fidelity of feedback you get from Atlas versus someone doing something behind their own firewall. And you kind of call 'em and check in on them is very, very different. So that level of insight gives us visibility in terms of what products and features have been used, gives us a sense how things going well, or is there something awry. Maybe they have misconfigured something or they don't know how to use some capabilities. So the level of engagement that we can have with a customer using a service is so much different. And so we've really invested in our customer success organization. So the byproduct of that is that our retention rates are also very, very strong. Because you have such better information about what's happening in terms of your customers. >> See retention in real time. You've been somewhat... Is just so hard to say this 'cause you're growing at 50% a year. But you're somewhat conservative about the pace of hiring for go to market. And I'm curious as to how you think about scaling, especially when you introduce new products. Atlas is several years ago. But as you extend your capabilities and add new products, how do you decide when to scale? >> So it's a constant process. We've been quite aggressive in scaling organization for a couple reasons. One, we have very low market share, so the market's vastly under penetrated. We still don't have reps in every NFL sitting in the United States, which just kind of crazy. There's other parts of the world that we are just still vastly under penetrated in. But we also look at how those organizations are doing. So if we see a team really killing it, we're going to deploy more resources. Because one, it tells us there's more opportunity there, and there's a strong team there. If we see a team that maybe is struggling a little bit, we'll try and uncover. Rather than just applying more resources in, we'll try and uncover what are the issues and make sure we stabilize the organization and then devote resources. It's all in the measure of like being very disciplined about where we deploy our resources, to get those kind of returns. And on the product side, we obviously go through a very iterative process and kind of do rank order all the projects and what we think the expected returns are. Obviously, we look at the customer feedback, we look at what our strategic priorities are. And that informs what projects we fund and what projects kind of are below the line. And we do that over and over again every quarter. So every quarter we revisit the business, we have a very QBR centric culture. So we're constantly checking in and seeing how the business is operating. And then we make those investment decisions. In general, we've been investing very aggressively in terms of expanding our reach around the world. >> It seems like, well, with Mongo, your product portfolios... From an outside observer standpoint, it seems like you've always had pretty good product market fit. But I was curious, in your VC days, would you ever encourage companies to scale go to market prior to having confidence in product market fit? Or did you always see those as sequential activities? >> Well, I think the challenge is this part it's analysis part is judgment. So you don't necessarily have to have perfect product market fit to start investing. But you also don't want to plow a bunch of resources and realize the product doesn't work and then how you're burning through a lot of cash. So there's a little bit of art to the process. When I joined MongoDB, I could tell that we had a strong engineering team. They knew how to build high quality products, but we just struggled with commercialization. The culture wasn't great across the company. And we had some leadership challenges. So that's when I joined, I kind of focused on those things and tried to bring the organization together. And slowly we started chipping away and making people feel like they were winners. And once you start winning, that becomes contagious. And then the nice thing is when you start winning, you get a lot more customer feedback. That feedback helps you refine your products even more, which then adds... It's like the flywheel effect that starts taking off. >> So it seems the culture's working now. Do you have a favorite product from the announcements today? >> Well, I really like our foray to analytics. And essentially what we're seeing is really two big trends. One you're seeing applications get smarter. What applications are doing is really automating a lot of processes and rather than someone having to press a button. Based on analytics, you can automate a lot of decision making. So that's one theme that we're seeing as applications get smarter. The second theme is that people want more and more insight in terms of what's happening. And the source of that is insights is your operational database. Because that's where you're having transactions, that's where you know what products are selling, that's where you know what customers are buying. So people want more and more real time data versus waiting to take that data, put it somewhere else and then run reports and then get some update at the end of the night or maybe at the week. So that's driving a lot of really interesting use cases. And especially when you marry in things like time series use cases where you're collecting a lot of data people want to see trend analysis what's happening. Which I think it's a very exciting area. We introduced a very cool feature called Queryable Encryption, which basically... The problem with encrypting data, is you can't really query it because my definition's encrypted. >> Yeah, you're right. >> But obviously data security is very important. What we announced, is we're using very sophisticated cryptography. People can query the data, but they don't have really access to the data. So it really protects you from like data breaches or malicious users accessing your data, but you still can kind of make that data usable. So that was a very interesting announcer that we made today. >> Sounds like magic without the performance hit. >> Yes. >> You can do that. Dev, thanks so much for coming in The Cube. Congratulations on all activity, bumper sticker on day one. >> Oh, it's super exciting. The energy was palpable, 3,300 people in the room, lots of customers, lots of users. We had lots of investors here as well for our investor day, have a dinner tonight with a bunch of senior execs, so it's been a busy day. >> Future is bright for MongoBD. Dev, thanks for so much for coming on The Cube. And thanks for watching, this is Dave Vellante and we'll see you next time. (upbeat music)

>>Welcoming into the cubes presentation of AWS startup showcase open cloud innovations. This is season two episode one of the ongoing series covering exciting hot startups from the AWS ecosystem. Today's episode. One of season two theme is open source community and the open cloud innovations. I'm your host, John farrier of the cube. And today we're excited to be joined by Loris Dajani who is the C T O chief technology officer and founder of cystic found that in his backyard with some wine and beer. Great to see you. We're here to talk about Falco finding cloud threats in real time. Thank you for joining us, Laura. Thanks. Good to see you >>Love that your company was founded in your backyard. Classic startup story. You have been growing very, very fast. And the key point of the showcase is to talk about the startups that are making a difference and, and that are winning and doing well. You guys have done extremely well with your business. Congratulations, but thank you. The big theme is security and as organizations have moved their business critical applications to the cloud, the attackers have followed. This is Billy important in the industry. You guys are in the middle of this. What's your view on this? What's your take? What's your reaction? >>Yeah. As we, as a end ecosystem are moving to the cloud as more and more, we are developing cloud native applications. We relying on CACD. We are relying on orchestrations in containers. Security is becoming more and more important. And I would say more and more complex. I mean, we're reading every day in the news about attacks about data leaks and so on. There's rarely a day when there's nothing major happening and that we can see the press from this point of view. And definitely things are evolving. Things are changing in the cloud. In for example, Cisco just released a cloud native security and usage report a few days ago. And the mundane things that we found among our user base, for example, 60, 66% of containers are running as rude. So still many organizations adopting a relatively relaxed way to deploy their applications. Not because they like doing it, but because it tends to be, you know, easier and a little bit with a little bit less ration. >>We also found that that 27% of users unnecessary route access in the 73% of the cloud accounts, public has three buckets. This is all stuff that is all good, but can generate consequences when you make a mistake, like typically, you know, your data leaks, no, because of super sophisticated attacks, but because somebody in your organization forgets maybe some data on it on a public history bucket, or because some credentials that are not restrictive enough, maybe are leaked to another team member or, or, or a Gita, you know, repository or something like that. So is infrastructures and the software becomes a let's a more sophisticated and more automated. There's also at the same time, more risks and opportunities for misconfigurations that then tend to be, you know, very often the sewers of, of issues in the cloud. >>Yeah, those self-inflicted wounds definitely come up. We've seen people leaving S3 buckets open, you know, it's user error, but, you know, w w those are small little things that get taken care of pretty quickly. That's just hygiene. It's just discipline. You know, most of the sophisticated enterprises are moving way past that, but now they're adopting more cloud native, right. And as they get into the critical apps, securing them has been challenging. We've talked to many CEOs and CSOs, and they say that to us. Yeah. It's very challenging, but we're on it. I have to ask you, what should people worry about when secure in the cloud, because they know is challenging, then they'll have the opportunity on the other side, what are they worried about? What do you see people scared of or addressing, or what should I be worried about when securing the cloud? >>Yeah, definitely. Sometimes when I'm talking about the security, I like to compare, you know, the old data center in that the old monolithic applications to a castle, you know, in middle aged castle. So what, what did you do to protect your castle? You used to build very thick walls around it, and then a small entrance and be very careful about the entrance, you know, protect the entrance very well. So what we used to doing that, that data center was protect everything, you know, the, the whole perimeter in a very aggressive way with firewalls and making sure that there was only a very narrow entrance to our data center. And, you know, as much as possible, like active security there, like firewalls or this kind of stuff. Now we're in the cloud. Now, it's everything. Everything is much more diffused, right? Our users, our customers are coming from all over the planet, every country, every geography, every time, but also our internal team is coming from everywhere because they're all accessing a cloud environment. >>You know, they often from home for different offices, again, from every different geography, every different country. So in this configuration, the metaphor data that they like to use is an amusement park, right? You have a big area with many important things inside in the users and operators that are coming from different dangerous is that you cannot really block, you know, you need to let everything come in and in operate together in these kinds of environment, the traditional protection is not really effective. It's overwhelming. And it doesn't really serve the purpose that we need. We cannot build a giant water under our amusement park. We need people to come in. So what we're finding is that understanding, getting visibility and doing, if you Rheodyne is much more important. So it's more like we need to replace the big walls with a granular network of security cameras that allow us to see what's happening in the, in the different areas of our amusement park. And we need to be able to do that in a way that is real time and allows us to react in a smart way as things happen because in the modern world of cloud five minutes of delay in understanding that something is wrong, mean that you're ready being, you know, attacked and your data's already being >>Well. I also love the analogy of the amusement park. And of course, certain rides, you need to be a certain height to ride the rollercoaster that I guess, that's it credentials or security credentials, as we say, but in all seriousness, the perimeter is dead. We all know that also moats were relied upon as well in the old days, you know, you secure the firewall, nothing comes in, goes out, and then once you're in, you don't know what's going on. Now that's flipped. There's no walls, there's no moats everyone's in. And so you're saying this kind of security camera kind of model is key. So again, this topic here is securing real time. Yeah. How do you do that? Because it's happening so fast. It's moving. There's a lot of movement. It's not at rest there's data moving around fast. What's the secret sauce to making real identifying real-time threats in an enterprise. >>Yeah. And in, in our opinion, there are some key ingredients. One is a granularity, right? You cannot really understand the threats in your amusement park. If you're just watching these from, from a satellite picture. So you need to be there. You need to be granular. You need to be located in the, in the areas where stuff happens. This means, for example, in, in security for the clowning in runtime, security is important to whoever your sensors that are distributed, that are able to observe every single end point. Not only that, but you also need to look at the infrastructure, right? From this point of view, cloud providers like Amazon, for example, offer nice facilities. Like for example, there's CloudTrail in AWS that collects in a nice opinionated consistent way, the data that is coming from multiple cloud services. So it's important from one point of view, to go deep into, into the endpoint, into the processes, into what's executing, but also collect his information like the cultural information and being able to correlate it to there's no full security without covering all of the basics. >>So a security is a matter of both granularity and being able to go deep and understanding what every single item does, but also being able to go abroad and collect the right data, the right data sources and correlated. And then the real time is really critical. So decisions need to be taken as the data comes in. So the streaming nature of security engines is becoming more and more important. So the step one of course, security, especially cost security, posture management was very much let's ball. Once in a while, let's, let's involve the API and see what's happening. This is still important. Of course, you know, you need to have the basics covered, but more and more, the paradigm needs to change to, okay, the data is coming in second by second, instead of asking for the data manually, once in a while, second by second, there's the moment it arrives. You need to be able to detect, correlate, take decisions. And so, you know, machine learning is very important. Automation is very important. The rules that are coming from the community on a daily basis are, are very important. >>Let me ask you a question, cause I love this topic because it's a data problem at the same time. There's some network action going on. I love this idea of no perimeter. You're going to be monitoring anything, but there's been trade offs in the past, overhead involved, whether you're monitoring or putting probes in the network or the different, there's all kinds of different approaches. How does the new technology with cloud and machine learning change the dynamics of the kinds of approaches? Because it's kind of not old tech, but you the same similar concepts to network management, other things, what what's going on now that's different and what makes this possible today? >>Yeah, I think from the friction point of view, which is one very important topic here. So this needs to be deployed efficiently and easily in this transparency, transparent as possible, everywhere, everywhere to avoid blind spots and making sure that everything is scheduled in front. His point of view, it's very important to integrate with the orchestration is very important to make use of all of the facilities that Amazon provides in the it's very important to have a system that is deployed automatically and not manually. That is in particular, the only to avoid blind spots because it's manual deployment is employed. Somebody would forget, you know, to deploy where somewhere where it's important. And then from the performance point of view, very much, for example, with Falco, you know, our open source front-end security engine, we really took key design decisions at the beginning to make sure that the engine would be able to support in Paris, millions of events per second, with minimal overhead. >>You know, they're barely measure measurable overhead. When you want to design something like that, you know, that you need to accept some kind of trade-offs. You need to know that you need to maybe limit a little bit this expressiveness, you know, or what can be done, but ease of deployment and performance were more important goals here. And you know, it's not uncommon for us is Dave to have users of Farco or commercial customers that they have tens of thousands, hundreds of thousands of machines. You know, I said two machines and sometimes millions of containers. And in these environments, lightweight is key. You want death, but you want overhead to be really meaningful and >>Okay, so a amusement park, a lot of diverse applications. So integration, I get that orchestration brings back the Kubernetes angle a little bit and Falco and per overhead and performance cloud scale. So all these things are working in favor. If I get that right, is that, am I getting that right? You get the cloud scale, you get the integration and open. >>Yeah, exactly. Any like ingredients over SEP, you know, and that, and with these ingredients, it's possible to bake a, a recipe to, to have a plate better, can be more usable, more effective and more efficient. That may be the place that we're doing in the previous direction. >>Oh, so I've got to ask you about Falco because it's come up a lot. We talked about it on our cube conversations already on the internet. Check that out. And a great conversation there. You guys have close to 40 million plus million downloads of, of this. You have also 80 was far gate integration, so six, some significant traction. What does this mean? I mean, what is it telling us? Why is this successful? What are people doing with Falco? I see this as a leading indicator, and I know you guys were sponsoring the project, so congratulations and propelled your business, but there's something going on here. What does this as a leading indicator of? >>Yeah. And for, for the audience, Falco is the runtime security tool of the cloud native generation such. And so when we, the Falco, we were inspired by previous generation, for example, network intrusion detection, system tools, and a post protection tools and so on. But we created essentially a unique tool that would really be designed for the modern paradigm of containers, cloud CIC, and salt and Falco essentially is able to collect a bunch of brainer information from your applications that are running in the cloud and is a religion that is based on policies that are driven by the community, essentially that allow you to detect misconfigurations attacks and normals conditions in your cloud, in your cloud applications. Recently, we announced that the extension of Falco to support a cloud infrastructure and time security by parsing cloud logs, like cloud trail and so on. So now Falba can be used at the same time to protect the workloads that are running in virtual machines or containers. >>And also the cloud infrastructure to give the audience a couple of examples, focused, able to detect if somebody is running a shelf in a radius container, or if somebody is downloading a sensitive by, from an S3 bucket, all of these in real time with Falco, we decided to go really with CR study. This is Degas was one of the team members that started it, but we decided to go to the community right away, because this is one other ingredient. We are talking about the ingredients before, and there's not a successful modern security tool without being able to leverage the community and empower the community to contribute to it, to use it, to validate and so on. And that's also why we contributed Falco to the cloud native computing foundation. So that Falco is a CNCF tool and is blessed by many organizations. We are also partnering with many companies, including Amazon. Last year, we released that far gate support for Falco. And that was done is a project that was done in cooperation with Amazon, so that we could have strong runtime security for the containers that are running in. >>Well, I've got to say, first of all, congratulations. And I think that's a bold move to donate or not donate contribute to the open source community because you're enabling a lot of people to do great things. And some people might be scared. They think they might be foreclosing and beneficial in the future, but in the reality, that is the new business model open source. So I think that's worth calling out and congratulations. This is the new commercial open source paradigm. And it kind of leads into my last question, which is why is security well-positioned to benefit from open source besides the fact that the new model of getting people enabled and getting scale and getting standards like you're doing, makes everybody win. And again, that's a community model. That's not a proprietary approach. So again, source again, big part of this. Why was security benefit from opensource? >>I am a strong believer. I mean, we are in a better, we could say we are in a war, right? The good guys versus the bad guys. The internet is full of bad guys. And these bad guys are coordinated, are motivated, are sometimes we'll find it. And we'll equip. We win only if we fight this war as a community. So the old paradigm of vendors building their own Eva towers, you know, their own self-contained ecosystems and that the us as users as, as, as customers, every many different, you know, environments that don't communicate with each other, just doesn't take advantage of our capabilities. Our strength is as a community. So we are much stronger against the big guys and we have a much better chance doing when this war, if we adopt a paradigm that allows us to work together. Think only about for example, I don't know, companies any to train, you know, the workforce on the security best practices on the security tools. >>It's much better to standardize on something, build the stack that is accepted by everybody and tell it can focus on learning the stack and becoming a master of the steak rounded rather than every single organization naming the different tool. And, and then B it's very hard to attract talent and to have the right, you know, people that can help you with, with your issues in, in, in, in, in, with your goals. So the future of security is going to be open source. I'm a strong believer in that, and we'll see more and more examples like Falco of initiatives that really start with, with the community and for the community. >>Like we always say an open, open winds, always turn the lights on, put the code out there. And I think, I think the community model is winning. Congratulations, Loris Dajani CTO and founder of SIS dig congratulatory success. And thank you for coming on the cube for the ADB startup showcase open cloud innovations. Thanks for coming on. Okay. Is the cube stay with us all day long every day with the cube, check us out the cube.net. I'm John furrier. Thanks for watching.

>>Okay, okay, we're back, you're watching the cubes, continuous coverage of HBs Green Lake announcement. One of the things that we said on the Cuban. We first saw Green Lake was let's watch the pace at which H P E delivers new servants is what's that cadence like? Because that's a real signal as to the extent that the company's leading into the cloud and today we're covering that continued expansion. We're here with Tom Black, who was the general manager of HPC storage and Omar assad, who's the storage platform lead for cloud data services at Hewlett Packard Enterprise gentlemen welcome. It's good to see you. >>Thanks Dave. Thanks for having us today. Good to see you. >>Happy to be here. Dave. >>So obviously a lot has changed globally, but when you think of things like cyber threats, ransomware, uh, the acceleration of business transformation, uh, these are new things, a lot of it is unknown a lot of it was forced upon us tom what are you guys doing to address these trends? How are you helping customers? >>Sure, thanks for the question. So if you think back to what we launched in early May, kind of the initial cloud transformation of what was our traditional storage business. Um, we really focused on one key theme. Very customer and customer driven theme that the cloud operational model has one and that customers want that operational model, whether they're operating their workload in the cloud or whether they're operating that workload in their own facility or Nicolo kind of the same thing. So that was kind of our true north and that's what we launched out of the gate in May. But we did allude in May to the fact that we would have an ongoing series of new services coming out on the uh H B Green Lake edge to cloud platform. And just really excited today to be talking about somewhat that expansion looks like um we will continue uh through this month and through the quarters ahead to really add more and more services in that vein of focusing on bringing that true cloud services model to our customer. So we're really excited today to unveil kind of, we've entered the data protection as a service market with HP Green Lake. So this is really our expansion into a very top of mind topic and set of problems and solutions or headaches and aspirins, to quote an old friend um that Ceos faces, they think about how to manage data through its life cycle in their organization. >>When I talked to see IOS during the pandemic. Not that we're out yet, but really in the throes of it and asked them about things like business resilience that they said, you know, we really had to rethink our disaster recovery strategy. It was it was sort of geared toward a fire or a hurricane and we we just didn't even imagine this type of disaster if you will. So we really needed to rethink it. So when I, I see your disaster recovery as a service and capabilities like that. Is that the Xarelto acquisition? >>Yes. Dave thanks you. So we're super happy to have the Xarelto team now as part of our family. Um, just a brilliant team, a well respected technology, uh, kind of a blue chips at our customers and partners that really appreciate what zero has to offer. Um, as we looked at the data protection as a service market, one of the hardest problems is really in that disaster recovery space, I think Omar's gonna talk a little bit more about today. Um, but sort of really does bring the leading industry, what's called continuous data protection um, capability into our green lake platform. Um, we've just recently closed the acquisition and we're working on kind of integration plan as we speak now that we can actually talk to each other post close. Um, but you'll uh, you'll continue to see, you know, some really exciting milestones each and every quarter as we march forward with certain now as part of the family. >>So we all talk about how data is, is so important. We certainly learned during the pandemic that that if you weren't a digital business, you were out of business and a digital business is a data business. So things like backup data protection as a service become increasingly critical. I know you have some capabilities there maybe you could share with us. >>Absolutely. So you know, one of the things that we noticed was as we took the storage business through its transformation and we started can work you know, with the launch of the electron 90 and the six K platform. We really really brought the cloud operational model to our customers. So one of the things that you know, feedback that was coming loud and clear to us is that as we look at the storage portfolio where we look at file block and object, which are now being transformed into a cloud operational experience, data protection, disaster recovery coming back into business after a disaster snapshot management. All of those capabilities, we still have to rely on our partner technologies in order to do that now. It's not bad that we have great partners in the data protection world, but what we're really focused on is that cloud operational model and cloud operational experience and to and as tom mentioned through the data management life cycle. So as a result of that, we talked to a lot of our customers, we talked to a bunch of partners and one of the things that was coming back was that yes, there are many data protection backup offerings on the market. But that true as a service experience that is completely integrated to the services experience of the storage that the customers is experiencing that is not there. So what we looked at was especially to the largest ecosystem, which is the VM ware ecosystems. So we're launching data protection as a service or backup as a service for our VM ware customers offered from data services, cloud console as a SAAS portal. 100% SAs service, nothing to install. No media servers, no application servers, no catalog servers, no backup targets, no patching, no expansion, no capacity planning. None of that is needed. All that's needed is sign on click. Give your V center credentials and off you go, that's it. That is it three clicks and you're in business. So currently, you know, in our, in our analysis we offer five x faster recovery from any of the competitive offerings that there there there are 3.5 better de doop ratios. But for our customers is as simple as this. VM is protected as this many dollars per gig per month. That's it. No backup target, no media server, no catalogs are nothing nothing to manage total Turkey off of the portal. So that's the cadence of services that if you promise and this is one of the first ones when it comes to data management that is coming out into the open. >>So you may have just answered this question, but I want to pose it and get you maybe just summarize it because tom was talking earlier about the customer mandate for cloud in a cloud operational model. So I want you to explain to the audience how you're making that real >>actually can I start that one should be the test was monday morning. Getting ready for this chat with you Dave they got me on console and I'm not kidding three clicks, I got back up and running off the lab VM ware instance so I'll pass it off to you the real answer. But if I could do it three clicks >>as well as a convenience of this service, even tom can be your back, you might be able to do with this. Uh again, you know, a very important question the when you, when you look at the cloud operational model as you abstracts the hardware and and take the management model up into a SAS service, it gives our customers that access to that continuous delivery access that we have. We're going to continue to make the service medal better in the cloud model and automatically customers get the value of it without even reinstalling or going through a patch cycle or an upgrade cycle. But as we get into this cloud operational model, one of the things that was missing was uh if you if you if you if you start to talk about applications, how our application workloads going to be deployed, how are they going to be protected and how are they going to be expanded? So what we did was we, we expanded our info site offerings by merging them into the data services, cloud console and we're releasing a new service called app insects. It is going to be available to our customers at the end of the month. Uh It is, nothing has to change. They don't have to install any sort of agents or or host modifications, nothing like that. If their customers of electra nimble primary boxes and they're using info site and data services, cloud console, they will automatically get app insights. What Athens sites does is it really teases apart all that data that we have been collecting within foresight and now with the acquisition of HPV cloud physics, we're merging them together and relating the operational stacked top to bottom. So discovering all the way from your application usage, network usage, storage, use it. IOP usage VM values cross, collaborating them and presenting that to a customer from an app or an outcome perspective all in the data services, cloud console. So what this does for our customers is it really really transforms not only their operational experience but also buying experience. Because if you remember in one of the earlier releases of data services cloud console we released this application called, you know, intelligent intent based provisioning in which you just describe your workload and we go ahead and we provision that app insights and info site, feed that information directly into that and cloud physics generates and results and displays those analytics back to us to your partner of record and to the H. B. So we can all come together on a common data driven discussion point with our customers to continue to make their journey better >>tom where's all the boxes, traditional storage is changing. I've actually been waiting for this day for a long, long time. We've certainly seen glimpses of it from the cloud players, but they don't have, you know, super rich portfolio storage portfolio. They're growing now, but this is a really good strong example of a company with a large storage portfolio. That's, I mean I haven't heard the word three power once today. Right. And so what that says to me, that's an indication that you're thinking like a cloud player, can you maybe talk >>to that? Sure. Yeah, we're just tremendously excited about this transformation and really the reception we've got in the market from analysts, from partners, from customers because you're right, you haven't heard us talk about a box at all today. It's really about a block service, a file on the object service, a backup and recovery service, disaster recovery service. That that's that is the the language, if you will of the business problems of our customers not, do they need to pick this widget or that widget. And how many apps can I get here and there? And which did the h a cage protection scheme be that, is that, is our job to manage underneath are true North, which is the cloud operational model. And so that's going to be really how we we've set our course and how we will uh kind of deliver products solutions offers into the market underneath that umbrella, Ultimately, um getting our customers wherever their data is Dave to be able to interact at that service level instead of at that infrastructure box >>level, you've got my attention wherever the data. So that's the north star here is this is, you know, you're not done today obviously, but you've got a vision to bring that to the cloud across clouds on prem out to the edge. That's the abstraction layer that you're gonna build, your hiding all that complexity. That's correct. And that's cloud. The definition of cloud is changing. >>Yeah, >>it's no longer started, it's no longer a remote set of services. Somewhere up in the cloud. It's expanding on prem hybrid across clouds edge >>everywhere. You're exactly right. Dave it is, cloud is more about the experience and the outcome. It gives a customer than actually where the compute or storage is. We've chosen to take a very customer an agnostic position of whether it's, you know, data in your premise, data in your cloud. We're going to help you manage that data and deliver, you know, that data to workloads and analytics, uh, wherever the, wherever the compute needs to be, where the data needs to be. Again, technologies like Xarelto giving instability and move data across clouds from facilities and clouds back and forth. So it's a really exciting new day for HP. Green Lake were just so super happy to bring these technologies out and really continue to follow on the course of doing what we said, we would do >>the new mindset starts there, I guess it's obviously knew certainly new technologies, uh, you're talking about machine intelligence is a metadata challenge. Absolutely. Big time, you know, long term that North Star that we talked about and applying that machine intelligence, all the experience that you gather data that you're gathering is, I think ultimately how customers want you to solve this problem >>in the middle of info site data services, cloud console and the instrumentation that is already shipping on our appliances, both in edge appliances and the data center appliances were collecting more than a trillion data points over the period of a quarter. Right at the end of the day. So it's harnessing that at the back end to cross relate and then using the cloud physics accusation. What we're doing is we can now simulate these things on behalf of our customers into the future timeline. So at the end of the day, it's really about listening to the customer and what outcomes that they want to achieve with their data storage is there we provide excellent persistence layers where customers can store their data safely. But at the end of the day it's customers choice, They can store their data out of the edge in compute servers, commodity servers, X 86 servers, they can have their data in the data center which they are privately owned or their data can be in a service provider or it can be in a hyper secular. The infrastructure of the persistence layer is independent from the data services. Cloud console data services. Cloud console provides our customers with a SAS based industry leading metadata rich management experience, which then allows you to draw conclusions. So services like cloud physics services like uh enforce it, provide the analytics and richness of the metadata, backup and recovery service allows us to index our customers data and add a rich metadata to that and then combine that with xylitol, which is our disaster recovery as a service offering. Going to start over here. That gives the customer a very simple slider as to where they want their protection levels to be, they want their protection to be instant or they want their protection to be lazy eight hours window. But the thing is at the end of the day, it's about choice without managing the complexities of the hardware >>underneath because programmable completely right I come in, what I'm hearing is file object blocks of your multi protocol. I got a full stack so data data reduction, my snaps might replicate whatever whatever I need it in there as a service. I can I can access latency sensitive storage if I need to or I can push it out to cheaper stores. I could push it out to the cloud, presumably I could someday I air gap it uh and it's all done as infrastructure as code and then different protection levels where I see this going. It really gets exciting is you're now a data company and you're bringing ai machine intelligence and driving data products, data services for your customers who are going to monetize that at their end of the value >>chain. That's right. That's right. And safely insecurity. Keeping in mind that was their toes technology. We can give you, you know, small second recovery points to protect against ransomware. So all of that operational elegance, all those insights and intelligence to help you build a more agile, um you know, workloads centric organization, but then to do it safely and securely against ransomware, that's kind of the storm, if you will. That's brewing. And we're just really excited to be at the eye of it. >>I'm excited to. This is uh I've been waiting for this day for a long time and we're not talking about envy, Emmy and Atomic Rights and I love that stuff by the way and I'm sure it's all under the covers, but that's not what drives business value guys. Thanks so much for coming on the Cuban. David. >>Thanks for having us. It's been great. Thank you. >>All right. We're seeing a transformation all through the stack and keep it right there. This is Dave Volonte for the Cuban. Our coverage of HBs Green Lake announcements right back mm mhm

(upbeat music) >> Thanks so much, and we're back here live. Live, I love saying that, at cloud city, at Mobile World Congress. Barcelona at the Fira. It's just been crazy here all week. We've been going wall to wall coverage. Am really excited to have John Savill here, as a principal cloud solutions architect at Microsoft. John, welcome to Barcelona, man. Come on in the cube. >> Oh yeah, thank you for having me. I'm not quite getting that Barcelona vibe here, but seems great. >> Well, you were just tell you look great. You just did an iron man up in Idaho, so awesome. Congratulations on completing that and many more in your future, I'm sure. You have a really interesting background. You know, in addition to your amazing cardiovascular capabilities. As a cloud architect, you've got a long history, 20 plus year history, you know, digging in at Microsoft. In your spare time you write books on architecture and you've got a great YouTube channel, a lot of subscribers. Tell us a little bit about that. >> Yeah, so it really started out 25 years ago. I was playing around with windows and technology and I just tried to share information. So I created a website artifact.com and I wrote magazine articles. And then people asked me to write some books and it's really evolved from there. And the most recent thing is actually the YouTube and I really enjoy doing the videos. It's a lot more rapid in terms of creating the content and sharing it, whereas the book takes six months. You'd write the book and then with technology moving as fast as it is, especially the cloud, you write a book on the cloud and then it's published and it's out on date. And so now this ability to create the content and get it to people a few minutes later, it's just phenomenal. So it's my hobby and my passion. And it's the best of both worlds for me. >> I love a CICD of books. Okay, Let's get into it. We've been talking all week about and actually drawing a lot of parallels with the traditional enterprise IT business and what's happening in Telco In one stop I just talking about the shifts in responsibilities for architects and the organizational roles, when you go from, you know, on-prem, everything's inside of a virtual machine, when you go to the cloud, there's a lot more optionality. As you just pointed out, things are a lot faster. What have you seen in your experience what's different? What should we be thinking about? >> Yeah, so exactly, as you said, it on premise really everything is a virtual machine. It's an OS that you have to manage, like the thing about the patching, the security, the policy. And then I have to put things inside this virtual machine, but that's my unit of work. Some coming to the site and look at containers on premises. And then they struggle with managing one even orchestrator. So I'm managing Kuberneters and ITs and there's work there. When you move to the cloud, you have all these other types of service. You think about serverless kind of at an end of a spectrum where, hey, I just have some code. I want to run based on some event, maybe a schedule, maybe a web hook, some trigger, some event happens. And I only pay for when it's doing work. But what I care about is my code or my focus is this is my code. I don't care about any of the other stuff that makes it work. I just can focus on my code, but you still have the options. I can do containers. I can do virtual machines if that's what I want to do. But my responsibility can really laser focus just on the business value. Generally as a company, I don't really care about managing an OS or patching, I want to see what differentiates my business from someone else. And when I moved to the cloud, I can shift my focus to just that business value and let the cloud vendor take care of the responsibility of keeping the things running, enables me to shift and just focus on value, which is key. >> And as a cloud vendor, that allows you to price by consumption in a very transparent way, and as a customer, now I know what I'm paying for and I can align that investment as you were just pointing out with the business value. >> Oh, absolutely. Right, so again, on premises, we have bits of equipment. We have this server, with memory and CPU, and generally we have different usage. We have peaks and we have lows. We have the same bit of hardware I'm paying for all of the time, we have disaster recovery. I'm paying for that all of the time. If I have customers all over the world, well, speed of light is speed of light. I have to wrap boxes all over the world in the cloud. I can have services dynamically scale based on the need, based on the work coming in. I can scale the amount of resource% I have available to meet that. So I'm optimizing my costs to only pay for what I actually need at any given moment. And of course we have regions all over the world. So suddenly now I can be super close to my customers. So its right, it completely changes how the companies can think about spending the money to only spend what they have to spend on what they want to spend it on. >> Yeah so the last decade clearly the aha moment for enterprise tech, just in terms of really understanding those benefits. And we saw it, you know, it actually first hit right around the financial crisis. When you know, all the CFOs said, "hey, shift your CapEx to OPEX immediately. And then we came out of that downturn and people said, "hey, this stuff, this cloud stuff actually is really good. Let's start to really change our business models around it." And, and there's a lot of relevance for Telco here. And you've talked about cloud as a, a flat layer, three network, what do you mean by that? >> Yes, if you think about on premises, you have bits of wire. Now that might be copper wire, it might be fiber, but you have these bits of wire that connects stuff. And I can think about connecting different bits of staff, to different network cards to enable me to separate systems and how they can communicate to each other and segregate. So that's how I've always thought about on premise is that why I separate stuff. A little bits of wire connecting different bits of network card. Well in the cloud, you don't have that. It's all software defined networking. If I think about a construct where I put my resources like a virtual network, it's just an IP of the layer three network there are no bits of wire. I can plug into different places. There are no different physical network cards. So we have to shift our thinking, and it can be very difficult. If I'm used to being an on-prem network admin, I'm used to the idea of the lines and cables and multiple nicks with different bits of copper plugged into them. When I go to the cloud, I have to shift that and think it is this flat layer three network. And when I want to segment things, now it's software defined networking walls, networks security groups, maybe botched appliances that can inspect the traffic. But it's a huge shift in thinking to how we now segregate and control how that networking actually functions. And of course, if you then want to extend that to hybrid connectivity, well, how does that then map to why my on-prem network? And I want to extend that to make it completely seamless into the cloud. >> Yeah, I don't want to come back to that, but I want to ask you about some of the organizational roles. 'Cause you've been at this for a couple of decades. So you've seen, you know, you remember the days of when you know, the expertise in managing a LAN a report was, you know, highly valued. It's not anymore. And so your colleagues, your peers in the industry, the architects that are your customers, they have to reinvent themselves. And that that's really now beginning to happen in Telco. So I wonder if you could talk about your thoughts, how you're thinking about cloud in telecom. >> Yeah, so I think what's happening is you still need skills. What shifts is, what is the type of skills you talked about LANs and managing storage. Well, you don't manage LANs anymore, but in the cloud, there's different types of storage service. There's different performance characteristics. IOPS throughput capacity. So we have to shift how we actually think about those skillings so I still need to architect accordingly. It's only to make sure I have the right characteristics, that it's just a different unit of work. I'm working with different tools now. And I think from a kind of telco perspective, they're really looking now, well, how can we leverage the cloud, Telcos in particular, have a huge pressure around very low latency. They have to be close to their customers. They deliver critical services. You can think about emergency services. They have to have super high availability. That's when you start moving to the cloud, they can now embrace the fact that well cloud has these various constructs like different physical structures within independent power calling communications. They have different regions, so I can be close my customers and kind of replicate between them. Through the Telco, you have to kind of firstly think about, well, okay, I still need to adhere to all of these core requirements. That quality of service, giving my customers a great experience, but now we have these different tools available in how we can actually deliver that. I think also a big shift is from a security perspective. I think especially Telcos love the idea of the network. The network is the be all and end all of security. When you start using the cloud network is still super important, but identity becomes this huge factor as well, because now I don't have this moat around my physical box. That copper wire doesn't have this disconnect. I'm in the cloud as so now we think about, well, how does the identity play into actually securing our resources? Because now we're going to have all these different cloud services that are going to talk to each other. We need to do that in a secure way. So the identity becomes this much bigger part of my architecture networks still super important, but now identity bumps up there as well. And I think that that's a key thing for Telcos is that there's a shift there. >> Yeah, well on speaking of shifts, a big conversation and Theme CubeCon this year was the shift left with security and designing security in. And really when you think about infrastructure as code, the programmable network, and you combine that with the cloud, I mean, Microsoft has gone through the greatest transformation of any tech company in the history of tech. And it did so with a cloud first mentality. And now you see that cloud expanding. It's clearly on prem you're bringing that you're connecting those, but now the edge. 5g networks and the it's very, you know, super exciting, you know, new compute architectures and new programming models. So this you're essentially building this abstraction layer that developers can really take advantage of having consistency across all those physical locations, really hiding the underlying complexity. I wonder if you could comment on that. >> Not, exactly. You're a 100% correct. So right Azure was a cloud service. So we had this cloud and we had services operating in that cloud, app services, data services, machine learning but you still have requirements for on-premises components. You talk about the edge. Well, hey, I may be, I'm using a private wireless network. I have my RAD, I have the core kind of packet switching components. Well, I still want things on premises then I need compute, I need workers running on my edge, close to where the data's being generated IOT sensors. What Azure has is yes, it has the public cloud services. Then it has things like Azure like edge, Azure stack hub, Azure like HCI that let me actually have things on premises in different form factors. But the can now run consistently like Azure services. I can manage them through Azure services, policy, security constructs, identity constructs, and then with things like if I have Kubernetes any kind of Kubernetes CNCF-compliant, I can actually now sync Azure arc, manage it through the cloud and I can deploy SQL manage instance, Postgres hyper-scale, machine learning, app services, serverless functions now running on-prem. So as a developer, as an architect, I create my solution, but now I can run it in the cloud, I can run it on premises. I don't have to make that conscious decision and do things differently. If my requirements change, I can move or do hybrid. So it really is a game changer. The customer gets the choice. I can leverage these technologies. I can write code and architect solutions and then run it where makes the most sense for me. >> Yeah, and we just got a couple of minutes here, just as we saw new applications emerge in the cloud, we're going to see new applications emerge at the edge. The developers will win the edge, I've said it many times. I'll give you the last thoughts, John. >> No, I just think it's a, it's an amazing, exciting time. I mean, you talked about kind of the whole shift left more and more companies are moving into kind of the whole infrastructures code and the dev ops models. And now we see security embedded all the way at the start of our pipeline. But I really just think this is the time now as a customer, as a Telco, you do have this fantastic set of capabilities available to you in the cloud, but you're always going to have, I think that on-premise is component as well. So you don't have to compromise. I don't have to say, well, I'd love to use this service, but wow, I had this anchor or I had this requirement on prem. I can use the same services. You have that complete choice. You can operate in the same way, the same pipelines, the same dev ops, the same security and one where it makes the most sense for you. I mean, it's a fantastic time. >> Well, John, thanks so much for virtually coming into Barcelona. We've got this great hybrid event, good luck in your career and in your Ironman competitions, all the best to you. Thank you. >> Thank you for having me, the pleasure. >> It's been our pleasure. So we're here, live at the, the Fira in Barcelona. We're in Cloud City. I'll tell you, I'll set it up. It's not like jammed packed where you can't move, you know, good thing we're in, still in the COVID, but it's like the post isolation economy here, but we're really excited to be sharing with you. We're going to go back to the studio to Adam Burns right now.

>>from around the globe. It's the Cube presenting Cuban Cloud brought to you by Silicon Angle. Welcome back to the live segment of the Cuban cloud. I'm Dave, along with my co host, John Ferrier. John Rose is here. He's the global C T o Dell Technologies. John, great to see you as always, Really appreciate >>it. Absolutely good to know. >>Hey, so we're gonna talk edge, you know, the the edge, it's it's estimated. It's a multi multi trillion dollar opportunity, but it's a highly fragmented, very complex. I mean, it comprises from autonomous vehicles and windmills, even retail stores outer space. And it's so it brings in a lot of really gnarly technical issues that we want to pick your brain on. Let me start with just what to you is edge. How do you think about >>it? Yeah, I think I mean, I've been saying for a while that edges the when you reconstitute Ike back out in the real world. You know, for 10 years we've been sucking it out of the real world, taking it out of factories, you know, nobody has an email server under their desk anymore. On that was because we could put it in data centers and cloud public clouds, and you know that that's been a a good journey. And then we realized, Wait a minute, all the data actually was being created out in the real world. And a lot of the actions that have to come from that data have to happen in real time in the real world. And so we realized we actually had toe reconstitute a nightie capacity out near where the data is created, consumed and utilized. And, you know, that turns out to be smart cities, smart factories. You know, uh, we're dealing with military apparatus. What you're saying, how do you put, you know, edges in tow, warfighting theaters or first responder environments? It's really anywhere that data exists that needs to be processed and understood and acted on. That isn't in a data center. So it's kind of one of these things. Defining edge is easier to find. What it isn't. It's anywhere that you're going to have. I t capacity that isn't aggregated into a public or private cloud data center. That seems to be the answer. So >>follow. Follow that. Follow the data. And so you've got these big issue, of course, is late and see people saying, Well, some applications or some use cases like autonomous vehicles. You have to make the decision locally. Others you can you can send back. And you, Kamal, is there some kind of magic algorithm the technical people used to figure out? You know what, the right approaches? Yeah, >>the good news is math still works and way spent a lot of time thinking about why you build on edge. You know, not all things belong at the edge. Let's just get that out of the way. And so we started thinking about what does belong at the edge, and it turns out there's four things you need. You know, if you have a real time responsiveness in the full closed loop of processing data, you might want to put it in an edge. But then you have to define real time, and real time varies. You know, real time might be one millisecond. It might be 30 milliseconds. It might be 50 milliseconds. It turns out that it's 50 milliseconds. You probably could do that in a co located data center pretty far away from those devices. One millisecond you better be doing it on the device itself. And so so the Leighton see around real time processing matters. And, you know, the other reasons interesting enough to do edge actually don't have to do with real time crossing they have to do with. There's so much data being created at the edge that if you just blow it all the way across the Internet, you'll overwhelm the Internets. We have need toe pre process and post process data and control the flow across the world. The third one is the I T. O T boundary that we all know. That was the I O t. Thing that we were dealing with for a long time. And the fourth, which is the fascinating one, is it's actually a place where you might want to inject your security boundaries, because security tends to be a huge problem and connected things because they're kind of dumb and kind of simple and kind of exposed. And if you protect them on the other end of the Internet, the surface area of protecting is enormous, so there's a big shift basically move security functions to the average. I think Gardner made up a term for called Sassy. You know, it's a pretty enabled edge, but these are the four big ones. We've actually tested that for probably about a year with customers. And it turns out that, you know, seems to hold If it's one of those four things you might want to think about an edge of it isn't it probably doesn't belong in >>it. John. I want to get your thoughts on that point. The security things huge. We talked about that last time at Del Tech World when we did an interview with the Cube. But now look at what's happened. Over the past few months, we've been having a lot of investigative reporting here at Silicon angle on the notion of misinformation, not just fake news. Everyone talks about that with the election, but misinformation as a vulnerability because you have now edge devices that need to be secured. But I can send misinformation to devices. So, you know, faking news could be fake data say, Hey, Tesla, drive off the road or, you know, do this on the other thing. So you gotta have the vulnerabilities looked at and it could be everything. Data is one of them. Leighton. See secure. Is there a chip on the device? Could you share your vision on how you see that being handled? Cause it's a huge >>problem. Yeah, this is this is a big deal because, you know, what you're describing is the fact that if data is everything, the flow of data ultimately turns into the flow of information that knowledge and wisdom and action. And if you pollute the data, if you could compromise it the most rudimentary levels by I don't know, putting bad data into a sensor or tricking the sensor which lots of people can dio or simulating a sensor, you can actually distort things like a I algorithms. You can introduce bias into them and then that's a That's a real problem. The solution to it isn't making the sensors smarter. There's this weird Catch 22 when you sense arise the world, you know you have ah, you know, finite amount of power and budget and the making sensors fatter and more complex is actually the wrong direction. So edges have materialized from that security dimension is an interesting augment to those connected things. And so imagine a world where you know your sensor is creating data and maybe have hundreds or thousands of sensors that air flowing into an edge compute layer and the edge compute layer isn't just aggregating it. It's putting context on it. It's metadata that it's adding to the system saying, Hey, that particular stream of telemetry came from this device, and I'm watching that device and Aiken score it and understand whether it's been compromised or whether it's trustworthy or whether it's a risky device and is that all flows into the metadata world the the overall understanding of not just the data itself, but where did it come from? Is it likely to be trustworthy? Should you score it higher or lower in your neural net to basically manipulate your algorithm? These kind of things were really sophisticated and powerful tools to protect against this kind of injection of false information at the sensor, but you could never do that at a sensor. You have to do it in a place that has more compute capacity and is more able to kind of enriched the data and enhance it. So that's why we think edges are important in that fourth characteristic of they aren't the security system of the sensor itself. But they're the way to make sure that there's integrity in the sense arised world before it reaches the Internet before it reaches the cloud data centers. >>So access to that metadata is access to the metadata is critical, and it's gonna be it's gonna be near real time, if not real time, right? >>Yeah, absolutely. And, you know, the important thing is, Well, I'll tell you this. You know, if you haven't figured this out by looking at cybersecurity issues, you know, compromising from the authoritative metadata is a really good compromise. If you could get that, you can manipulate things that a scale you've never imagined. Well, in this case, if the metadata is actually authoritatively controlled by the edge note the edge note is processing is determining whether or not this is trustworthy or not. Those edge nodes are not $5 parts, their servers, their higher end systems. And you can inject a lot more sophisticated security technology and you can have hardware root of trust. You can have, you know, mawr advanced. PK I in it, you can have a I engines watching the behavior of it, and again, you'd never do that in a sensor. But if you do it at the first step into the overall data pipeline, which is really where the edges materializing, you can do much more sophisticated things to the data. But you can also protect that thing at a level that you'd never be able to do to protect a smart lightbulb. A thermostat in your house? >>Uh, yes. So give us the playbook on how you see the evolution of the this mark. I'll see these air key foundational things, a distributed network and it's a you know I o t trends into industrial i o t vice versa. As a software becomes critical, what is the programming model to build the modern applications is something that I know. You guys talk to Michael Dell about this in the Cuban, everyone, your companies as well as everyone else. Its software define everything these days, right? So what is the software framework? How did people code on this? What's the application aware viewpoint on this? >>Yeah, this is, uh, that's unfortunately it's a very complex area that's got a lot of dimensions to it. Let me let me walk you through a couple of them in terms of what is the software framework for for For the edge. The first is that we have to separate edge platforms from the actual edge workload today too many of the edge dialogues or this amorphous blob of code running on an appliance. We call that an edge, and the reality is that thing is actually doing two things. It's, ah, platform of compute out in the real world and it's some kind of extension of the cloud data pipeline of the cloud Operating model. Instance, he added, A software probably is containerized code sitting on that edge platform. Our first principle about the software world is we have to separate those two things. You do not build your cloud your edge platform co mingled with the thing that runs on it. That's like building your app into the OS. That's just dumb user space. Colonel, you keep those two things separate. We have Thio start to enforce that discipline in the software model at the edges. The first principle, the second is we have to recognize that the edges are are probably best implemented in ways that don't require a lot of human intervention. You know, humans air bad when it comes to really complex distributed systems. And so what we're finding is that most of the code being pushed into production benefits from using things like kubernetes or container orchestration or even functional frameworks like, you know, the server list fast type models because those low code architectures generally our interface with via AP, eyes through CCD pipelines without a lot of human touch on it. And it turns out that, you know, those actually worked reasonably well because the edges, when you look at them in production, the code actually doesn't change very often, they kind of do singular things relatively well over a period of time. And if you can make that a fully automated function by basically taking all of the human intervention away from it, and if you can program it through low code interfaces or through automated interfaces, you take a lot of the risk out of the human intervention piece of this type environment. We all know that you know most of the errors and conditions that break things are not because the technology fails it because it's because of human being touches it. So in the software paradigm, we're big fans of more modern software paradigms that have a lot less touch from human beings and a lot more automation being applied to the edge. The last thing I'll leave you with, though, is we do have a problem with some of the edge software architectures today because what happened early in the i o t world is people invented kind of new edge software platforms. And we were involved in these, you know, edge X foundry, mobile edge acts, a crane. Oh, and those were very important because they gave you a set of functions and capabilities of the edge that you kind of needed in the early days. Our long term vision, though for edge software, is that it really needs to be the same code base that we're using in data centers and public clouds. It needs to be the same cloud stack the same orchestration level, the same automation level, because what you're really doing at the edge is not something that spoke. You're taking a piece of your data pipeline and you're pushing it to the edge and the other pieces are living in private data centers and public clouds, and you like they all operate under the same framework. So we're big believers in, like pushing kubernetes orchestration all the way to the edge, pushing the same fast layer all the way to the edge. And don't create a bespoke world of the edge making an extension of the multi cloud software framework >>even though the underlying the underlying hardware might change the microprocessor, GPU might change GP or whatever it is. Uh, >>by the way, that that's a really good reason to use these modern framework because the energies compute where it's not always next 86 underneath it, programming down at the OS level and traditional languages has an awful lot of hardware dependencies. We need to separate that because we're gonna have a lot of arm. We're gonna have a lot of accelerators a lot of deep. Use a lot of other stuff out there. And so the software has to be modern and able to support header genius computer, which a lot of these new frameworks do quite well, John. >>Thanks. Thanks so much for for coming on, Really? Spending some time with us and you always a great guest to really appreciate it. >>Going to be a great stuff >>of a technical edge. Ongoing room. Dave, this is gonna be a great topic. It's a clubhouse room for us. Well, technical edge section every time. Really. Thanks >>again, Jon. Jon Rose. Okay, so now we're gonna We're gonna move to the second part of our of our technical edge discussion. Chris Wolf is here. He leads the advanced architecture group at VM Ware. And that really means So Chris's looks >>at I >>think it's three years out is kind of his time. Arise. And so, you know, advanced architecture, Er and yeah. So really excited to have you here. Chris, can you hear us? >>Okay. Uh, >>can Great. Right. Great to see you again. >>Great >>to see you. Thanks for coming on. Really appreciate it. >>So >>we're talking about the edge you're talking about the things that you see way set it up is a multi trillion dollar opportunity. It's It's defined all over the place. Uh, Joey joke. It's Could be a windmill. You know, it could be a retail store. It could be something in outer space. Its's It's it's, you know, whatever is defined A factory, a military installation, etcetera. How do you look at the edge. And And how do you think about the technical evolution? >>Yeah, I think it is. It was interesting listening to John, and I would say we're very well aligned there. You know, we also would see the edge is really the place where data is created, processed and are consumed. And I think what's interesting here is that you have a number off challenges in that edges are different. So, like John was talking about kubernetes. And there's there's multiple different kubernetes open source projects that are trying to address thes different edge use cases, whether it's K three s or Cubbage or open your it or super edge. And I mean the list goes on and on, and the reason that you see this conflict of projects is multiple reasons. You have a platform that's not really designed to supported computing, which kubernetes is designed for data center infrastructure. Uh, first on then you have these different environments where you have some edge sites that have connectivity to the cloud, and you have some websites that just simply don't write whether it's an oil rig or a cruise ship. You have all these different use cases, so What we're seeing is you can't just say this is our edge platform and, you know, go consume it because it won't work. You actually have to have multiple flavors of your edge platform and decide. You know what? You should time first. From a market perspective, I >>was gonna ask you great to have you on. We've had many chest on the Cube during when we actually would go to events and be on the credit. But we appreciate you coming into our virtual editorial event will be doing more of these things is our software will be put in the work to do kind of a clubhouse model. We get these talks going and make them really valuable. But this one is important because one of the things that's come up all day and we kind of introduced earlier to come back every time is the standardization openness of how open source is going to extend out this this interoperability kind of vibe. And then the second theme is and we were kind of like the U S side stack come throwback to the old days. Uh, talk about Cooper days is that next layer, but then also what is going to be the programming model for modern applications? Okay, with the edge being obviously a key part of it. What's your take on that vision? Because that's a complex area certain a lot of a lot of software to be written, still to come, some stuff that need to be written today as well. So what's your view on How do you programs on the edge? >>Yeah, it's a It's a great question, John and I would say, with Cove it We have seen some examples of organizations that have been successful when they had already built an edge for the expectation of change. So when you have a truly software to find edge, you can make some of these rapid pivots quite quickly, you know. Example was Vanderbilt University had to put 1000 hospital beds in a parking garage, and they needed dynamic network and security to be able to accommodate that. You know, we had a lab testing company that had to roll out 400 testing sites in a matter of weeks. So when you can start tohave first and foremost, think about the edge as being our edge. Agility is being defined as you know, what is the speed of software? How quickly can I push updates? How quickly can I transform my application posture or my security posture in lieu of these types of events is super important. Now, if then if we walk that back, you know, to your point on open source, you know, we see open source is really, uh you know, the key enabler for driving edge innovation and driving in I S V ecosystem around that edge Innovation. You know, we mentioned kubernetes, but there's other really important projects that we're already seeing strong traction in the edge. You know, projects such as edge X foundry is seeing significant growth in China. That is, the core ejects foundry was about giving you ah, pass for some of your I o T aps and services. Another one that's quite interesting is the open source faith project in the Linux Foundation. And fate is really addressing a melody edge through a Federated M L model, which we think is the going to be the long term dominant model for localized machine learning training as we continue to see massive scale out to these edge sites, >>right? So I wonder if you could You could pick up on that. I mean, in in thinking about ai influencing at the edge. Um, how do you see that? That evolving? Uh, maybe You know what, Z? Maybe you could We could double click on the architecture that you guys see. Uh, progressing. >>Yeah, Yeah. Right now we're doing some really good work. A zai mentioned with the Fate project. We're one of the key contributors to the project. Today. We see that you need to expand the breath of contributors to these types of projects. For starters, uh, some of these, what we've seen is sometimes the early momentum starts in China because there is a lot of innovation associated with the edge there, and now it starts to be pulled a bit further West. So when you look at Federated Learning, we do believe that the emergence of five g I's not doesn't really help you to centralized data. It really creates the more opportunity to create, put more data and more places. So that's, you know, that's the first challenge that you have. But then when you look at Federated learning in general, I'd say there's two challenges that we still have to overcome organizations that have very sophisticated data. Science practices are really well versed here, and I'd say they're at the forefront of some of these innovations. But that's 1% of enterprises today. We have to start looking at about solutions for the 99% of enterprises. And I'd say even VM Ware partners such as Microsoft Azure Cognitive Services as an example. They've been addressing ML for the 99%. I say That's a That's a positive development. When you look in the open source community, it's one thing to build a platform, right? Look, we love to talk about platforms. That's the easy part. But it's the APS that run on that platform in the services that run on that platform that drive adoption. So the work that we're incubating in the VM, or CTO office is not just about building platforms, but it's about building the applications that are needed by say that 99% of enterprises to drive that adoption. >>So if you if you carry that through that, I infer from that Chris that the developers are ultimately gonna kind of win the edge or define the edge Um, How do you see that From their >>perspective? Yeah, >>I think its way. I like to look at this. I like to call a pragmatic Dev ops where the winning formula is actually giving the developer the core services that they need using the native tools and the native AP eyes that they prefer and that is predominantly open source. It would some cloud services as they start to come to the edge as well. But then, beyond that, there's no reason that I t operations can't have the tools that they prefer to use. A swell. So we see this coming together of two worlds where I t operations has to think even for differently about edge computing, where it's not enough to assume that I t has full control of all of these different devices and sensors and things that exists at the edge. It doesn't happen. Often times it's the lines of business that air directly. Deploying these types of infrastructure solutions or application services is a better phrase and connecting them to the networks at the edge. So what does this mean From a nightie operations perspective? We need tohave, dynamic discovery capabilities and more policy and automation that can allow the developers to have the velocity they want but still have that consistency of security, agility, networking and all of the other hard stuff that somebody has to solve. And you can have the best of both worlds here. >>So if Amazon turned the data center into an A P I and then the traditional, you know, vendors sort of caught up or catching up and trying to do in the same premise is the edge one big happy I Is it coming from the cloud? Is it coming from the on Prem World? How do you see that evolving? >>Yes, that's the question and races on. Yeah, but it doesn't. It doesn't have to be exclusive in one way or another. The VM Ware perspective is that, you know, we can have a consistent platform for open source, a consistent platform for cloud services. And I think the key here is this. If you look at the partnerships we've been driving, you know, we've on boarded Amazon rds onto our platform. We announced the tech preview of Azure Arc sequel database as a service on our platform as well. In addition, toe everything we're doing with open source. So the way that we're looking at this is you don't wanna make a bet on an edge appliance with one cloud provider. Because what happens if you have a business partner that says I am a line to Google or on the line to AWS? So I want to use this open source. Our philosophy is to virtualized the edge so that software can dictate, you know, organizations velocity at the end of the day. >>Yeah. So, Chris, you come on, you're you're an analyst at Gartner. You know us. Everything is a zero sum game, but it's but But life is not like that, right? I mean, there's so much of an incremental opportunity, especially at the edge. I mean, the numbers are mind boggling when when you look at it, >>I I agree wholeheartedly. And I think you're seeing a maturity in the vendor landscape to where we know we can't solve all the problems ourselves and nobody can. So we have to partner, and we have to to your earlier point on a P. I s. We have to build external interfaces in tow, our platforms to make it very easy for customers have choice around ice vendors, partners and so on. >>So, Chris, I gotta ask you since you run the advanced technology group in charge of what's going on there, will there be a ship and focus on mawr ships at the edge with that girl singer going over to intel? Um, good to see Oh, shit, so to speak. Um, all kidding aside, but, you know, patch leaving big news around bm where I saw some of your tweets and you laid out there was a nice tribute, pat, but that's gonna be cool. That's gonna be a didn't tell. Maybe it's more more advanced stuff there. >>Yeah, I think >>for people pats staying on the VMRO board and to me it's it's really think about it. I mean, Pat was part of the team that brought us the X 86 right and to come back to Intel as the CEO. It's really the perfect book end to his career. So we're really sad to see him go. Can't blame him. Of course it's it's a It's a nice chapter for Pat, so totally understand that. And we prior to pack going to Intel, we announced major partnerships within video last year, where we've been doing a lot of work with >>arm. So >>thio us again. We see all of this is opportunity, and a lot of the advanced development projects were running right now in the CTO office is about expanding that ecosystem in terms of how vendors can participate, whether you're running an application on arm, whether it's running on X 86 or whatever, it's running on what comes next, including a variety of hardware accelerators. >>So is it really? Is that really irrelevant to you? I mean, you heard John Rose talk about that because it's all containerized is it is. It is a technologies. Is it truly irrelevant? What processor is underneath? And what underlying hardware architectures there are? >>No, it's not. You know it's funny, right? Because we always want to say these things like, Well, it's just a commodity, but it's not. You didn't then be asking the hardware vendors Thio pack up their balls and go home because there's just nothing nothing left to do, and we're seeing actually quite the opposite where there's this emergence and variety of so many hardware accelerators. So even from an innovation perspective, for us. We're looking at ways to increase the velocity by which organizations can take advantage of these different specialized hardware components, because that's that's going to continue to be a race. But the real key is to make it seamless that an application could take advantage of these benefits without having to go out and buy all of this different hardware on a per application basis. >>But if you do make bets, you can optimize for that architecture, true or not, I mean, our estimate is that the you know the number of wafer is coming out of arm based, you know, platforms is 10 x x 86. And so it appears that, you know, from a cost standpoint, that's that's got some real hard decisions to make. Or maybe maybe they're easy decisions, I don't know. But so you have to make bets, Do you not as a technologist and try to optimize for one of those architectures, even though you have to hedge those bets? >>Yeah, >>we do. It really boils down to use cases and seeing, you know, what do you need for a particular use case like, you know, you mentioned arm, you know, There's a lot of arm out at the edge and on smaller form factor devices. Not so much in the traditional enterprise data center today. So our bets and a lot of the focus there has been on those types of devices. And again, it's it's really the It's about timing, right? The customer demand versus when we need to make a particular move from an innovation >>perspective. It's my final question for you as we wrap up our day here with Great Cuban Cloud Day. What is the most important stories in in the cloud tech world, edge and or cloud? And you think people should be paying attention to that will matter most of them over the next few years. >>Wow, that's a huge question. How much time do we have? Not not enough. A >>architect. Architectural things. They gotta focus on a lot of people looking at this cove it saying I got to come out with a growth strategy obvious and clear, obvious things to see Cloud >>Yeah, yeah, let me let me break it down this way. I think the most important thing that people have to focus on >>is deciding How >>do they when they build architectures. What does the reliance on cloud services Native Cloud Services so far more proprietary services versus open source technologies such as kubernetes and the SV ecosystem around kubernetes. You know, one is an investment in flexibility and control, lots of management and for your intellectual property, right where Maybe I'm building this application in the cloud today. But tomorrow I have to run it out at the edge. Or I do an acquisition that I just wasn't expecting, or I just simply don't know. Sure way. Sure hope that cova doesn't come around again or something like it, right as we get past this and navigate this today. But architect ng for the expectation of change is really important and having flexibility of round your intellectual property, including flexibility to be able to deploy and run on different clouds, especially as you build up your different partnerships. That's really key. So building a discipline to say you know what >>this is >>database as a service, it's never going to define who I am is a business. It's something I have to do is an I T organization. I'm consuming that from the cloud This part of the application sacked that defines who I am is a business. My active team is building this with kubernetes. And I'm gonna maintain more flexibility around that intellectual property. The strategic discipline to operate this way among many of >>enterprise customers >>just hasn't gotten there yet. But I think that's going to be a key inflection point as we start to see. You know, these hybrid architectures continue to mature. >>Hey, Chris. Great stuff, man. Really appreciate you coming on the cube and participate in the Cuban cloud. Thank you for your perspectives. >>Great. Thank you very much. Always a pleasure >>to see you. >>Thank you, everybody for watching this ends the Cuban Cloud Day. Volonte and John Furry. All these sessions gonna be available on demand. All the write ups will hit silicon angle calm. So check that out. We'll have links to this site up there and really appreciate you know, you attending our our first virtual editorial >>event again? >>There's day Volonte for John Ferrier in the entire Cube and Cuba and Cloud Team >>Q 3 65. Thanks >>for watching. Mhm

>> Voice Over: Data is at the heart of transformation, and the change every company needs to succeed. But it takes more than new technology. It's about teams, talent and cultural change. Empowering everyone on the front lines to make decisions, all at the speed of digital. The transformation starts with you, it's time to lead the way, it's time for thought leaders. (soft upbeat music) >> Welcome to Thought.Leaders a digital event brought to you by ThoughtSpot, my name is Dave Vellante. The purpose of this day is to bring industry leaders and experts together to really try and understand the important issues around digital transformation. We have an amazing lineup of speakers, and our goal is to provide you with some best practices that you can bring back and apply to your organization. Look, data is plentiful, but insights are not, ThoughtSpot is disrupting analytics, by using search and machine intelligence to simplify data analysis and really empower anyone with fast access to relevant data. But in the last 150 days, we've had more questions than answers. Creating an organization that puts data and insights at their core, requires not only modern technology but leadership, a mindset and a culture, that people often refer to as data-driven. What does that mean? How can we equip our teams with data and fast access to quality information that can turn insights into action? And today we're going to hear from experienced leaders who are transforming their organizations with data, insights, and creating digital first cultures. But before we introduce our speakers, I'm joined today by two of my co-hosts from ThoughtSpot. First, chief data strategy officer of the ThoughtSpot is Cindi Howson, Cindi is an analytics and BI expert with 20 plus years experience, and the author of Successful Business Intelligence: Unlock the Value of BI & Big Data. Cindi was previously the lead analyst at Gartner for the data and analytics Magic Quadrant. In early last year, she joined ThoughtSpot to help CEOs and their teams understand how best to leverage analytics and AI for digital transformation. Cindi great to see you, welcome to the show. >> Thank you Dave, nice to join you virtually. >> Now our second cohost and friend of theCUBE is ThoughtSpot CEO Sudheesh Nair Hello Sudheesh, how are you doing today? >> I'm well, good to talk to you again. >> That's great to see you, thanks so much for being here. Now Sudheesh, please share with us why this discussion is so important to your customers and of course to our audience, and what they're going to learn today. (upbeat music) >> Thanks Dave, I wish you were there to introduce me into every room that I walk into because you have such an amazing way of doing it. It makes me feel also good. Look, since we have all been you know, cooped up in our homes, I know that the vendors like us, we have amped up our sort of effort to reach out to you with, invites for events like this. So we are getting very more invites for events like this than ever before. So when we started planning for this, we had three clear goals that we wanted to accomplish. And our first one, that when you finish this and walk away, we want to make sure that you don't feel like it was a waste of time, we want to make sure that we value your time, then this is going to be used. Number two, we want to put you in touch with industry leaders and thought leaders, generally good people, that you want to hang around with long after this event is over. And number three, as we plan through this, you know we are living through these difficult times we want this event to be more of an uplifting and inspiring event too. Now, the challenge is how do you do that with the team being change agents, because teens and as much as we romanticize it, it is not one of those uplifting things that everyone wants to do or likes to do. The way I think of it, changes sort of like, if you've ever done bungee jumping, and it's like standing on the edges, waiting to make that one more step you know, all you have to do is take that one step and gravity will do the rest, but that is the hardest step today. Change requires a lot of courage, and when we are talking about data and analytics, which is already like such a hard topic not necessarily an uplifting and positive conversation most businesses, it is somewhat scary, change becomes all the more difficult. Ultimately change requires courage, courage to first of all, challenge the status quo. People sometimes are afraid to challenge the status quo because they are thinking that you know, maybe I don't have the power to make the change that the company needs, sometimes they feel like I don't have the skills, sometimes they may feel that I'm probably not the right person to do it. Or sometimes the lack of courage manifest itself as the inability to sort of break the silos that are formed within the organizations when it comes to data and insights that you talked about. You know, that are people in the company who are going to have the data because they know how to manage the data, how to inquire and extract, they know how to speak data, they have the skills to do that. But they are not the group of people who have sort of the knowledge, the experience of the business to ask the right questions off the data. So there is the silo of people with the answers, and there is a silo of people with the questions, and there is gap, this sort of silos are standing in the way of making that necessary change that we all know the business needs. And the last change to sort of bring an external force sometimes. It could be a tool, it could be a platform, it could be a person, it could be a process but sometimes no matter how big the company is or how small the company is you may need to bring some external stimuli to start the domino of the positive changes that are necessary. The group of people that we are brought in, the four people, including Cindi that you will hear from today are really good at practically telling you how to make that step, how to step off that edge, how to dress the rope, that you will be safe and you're going to have fun, you will have that exhilarating feeling of jumping for a bungee jump, all four of them are exceptional, but my owner is to introduce Michelle. And she's our first speaker, Michelle I am very happy after watching our presentation and reading your bio that there are no country vital worldwide competition for cool parents, because she will beat all of us. Because when her children were small, they were probably into Harry Potter and Disney and she was managing a business and leading change there. And then as her kids grew up and got to that age where they like football and NFL, guess what? She's the CIO of NFL, what a cool mom. I am extremely excited to see what she's going to talk about. I've seen this slides, a bunch of amazing pictures, I'm looking to see the context behind it, I'm very thrilled to make that client so far, Michelle, I'm looking forward to her talk next. Welcome Michelle, it's over to you. (soft upbeat music) >> I'm delighted to be with you all today to talk about thought leadership. And I'm so excited that you asked me to join you because today I get to be a quarterback. I always wanted to be one, and I thought this is about as close as I'm ever going to get. So I want to talk to you about quarterbacking our digital revolution using insights data, and of course as you said, leadership. First a little bit about myself, a little background as I said, I always wanted to play football, and this is something that I wanted to do since I was a child, but when I grew up, girls didn't get to play football. I'm so happy that that's changing and girls are now doing all kinds of things that they didn't get to do before. Just this past weekend on an NFL field, we had a female coach on two sidelines, and a female official on the field. I'm a lifelong fan and student of the game of football, I grew up in the South, you can tell from the accent and in the South is like a religion and you pick sides. I chose Auburn University working in the Athletic Department, so I'm testament to you can start the journey can be long it took me many, many years to make it into professional sports. I graduated in 1987 and my little brother, well, not actually not so little, he played offensive line for the Alabama Crimson Tide. And for those of you who know SEC football you know, this is a really big rivalry. And when you choose sides, your family is divided, so it's kind of fun for me to always tell the story that my dad knew his kid would make it to the NFL he just bet on the wrong one. My career has been about bringing people together for memorable moments at some of America's most iconic brands. Delivering memories and amazing experiences that delight from Universal Studios, Disney to my current position as CIO of the NFL. In this job I'm very privileged to have the opportunity to work with the team, that gets to bring America's game to millions of people around the world. Often I'm asked to talk about how to create amazing experiences for fans, guests, or customers. But today I really wanted to focus on something different and talk to you about being behind the scenes and backstage. Because behind every event every game, every awesome moment is execution, precise repeatable execution. And most of my career has been behind the scenes, doing just that, assembling teams to execute these plans, and the key way that companies operate at these exceptional levels, is making good decisions, the right decisions at the right time and based upon data, so that you can translate the data into intelligence and be a data-driven culture. Using data and intelligence is an important way that world-class companies do differentiate themselves. And it's the lifeblood of collaboration and innovation. Teams that are working on delivering these kinds of world-class experiences are often seeking out and leveraging next generation technologies and finding new ways to work. I've been fortunate to work across three decades of emerging experiences, which each required emerging technologies to execute. A little bit first about Disney, in the 90s I was at Disney, leading a project called destination Disney, which it's a data project, it was a data project, but it was CRM before CRM was even cool. And then certainly before anything like a data-driven culture was ever brought up. But way back then we were creating a digital backbone that enabled many technologies for the things that you see today, like the magic band, just these magical express. My career at Disney began in finance, but Disney was very good about rotating you around, and it was during one of these rotations that I became very passionate about data. I kind of became a pain in the butt to the IT team, asking for data more and more data. And I learned that all of that valuable data was locked up in our systems, all of our point of sales systems, our reservation systems, our operation systems, and so I became a shadow IT person in marketing, ultimately leading to moving into IT, and I haven't looked back since. In the early 2000s I was at Universal Studios Theme Park as their CIO, preparing for and launching the wizarding world of Harry Potter. Bringing one of history's most memorable characters to life required many new technologies and a lot of data. Our data and technologies were embedded into the rides and attractions. I mean, how do you really think a wand selects you at a wine shop. As today at the NFL, I am constantly challenged to do leading edge technologies using things like sensors, AI, machine learning, and all new communication strategies, and using data to drive everything from player performance, contracts to where we build new stadiums and hold events. With this year being the most challenging, yet rewarding year in my career at the NFL. In the middle of a global pandemic, the way we are executing on our season is leveraging data from contract tracing devices joined with testing data. Talk about data, actually enabling your business without it we wouldn't be having a season right now. I'm also on the board of directors of two public companies, where data and collaboration are paramount. First RingCentral, it's a cloud based unified communications platform, and collaboration with video message and phone, all in one solution in the cloud. And Quotient Technologies, whose product is actually data. The tagline at quotient is the result in knowing. I think that's really important, because not all of us are data companies, where your product is actually data. But we should operate more like your product is data. I'd also like to talk to you about four areas of things to think about, as thought leaders in your companies. First just hit on it is change, how to be a champion and a driver of change. Second, how to use data to drive performance for your company, and measure performance of your company. Third, how companies now require intense collaboration to operate, and finally, how much of this is accomplished through solid data-driven decisions. First let's hit on change. I mean, it's evident today more than ever, that we are in an environment of extreme change. I mean, we've all been at this for years and as technologists we've known it, believed it, lived it, and thankfully for the most part knock on wood we were prepared for it. But this year everyone's cheese was moved, all the people in the back rooms, IT, data architects and others, were suddenly called to the forefront. Because a global pandemic has turned out to be the thing that is driving intense change in how people work and analyze their business. On March 13th, we closed our office at the NFL in the middle of preparing for one of our biggest events, our kickoff event, the 2020 Draft. We went from planning, a large event in Las Vegas under the bright lights red carpet stage to smaller events in club facilities. And then ultimately to one where everyone coaches, GMs, prospects and even our commissioner were at home in their basements. And we only had a few weeks to figure it out. I found myself for the first time being in the live broadcast event space, talking about bungee dress jumping, this is really what it felt like. It was one in which no one felt comfortable, because it had not been done before. But leading through this, I stepped up, but it was very scary, it was certainly very risky but it ended up being Oh, so rewarding when we did it. And as a result of this, some things will change forever. Second, managing performance. I mean, data should inform how you're doing and how to get your company to perform at this level, highest level. As an example, the NFL has always measured performance obviously, and it is one of the purest examples of how performance directly impacts outcome. I mean, you can see performance on the field, you can see points being scored and stats, and you immediately know that impact, those with the best stats, usually win the games. The NFL has always recorded stats, since the beginning of time, here at the NFL a little this year as our 100 and first year and athletes ultimate success as a player has also always been greatly impacted by his stats. But what has changed for us, is both how much more we can measure, and the immediacy with which it can be measured. And I'm sure in your business, it's the same, the amount of data you must have has got to have quadrupled recently and how fast you need it and how quickly you need to analyze it, is so important. And it's very important to break the silos between the keys to the data and the use of the data. Our next generation stats platform is taking data to a next level, it's powered by Amazon Web Services, and we gathered this data real time from sensors that are on players' bodies. We gather it in real time, analyze it, display it online and on broadcast, and of course it's used to prepare week to week in addition to what is a normal coaching plan would be. We can now analyze, visualize, route patterns speed, matchups, et cetera, so much faster than ever before. We're continuing to roll out sensors too, that we'll gather more and more information about player's performance as it relates to their health and safety. The third trend is really I think it's a big part of what we're feeling today and that is intense collaboration. And just for sort of historical purposes it's important to think about for those of you that are IT professionals and developers, you know more than 10 years ago, agile practices began sweeping companies or small teams would work together rapidly in a very flexible, adaptive and innovative way, and it proved to be transformational. However today, of course, that is no longer just small teams the next big wave of change, and we've seen it through this pandemic is that it's the whole enterprise that must collaborate and be agile. If I look back on my career when I was at Disney, we owned everything 100%, we made a decision, we implemented it, we were a collaborative culture but it was much easier to push change because you own the whole decision. If there was buy in from the top down, you got the people from the bottom up to do it, and you executed. At Universal, we were a joint venture, our attractions and entertainment was licensed, our hotels were owned and managed by other third parties. So influence and collaboration and how to share across companies became very important. And now here I am at the NFL and even the bigger ecosystem. We have 32 clubs that are all separate businesses 31 different stadiums that are owned by a variety of people. We have licensees, we have sponsors, we have broadcast partners. So it seems that as my career has evolved centralized control has gotten less and less and has been replaced by intense collaboration not only within your own company, but across companies. The ability to work in a collaborative way across businesses and even other companies that has been a big key to my success in my career. I believe this whole vertical integration and big top down decision making is going by the wayside in favor of ecosystems that require cooperation, yet competition to coexist. I mean the NFL is a great example of what we call coopertition, which is cooperation and competition. When in competition with each other, but we cooperate to make the company the best it can be. And at the heart of these items really are data-driven decisions and culture. Data on its own isn't good enough, you must be able to turn it to insights, partnerships between technology teams who usually hold the keys to the raw data, and business units who have the knowledge to build the right decision models is key. If you're not already involved in this linkage, you should be, data mining isn't new for sure. The availability of data is quadrupling and it's everywhere. How do you know what to even look at? How do you know where to begin? How do you know what questions to ask? It's by using the tools that are available for visualization and analytics and knitting together strategies of the company. So it begins with first of all making sure you do understand the strategy of the company. So in closing, just to wrap up a bit, many of you joined today looking for thought leadership on how to be a change agent, a change champion, and how to lead through transformation. Some final thoughts are be brave, and drive, don't do the ride along program, it's very important to drive, driving can be high risk but it's also high reward. Embracing the uncertainty of what will happen, is how you become brave, get more and more comfortable with uncertainty be calm and let data be your map on your journey, thanks. >> Michelle, thank you so much. So you and I share a love of data, and a love of football. You said you want to be the quarterback, I'm more an old wine person. (Michelle laughing) >> Well, then I can do my job without you. >> Great, and I'm getting the feeling now you know, Sudheesh is talking about bungee jumping. My boat is when we're past this pandemic, we both take them to the Delaware Water Gap and we do the cliff jumping. >> That sounds good, I'll watch. >> You'll watch, okay, so Michelle, you have so many stakeholders when you're trying to prioritize the different voices, you have the players, you have the owners you have the league, as you mentioned to the broadcasters your, your partners here and football mamas like myself. How do you prioritize when there's so many different stakeholders that you need to satisfy? I think balancing across stakeholders starts with aligning on a mission. And if you spend a lot of time understanding where everyone's coming from, and you can find the common thread ties them all together you sort of do get them to naturally prioritize their work, and I think that's very important. So for us at the NFL, and even at Disney, it was our core values and our core purpose is so well known, and when anything challenges that we're able to sort of lay that out. But as a change agent, you have to be very empathetic, and I would say empathy is probably your strongest skill if you're a change agent. And that means listening to every single stakeholder even when they're yelling at you, even when they're telling you your technology doesn't work and you know that it's user error, or even when someone is just emotional about what's happening to them and that they're not comfortable with it. So I think being empathetic and having a mission and understanding it, is sort of how I prioritize and balance. >> Yeah, empathy, a very popular word this year. I can imagine those coaches and owners yelling. So I thank you for your metership here. So Michelle, I look forward to discussing this more with our other customers and disruptors joining us in a little bit. (soft upbeat music) >> So we're going to take a hard pivot now and go from football to Chernobyl, Chernobyl, what went wrong? 1986, as the reactors were melting down they had the data to say, this is going to be catastrophic and yet the culture said, "No, we're perfect, hide it. Don't dare tell anyone," which meant they went ahead and had celebrations in Kiev. Even though that increased the exposure the additional thousands getting cancer, and 20,000 years before the ground around there and even be inhabited again, This is how powerful and detrimental a negative culture, a culture that is unable to confront the brutal facts that hides data. This is what we have to contend with, and this is why I want you to focus on having fostering a data-driven culture. I don't want you to be a laggard, I want you to be a leader in using data to drive your digital transformation. So I'll talk about culture and technology, isn't really two sides of the same coin, real-world impacts and then some best practices you can use to disrupt and innovate your culture. Now, oftentimes I would talk about culture and I talk about technology, and recently a CDO said to me, "You know Cindi, I actually think this is two sides of the same coin. One reflects the other, what do you think?" Let me walk you through this, so let's take a laggard. What is the technology look like? Is it based on 1990s BI and reporting largely parameterized reports on-premises data warehouses, or not even that operational reports, at best one enterprise data warehouse very slow moving and collaboration is only email. What does that culture tell you? Maybe there's a lack of leadership to change, to do the hard work that Sudheesh referred to. Or is there also a culture of fear, afraid of failure, resistance to change complacency and sometimes that complacency it's not because people are lazy, it's because they've been so beaten down every time a new idea is presented. It's like, no we're measured on least cost to serve. So politics and distrust, whether it's between business and IT or individual stakeholders is the norm. So data is hoarded, let's contrast that with a leader, a data and analytics leader, what is their technology look like? Augmented analytics, search and AI-driven insights not on-premises, but in the cloud and maybe multiple clouds. And the data is not in one place, but it's in a data lake, and in a data warehouse, a logical data warehouse. The collaboration is being a newer methods whether it's Slack or teams allowing for that real time decisioning or investigating a particular data point. So what is the culture in the leaders? It's transparent and trust, there is a trust that data will not be used to punish, that there is an ability to confront the bad news. It's innovation, valuing innovation in pursuit of the company goals, whether it's the best fan experience and player safety in the NFL or best serving your customers. It's innovative and collaborative. There's none of this, oh, well, I didn't invent that, I'm not going to look at that. There's still pride of ownership, but it's collaborating to get to a better place faster. And people feel empowered to present new ideas to fail fast, and they're energized, knowing that they're using the best technology and innovating at the pace that business requires. So data is democratized and democratized, not just for power users or analysts, but really at the point of impact what we like to call the new decision makers. Or really the frontline workers. So Harvard business review partnered with us to develop this study to say, just how important is this? They've been working at BI and analytics as an industry for more than 20 years. Why is it not at the front lines? Whether it's a doctor, a nurse, a coach, a supply chain manager a warehouse manager, a financial services advisor. 87% said they would be more successful if frontline workers were empowered with data-driven insights, but they recognize they need new technology to be able to do that. It's not about learning hard tools, the sad reality only 20% of organizations are actually doing this, these are the data-driven leaders. So this is the culture and technology, how did we get here? It's because state of the art keeps changing. So the first generation BI and analytics platforms were deployed on-premises, on small datasets really just taking data out of ERP systems that were also on-premises, and state of the art was maybe getting a management report, an operational report. Over time visual based data discovery vendors, disrupted these traditional BI vendors, empowering now analysts to create visualizations with the flexibility on a desktop, sometimes larger data sometimes coming from a data warehouse, the current state of the art though, Gartner calls it augmented analytics, at ThoughtSpot, we call it search and AI-driven analytics. And this was pioneered for large scale data sets, whether it's on-premises or leveraging the cloud data warehouses, and I think this is an important point. Oftentimes you, the data and analytics leaders, will look at these two components separately, but you have to look at the BI and analytics tier in lockstep with your data architectures to really get to the granular insights, and to leverage the capabilities of AI. Now, if you've never seen ThoughtSpot I'll just show you what this looks like, instead of somebody's hard coding a report, it's typing in search keywords and very robust keywords contains rank, top, bottom getting to a visualization that then can be pinned to an existing Pinboard that might also contain insights generated by an AI engine. So it's easy enough for that new decision maker, the business user, the non analyst to create themselves. Modernizing the data and analytics portfolio is hard, because the pace of change has accelerated. You used to be able to create an investment, place a bet for maybe 10 years. A few years ago, that time horizon was five years, now it's maybe three years, and the time to maturity has also accelerated. So you have these different components the search and AI tier, the data science tier, data preparation and virtualization. But I would also say equally important is the cloud data warehouse. And pay attention to how well these analytics tools can unlock the value in these cloud data warehouses. So ThoughtSpot was the first to market with search and AI-driven insights. Competitors have followed suit, but be careful if you look at products like Power BI or SAP Analytics Cloud, they might demo well, but do they let you get to all the data without moving it in products like Snowflake, Amazon Redshift or Azure Synapse or Google BigQuery, they do not. They require you to move it into a smaller in memory engine. So it's important how well these new products inter operate. The pace of change, it's acceleration, Gartner recently predicted that by 2022, 65% of analytical queries will be generated using search or NLP or even AI, and that is roughly three times the prediction they had just a couple years ago. So let's talk about the real world impact of culture. And if you've read any of my books or used any of the maturity models out there whether the Gartner IT score that I worked on, or the data warehousing institute also has a maturity model. We talk about these five pillars to really become data-driven, as Michelle spoke about, it's focusing on the business outcomes, leveraging all the data, including new data sources. It's the talent, the people, the technology, and also the processes, and often when I would talk about the people in the talent, I would lump the culture as part of that. But in the last year, as I've traveled the world and done these digital events for thought leaders you have told me now culture is absolutely so important. And so we've pulled it out as a separate pillar, and in fact, in polls that we've done in these events, look at how much more important culture is, as a barrier to becoming data-driven. It's three times as important as any of these other pillars. That's how critical it is, and let's take an example of where you can have great data but if you don't have the right culture there's devastating impacts. And I will say, I have been a loyal customer of Wells Fargo for more than 20 years, but look at what happened in the face of negative news with data, that said, "Hey, we're not doing good cross selling, customers do not have both a checking account and a credit card and a savings account and a mortgage." They opened fake accounts, facing billions in fines, change in leadership, that even the CEO attributed to a toxic sales culture, and they're trying to fix this. But even recently there's been additional employee backlash saying that culture has not changed. Let's contrast that with some positive examples, Medtronic a worldwide company in 150 countries around the world, they may not be a household name to you, but if you have a loved one or yourself, you have a pacemaker, spinal implant, diabetes you know, this brand. And at the start of COVID when they knew their business would be slowing down, because hospitals would only be able to take care of COVID patients, they took the bold move of making their IP for ventilators publicly available, that is the power of a positive culture. Or Verizon, a major telecom organization, looking at late payments of their customers, and even though the US federal government said "Well, you can't turn them off." They said, "We'll extend that even beyond the mandated guidelines," and facing a slow down in the business because of the tough economy, he said, "You know what? We will spend the time upskilling our people giving them the time to learn more about the future of work, the skills and data and analytics," for 20,000 of their employees, rather than furloughing them. That is the power of a positive culture. So how can you transform your culture to the best in class? I'll give you three suggestions, bring in a change agent identify the relevance, or I like to call it WIIFM, and organize for collaboration. So the CDO whatever your title is, chief analytics officer chief digital officer, you are the most important change agent. And this is where you will hear, that oftentimes a change agent has to come from outside the organization. So this is where, for example in Europe, you have the CDO of Just Eat takeout food delivery organization, coming from the airline industry or in Australia, National Australian Bank, taking a CDO within the same sector from TD Bank going to NAB. So these change agents come in disrupt, it's a hard job. As one of you said to me, it often feels like Sisyphus, I make one step forward and I get knocked down again, I get pushed back. It is not for the faint of heart, but it's the most important part of your job. The other thing I'll talk about is WIIFM, what is in it for me? And this is really about understanding the motivation, the relevance that data has for everyone on the frontline as well as those analysts, as well as the executives. So if we're talking about players in the NFL they want to perform better, and they want to stay safe. That is why data matters to them. If we're talking about financial services this may be a wealth management advisor, okay, we could say commissions, but it's really helping people have their dreams come true whether it's putting their children through college, or being able to retire without having to work multiple jobs still into your 70s or 80s. For the teachers, teachers, you asked them about data, they'll say, "We don't need that, I care about the student." So if you can use data to help a student perform better that is WIIFM. And sometimes we spend so much time talking the technology, we forget what is the value we're trying to deliver with it. And we forget the impact on the people that it does require change. In fact, the Harvard Business Review Study, found that 44% said lack of change management is the biggest barrier to leveraging both new technology but also being empowered to act on those data-driven insights. The third point, organize for collaboration. This does require diversity of thought, but also bringing the technology, the data and the business people together. Now there's not a single one size fits all model for data and analytics. At one point in time, even having a BICC, a BI Competency Center was considered state of the art. Now for the biggest impact, what I recommend is that you have a federated model, centralized for economies of scale, that could be the common data, but then in bed, these evangelists, these analysts of the future, within every business unit, every functional domain, and as you see this top bar, all models are possible but the hybrid model has the most impact, the most leaders. So as we look ahead to the months ahead, to the year ahead, an exciting time, because data is helping organizations better navigate a tough economy lock in the customer loyalty, and I look forward to seeing how you foster that culture that's collaborative with empathy and bring the best of technology, leveraging the cloud, all your data. So thank you for joining us at thought leaders, and next I'm pleased to introduce our first change agent Thomas Mazzaferro, chief data officer of Western Union, and before joining Western Union, Tom made his mark at HSBC and JP Morgan Chase spearheading digital innovation in technology operations, risk compliance, and retail banking. Tom, thank you so much for joining us today. (soft upbeat music) >> Very happy to be here and looking forward to talking to all of you today. So as we look to move organizations to a data-driven capability into the future, there is a lot that needs to be done on the data side, but also how does data connect and enable, different business teams and technology teams into the future. As we look across our data ecosystems and our platforms and how we modernize that to the cloud in the future, it all needs to basically work together, right? To really be able to drive over the shift from a data standpoint, into the future. That includes being able to have the right information with the right quality of data at the right time to drive informed business decisions, to drive the business forward. As part of that, we actually have partnered with ThoughtSpot to actually bring in the technology to help us drive that, as part of that partnership, and it's how we've looked to integrated into our overall business as a whole. We've looked at how do we make sure that our business and our professional lives, right? Are enabled in the same ways as our personal lives. So for example, in your personal lives, when you want to go and find something out, what do you do? You go on to google.com or you go on to Bing, or go to Yahoo and you search for what you want, search to find an answer. ThoughtSpot for us as the same thing, but in the business world. So using ThoughtSpot and other AI capability is allowed us to actually enable our overall business teams in our company, to actually have our information at our fingertips. So rather than having to go and talk to someone or an engineer to go pull information or pull data, we actually can have the end users or the business executives, right? Search for what they need, what they want, at the exact time that action needed, to go and drive the business forward. This is truly one of those transformational things that we've put in place. On top of that, we are on the journey to modernize our larger ecosystem as a whole. That includes modernizing our underlying data warehouses, our technology or our (indistinct) environments, and as we move that we've actually picked to our cloud providers going to AWS and GCP. We've also adopted Snowflake to really drive into organize our information and our data, then drive these new solutions and capabilities forward. So big portion of us though is culture, so how do we engage with the business teams and bring the IT teams together to really drive these holistic end to end solutions and capabilities, to really support the actual business into the future. That's one of the keys here, as we look to modernize and to really enhance our organizations to become data-driven, this is the key. If you can really start to provide answers to business questions before they're even being asked, and to predict based upon different economic trends or different trends in your business, what does is be made and actually provide those answers to the business teams before they're even asking for it. That is really becoming a data-driven organization. And as part of that, it's really then enables the business to act quickly and take advantage of opportunities as they come in based upon industries, based upon markets, based upon products, solutions, or partnerships into the future. These are really some of the keys that become crucial as you move forward right into this new age, especially with COVID, with COVID now taking place across the world, right? Many of these markets, many of these digital transformations are celebrating, and are changing rapidly to accommodate and to support customers in these very difficult times. As part of that, you need to make sure you have the right underlying foundation, ecosystems and solutions to really drive those capabilities, and those solutions forward. As we go through this journey, both of my career but also each of your careers into the future, right? It also needs to evolve, right? Technology has changed so drastically in the last 10 years, and that change is only a celebrating. So as part of that, you have to make sure that you stay up to speed, up to date with new technology changes both on the platform standpoint, tools, but also what our customers want, what do our customers need, and how do we then surface them with our information, with our data, with our platform, with our products and our services, to meet those needs and to really support and service those customers into the future. This is all around becoming a more data-driven organization such as how do you use your data to support the current business lines. But how do you actually use your information your data, to actually better support your customers better support your business, better support your employees, your operations teams and so forth, and really creating that full integration in that ecosystem is really when you start to get large dividends from these investments into the future. With that being said I hope you enjoyed the segment on how to become and how to drive a data-driven organization, and looking forward to talking to you again soon, thank you. >> Tom, that was great, thanks so much. Now I'm going to have to brag on you for a second, as a change agent you've come in disrupted, and how long have you been at Western Union? >> Only nine months, I just started this year, but there'd be some great opportunities and big changes, and we have a lot more to go, but we're really driving things forward in partnership with our business teams, and our colleagues to support those customers forward. >> Tom, thank you so much that was wonderful. And now I'm excited to introduce you to Gustavo Canton, a change agent that I've had the pleasure of working with meeting in Europe, and he is a serial change agent. Most recently with Schneider Electric, but even going back to Sam's Club, Gustavo welcome. (soft upbeat music) >> So hi everyone my name is Gustavo Canton and thank you so much Cindi for the intro. As you mentioned, doing transformations is a you know, high effort, high reward situation. I have empowerment in transformation and I have led many transformations. And what I can tell you is that it's really hard to predict the future, but if you have a North Star and you know where you're going, the one thing that I want you to take away from this discussion today, is that you need to be bold to evolve. And so in today, I'm going to be talking about culture and data, and I'm going to break this down in four areas. How do we get started barriers or opportunities as I see it, the value of AI, and also how do you communicate, especially now in the workforce of today with so many different generations, you need to make sure that you are communicating in ways that are nontraditional sometimes. And so how do we get started? So I think the answer to that is, you have to start for you, yourself as a leader and stay tuned. And by that, I mean you need to understand not only what is happening in your function or your field, but you have to be very into what is happening in society, socioeconomically speaking, wellbeing, you know, the common example is a great example. And for me personally, it's an opportunity because the number one core value that I have is wellbeing. I believe that for human potential, for customers and communities to grow, wellbeing should be at the center of every decision. And as somebody mentioned, it's great to be you know, stay in tune and have the skillset and the courage. But for me personally, to be honest to have this courage is not about not being afraid. You're always afraid when you're making big changes and your swimming upstream. But what gives me the courage is the empathy part, like I think empathy is a huge component because every time I go into an organization or a function, I try to listen very attentively to the needs of the business, and what the leaders are trying to do, what I do it thinking about the mission of how do I make change for the bigger, you know workforce so the bigger good, despite the fact that this might have a perhaps implication, so my own self interest in my career, right? Because you have to have that courage sometimes to make choices, that are not well seeing politically speaking what are the right thing to do, and you have to push through it. So the bottom line for me is that, I don't think they're transforming fast enough. And the reality is I speak with a lot of leaders and we have seen stories in the past, and what they show is that if you look at the four main barriers, that are basically keeping us behind budget, inability to add, cultural issues, politics, and lack of alignment, those are the top four. But the interesting thing is that as Cindi has mentioned, this topic about culture is actually gaining more and more traction, and in 2018, there was a story from HBR and it was for about 45%. I believe today, it's about 55%, 60% of respondents say that this is the main area that we need to focus on. So again, for all those leaders and all the executives who understand, and are aware that we need to transform, commit to the transformation and set us deadline to say, "Hey, in two years, we're going to make this happen, what do we need to do to empower and enable these search engines to make it happen?" You need to make the tough choices. And so to me, when I speak about being bold is about making the right choices now. So I'll give you samples of some of the roadblocks that I went through, as I think the intro information most recently as Cindi mentioned in Schneider. There are three main areas, legacy mindset, and what that means is that we've been doing this in a specific way for a long time, and here is how we have been successful. We're working the past is not going to work now, the opportunity there is that there is a lot of leaders who have a digital mindset, and their up and coming leaders that are perhaps not yet fully developed. We need to mentor those leaders and take bets on some of these talents, including young talent. We cannot be thinking in the past and just wait for people you know, three to five years for them to develop, because the world is going to in a way that is super fast. The second area and this is specifically to implementation of AI is very interesting to me, because just example that I have with ThoughtSpot, right? We went to an implementation and a lot of the way the IT team functions, so the leaders look at technology, they look at it from the prism of the prior or success criteria for the traditional BIs, and that's not going to work. Again, your opportunity here is that you need to really find what success look like, in my case, I want the user experience of our workforce to be the same as your experience you have at home. It's a very simple concept, and so we need to think about how do we gain that user experience with this augmented analytics tools, and then work backwards to have the right talent, processes and technology to enable that. And finally, and obviously with COVID a lot of pressure in organizations and companies to do more with less, and the solution that most leaders I see are taking is to just minimize cost sometimes and cut budget. We have to do the opposite, we have to actually invest some growth areas, but do it by business question. Don't do it by function, if you actually invest in these kind of solutions, if you actually invest on developing your talent, your leadership, to see more digitally, if you actually invest on fixing your data platform is not just an incremental cost, it's actually this investment is going to offset all those hidden costs and inefficiencies that you have on your system, because people are doing a lot of work in working very hard but it's not efficiency, and it's not working in the way that you might want to work. So there is a lot of opportunity there, and you just to put it into some perspective, there have been some studies in the past about you know, how do we kind of measure the impact of data? And obviously this is going to vary by organization, maturity there's going to be a lot of factors. I've been in companies who have very clean, good data to work with, and I think with companies that we have to start basically from scratch. So it all depends on your maturity level, but in this study what I think is interesting is, they try to put a tagline or attack price to what is a cost of incomplete data. So in this case, it's about 10 times as much to complete a unit of work, when you have data that is flawed as opposed to have imperfect data. So let me put that just in perspective, just as an example, right? Imagine you are trying to do something and you have to do 100 things in a project, and each time you do something it's going to cost you a dollar. So if you have perfect data, the total cost of that project might be a $100. But now let's say you have any percent perfect data and 20% flow data, by using this assumption that flow data is 10 times as costly as perfect data, your total costs now becomes $280 as opposed to $100, this just for you to really think about as a CIO, CTO, you know CSRO, CEO, are we really paying attention and really closing the gaps that we have on our infrastructure? If we don't do that, it's hard sometimes to see the snowball effect or to measure the overall impact, but as you can tell, the price tag goes up very, very quickly. So now, if I were to say, how do I communicate this? Or how do I break through some of these challenges or some of these barriers, right? I think the key is I am in analytics, I know statistics obviously, and love modeling and you know, data and optimization theory and all that stuff, that's what I can do analytics, but now as a leader and as a change agent, I need to speak about value, and in this case, for example for Schneider, there was this tagline coffee of your energy. So the number one thing that they were asking from the analytics team was actually efficiency, which to me was very interesting. But once I understood that I understood what kind of language to use, how to connect it to the overall strategy and basically how to bring in the right leaders, because you need to, you know, focus on the leaders that you're going to make the most progress. You know, again, low effort, high value, you need to make sure you centralize all the data as you can, you need to bring in some kind of augmented analytics, you know, solution, and finally you need to make it super simple for the you know, in this case, I was working with the HR teams and other areas, so they can have access to one portal. They don't have to be confused and looking for 10 different places to find information. I think if you can actually have those four foundational pillars, obviously under the guise of having a data-driven culture, that's when you can actually make the impact. So in our case, it was about three years total transformation but it was two years for this component of augmented analytics. It took about two years to talk to, you know, IT, get leadership support, find the budgeting, you know, get everybody on board, make sure the success criteria was correct. And we call this initiative, the people analytics, I pulled up, it was actually launched in July of this year. And we were very excited and the audience was very excited to do this. In this case, we did our pilot in North America for many, many manufacturers, but one thing that is really important is as you bring along your audience on this, you know, you're going from Excel, you know in some cases or Tableau to other tools like you know, ThoughtSpot, you need to really explain them, what is the difference, and how these two can truly replace some of the spreadsheets or some of the views that you might have on these other kind of tools. Again, Tableau, I think it's a really good tool, there are other many tools that you might have in your toolkit. But in my case, personally I feel that you need to have one portal going back to seeing these points that really truly enable the end user. And I feel that this is the right solution for us, right? And I will show you some of the findings that we had in the pilot in the last two months. So this was a huge victory, and I will tell you why, because it took a lot of effort for us to get to these stations. Like I said it's been years for us to kind of lay the foundation, get the leadership and chasing culture, so people can understand why you truly need to invest what I meant analytics. And so what I'm showing here is an example of how do we use basically, you know a tool to capturing video, the qualitative findings that we had, plus the quantitative insights that we have. So in this case, our preliminary results based on our ambition for three main metrics, hours saved, user experience and adoption. So for hours saved, our ambition was to have 10 hours per week per employee save on average, user experience or ambition was 4.5 and adoption 80%. In just two months, two months and a half of the pilot we were able to achieve five hours, per week per employee savings. I used to experience for 4.3 out of five, and adoption of 60%. Really, really amazing work. But again, it takes a lot of collaboration for us to get to the stage from IT, legal, communications obviously the operations things and the users, in HR safety and other areas that might be basically stakeholders in this whole process. So just to summarize this kind of effort takes a lot of energy, you are a change agent, you need to have a courage to make these decision and understand that, I feel that in this day and age with all this disruption happening, we don't have a choice. We have to take the risk, right? And in this case, I feel a lot of satisfaction in how we were able to gain all these very souls for this organization, and that gave me the confidence to know that the work has been done, and we are now in a different stage for the organization. And so for me it safe to say, thank you for everybody who has believed obviously in our vision, everybody who has believed in, you know, the word that we were trying to do and to make the life for, you know workforce or customers that are in community better. As you can tell, there is a lot of effort, there is a lot of collaboration that is needed to do something like this. In the end, I feel very satisfied with the accomplishments of this transformation, and I just want to tell for you, if you are going right now in a moment that you feel that you have to swim upstream you know, what would mentors what people in this industry that can help you out and guide you on this kind of a transformation is not easy to do is high effort but is well worth it. And with that said, I hope you are well and it's been a pleasure talking to you, talk to you soon, take care. >> Thank you Gustavo, that was amazing. All right, let's go to the panel. (soft upbeat music) >> I think we can all agree how valuable it is to hear from practitioners, and I want to thank the panel for sharing their knowledge with the community, and one common challenge that I heard you all talk about was bringing your leadership and your teams along on the journey with you. We talk about this all the time, and it is critical to have support from the top, why? Because it directs the middle, and then it enables bottoms up innovation effects from the cultural transformation that you guys all talked about. It seems like another common theme we heard, is that you all prioritize database decision making in your organizations, and you combine two of your most valuable assets to do that, and create leverage, employees on the front lines, and of course the data. That was rightly pointed out, Tom, the pandemic has accelerated the need for really leaning into this. You know, the old saying, if it ain't broke, don't fix it, well COVID's broken everything. And it's great to hear from our experts, you know, how to move forward, so let's get right into it. So Gustavo let's start with you if I'm an aspiring change agent, and let's say I'm a budding data leader. What do I need to start doing? What habits do I need to create for long lasting success? >> I think curiosity is very important. You need to be, like I say, in tune to what is happening not only in your specific field, like I have a passion for analytics, I can do this for 50 years plus, but I think you need to understand wellbeing other areas across not only a specific business as you know, I come from, you know, Sam's Club Walmart retail, I mean energy management technology. So you have to try to push yourself and basically go out of your comfort zone. I mean, if you are staying in your comfort zone and you want to use lean continuous improvement that's just going to take you so far. What you have to do is and that's what I tried to do is I try to go into areas, businesses and transformations that make me, you know stretch and develop as a leader. That's what I'm looking to do, so I can help transform the functions organizations, and do these change management and decisions mindset as required for these kinds of efforts. >> Thank you for that is inspiring and Cindi, you love data, and the data is pretty clear that diversity is a good business, but I wonder if you can add your perspectives to this conversation. >> Yeah, so Michelle has a new fan here because she has found her voice, I'm still working on finding mine. And it's interesting because I was raised by my dad, a single dad, so he did teach me how to work in a predominantly male environment. But why I think diversity matters more now than ever before, and this is by gender, by race, by age, by just different ways of working and thinking is because as we automate things with AI, if we do not have diverse teams looking at the data and the models, and how they're applied, we risk having bias at scale. So this is why I think I don't care what type of minority, you are finding your voice, having a seat at the table and just believing in the impact of your work has never been more important. And as Michelle said more possible >> Great perspectives thank you, Tom, I want to go to you. I mean, I feel like everybody in our businesses in some way, shape or form become a COVID expert but what's been the impact of the pandemic on your organization's digital transformation plans? >> We've seen a massive growth actually you know, in a digital business over the last 12 months really, even in celebration, right? Once COVID hit, we really saw that in the 200 countries and territories that we operate in today and service our customers and today, that there's been a huge need, right? To send money, to support family, to support friends and loved ones across the world. And as part of that, you know, we are very honored to support those customers that we across all the centers today. But as part of that celebration, we need to make sure that we had the right architecture and the right platforms to basically scale, right? To basically support and provide the right kind of security for our customers going forward. So as part of that, we did do some pivots and we did celebrate some of our plans on digital to help support that overall growth coming in, and to support our customers going forward. Because there were these times during this pandemic, right? This is the most important time, and we need to support those that we love and those that we care about. And in doing that, it's one of those ways is actually by sending money to them, support them financially. And that's where really are part of that our services come into play that, you know, I really support those families. So it was really a great opportunity for us to really support and really bring some of our products to this level, and supporting our business going forward. >> Awesome, thank you. Now I want to come back to Gustavo, Tom, I'd love for you to chime in too. Did you guys ever think like you were pushing the envelope too much and doing things with data or the technology that was just maybe too bold, maybe you felt like at some point it was failing, or you pushing your people too hard, can you share that experience and how you got through it? >> Yeah, the way I look at it is, you know, again, whenever I go to an organization I ask the question, Hey, how fast you would like to conform?" And, you know, based on the agreements on the leadership and the vision that we want to take place, I take decisions and I collaborate in a specific way. Now, in the case of COVID, for example, right? It forces us to remove silos and collaborate in a faster way, so to me it was an opportunity to actually integrate with other areas and drive decisions faster. But make no mistake about it, when you are doing a transformation, you are obviously trying to do things faster than sometimes people are comfortable doing and you need to be okay with that. Sometimes you need to be okay with tension, or you need to be okay, you know debating points or making repetitive business cases onto people connect with the decision because you understand, and you are seeing that, hey, the CEO is making a one, two year, you know, efficiency goal, the only way for us to really do more with less is for us to continue this path. We cannot just stay with the status quo, we need to find a way to accelerate transformation... >> How about you Tom, we were talking earlier was Sudheesh had said about that bungee jumping moment, what can you share? >> Yeah you know, I think you hit upon it. Right now, the pace of change will be the slowest pace that you see for the rest of your career. So as part of that, right? That's what I tell my team is that you need to feel comfortable being uncomfortable. I mean, that we have to be able to basically scale, right? Expand and support that the ever changing needs the marketplace and industry and our customers today and that pace of change that's happening, right? And what customers are asking for, and the competition the marketplace, it's only going to accelerate. So as part of that, you know, as we look at what how you're operating today in your current business model, right? Things are only going to get faster. So you have to plan into align, to drive the actual transformation, so that you can scale even faster into the future. So as part of that, so we're putting in place here, right? Is how do we create that underlying framework and foundation that allows the organization to basically continue to scale and evolve into the future? >> We're definitely out of our comfort zones, but we're getting comfortable with it. So, Cindi, last question, you've worked with hundreds of organizations, and I got to believe that you know, some of the advice you gave when you were at Gartner, which is pre COVID, maybe sometimes clients didn't always act on it. You know, they're not on my watch for whatever variety of reasons, but it's being forced on them now, but knowing what you know now that you know, we're all in this isolation economy how would you say that advice has changed, has it changed? What's your number one action and recommendation today? >> Yeah well, first off, Tom just freaked me out. What do you mean this is the slowest ever? Even six months ago, I was saying the pace of change in data and analytics is frenetic. So, but I think you're right, Tom, the business and the technology together is forcing this change. Now, Dave, to answer your question, I would say the one bit of advice, maybe I was a little more, very aware of the power in politics and how to bring people along in a way that they are comfortable, and now I think it's, you know what? You can't get comfortable. In fact, we know that the organizations that were already in the cloud, have been able to respond and pivot faster. So if you really want to survive as Tom and Gustavo said, get used to being uncomfortable, the power and politics are going to happen. Break the rules, get used to that and be bold. Do not be afraid to tell somebody they're wrong and they're not moving fast enough. I do think you have to do that with empathy as Michelle said, and Gustavo, I think that's one of the key words today besides the bungee jumping. So I want to know where's Sudheesh going to go on bungee jumping? (all chuckling) >> That's fantastic discussion really. Thanks again to all the panelists and the guests, it was really a pleasure speaking with you today. Really virtually all of the leaders that I've spoken to in theCUBE program recently, they tell me that the pandemic is accelerating so many things, whether it's new ways to work, we heard about new security models and obviously the need for cloud. I mean, all of these things are driving true enterprise wide digital transformation, not just as I said before lip service. And sometimes we minimize the importance and the challenge of building culture and in making this transformation possible. But when it's done right, the right culture is going to deliver tremendous results. Yeah, what does that mean getting it right? Everybody's trying to get it right. My biggest takeaway today, is it means making data part of the DNA of your organization. And that means making it accessible to the people in your organization that are empowered to make decisions that can drive you revenue, cut costs, speed, access to critical care, whatever the mission is of your organization. Data can create insights and informed decisions that drive value. Okay, let's bring back Sudheesh and wrap things up. Sudheesh please bring us home. >> Thank you, thank you Dave, thank you theCUBE team, and thanks goes to all of our customers and partners who joined us, and thanks to all of you for spending the time with us. I want to do three quick things and then close it off. The first thing is I want to summarize the key takeaways that I had from all four of our distinguished speakers. First, Michelle, I was simply put it, she said it really well, that is be brave and drive. Don't go for a drive along, that is such an important point. Often times, you know that I think that you have to do to make the positive change that you want to see happen. But you wait for someone else to do it, why not you? Why don't you be the one making that change happen? That's the thing that I picked up from Michelle's talk. Cindi talked about finding the importance of finding your voice, taking that chair, whether it's available or not and making sure that your ideas, your voices are heard and if it requires some force then apply that force, make sure your ideas are good. Gustavo talked about the importance of building consensus, not going at things all alone sometimes building the importance of building the courtroom. And that is critical because if you want the changes to last, you want to make sure that the organization is fully behind it. Tom instead of a single take away, what I was inspired by is the fact that a company that is 170 years old, 170 years old, 200 companies and 200 countries they're operating in, and they were able to make the change that is necessary through this difficult time. So in a matter of months, if they could do it, anyone could. The second thing I want to do is to leave you with a takeaway that is I would like you to go to thoughtspot.com/nfl because our team has made an app for NFL on Snowflake. I think you will find this interesting now that you are inspired and excited because of Michelle's talk. And the last thing is, please go to thoughtspot.com/beyond, our global user conferences happening in this December, we would love to have you join us. It's again, virtual, you can join from anywhere, we are expecting anywhere from five to 10,000 people, and we would love to have you join and see what we would have been up to since the last year. We have a lot of amazing things in store for you, our customers, our partners, our collaborators, they will be coming and sharing, you'll be sharing things that you have been working to release something that will come out next year. And also some of the crazy ideas for engineers I've been cooking up. All of those things will be available for you at ThoughtSpot Beyond, thank you, thank you so much.