(upbeat music) >> Welcome back. We're winding down theCUBE's coverage of Red Hat Summit 2022. We're here at the Seaport in Boston. It's been two days of a little different Red Hat Summit. We're used to eight, 9,000 people. It's much smaller event this year, fewer developers or actually in terms of the mix, a lot more suits this year, which is kind of interesting to see that evolution and a big virtual audience. And I love the way, the keynotes we've noticed are a lot tighter. They're pithy, on time, they're not keeping us in the hall for three hours. So we appreciate that kind of catering to the virtual audience. Dave Vellante here with my co-host, Paul Gillin. As to say things are winding down, there was an analyst event here today, that's ended, but luckily we have Jim Mercer here as a research director at IDC. He's going to share maybe some of the learnings from that event today and this event overall, we're going to talk about DevSecOps. And Kirsten Newcomer is director of security, product management and hybrid platforms at Red Hat. Folks, welcome. >> Thank you. >> Thank you. >> Great to see you. >> Great to be here. >> Security's everywhere, right? You and I have spoken about the supply chain hacks, we've done some sort of interesting work around that and reporting around that. I feel like SolarWinds created a new awareness. You see these moments, it's Stuxnet, or WannaCry and now is SolarWinds very insidious, but security, Red Hat, it's everywhere in your portfolio. Maybe talk about the strategy. >> Sure, absolutely. We feel strongly that it's really important that security be something that is managed in a holistic way present throughout the application stack, starting with the operating system and also throughout the life cycle, which is partly where DevSecOps comes in. So Red Hat has kind of had a long history here, right? Think SELinux and Red Hat Enterprise Linux for mandatory access control. That's been a key component of securing containers in a Kubernetes environment. SELinux has demonstrated the ability to prevent or mitigate container escapes to the file system. And we just have continued to work up the stack as we go, our acquisition of stack rocks a little over a year ago, now known as Red Hat Advanced Cluster Security, gives us the opportunity to really deliver on that DevSecOps component. So Kubernetes native security solution with the ability to both help shift security left for the developers by integrating in the supply chain, but also providing a SecOps perspective for the operations and the security team and feeding information between the two to really try and do that closed infinity loop and then an additional investment more recently in sigstore and some technologies. >> Interesting. >> Yeah, is interesting. >> Go ahead. >> But Shift Left, explain to people what you mean by Shift Left for people might not be familiar with that term. >> Fair enough. For many, many years, right, IT security has been something that's largely been part of an operations environment and not something that developers tended to need to be engaged in with the exception of say source code static analysis tools. We started to see vulnerability management tools get added, but even then they tend to come after the application has been built. And I even ran a few years ago, I ran into a customer who said my security team won't let me get this information early. So Shift Left is all about making sure that there are security gates in the app dev process and information provided to the developer as early as possible. In fact, even in the IDE, Red Hat code ready dependency analytics does that, so that the developers are part of the solution and don't have to wait and get their apps stalled just before it's ready to go into deployment. >> Thank you. You've also been advocating for supply chain security, software supply chain. First of all, explain what a software supply chain is and then, what is unique about the security needs of that environment? >> Sure. And the SolarWinds example, as Dave said, really kind of has raised awareness around this. So just like we use the term supply chain, most people given kind of what's been happening with the pandemic, they've started hearing that term a lot more than they used to, right? So there's a supply chain to get your groceries, to the grocery store, food to the grocery store. There's a supply chain for manufacturing, where do the parts come for the laptops that we're all using, right? And where do they get assembled? Software has a supply chain also, right? So for years and even more so now, developers have been including open source components into the applications they build. So some of the supplies for the applications, the components of those applications, they can come from anywhere in the world. They can come from a wide range of open source projects. Developers are adding their custom code to that. All of this needs to be built together, delivered together and so when we think about a supply chain and the SolarWinds hack, right, there are a couple of elements of supply chain security that are particularly key. The executive order from May of last year, I think was partly in direct response to the SolarWinds hack. And it calls out that we need a software bill of materials. Now again, in manufacturing that's something folks are used to, I actually had the opportunity to contribute to the software package data exchange format, SPDX when it was first started, I've lost track of when that was. But an S-bomb is all about saying, what are all of those components that I'm delivering in my solution? It might be an application layer. It might be the host operating system layer, but at every layer. And if I know what's in what I'm delivering, I have the opportunity to learn more information about those components to track where does Log4Shell, right? When the Log4j or Spring4Shell, which followed shortly thereafter. When those hit, how do I find out which solutions that I'm running have the vulnerable components in them and where are they? The software bill of materials helps with that but you also have to know where, right. And that's the Ops side. I feel like I missed a piece of your question. >> No, it's not a silver bullet though, to your point and Log4j very widely used, but let's bring Jim into the conversation. So Jim, we've been talking about some of these trends, what's your focus area of research? What are you seeing as some of the mega trends in this space? >> I mean, I focus in DevOps and DevSecOps and it's interesting just talking about trends. Kirsten was mentioning the open source and if you look back five, six, seven years ago and you went to any major financial institution, you asked them if they use an open source. Oh, no. >> True. >> We don't use that, right. We wrote it all here. It's all from our developers-- >> Witchcraft. >> Yeah, right, exactly. But the reality is, they probably use a little open source back then but they didn't realize it. >> It's exactly true. >> However, today, not only are they not on versed to open source, they're seeking it out, right. So we have survey data that kind of indicates... A survey that was run kind of in late 2021 that shows that 70% of those who responded said that within the next two years 90% of their applications will be made up of open source. In other words, the content of an application, 10% will be written by themselves and 90% will come from other sources. So we're seeing these more kind of composite applications. Not, everybody's kind of, if you will, at that 90%, but applications are much more composite than they were before. So I'm pulling in pieces, but I'm taking the innovation of the community. So I not only have the innovation of my developers, but I can expand that. I can take the innovation to the community and bring that in and do things much quicker. I can also not have my developers worry about things that, maybe just kind of common stuff that's out there that might have already been written. In other words, just focus on the business logic, don't focus on, how to get orders or how to move widgets and those types of things that everybody does 'cause that's out there in open source. I'll just take that, right. I'll take it, somebody's perfected it, better than I'll ever do. I'll take that in and then I'll just focus and build my business logic on top of that. So open source has been a boom for growth. And I think we've heard a little bit of that (Kirsten laughs) in the last two days-- >> In the Keynotes. >> From Red Hat, right. But talking about the software bill of materials, and then you think about now I taking all that stuff in, I have my first level open source that I took in, it's called it component A. But behind component A is all these transitive dependencies. In other words, open source also uses open source, right? So there's this kind of this, if you will, web or nest, if you want to call it that, of transitive dependencies that need to be understood. And if I have five, six layers deep, I have a vulnerability in another component and I'm over here. Well, guess what? I picked up that vulnerability, right. Even though I didn't explicitly go for that component. So that's where understanding that software bill of materials is really important. I like to explain it as, during the pandemic, we've all experienced, there was all this contact tracing. It was a term where all came to mind. The software bill of materials is like the contact tracing for your open source, right. >> Good analogy. >> Anything that I've come in contact with, just because I came in contact with it, even though I didn't explicitly go looking for COVID, if you will, I got it, right. So in the same regard, that's how I do the contact tracing for my software. >> That 90% figure is really striking. 90% open source use is really striking, considering that it wasn't that long ago that one of the wraps on open source was it's insecure because anybody can see the code, therefore anybody can see the vulnerabilities. What changed? >> I'll say that, what changed is kind of first, the understanding that I can leapfrog and innovate with open source, right? There's more open source content out there. So as organizations had to digitally transform themselves and we've all heard the terminology around, well, hey, with the pandemic, we've leapfrog up five years of digital transformation or something along those lines, right? Open source is part of what helps those teams to do that type of leapfrog and do that type of innovation. You had to develop all of that natively, it just takes too long, or you might not have the talent to do it, right. And to find that talent to do it. So it kind of gives you that benefit. The interesting thing about what you mentioned there was, now we're hearing about all these vulnerabilities, right, in open source, that we need to contend with because the bad guys realize that I'm taking a lot of open source and they're saying, geez, that's a great way to get myself into applications. If I get myself into this one open source component, I'll get into thousands or more applications. So it's a fast path into the supply chain. And that's why it's so important that you understand where your vulnerabilities are in the software-- >> I think the visibility cuts two ways though. So when people say, it's insecure because it's visible. In fact, actually the visibility helps with security. The reality that I can go see the code, that there is a community working on finding and fixing vulnerabilities in that code. Whereas in code that is not open source it's a little bit more security by obscurity, which isn't really security. And there could well be vulnerabilities that a good hacker is going to find, but are not disclosed. So one of the other things we feel strongly about at Red Hat, frankly, is if there is a CVE that affects our code, we disclose that publicly, we have a public CVE database. And it's actually really important to us that we share that, we think we share way more information about issues in our code than most other users or consumers of open source and we work that through the broad community as well. And then also for our enterprise customers, if an issue needs to be fixed, we don't just fix it in the most recent version of the open source. We will backport that fix. And one of the challenges, if you're only addressing the most recent version, that may not be well tested, it might have other bugs, it might have other issues. When we backport a security vulnerability fix, we're able to do that to a stable version, give the customers the benefit of all the testing and use that's gone on while also fixing. >> Kirsten, can you talk about the announcements 'cause everybody's wondering, okay, now what do I do about this? What technology is there to help me? Obviously this framework, you got to follow the right processes, skill sets, all that, not to dismiss that, that's the most important part, but the announcements that you made at Red Hat Summit and how does the StackRox acquisition fit into those? >> Sure. So in particular, if we stick with DevSecOps a minute, but again, I'll do. Again for me, DevSecOps is the full life cycle and many people think of it as just that Shift Left piece. But for me, it's the whole thing. So StackRox ACS has had the ability to integrate into the CI/CD pipeline before we bought them. That continues. They don't just assess for vulnerabilities, but also for application misconfigurations, excess proof requests and helm charts, deployment YAML. So kind of the big, there are two sort of major things in the DevSecOps angle of the announcement or the supply chain angle of the announcement, which is the investment that we've been making in sigstore, signing, getting integrity of the components, the elements you're deploying is important. I have been asked for years about the ability to sign container images. The reality is that the signing technology and Red Hat signs everything we ship and always have, but the signing technology wasn't designed to be used in a CI/CD pipeline and sigstore is explicitly designed for that use case to make it easy for developers, as well as you can back it with full CO, you can back it with an OIDC based signing, keyless signing, throw away the key. Or if you want that enterprise CA, you can have that backing there too. >> And you can establish that as a protocol where you must. >> You can, right. So our pattern-- >> So that would've helped with SolarWinds. >> Absolutely. >> Because they were putting in malware and then taking it out, seeing what happened. My question was, could sigstore help? I always evaluate now everything and I'm not a security expert, but would this have helped with SolarWinds? A lot of times the answer is no. >> It's a combination. So a combination of sigstore integrated with Tekton Chains. So we ship Tekton, which is a Kubernetes supply chain pipeline. As OpenShift pipelines, we added chains to that. Chains allows you to attest every step in your pipeline. And you're doing that attestation by signing those steps so that you can validate that those steps have not changed. And in fact, the folks at SolarWinds are using Tekton Chains. They did a great talk in October at KubeCon North America on the changes they've made to their supply chain. So they're using both Tekton Chains and sigstore as part of their updated pipeline. Our pattern will allow our customers to deploy OpenShift, advanced cluster manager, advanced cluster security and Quay with security gates in place. And that include a pipeline built on Tekton with Tekton Chains there to sign those steps in the pipeline to enable signing of the code that's moving through that pipeline to store that signature in Quay and to validate the image signature upon deployment with advanced cluster security. >> So Jim, your perspective on this, Red Hat's, I mean, you care about security, security's everywhere, but you're not a security company. You follow security companies. There's like far too many of them. CISOs all say my number one challenge is lack of talent, but I have all these tools to deal with. You see new emerging companies that are doing pretty well. And then you see a company that's highly respected, like an Okta screw up the communications on a pretty benign hack. Actually, when you peel the onion on that, it's just this mess (chuckles) and it doesn't seem like it's going to get any simpler. Maybe the answer is companies like Red Hat kind of absorbing that and taking care of it. What do you see there? I mean, maybe it's great for business 'cause you've got so many companies. >> There's a lot of companies and there's certainly a lot of innovation out there and unique ways to make security easier, right. I mean, one of the keys here is to be able to make security easier for developers, right. One of the challenges with adopting DevSecOps is if DevSecOps creates a lot of friction in the process, it's hard to really... I can do it once, but I can't keep doing that and get the same kind of velocity. So I need to take the friction out of the process. And one of the challenges a lot of organizations have, and I've heard this from the development side, but I've also heard it from the InfoSec side, right. Because I take inquiry for people on InfoSec, and they're like, how do I get these developers to do what I want? And part of the challenge they have is like, I got these teams using these tools. I got those teams using those tools. And it's a similar challenge that we saw on DevOps where there's just too many, if you will, too many dang tools, right. So that is a challenge for organizations is, they're trying to kind of normalize the tools. Interestingly, we did a survey, I think around last August or something. And one of the questions was around, where do you want your security? Where do you want to get your DevSecOps security from, do you want to get it from individual vendors? Or do you want to get it from like, your platforms that you're using and deploying changes in Kubernetes. >> Great question. What did they say? >> The majority of them, they're hoping they can get it built into the platform. That's really what they want. And you see a lot of the security vendors are trying to build security platforms. Like we're not just assess tool, we're desk, we're this, whatever. And they're building platforms to kind of be that end-to-end security platform, trying to solve that problem, right, to make it easier to kind of consume the product overall, without a bunch of individual tools along the way. But certainly tool sprawl is definitely a challenge out there. Just one other point around the sigstore stuff which I love. Because that goes back to the supply chain and talking about digital providence, right. Understanding where things... How do I validate that what I gave you is what you thought it was, right. And what I like about it with Tekton Chains is because there's a couple things. Well, first of all, I don't want to just sign things after I built the binary. Well, I mean, I do want to sign it, but I want to just sign things once, right. Because all through the process, I think of it as a manufacturing plant, right. I'm making automobiles. If I check the quality of the automobile at one stage and I don't check it to the other, things have changed, right. How do I know that I did something wasn't compromised, right. So with sigstore kind of tied in with Tekton Chains, kind of gives me that view. And the other aspect I like it about is, this kind of transparency in the log, right-- >> The report component. >> Exactly. So I can see what was going on. So there is some this kind of like public scrutiny, like if something bad happened, you could go back and see what happened there and it wasn't as you were expected. >> As with most discussions on this topic, we could go for an hour because it's really important. And thank you guys for coming on and sharing your perspectives, the data. >> Our pleasure. >> And keep up the good work. Kirsten, it's on you. >> Thanks so much. >> The IDC survey said it, they want it in platforms. You're up. >> (laughs) That's right. >> All right. Good luck to both you. >> Thank you both so much. >> All right. And thank you for watching. We're back to wrap right after this short break. This is Dave Vellante for Paul Gill. You're watching theCUBE. (upbeat music)

(upbeat music) >> Hello, everyone. Welcome to theCUBE's coverage of the "AWS Startup Showcase", season two, episode one. I'm Lisa Martin, and I'm excited to be joined by Snyk, next in this episode. Liran Tal joins me, the director of developer advocacy. Liran, welcome to the program. >> Lisa, thank you for having me. This is so cool. >> Isn't it cool? (Liran chuckles) All the things that we can do remotely. So I had the opportunity to speak with your CEO, Peter McKay, just about a month or so ago at AWS re:Invent. So much growth and momentum going on with Snyk, it's incredible. But I wanted to talk to you about specifically, let's start with your role from a developer advocate perspective, 'cause Snyk is saying modern development is changing, so traditional AppSec gatekeeping doesn't apply anymore. Talk to me about your role as a developer advocate. >> It is definitely. The landscape is changing, both developer and security, it's just not what it was before, and what we're seeing is developers need to be empowered. They need some help, just working through all of those security issues, security incidents happening, using open source, building cloud native applications. So my role is basically about making them successful, helping them any way we can. And so getting that security awareness out, or making sure people are having those best practices, making sure we understand what are the frustrations developers have, what are the things that we can help them with, to be successful day to day. And how they can be a really good part of the organization in terms of fixing security issues, not just knowing about it, but actually being proactively on it. >> And one of the things also that I was reading is, Shift Left is not a new concept. We've been talking about it for a long time. But Snyk's saying it was missing some things and proactivity is one of those things that it was missing. What else was it missing and how does Snyk help to fix that gap? >> So I think Shift Left is a good idea. In general, the idea is we want to fix security issues as soon as we can. We want to find them. Which I think that is a small nuance that what's kind of missing in the industry. And usually what we've seen with traditional security before was, 'cause notice that, the security department has like a silo that organizations once they find some findings they push it over to the development team, the R&D leader or things like that, but until it actually trickles down, it takes a lot of time. And what we needed to do is basically put those developer security tools, which is what Snyk is building, this whole security platform. Is putting that at the hands and at the scale of, and speed of modern development into developers. So, for example, instead of just finding security issues in your open source dependencies, what we actually do at Snyk is not just tell you about them, but you actually open a poll request to your source codes version and management system. And through that we are able to tell you, now you can actually merge it, you can actually review it, you can actually have it as part of your day-to-day workflows. And we're doing that through so many other ways that are really helpful and actually remediating the problem. So another example would be the IDE. So we are actually embedding an extension within your IDEs. So, once you actually type in your own codes, that is when we actually find the vulnerabilities that could exist within your own code, if that's like insecure code, and we can tell you about it as you hit Command + S and you will save the file. Which is totally different than what SaaS tools starting up application security testing was before because, when things started, you usually had SaaS tools running in the background and like CI jobs at the weekend and in deltas of code bases, because they were so slow to run, but developers really need to be at speed. They're developing really fast. They need to deploy. One development is deployed to production several times a day. So we need to really enable developers to find and fix those security issues as fast as we can. >> Yeah, that speed that you mentioned is absolutely critical to their workflow and what they're expecting. And one of the unique things about Snyk, you mentioned, the integration into how this works within development workflow with IDE, CIDC, they get environment enabling them to work at speed and not have to be security experts. I imagine are two important elements to the culture of the developer environment, right? >> Correct, yes. It says, a large part is we don't expect developers to be security experts. We want to help them, we want to, again, give them the tools, give them the knowledge. So we do it in several ways. For example, that IDE extension has a really cool thing that's like kind of unique to it that I really like, and that is, when we find, for example, you're writing code and maybe there's a batch traversal vulnerability in the function that you just wrote, what we'll actually do when we tell you about it, it will actually tell you, hey, look, these are some other commits made by other open source projects where we found the same vulnerability and those commits actually fixed it. So actually giving you example cases of what potentially good code looks like. So if you think about it, like who knows what patch reversal is, but prototype pollution like many types of vulnerabilities, but at the same time, we don't expect developers to actually know, the deep aspects of security. So they're left off with, having some findings, but not really, they want to fix them, but they don't really have the expertise to do it. So what we're doing is we're bridging that gap and we're being helpful. So I think this is what really proactive security is for developers, that says helping them remediate it. And I can give like more examples, like the security database, it's like a wonderful place where we also like provide examples and references of like, where does their vulnerability come from if there's like, what's fogging in open-source package? And we highlight that with a lot of references that provide you with things, the pull requests that fixed date, or the issue with where this was discussed. You have like an entire context of what is the... What made this vulnerability happen. So you have like a little bit more context than just specifically, emerging some stuff and updating, and there's a ton more. I'm happy to like dive more into this. >> Well, I can hear your enthusiasm for it, a developer advocate it seems like you are. But talking about the burdens of the gaps that you guys are filling it also seems like the developers and the security folks that this is also a bridge for those teams to work better together. >> Correct. I think that is not siloed anymore. I think the idea of having security champions or having threat modeling activities are really, really good, or like insightful both like developers and security, but more than just being insightful, useful practices that organizations should actually do actually bringing a discussion together to actually creating a more cohesive environment for both of those kind of like expertise, development and security to work together towards some of these aspects of like just mitigating security issues. And one of the things that actually Snyk is doing in that, in bringing their security into the developer mindset is also providing them with the ability to prioritize and understand what policies to put in place. So a lot of the times security organizations actually, the security org wants to do is put just, guardrails to make sure that developers have a good leeway to work around, but they're not like doing things that like, they definitely shouldn't do that, like prior to bringing a big risk into today organizations. And that's what I think we're doing also like great, which is the fact that we're providing the security folks to like put the policies in place and then developers who actually like, work really well within those understand how to prioritize vulnerabilities is an important part. And we kind of like quantify that, we put like an urgency score that says, hey, you should fix this vulnerability first. Why? Because it has, first of all, well, you can upgrade really quickly. It has a fix right there. Secondly, there's like an exploit in the wild. It means potentially an attacker can weaponize this vulnerability and like attack your organizations, in an automated fashion. So you definitely want to put that put like a lead on that, on that broken window, if so to say. So we ended up other kind of metrics that we can quantify and put this as like an urgency score, which we called a priority score that helps again, developers really know what to fix first, because like they could get a scan of like hundreds of vulnerabilities, but like, what do I start first with? So I find that like very useful for both the security and the developers working together. >> Right, and especially now, as we've seen such changes in the last couple of years to the threat landscape, the vulnerabilities, the security issues that are impacting every industry. The ability to empower developers to not only work at the speed with which they are accustomed and need to work, but also to be able to find those vulnerabilities faster prioritize which ones need to be fixed. I mean, I think of Log4Shell, for example, and when the challenge is going on with the supply chain, that this is really a critical capability from a developer empowerment perspective, but also from a overall business health and growth perspective. >> Definitely. I think, first of all, like if you want to step just a step back in terms of like, what has changed. Like what is the landscape? So I think we're seeing several things happening. First of all, there's this big, tremendous... I would call it a trend, but now it's like the default. Like of the growth of open source software. So first of all as developers are using more and more open source and that's like a growing trend of have like drafts of this. And it's like always increasing across, by the way, every ecosystem go, rust, .net, Java, JavaScript, whatever you're building, that's probably like on a growing trend, more open source. And that is, we will talk about it in a second what are the risks there. But that is one trend that we're saying. The other one is cloud native applications, which is also worth to like, I think dive deep into it in terms of the way that we're building applications today has completely shifted. And I think what AWS is doing in that sense is also creating a tremendous shift in the mindset of things. For example, out of the cloud infrastructure has basically democratized infrastructure. I do not need to, own my servers and own my monitoring and configure everything out. I can actually write codes that when I deploy it, when something parses this and runs this, it actually creates servers and monitoring, logging, different kinds of things for me. So it democratize the whole sense of building applications from what it was decades ago. And this whole thing is important and really, really fast. It makes things scalable. It also introduces some rates. For example, some of these configuration. So there's a lot that has been changed. And in that landscape of like what modern developer is and I think in that sense, we kind of can need a lead to a little bit more, be helpful to developers and help them like avoid all those cases. And I'm like happy to dive into like the open source and the cloud native. That was like follow-ups on this one. >> I want to get into a little bit more about your relationship with AWS. When I spoke with Peter McKay for re:Invent, he talked about the partnership being a couple of years old, but there's some kind of really interesting things that AWS is doing in terms of leveraging, Snyk. Talk to me about that. >> Indeed. So Snyky integrates with almost, I think probably a lot of services, but probably almost all of those that are unique and related to developers building on top of the AWS platform. And for example, that would be, if you actually are building your code, it connects like the source code editor. If you are pushing that code over, it integrates with code commits. As you build and CIS are running, maybe code build is something you're using that's in code pipeline. That is something that you have like native integrations. At the end of the day, like you have your container registry or Lambda. If you're using like functions as a service for your obligations, what we're doing is integrating with all of that. So at the end of the day, you really have all of that... It depends where you're integrating, but on all of those points of integration, you have like Snyk there to help you out and like make sure that if we find on any of those, any potential issues, anything from like licenses to vulnerabilities in your containers or just your code or your open source code in those, they actually find it at that point and mitigate the issue. So this kind of like if you're using Snyk, when you're a development machine, it kind of like accompanies you through this journey all over what a CIC kind of like landscape looks like as an architectural landscape for development, kind of like all the way there. And I think what you kind of might be I think more interested, I think to like put your on and an emphasis would be this recent integration with the Amazon Inspector. Which is as it's like very pivotal parts on the AWS platform to provide a lot of, integrate a lot of services and provide you with those insights on security. And I think the idea that now that is able to leverage vulnerability data from the Snyk's security intelligence database that says that's tremendous. And we can talk about that. We'd look for shell and recent issues. >> Yeah. Let's dig into that. We've have a few minutes left, but that was obviously a huge issue in November of 2021, when obviously we're in a very dynamic global situation period, but it's now not a matter of if an organization is going to be hit by vulnerabilities and security threats. It's a matter of when. Talk to me about really how impactful Snyk was in the Log4Shell vulnerability and how you help customers evade probably some serious threats, and that could have really impacted revenue growth, customer satisfaction, brand reputation. >> Definitely. The Log4Shell is, well, I mean was a vulnerability that was disclosed, but it's probably still a major part and going to be probably for the foreseeable future. An issue for organizations as they would need to deal with us. And we'll dive in a second and figure out like why, but in like a summary here, Log4Shell was the vulnerability that actually was found in Java library called Log4J. A logging library that is so popular today and used. And the thing is having the ability to react fast to those new vulnerabilities being disclosed is really a vital part of the organizations, because when it is asking factful, as we've seen Log4Shell being that is when, it determines where the security tool you're using is actually helping you, or is like just an added thing on like a checkbox to do. And that is what I think made Snyk's so unique in the sense. We have a team of those folks that are really boats, manually curating the ecosystem of CVEs and like finding by ourselves, but also there's like an entire, kind of like an intelligence platform beyond us. So we get a lot of notifications on chatter that happens. And so when someone opens an issue on an open source repository says, Hey, I found an issue here. Maybe that's an XSS or code injection or something like that. We find it really fast. And we at that point, before it goes to CVE requirement and stuff like that through like a miter and NVD, we find it really fast and can add it to the database. So this has been something that we've done with Log4Shell, where we found that as it was disclosed, not on the open source, but just on the open source system, but it was generally disclosed to everyone at that point. But not only that, because look for J as the library had several iterations of fixes they needed. So they fixed one version. Then that was the recommendation to upgrade to then that was actually found as vulnerable. So they needed to fix the another time and then another time and so on. So being able to react fast, which is, what I think helped a ton of customers and users of Snyk is that aspect. And what I really liked in the way that this has been received very well is we were very fast on creating those command line tools that allow developers to actually find cases of the Log4J library, embedded into (indistinct) but not true a package manifest. So sometimes you have those like legacy applications, deployed somewhere, probably not even legacy, just like the Log4J libraries, like bundled into a net or Java source code base. So you may not even know that you're using it in a sense. And so what we've done is we've like exposed with Snyk CLI tool and a command line argument that allows you to search for all of those cases. Like we can find them and help you, try and mitigate those issues. So that has been amazing. >> So you've talked in great length, Liran about, and detail about how Snyk is really enabling and empowering developers. One last question for you is when I spoke with Peter last month at re:Invent, he talked about the goal of reaching 28 million developers. Your passion as a director of developer advocacy is palpable. I can feel it through the screen here. Talk to me about where you guys are on that journey of reaching those 28 million developers and what personally excites you about what you're doing here. >> Oh, yeah. So many things. (laughs) Don't know where to start. We are constantly talking to developers on community days and things like that. So it's a couple of examples. We have like this dev site community, which is a growing and kicking community of developers and security people coming together and trying to work and understand, and like, just learn from each other. We have those events coming up. We actually have this, "The Big Fix". It's a big security event that we're launching on February 25th. And the idea is, want to help the ecosystem secure security obligations, open source or even if it's closed source. We like help you fix that though that yeah, it's like helping them. We've launched this Snyk ambassadors program, which is developers and security people, CSOs are even in there. And the idea is how can we help them also be helpful to the community? Because they are like known, they are passionate as we are, on application security and like helping developers code securely, build securely. So we launching all of those programs. We have like social impact related programs and the way that we like work with organizations, like maybe non-profit maybe they just need help, like getting, the security part of things kind of like figured out, students and things like that. Like, there's like a ton of those initiatives all over the boards, helping basically the world be a little bit more secure. >> Well, we could absolutely use Snyk's help in making the world more secure. Liran it's been great talking to you. Like I said, your passion for what you do and what Snyk is able to facilitate and enable is palpable. And it was a great conversation. I appreciate that. And we look forward to hearing what transpires during 2022 for Snyk so you got to come back. >> I will. Thank you. Thank you, Lisa. This has been fun. >> All right. Excellent. Liran Tal, I'm Lisa Martin. You're watching theCUBE's second season, season two of the "AWS Startup Showcase". This has been episode one. Stay tuned for more great episodes, full of fantastic content. We'll see you soon. (upbeat music)

>> Well, hello everybody, John Walls here on theCUBE and continuing our coverage. So splunk.com for 21, you know, we talk about big data these days, you realize the importance of speed, right? We all get that, but certainly Formula One Racing understands speed and big data, a really neat marriage there. And with us to talk about that is James Hodge, who was the global vice president and chief strategy officer international at Splunk. James, good to see it today. Thanks for joining us here on theCUBE. >> Thank you, John. Thank you for having me and yeah, the speed of McLaren. Like I'm, I'm all for it today. >> Absolutely. And I find it interesting too, that, that you were telling me before we started the interview that you've been in Splunk going on nine years now. And you remember being at splunk.com, you know, back in the past other years and watching theCUBE and here you are! you made it. >> I know, I think it's incredible. I love watching you guys every single year and kind of the talk that guests. And then more importantly, like it reminds me of conf for every time we see theCUBE, no matter where you are, it reminds me of like this magical week there's dot com for us. >> Well, excellent. I'm glad that we could be a part of it at once again and glad you're a part of it here on theCUBE. Let's talk about McLaren now and the partnership, obviously on the racing side and the e-sports side, which is certainly growing in popularity and in demand. So just first off characterize for our audience, that relationship between Splunk and McLaren. >> Well, so we started the relationship almost two years ago. And for us it was McLaren as a brand. If you think about where they were, they recently, I think it's September a Monza. They got a victory P1 and P2. It was over 3200 days since their last victory. So that's a long time to wait. I think of that. There's 3000 days of continual business transformation, trying to get them back up to the grid. And what we found was that ethos, the drive to digital the, the way they're completely changing things, bringing in kind of fluid dynamics, getting people behind the common purpose that really seem to fit the Splunk culture, what we're trying to do and putting data at the heart of things. So kind of Formula One and McLaren, it felt a really natural place to be. And we haven't really looked back since we started at that partnership. It's been a really exciting last kind of 18 months, two years. >> Well, talk a little bit about, about the application here a little bit in terms of data cars, the, the Formula One cars, the F1 cars, they've got hundreds of sensors on them. They're getting, you know, hundreds of thousands or a hundred thousand data points almost instantly, right? I mean, there's this constant processing. So what are those inputs basically? And then how has McLaren putting them to use, and then ultimately, how is Splunk delivering on that from McLaren? >> So I learned quite a lot, you know, I'm, I'm, I been a childhood Formula One fan, and I've learned so much more about F1 over the last kind of couple of years. So it actually starts with the car going out on the track, but anyone that works in the IT function, the car can not go out on track and less monitoring from the car actually is being received by the garage. It's seen as mission critical safety critical. So IT, when you see a car out and you see the race engineer, but that thumbs up the mechanical, the thumbs up IT, get their vote and get to put the thumbs up before the car goes out on track there around about 300 sensors on the car in practice. And there were two sites that run about 120 on race day that gets streamed on a two by two megabits per second, back to the FIA, the regulating body, and then gets streams to the, the garage where they have a 32 unit rack near two of them that have all of their it equipment take that data. They then stream it over the internet over the cloud, back to the technology center in working where 32 race engineers sit in calm conditions to be able to go and start to make decisions on when the car should pit what their strategy should be like to then relate that back to the track side. So you think about that data journey alone, that is way more complicated and what you see on TV, you know, the, the race energy on the pit wall and the driver going around at 300 kilometers an hour. When we look at what Splunk is doing is making sure that is resilient. You know, is the data coming off the car? Is it actually starting to hit the garage when it hits that rack into the garage, other than streaming that back with the right latency back to the working technology center, they're making sure that all of the support decision-making tools there are available, and that's just what we do for them on race weekend. And I'll give you one kind of the more facts about the car. So you start the beginning of the season, they launched the car. The 80% of that car will be different by the end of the season. And so they're in a continual state of development, like constantly developing to do that. So they're moving much more to things like computational fluid dynamics applications before the move to wind tunnel that relies on digital infrastructure to be able to go and accelerate that journey and be able to go make those assumptions. That's a Splunk is becoming the kind of underpinning of to making sure those mission critical applications and systems are online. And that's kind of just scratching the surface of kind of the journey with McLaren. >> Yeah. So, so what would be an example then maybe on race day, what's a stake race day of an input that comes in and then mission control, which I find fascinating, right? You've got 32 different individuals processing this input and then feeding their, their insights back. Right. And so adjustments are being made on the fly very much all data-driven what would be an example of, of an actual application of some information that came in that was quickly, you know, recorded, noted, and then acted upon that then resulted in an improved performance? >> Well, the most important one is pit stop strategy. It can be very difficult to overtake on track. So starting to look at when other teams go into the pit lane and when they come out of the, the pit lane is incredibly important because it gives you a choice. Do you stay also in your current set of tires and hope to kind of get through that team and kind of overtake them, or do you start to go into the pits and get your fresh sets of tires to try and take a different strategy? There are three people in mission control that have full authority to go and make a Pit lane call. And I think like the thing that really resonated for me from learning about McLaren, the technology is amazing, but it's the organizational constructs on how they turn data into an action is really important. People with the right knowledge and access to the data, have the authority to make a call. It's not the team principle, it's not the person on the pit wall is the person with the most amount of knowledge is authorized and kind of, it's an open kind of forum to go and make those decisions. If you see something wrong, you are just as likely to be able to put your hand up and say, something's wrong here. This is my, my decision than anyone else. And so when we think about all these organizations that are trying to transform the business, we can learn a lot from Formula One on how we delegate authority and just think of like technology and data as the beginning of that journey. It's the people in process that F1 is so well. >> We're talking a lot about racing, but of course, McLaren is also getting involved in e-sports. And so people like you like me, we can have that simulated experience to gaming. And I know that Splunk has, is migrating with McLaren in that regard. Right. You know, you're partnering up. So maybe if you could share a little bit more about that, about how you're teaming up with McLaren on the e-sports side, which I'm sure anybody watching this realizes there's a, quite a big market opportunity there right now. >> It's a huge market opportunity is we got McLaren racing has, you know, Formula One, IndyCar and now extreme E and then they have the other branch, which is e-sports so gaming. And one of the things that, you know, you look at gaming, you know, we were talking earlier about Ted Lasso and, you know, the go to the amazing game of football or soccer, depending on kind of what side of the Atlantic you're on. I can go and play something like FIFA, you know, the football game. I can be amazing at that. I have in reality, you know, in real life I have two left feet. I am never going to be good at football however, what we find with e-sports is it makes gaming and racing accessible. I can go and drive the same circuits as Lando Norris and Daniel Ricardo, and I can improve. And I can learn like use data to start to discover different ways. And it's an incredibly expanding exploding industry. And what McLaren have done is they've said, actually, we're going to make a professional racing team, an e-sports team called the McLaren Shadow team. They have this huge competition called the Logitech KeyShot challenge. And when we looked at that, we sort of lost the similarities in what we're trying to achieve. We are quite often starting to merge the physical world and the digital world with our customers. And this was an amazing opportunity to start to do that with the McLaren team. >> So you're creating this really dynamic racing experience, right? That, that, that gives people like me, or like our viewers, the opportunity to get even a better feel for, for the decision-making and the responsiveness of the cars and all that. So again, data, where does that come into play there? Now, What, what kind of inputs are you getting from me as a driver then as an amateur driver? And, and how has that then I guess, how does it express in the game or expressed in, in terms of what's ahead of me to come in a game? >> So actually there are more data points that come out of the F1 2021 Codemasters game than there are in Formula One car, you get a constant stream. So the, the game will actually stream out real telemetry. So I can actually tell your tire pressures from all of your tires. I can see the lateral G-Force longitudinal. G-Force more importantly for probably amateur drivers like you and I, we can see is the tire on asphalt, or is it maybe on graphs? We can actually look at your exact position on track, how much accelerator, you know, steering lock. So we can see everything about that. And that gets pumped out in real time, up to 60 Hertz. So a phenomenal amount of information, what we, when we started the relationship with McLaren, Formula One super excited or about to go racing. And then at Melbourne, there's that iconic moment where one of the McLaren team tested positive and they withdrew from the race. And what we found was, you know, COVID was starting and the Formula One season was put on hold. The FIA created this season and called i can't remember the exact name of it, but basically a replica e-sports gaming F1 series. We're using the game. Some of the real drivers like Lando, heavy gamer was playing in the game and they'd run that the same as race weekends. They brought celebrity drivers in there. And I think my most surreal zoom call I ever was on was with Lando Norris and Pierre Patrick Aubameyang, who was who's the arsenal football captain, who was the guest driver in the series to drive around Monaco and Randy, the head of race strategy as McLaren, trying to coach him on how to go drive the car, what we ended up with data telemetry coming from Splunk. And so Randy could look out here when he pressing the accelerator and the brake pedal. And what was really interesting was Lando was watching how he was entering corners on the video feed and intuitively kind of coming to the same conclusions as Randy. So kind of, you could see that race to intuition versus the real stats, and it was just incredible experience. And it really shows you, you know, racing, you've got that blurring of the physical and the virtual that it's going to be bigger and bigger and bigger. >> So to hear it here, as I understand what you were just saying now, the e-sports racing team actually has more data to adjust its performance and to modify its behaviors, then the real racing team does. Yep. >> Yeah, it completely does. So what we want to be able to do is turn that into action. So how do you do the right car setup? How do you go and do the right practice laps actually have really good practice driver selection. And I think we're just starting to scratch the surface of what really could be done. And the amazing part about this is now think of it more like a digital twin, what we learn on e-sports we can actually say we've learned something really interesting here, and then maybe a low, you know, if we get something wrong, it may be doesn't matter quite as much as maybe getting an analytics wrong on race weekend. >> Right. >> So we can actually start to look and improve through digital and then start to move that support. That's over to kind of race weekend analytics and supporting the team. >> If I could, you know, maybe pun intended here, shift gears a little bit before we run out of time. I mean, you're, you're involved on the business side, you know, you've got, you know, you're in the middle east Africa, right? You've got, you know, quite an international portfolio on your plate. Now let's talk about just some of the data trends there for our viewers here in the U S who maybe aren't as familiar with what's going on overseas, just in terms of, especially post COVID, you know, what, what concerns there are, or, or what direction you're trying to get your clients to, to be taking in terms of getting back to work in terms of, you know, looking at their workforce opportunities and strengths and all those kinds of things. >> I think we've seen a massive shift. I think we've seen that people it's not good enough just to be storing data its how do you go and utilize that data to go and drive your business forwards I think a couple of key terms we're going to see more and more over the next few years is operational resilience and business agility. And I'd make the assertion that operational resilience is the foundation for the business agility. And we can dive into that in a second, but what we're seeing take the Netherlands. For example, we run a survey last year and we found that 87% of the respondents had created new functions to do with data machine learning and AI, as all they're trying to do is go and get more timely data to front line staff to go. And next that the transformation, because what we've really seen through COVID is everything is possible to be digitized and we can experiment and get to market faster. And I think we've just seen in European markets, definitely in Asia Pacific is that the kind of brand loyalty is potentially waning, but what's the kind of loyalty is just to an experience, you know, take a ride hailing app. You know, I get to an airport, I try one ride hailing app. It tells me it's going to be 20 minutes before a taxi arrives. I'm going to go straight to the next app to go and stare. They can do it faster. I want the experience. I don't necessarily want the brand. And we're find that the digital experience by putting data, the forefront of that is really accelerating and actually really encouraging, you know, France, Germany are actually ahead of UK. Let's look, listen, their attitudes and adoption to data. And for our American audience and America, America is more likely, I think it's 72% more likely to have a chief innovation officer than the rest of the world. I think I'm about 64% in EMEA. So America, you are still slightly ahead of us in terms of kind of bringing some of that innovation that. >> I imagine that gap is going to be shrinking though I would think. >> It is massively shrinking. >> So before we, we, we, we are just a little tight on time, but I want to hear about operational resilience and, and just your, your thought that definition, you know, define that for me a little bit, you know, put a little more meat on that bone, if you would, and talk about why, you know, what that is in, in your thinking today and then why that is so important. >> So I think inputting in, in racing, you know, operational resilience is being able to send some response to what is happening around you with people processing technology, to be able to baseline what your processes are and the services you're providing, and be able to understand when something is not performing as it should be, what we're seeing. Things like European Union, in financial services, or at the digital operational resilience act is starting to mandate that businesses have to be operational in resilient service, monitoring fraud, cyber security, and customer experience. And what we see is really operational resilience is the amount of change that can be absorbed before opportunities become risk. So having a stable foundation of operational resilience allows me to become a more agile business because I know my foundation and people can then move and adjust quickly because I have the awareness of my environment and I have the ability to appropriately react to my environment because I've thought about becoming a resilient business with my digital infrastructure is a theme. I think we're going to see in supply chain coming very soon and across all other industries, as we realize digital is our business. Nowadays. >> What's an exciting world. Isn't it, James? That you're, that you're working in right now. >> Oh, I, I love it. You know, you said, you know, eight and an eight and a half years, nine years at Splunk, I'm still smiling. You know, it is like being at the forefront of this diesel wave and being able to help people make action from that. It's an incredible place to be. I, is liberating and yeah, I can't even begin to imagine what's, you know, the opportunities are over the next few years as the world continually evolves. >> Well, every day is a school day, right? >> It is my favorite phrase >> I knew that. >> And it is, James Hodge. Thanks for joining us on theCUBE. Glad to have you on finally, after being on the other side of the camera, it's great to have you on this side. So thanks for making that transition for us. >> Thank you, John. You bet James Hodge joining us here on the cube coverage of splunk.com 21, talking about McLaren racing team speed and Splunk.

(upbeat music) >> Hello, and welcome to today's session of the 2021 AWS Global Public Sector Partner Awards. I'm delighted to present our special guests for today's program and they are Kyle Hines, VP Strategic Accounts at Presidio as well as chief Chuck Hoskin, Jr., chief of the Cherokee Nation. Welcome to the program, gentlemen >> Thank you. >> Terrific, well, delighted to have you here, we're going to discuss the key award of best partner transformation, most impactful nonprofit partner, of course now highlighting some of the technologies now being technology now being leveraged to help preserve the Cherokee language as well as its culture. Now, Chuck, I'd like to start with you and if you could describe some of the challenges that the Cherokee nation is now faced with in terms of preserving the language and its culture and how you see technology being able to really help preserve it. >> Well, thank you, Natalie. It was really good to be with you all today. The Cherokee language and culture is what makes us unique as a people. It's the link that links us back to time and immemorial through generations. And over those generations, there've been many threats to our language and culture. There's been disease after European contact, there's been dispossession, there's been our forced removal on the trail of tears. Other pressures in more modern times have continued to erode our language and culture, including, boarding schools, the public school system through most of the 20th century as Cherokee Nation has gotten back on its feet, that is to say when the govern the United States has allowed Cherokee Nation to do what we've always done well which is to govern ourselves, chart our own destiny, and preserve our life ways, we've been able to make preservation efforts but those generations of eroding our language and culture had coming to steep costs. We're the largest tribe in the country, 392,000 citizens and by the way we're mostly in Northeast, Oklahoma but we have Cherokees living all over the country even all over the world. And we only have 2000 fluent speakers left. So it's a great challenge to save a language that's truly endangered. And if we don't save it generations from now we may do a number of things exceedingly well as we do today, business, providing education and housing, creating a great healthcare system, but we will have lost that thing that makes us a unique people, that thing that links us back to our past. And so what we're doing today, working with great partners like Presidio is just indispensable to what's really our most important mission. >> Yeah, terrific. Well, thank you so much for those insights. I'd like to switch it over to Kyle and hear about the technologies now being utilized to preserve the Cherokee language and culture. >> Sure, happy to Natalie and thanks for having us this morning. So yeah, when we started to work with the Cherokee Nation, it was very clear to us that, there's obviously a higher power or a higher mission here. And so it's really been an honor to work with the chief and the nation and what we've been able to do is is take what the Cherokee Nation is trying to do in terms of language and cultural preservation and build solutions in really a very modern way. So between Inage’i, the 3D mobile open-world game and the virtual classroom platform, it's entirely a cloud native serverless solution in AWS, using a lot of the most modern tools and technologies in the marketplace. For example, in the mobile game, it's built around unity and the virtual classroom platform is built around the Amazon chime SDK, which allows us to really build something that is very clean and light and focused on what the nation is trying to achieve and really cut out a lot of the baggage and the other sort of plumbing and various other technologies that this would have, this type of solution would have taken just a few short years ago. >> Yeah, terrific. Well, Kyle, staying with you, what do you think were some of the factors behind the development of this solution? >> Yeah, so I think flexibility was key. Was maybe the biggest design goal in building these solutions because you learn a lot when you originally set out to build something and it starts to impact real users, and in this case, speakers of the Cherokee Nation, you learn a tremendous amount about the language and how it's used and how people communicate with each other. And so the main design goal of the solutions was to allow a sort of flexibility that lets us adapt. And every time we learn something and every time we find something that works or perhaps doesn't work quite as well as was imagined, we have the flexibility to change that and kind of stay nimble and on our toes. >> Terrific, well, Chuck, now switching over to you, why do you think that some of these, platforms like the virtual classroom are so effective with Cherokee speakers? >> Well, a couple of reasons, one pandemic related, during COVID the worst public health crisis the world seen in living memory, we have had to adapt quickly to continue on our mission to save this language. We couldn't afford a year off in terms of pairing speakers, by the way, most of our fluent speakers are over the age of 70, with young people who need to learn the language and be the new generation of speakers. So it's been really important that during those difficult times we could connect virtually and the technology we've been using has worked so effectively, but the other is really irrespective of what's going on in terms of having to isolate, and social distance and things of that nature during COVID, and that is just making sure we can make this language accessible, particularly to young people in a manner in which they are becoming accustomed to learning things throughout the rest of the world. And so using platforms that they're familiar with is very important but it also has to be something that an older generation of these fluent speakers, as I say most of them are over 70, can use. And that's what really has been so effective about this platform. It's so usable. Once you introduce it to people whether it's a young person who can adapt pretty quickly 'cause they're growing up immersed in it, or it's someone who has not been familiar with that technology, with just a little bit of showing them how to use it, suddenly this classroom becomes just like you're in person. And that makes all the difference in the world in terms of connecting these young people with their elders. As the other thing is Cherokees are by nature very much part of a big extended family. And so that personal connection that you can maintain through this platform is really important. I think it's going to be the key to how we save this language, because as I say we have Cherokees all over the country, even all over the world and we're going to harness our numbers, the large population we have and find those with the interest and aptitude to learn the language, we must use this technology and so far it's worked well. >> Yeah, terrific, and now switching over to Kyle, we'd love to hear from you how your team developed this technology. How they really thought out, what kinds of methods are really going to drive the interaction and the immersion and engagement among these disparate demographics of, elderly Cherokees and also the young generation. So, how did your team go about developing that? >> Yeah, it's a very good question because in a situation like this, there is no shortage of different ways that you could have built a solution like this. There are a lot of different ways that it could have been done. So the tax that we took was a rigorous focus on the user experience and on the experience of the speaker. And that allowed us to detach ourselves to a large degree from what were the exact technology choices that were implemented in terms of AWS services, other open source packages that run on AWS, it's being able to focus completely on what the nation was trying to achieve with their speakers, both through the game and the virtual classroom platform. It let us take a lot of other design decisions and technology choices sort of into the background and behind a level of abstraction. And so there's always quite a bit of rigorous testing and really making sure you understand how something's going to perform in the wild, but the reality of the situation was, the whole reason for doing it was the experience of the speakers, both in the game and in the classroom platform. So we stayed very focused on that and made technology decisions sort of second fiddle or lower priority. >> Terrific, well, Chuck, how do you think that these kinds of innovations could be applied to other areas of the Cherokee school system? >> Well, our greatest challenge is preserving language and culture, but we also have as part of our mission to educate this new generation of Cherokees coming up. For years and years, really generations, Cherokees who were able to get a good education many of them left our tribal lands for new opportunities. And so we lost a great deal because of the economic pressures here in Northeast, Oklahoma, particularly on our Cherokee lands. So the task now is to generate opportunity for a new generation coming up. Education is key to that and so if we want to create a pipeline of young Cherokees who want to get into the healthcare fields, want to get into aerospace, want to get into other professions, we've got to create an education system that is steadier and modern. We have a school that is K through 12th grade, K through the senior year, and so we have an opportunity really to do that. And I think for the first time in our history, in this era, I'm talking elect the last few decades, we are able to really craft education in a way that works for us and using technology and making choices about what that technology is, is important to us. It's a bygone era in which the federal government or the state is sort of imposing on us what choices we make. Now we can reach out with great partners all over the world like Presidio and say what solution can work for our classroom? When we can identify what the great demands are on the reservation in terms of jobs. And one of the great demands we have is healthcare. So how can we use technology to inspire little Cherokee boys and girls to grow up and be doctors and nurses here in just a few decades when we're building this great health system? Well, we're going to use technology to do it. So the possibilities are really unlimited and they need to be because we think our potential here in Cherokee Nation is unlimited. >> Yeah, I mean that's terrific to hear how technology is really encouraging younger generations to study, learn and really push themselves further. Kyle, I'd like to switch over to you and hear a little bit about the benefits of launching this kind of platform on AWS. >> Yeah, there are a lot of benefits to building this on AWS. And I think that it spans a couple of categories, even. I mean, from a technological perspective there was every tool and every service that we needed to build both of the solutions that we built right there in AWS. And when there was a, when there was a time where we needed to jump out and use a project outside of AWS, running on AWS such as the unity engine, AWS makes that very easy. So I would say that the choice was easy because there are technological realities and the breadth and the depth of the technological portfolio in AWS combined with the partnership that we get from them, It's really, you know, there's a lot of support when it comes to, Hey we're working with the Cherokee nation on something that's extremely important. We need your help. We need you to help us figure this out. It's never been hard to get that partnership. >> Terrific, and also following up on that, love to hear how AWS really helped with flexibility and also the cost effective effectiveness of this kind of platform. >> Yeah I would take those questions backwards or in reverse order because the cost-effectiveness of the solution is really, it's really something to make note of because when we build something in the way that we built these platforms they're serverless and event driven. Meaning that the Cherokee Nation is not paying for a solution constantly as we would in lives past running things in data centers and such. It really, the services in AWS allow us to say, Hey, let's spin up certain pieces of functionality when they're needed as they're being used. And the meter is running during that time, and the cost is occurred during the time it's being used and not all of the time. So that really has a dramatic impact on cost effectiveness. And then from a flexibility standpoint, as we learn new things, as we evolve the platform as we grow this out to more and more speakers and to more and more impact to the Cherokee Nation, we have all kinds of different technology choices that we can make and it's all contained within AWS. >> Yeah, and I'd like to open this now to both of you, starting with Chuck, how do you think this kind of technology could be applied to other cultures or languages that re seeking to preserve themselves? There's so many languages in the world that are now dying out because most of us are only speaking, just a few like English, Spanish, just a few others, what steps can be taken so that humanity can preserve these important languages? >> Well, you're right. There are so many endangered languages around the world and indigenous languages are unfortunately dying all over the world all the time, even as we speak, they're slipping away. The United nations is dedicated the next decade to the preservation of indigenous languages. That's gotten many leaders around the world thinking about how we can save languages here in this era. And I would encourage any tribal leader in particular in the United States, but I think it certainly applies around the world to seek out this technology. I mean, Cherokee Nation's in a position now where we can seek out the best in the world in terms of partnerships. And we've found that in Presidio. And of course they're using AWS which means they're using the best in the world and so the technology exists, and the willingness to work together exist. And I think generations ago that would have been not something we could have connected well on in terms of partnering with companies that were doing cutting edge things. So if you're looking to connect generations in terms of learning and sharing the language, which is just I cannot stress enough how indispensable that is to language preservation, this type of technology will do it. There are some, I think that may think, and I don't have a technology background, that if you're using this cutting edge technology, I mean this is the best in the world that you're going to speak only to this young generation coming up, and maybe it's inaccessible to an older generation. It's just not the case. This is so user-friendly that we we've been able to connect elders with young people. And if anyone in the world interested in preserving languages could see this in action, could see a young person sitting next to an elder talking about the technology or connecting virtually, it would change their whole perspective on what technology means for language reservations because I promise you all over the world the great challenges you have this group of older generations of people who know the language. They have it in their hearts, they have it in their minds and they're slipping away just from the passage of time. Connecting them with the generation coming up is just what we need to do. This technology allows us to do it. >> Yeah, Chuck following up on that when I hear about elderly people being able to connect with the younger generations in this way and share their history and their culture I'm sure that also, It must have a positive mental effect for them. Right, so elderly are often isolated. Do you have any insight on that? Any quality of insight what you've heard from people using this? >> Yeah, absolutely. And I think the last year has proven how valuable it is. I mean, we lost over 50 fluent Cherokee speakers and I mentioned earlier in the program, that we only have 2000 left. 50 to COVID and more to just the passage of time and old age. But we have many that are active and engaged in language preservation and they have said to me how valuable it's been to be able to be at home and yet still feel like they're part of this great mission that we have at the Cherokee Nation. Understand that this mission that we have is on par with what any nation in history has set as a goal to shoot for whether it's the United States wanting to land a man on the moon, we're trying to save the language. This is that level of importance. And so for an elder to feel like they're connected and still contributing during this past year difficult times, that makes all the difference in the world. And even as I say, as the pandemic recedes and we hope it continues to recede, there is still a need for elders to stay connected. And in many cases they cannot due to poor health, due to the lack of transportation, this knocks down those barriers and so there's a great deal of joy that has been gained from using this technology. And honestly, just talking to elders about young people getting the opportunity to play this video game even some elders that were voice actors in this game, that Presidio helped us develop. I mean, I can't tell you how important that is for somebody to use their language, to make a living. And that's part of how you preserve a language. Presidio has showed us a way that we can do just that. So we're not only training new speakers, we're giving this opportunity many cases to elders to do something that is very productive with the wonderful gift they have, which is the Cherokee language. >> Terrific, well that is really inspiring because potentially this technology could be utilized by generations to come. The current young people that are using this will one day be the elderly. So, Kyle, how do you see this technology potentially on this platform being evolved? What's the next step to keep it really up to date for future generations as it's evolving. >> Yeah, there's a lot of plans on where to take this I can tell you, honestly. From the perspective of the mobile game, you're building on a platform of an open world game means that the imagination is the limit quite honestly. So there are a lot of new characters and new levels and new adventures that are plans to further immerse the speakers in the platform. And I think that will, that will help with reach and it will help with the amount of connection that's built to the chief's point about bridging the older generations into the younger generations over that common bond of the language and the culture that keeps those connections alive. And so we want to expand the mobile game Engage, the navigate to be as accessible and as wide reaching and immersive as it possibly can, and there are a lot of plans in the works for that. And then with the virtual classroom platform, we started with a various focused constituency within the nation of the language immersion school. And there are many other educational services and even healthcare to the chief's earlier point again where I think there's a lot of potential for that one as well. >> All right, well, terrific gentlemen. Thank you so much for your insights, really fantastic hearing how this platform is really a difference in the lives of people in the Cherokee Nation. Of course, that were our guests, Kyle Hines, VP Strategic Accounts at Presidio as well as chief Chuck Hoskin Jr., the chief of the Cherokee Nation. And that's all for today's session at the 2021 AWS Global Public Sector Partner Awards, I'm your host for "theCUBE", Natalie Erlich. Thanks so much for watching. (upbeat music)

(upbeat music) >> Okay, welcome back to theCUBES's coverage of Dockercon 2021. I'm John Furrier, your host of theCUBE. We have Justin Cormack, CTO of Docker. Was also involved in the CNCF technical oversight and variety of other technical activities. Justin, great to see you. Thanks for coming on theCUBE Virtual this year, again, twice in a row and maybe next year will be in person but certainly hybrid, great to see you. >> Yeah, great to see you too. Yeah, in person would be nice one of these days, yes. >> Yeah, when we get real life back. It's almost there, I can feel it, but there's so much activity. One of the things that we've been talking about, certainly in theCUBE and even here at DockerCon, same story. The pandemic really hasn't truly impacted developer community, because most of the people have been working remotely and virtually for many, many decades. And if you think about just in the past 10 years, all the innovation in cloud has come from virtual teams, open-source softwares, always had good kind of governance and a democratization of kind of how it becomes built. So not a bit's been skipped during the pandemic. In fact, if anything supply chain of software development has increased. So- >> Yeah, I think that it's definitely true that open-source was really the place that pioneered remote working. And a lot of the work methods the people worked out to do open-source as in communication and things like that, were things that people have adopted. It's a slightly different community. I'd say open-source projects like meetings less than some other organizations, but there was definitely that pioneering thing. And a lot of the companies that started off remote first, were in open-source software, and they started off for those reasons as well because developers were already working like that, and they could just hire them and they could continue to work like that. >> Yeah, one of the upsides of all this is that people won't tolerate even zoom or in person meetings that just go on, 15, 30 minutes good call. Why do we have a meeting? What's the purpose? (faintly speaking) the way to go. Let's get into the developer community. One of the things I love about DockerCon this year 2021 is the envelopes being pushed again almost to another level, it's almost a new level, this next level of containers is bringing more innovation to the table and productivity and simplicity. Some of the same messages last year but now more than ever, stuff's going on. What are you hearing directly from the community? You talk to a lot of the developers out of the millions of developers in the Docker ecosystem. What are they saying now in 2021? What's going on in their mind? >> Yeah, I think it's an area... More and more people are using Docker, and they're using it every day and it's a change that's been going on, obviously for a while, but it begins to sort of, as it spreads, the kind of developers using Docker, so different from... When I started at Docker, coming up for six years ago, it was a very bleeding edge type thing for early adopters. Now it's everywhere, millions and millions of ordinary developers are using Docker every day. And the kinds of things that's telling us is, well, some of this stuff that we thought, well, five years ago was an amazing breakthrough and simplicity. Now that's on its own still too hard. One of the things I mentioned in my keynote was that, we're talking to developers who just primarily have been working windows all their life but more and more applications being shipped on Linux. And they using Linux containers, but they find Docker files really hard because they have really, Linux shell scrapes and not a windows developer doesn't know how to use a Linux shell script. And it's bringing it down to that next level of use where you can adopt these things more easily, the pitched to the kind of level of developer who is just thinking about their language, their APIs and they don't want to have to learn kind of lots of new things to do Docker. They'll learn some, but they really wanted to kind of integrate better into the environments they work in and help them more. We've been working on a lot of detailed instructions about like how to use Docker better with JavaScript and Python, because people have told us, be specific about these things, tell us exactly how I do make things work well with the way I'm doing things now. >> What is the big upside for containers for the folks watching? And last year, one of the most popular sessions was the one-on-one Peter McKay did, which was fascinating, packed with people. And the adoption of containers is going everywhere and enabling a lot of growth. What's the main message to these new developers that are coming on board to ecosystem. >> I think what's happening is that people are gradually, very slowly starting to think about containers in a different way. When we started, the question everyone kept asking was about containers and VMS, what's the difference? That question didn't really, kind of really address what the big fundamental changes that containers made to how people work was. I'd like to think about it in terms of the physical shipping containers, like people are concerned about like, can you escape from the box? Can I get out of a container? These kinds of questions. This is not really the important question about containers is kind of escape from the box. The question is, what does it enable you to build? The shipping container let us build the supply chains that let people build products and factories and things that would never have been possible without the ability to actually just ship things in a routine and predictable and reliable and secure way, getting that content and the things that come in the container and you actually work more effectively. And, so I think that now we're talking about like what's the effect of containers on the industry as a whole? What are the things that we can learn about repeatability and documentation and metadata and reliability, that we kind of talked about a little bit before, but these are becoming the important use cases for containers. Containers are really about, they're not about that kind of security and escape piece, there're about the content, the supply chain and your actual process of working. >> What do you, first of all, great call out on the security piece. I want to get that in a second. I think that's a killer one. You've mentioned supply chain, can you define software supply chain, and is that where the automation value comes in? Because a lot of people are talking about automation is improving the developer experience. So can you clarify quickly, what do you mean by the software supply chain? And is that where automation comes in? Am I getting that right? >> Yeah, so the software supply chain is really that process by which you get components of software to build your applications. Around 99% of companies are using open-source software to build applications. And the vast majority of the pieces of any modern application art consists mainly of open-source software and some tries source software, and some software that people are writing themselves. But you've got to get these components in, you've got to make sure that they're updated and scanned and they're reliable. And that's the software supply chain is that process for bringing in components that you're using to build your applications. And so, the way automation comes in, is just because there's so much of the software dealing with it manually is just difficult, and it's an ongoing process of build and test and CI and all those scanning and all those processes. And I think as software developers, we fundamentally know that the most valuable things are the things that we automate. They're the things that we do all the time and they're important. And that a lot of building a software is about building repeatable processes, rather than just doing things one by one, because we know that we have to keep updating software, we have to keep fixing bags, we have to keep improving software. And so you've got to be able to keep doing these things, and automation is what helps us do that. >> I was talking to Dana Lawson the VP of Engineering at GitHub, and she and I were chatting about this one topic. I want to get your thoughts on it, because she was definitely of the camp of automation helps with productivity. No doubt, check, double check there. The question I have for you is how do you see the impact on say the developer experience and innovation specifically? Because, okay, I can see the productivity, okay, something happens a bunch of times automated. Then you start thinking about supply chain, then you thought about developer experience and ultimately with Kubernetes around the corner, with the relationship with containers, you can see the cloud-native benefits from an innovation standpoint. Can you share your thoughts on the automation impact to experience for the developer and the innovation strategies they need? >> Well, I think that one of the ways we're trying to think about everything we do at Docker is that we should be helping build processes rather than helping you do something once, because, if you do something three times, you want to automate it, but what if the first time you did it, that could also build that automated process. And if it was, why isn't it as easy to make something automated as it is to do it once? There's no real reason why it shouldn't be. And I think that kind of... I was having a conversation with someone the other day about how they would... They had kind of reversed their thinking and they found that often it was easier to start with automation and harder to do things manually. And that's a kind of real reversal of that kind of role between automation and doing stuff run, so, and it's not how we think about it, but I think it's really interesting to think about that kind of thing, and how could we make automation really, really simple. >> Well, that's a great example when you have that kind of environment, and certainly the psychology is better to have automation but if everyone's saying it's hard to do manual, that means they're at some sort of scale, right? So scale matters, right? So as you start getting the SRE vibes going, and you start getting Cloud Scale in cloud-native apps, that's going to be cool. Now, the question I want to ask you, because while the other thing that's happening is more people are coming into open-source than ever before, not just young developers, but also end users. Not like the hardcore-end users, looking like classic enterprises are coming in. So as more developers come in and increase over the year, what does that mean for the experience for developers? Now you have, does that change it? How do you view that? Because as more developers come in, you have institutional knowledge, you have scale, you have learnings, what's your thoughts on on the impact as the population of developers increase? How does Docker view that? >> Yeah, now, I think it's really interesting trend. It's been very visible in CNCF for the last few years. We've been seeing a lot more active end-user, company's doing open-source. Spotify has been one of the examples with a backstage project they brought into CNCF and other areas where they work. And I think it's part of this growing trend that's really important to Docker, Docker is a bottom up technology adoption company. Developers are using Docker because it works for them and they love it. And developers are doing open-source in their companies because open-source works for them and they love it. And it works for their business as well. And whereas historically like the the model was, you would buy kind of large enterprise products, with big procurement deals that were often not what the developers wanted, but now you're getting developers saying, what we want to do is adopt these open-source projects, because we know how they work, we already understand that we know how to integrate them better into our processes. And I think it's that developer lad demand that's really important, and it's the kind of integration that developers want to do, the kind of products that they want to work with, because they understand them and love them, and they had targeted at developers and that's incredibly important. And I think that's very much where Docker's focused and we really want to... Open-source is of the core of everything we've always done. We've built with the open-source community, and we've kind of come from that kind of environment. And we built things that we love as developers and that other developers love. >> Talk about your thoughts on security. Obviously it's always built in from the beginning, Shift-Left is the ethos, day two operations, AI apps, whatever people want to call that. Post-deployment mode, security has to be at the center of this, containers can be a great solution and give some great flexibility for developers. Can you talk about your view and Docker view on the security posture and situation? >> Yeah, I think Shift-Left is incredibly important because just doing things late, everyone knows is the wrong thing from the point of view of productivity. But I think Shift-Left can just mean, ask the developers to do everything, which is really a bit too much. I think that sometimes things need to be shifted even further left than people have actually thought. So like, why are you expecting developers to scan components to see if they're allowed to use? If they should be using them or they should be updated, why hasn't that happened before the developer even gets there? I think there's a, I sorted my keynote about this whole piece, about trusted content. And it's really important that we really shift that even further left, so it's long before it gets to the developer, those things that are happening. Security, it's a huge area, of course, but it's very much, we need to help developers because security is non-obvious. I think the more you understand about security, the more you understand that it doesn't come naturally to people and they need to be helped with it, and they need to learn a lot about things in a way to, I found myself that, learning how to think like an attacker is a really important way of thinking about how to secure softwares, like what what would they do rather than just thinking about the normal kind of, oh, this works in the (faintly speaking) What happens if things go wrong? That you have to think about as well. So there's a lot of work to do to educate and help and build tools that help developers there. And it's been really good working with Snyk, cause they're a very developer focused security company, that's why we chose to work with them. Whereas historically, security companies have been very oriented towards kind of the operator side of it, not the development side, not the developer experience. And the other piece is really around supply chain security. That's just kind of a new security area. And it's very important from the container point of view, because one of the things containers let you do is really control the components that you're using to build applications and manage them better. And so we can really build tooling that helps you manage, that helps you understand what's in a container, helps you understand where it came from, how it was built and automate those processes and sign and authenticate them as well. And we've been working with CNCF on Nature V2, which is for signing revamp of the container signing process, because people really want to know who originated this container? Where did it come from? What did they say is in it? There's a lot of work about build up materials and composition analysis and all those things that you need to know about. What's in a container, and the... >> Everyone wants to know what's in a container. If you've got a Kubernetes cluster for instance, that's all highly secure and in comes a container, how do you know what the... There's no perimeter, right? So again, as you said, thinking like an attack vector there, you got to understand that, this is where the action is, right? This is where a lot of work's being done on this idea of always on security. You don't know when the container's coming in. during the run stage, you're running a business now, it's not just build and share, your running infrastructure. >> Absolutely, you really want full control about everything that goes into it, and you want to know where everything that you're running in production came from, and you pretty tired of this, and that's your end to end supply chain. It's everything from developer inputs through the build process and grow to production. And in production, understanding whether it needs to be updated and whether there's new discover vulnerabilities and whether it's being attacked and how that relates back to what came into it in the first place. >> Lot more intelligence, lot more monitoring. You guys are enabling all that I know it's cool. Great stuff. Hey, I want to get your thoughts on just what got you here on the calendar, looking at the DockerCon '21 event, and we're having a fun time here with, we're on theCUBE track, get the keynote track. But if you look at the sessions that's going on, you got, and I'll get your comment on this, cause it's really interesting how it's cleverly laid out this is. You've got the classic run share build and then you've got a track called accelerate, interesting metadata around these labels. Take us through, because this basically shows the maturation of containers. We already talked about the relationship, somewhat with Kubernetes, everyone kind of sees that direction clearly, but you got acceleration, which is a key new track, but run, share, build, what's your reaction to that? Share your observations of what the layout of those names and what it means to an enterprise and people building. >> Yeah, (faintly speaking) has been Docker's kind of motto for a long time. It kind of encapsulates that kind of process of like, the developer building application, the collaborative piece that's really important about sharing content in containers and then obviously putting into production because that's the aim. But, accelerate is incredibly important too. Developers are just being asked to do a lot. Everything is software, there's a lot of software, and a lot of software has to be created and we've got to make it easier to do this. And that kind of getting quickly from idea to business outcomes and results is what modern software teams are really driving at. And, I think we've really been focused this last year on what the team needs to succeed, and especially, small focused teams delivering business value. It's how we're structured internally as well and is how our customers, to a large extent are structured. And there's that kind of focus on accelerating those business outcomes and the feedback loops from your ideas to what the feedback that your customers give you at helping you understand that it's really important. >> Talk about final question for you in terms of the topic here, cloud, hybrid cloud, multicloud, this is, put multicloud asides more hype. Everyone has multiple clouds, but it speaks to the general distributed computing architecture when you talk about public cloud and on-premises cloud operations. So modern developers looking at that as, okay, distributed environment, edge, whatever you're going to call it. What's your view of Docker as it goes forward for the folks watching, who have experience with Docker, loved the vibe, loved the open-source, but now I've got to start thinking about putting the containers everywhere. What's the Docker pitch, so to speak, with a tech story that they should walk away with from you? What's the story, what's the pitch? >> Yeah, so containers everywhere has been a sort of emerging trend for a while, the last year or so. The whole Kubernetes at the edge thing has really exploded with people experimenting with lots and lots of different architectures for different kinds of environments at the edge. What's totally clear is that people want to be able to update software really easily at the edge the way you can in the cloud. We can't have the sort of, there's no point in shipping a modern piece of manufacturing equipment that you can't update the software on, because the software is how it works, more and more equipment is becoming very general purpose, people making general purpose robots, general purpose factories, general purpose everything which need to be specialized into the application they're going to run that week. And also people are getting more and more feedback and data and feedback from the data. So if you're building something that runs on a farm, you're getting permanent feedback about how well it's doing and how well the crops are growing was coming back. And so everywhere you've got this, we need to update. And everywhere you need to update, you want containers because containers are the simple reliable way to update software. >> I know you talked about CNCF and your role there. Also the CTO of Docker, I have to ask cause we were just covered Coop con and cloud-native con just last month and this month. And it's clear that Kubernetes is becoming boringly good in a way that's good to be boring, right? It means it's working. And it's becoming more cloud-native con than Coop-con. That has been kind of editorial observation, which speaks to what we feel is a trend towards more cloud-native discussions, less about Kubernetes. So, it's still Kubernetes stuff going on, don't get me wrong, just saying it's not as controversial in the sense that people kind of clearly understand why that's important, and all the discussions now seem to be on cloud-native modern developer workflows. What's your reaction to that? Do you agree, if not, what's your take? >> Yeah, I think that's definitely true. Kubernetes is definitely much more boring. Everyone is using it. They're using it in production now vastly more than they were a few years ago, when it was just experiment, experiment, experiment, now it's production scale out. The ecosystem in CNCF is kind of huge. There's so many little bits that have to be filled in storage and networking and all that. So there's actually a lot of pieces that are around Kubernetes, but, there's definitely more of a focus coming on the developer experience there. Compared to DockerCon, the audience at Coop Con is incarnated kind of still much more operator focused rather than developer focused. And it's very nice coming to DockerCon, just to feel like being amongst that developer community, Coop Con still has a way to gauge to have more of a real developer audience, but the project is starting to pair with a more developer focused kind of aim or things like backstage from Spotify is a really interesting one where it's about operations, but it's a developer portal focused things. So, I think it's happening, and there's a lot more talk about that. There's a whole bunch of infrastructure, there's a lot more security projects in CNCF than they were before. And we're doing a lot of work on supply chain security and CNCF just released a white paper on that few days ago. So there's a lot of work there that touches on developer needs. I still think that audience (faintly speaking) that much different from DockerCon which is I think 80% developers and maybe 10% infrastructure rather than the other way round. >> I think if you're going to get operators it can be SRE/platformleads. The platform leads are definitely inside DockerCon now than they've ever been before from my observation. So, but that speaks to the sign of the times. Most development teams have an SRE in the team, not an SRE team. They're just starting to see much more integration amongst the kind of a threaded or threaded teams or whatnot. So... >> Yeah. (faintly speaking) Operate your apps is the model. And I think that it's going to lead to more and more crossover between these communities. It's what DevOps was supposed to be about, somehow got diverted into building DevOps teams instead of working together, but we'll get there. >> It's clear from my standpoint, at least from reporting here is that, from the DockerCon and community at large, cloud-native community, having end-to-end work-load visibility on developer test run, everything seems to be the consensus, without a doubt. And then having multiple teams, and then having some platform, have some flexing people moving between teams for the most part, but built insecurity, built in SRE, built in DevOps, DevSecOps, all the way from end-to-end. >> Absolutely, we know that that's what does work best, it's where most organizations are heading at different speeds, because it's very different from the traditional architecture. It takes time to get there, but that's the model that has come out of microservices that really containers enabled and allow that model to happen. And it's the team architecture of containers. >> Hey, monolithic applications have monolithic organizations, microservices have microservices teams. Justin, great to have you on theCUBE for this conversation. If folks watching this interview, check out Justin's keynote, came from the main stage, great stuff. Justin, thanks for coming on theCUBE, we really appreciate your time and insight. >> Thank you, good to see you again. >> Okay, this is theCUBES's coverage of DockerCon 2021 Virtual. I'm John Furrier, your host. Thanks for watching. (upbeat music)

>> Narrator: From around the globe It's theCUBE with digital coverage of IBM Think 2021. Brought to you by IBM. >> Welcome back everyone to theCUBE's coverage of IBM Think 2021 virtual, I'm John Furrier, your host. I've got a great guest here Robin Hernandez, vice president Hybrid Cloud Management and Watson AIOps. Robin, great to see you. Thanks for coming on theCUBE. >> Thanks so much for having me, John. >> You know, Hybrid Cloud, the CEO of IBM Arvind loves Cloud. We know that we've talked to him all the time about it. And Cloud is now part of the entire DNA of the company. Hybrid Cloud is validated multi clouds around the corner. This is the underlying pinnings of the new operating system of business. And with that, that's massive change that we've seen IT move to large scale. You're seeing transformation, driving innovation, driving scale, and AI is the center of it. So AIOps is a huge topic. I want to jump right into it. Can you just tell me about your day to day IT operations teams what you guys are doing? How are you guys organized? How you guys bring in value to the customers? What are your teams responsible for? >> Yeah, so for a few years we've been working with our IT customers, our enterprise customers in this transformation that they're going through. As they move more workloads to cloud, and they still have some of their workloads on premise, or they have a strategy of using multiple public clouds, each of those cloud vendors have different tools. And so they're forced with, how do I keep up with the changing rate and pace of this technology? How do I build skills on a particular public cloud vendor when, you know, maybe six months from now we'll have another cloud vendor that will be introduced or another technology that will be introduced. And it's almost impossible for an it team to keep up with the rate and pace of the change. So we've really been working with IT operations in transforming their processes and their skills within their teams and that looking at what tools do they use to move to this cloud operations model. And then as part of that, how do they leverage the benefits of AI and make that practical and purposeful in this new mode of cloud operations >> And the trend that's been booming is this idea of a site reliability engineer. It's really an IT operations role. It's become kind of a new mix between engineering and IT and development. I mean, classic DevOps, we've seen, you know dev and ops, right? You got to operate the developers and the software modern apps are coming in that's infrastructure as course has been around for a while. But now as the materialization of things like Kubernetes and microservices, people are programming the infrastructure. And so the scale is there, and that's been around for a while. Now it's going to go to a whole enterprise level with containers and other things. How is the site reliability engineering persona if you will, or ITOps changed specifically because that's where the action is. And that's where you hear things like observability and I need more data, break down the silos. What's this all about? What's your view? >> Yeah, so site reliability engineering or SRE practices as we call it has really not changed the processes per se that IT has to do, but it's more accelerated at an enormous rate and pace. Those processes and the tools as you mentioned, the cloud native tools like Kubernetes have accelerated how those processes are executed. Everything from releasing new code and how they work with development to actually code the infrastructure and the policies in that development process to maintaining and observing over the life cycle of an application, the performance, the availability, the response time, and the customer experience. All of those processes that used to happen in silos with separate teams and sort of a waterfall approach, with SRE practices now, they're happening instantaneously. They're being scaled out. They're being... Failback is happening much more quickly so that applications didn't do not have outages. And the rate and pace of this has just accelerated so quickly. This is the transformation of what we call cloud operations. And we believe that as IT teams work more closely with developers and they moved towards this SRE model, that they cannot just do this with their personnel and changing skills and changing tools. They have to do this with modernized tools like AI. And this is where we are recommending applying AI to those processes so that you can then get automation out of the back end that you would not think about in a traditional IT operations, or even in an SRE practice. You have to leverage capabilities and new technologies like AI to even accelerate further. >> Let's unpack the AI operations piece because I think that's where I think I'm in hearing. I'd love you to clarify this because it becomes I think the key important point but also kind of confusing to some folks because IT operations people see that changing. You just pointed out why, honestly, the tools and the culture is changing, but AI becomes a scale point because of the automation piece you mentioned. How does that thread together? How does AIOps specifically change the customer's approach in terms of how they work with their teams and how that automation is being applied? 'Cause I think that's the key thread, right? 'Cause everyone kind of gets the cultural shifts and the tools, if they're not living it and putting it in place, but now they want to scale it. That's where automation comes in. Is that right? Is that the right way to think about it? What's your view on this? This is important. >> It's absolutely right. And I always like to talk about AI in other industries before we apply it to IT to help IT understand. Because a lot of times, IT looks at AI as a buzzword and they say, "Oh, you know, yes, sure. "This is going to help me." But if you think about... We've been doing AI for a long time at many different companies not just at IBM, but if you think about the other industries where we've applied it, healthcare in particular is so tangible for most people, right? It didn't replace a doctor but it helps a doctor see the things that would take them weeks and months of studying and analyzing different patients to say, "Hey, John, I think this may be a symptom "that we overlooked or didn't think about "or a diagnosis that we didn't think about," without manually looking at all this research. AI can accelerate that so rapidly for a doctor, the same notion for IT. If we apply AI properly to IT, we can accelerate things like remediating incidents or finding a performance problem that may take your eye months or weeks or even hours to find, AI applied properly find those issues and diagnose just like they could in healthcare it diagnoses issues correctly much more rapidly. >> Now again, I want to get your thoughts on something while you're here 'cause you've been in the business for many, many decades 20 years experience, you know, cloud cold, you know the new modern area you're managing it now. Clients are having a scenario where they, "Okay, I'm changing over the culture." I'm "Okay, I got some cloud, I got some public "and I got some hybrid and man, "we did some agile things. "We're provisioned, it's all done. "It's out there." And all of a sudden someone adds something new and it crashes (chuckles) And now I've got to get in, "Where's the risks? where's the security holes?" They're seeing this kind of day two operations as some people call, another buzz word but it's becoming more of, "Okay, we got it up and running "but we still now going to still push some code "and things are starting to break. "and that's net new thing." So it's kind of like they're out of their comfort zone. This is where I kind of see the AIOps evolving quickly because there's kind of a DevSecOps piece. There's also data involved, observability. How do you talk to that scenario? Where, okay, you sold me on cloud, I've been doing it. I did some projects. We're not been running. We got a production system and we added something new. Something maybe trivial and it breaks stuff? >> Yes. Yeah, so with the new cloud operations and SRE, the IT teams are much more responsible for business outcomes. And not just as you say, the application being deployed and the application being available, but the life cycle of that application and the results that it's bringing to the end users and the business. And what this means is that it needs to partner much more closely with development. And it is hard for them to keep up with the tools that are being used and the new code and the architectures of microservices that developers are using. So we like to apply AI on what we call the change risk management process. And so everyone's familiar with change management that means a new piece of code is being released. You have to maintain where that code is being released to was part of the application architecture and make sure that it's scaled out and rolled out properly within your enterprise policies. When we apply AI, we then apply what we call a risk factor to that change because we know so often, application outages occur not something new within the environment. So by applying AI, we can then give you a risk rating that says, "There's an 80% probability "that this change that you're about to roll out, "a code change is going to cause a problem "in this application." So it allows you to then go back and work with the development team and say, "Hey, how do we reduce this risk?" Or decide to take that calculated risk and put into the visibility of where those risks may occur. So this is a great example, change risk management of how applying AI can make you more intelligent in your decisions much more tied to the business and tied to the application release team. >> That's awesome. Well, I got you here on this point of change management. The term "Shift Left" has come up a lot in the industry. I'd love to get your quick definition of what that is in your mind. What does Shift Left mean for Ops teams with AIOps? >> Yeah, so in the early days of IT there was a hard line definitely between your development and IT team. It was kind of we always said throwing it over the fence, right? The developers would throw the code over the fence and say, good luck IT, you know, figure out how to deploy it where it needs to be deployed and cross your fingers that nothing bad happens. Well, Shift Left is really about a breaking down that fence. And if you think of your developers on your left-hand side you'd being the IT team, it's really shifting more towards that development team and getting involved in that code release process, getting involved in their CI/CD pipeline to make sure that all of your enterprise policies and what that code needs to run effectively in your enterprise application and architecture, those pieces are coded ahead of time with the developer. So it's really about partnering between it and development, shifting left to have a more collaboration versus throwing things over the fence and playing the blame game, which is what happens a lot in the early days IT. >> Yeah, and you get a smarter team out of it, great point. That's great insight. Thanks for sharing that. I think it's super relevant. That's the hot trend right now making dealers more productive, building security from the beginning. While they're doing it code it right in, make it a security proof if you will. I got to ask you one of the organizational questions as IBM leader. What are some of the roadblocks that you see in organizations that when they embrace AIOps, are trying to embrace AI ops are trying to scale it and how they can overcome those blockers. What are some of the things you're seeing that you could share with other folks that are maybe watching and trying to solve this problem? >> Yeah, so you know, AI in any industry or discipline is only as good as the data you feed it. AI is about learning from past trends and creating a normal baseline for what is normal in your environment. What is most optimal in your environment this being your enterprise application running in steady state. And so if you think back to the healthcare example, if we only have five or six pieces of patient data that we feed the AI, then the AI recommendation to the doctor is going to be pretty limited. We need a broad set of use cases across a wide demographic of people in the healthcare example, it's the same with IT, applying AI to IT. You need a broad set of data. So one of the roadblocks that we hear from many customers is, well I using an analytics tool already and I'm not really getting a lot of good recommendations or automation out of that analytics tool. And we often find it's because they're pulling data from one source, likely they're pulling data from performance metrics, performance of what's happening with the infrastructure, CPU utilization or memory utilization, storage utilization. And those are all good metrics, but without the context of everything else in your environment, without pulling in data from what's happening in your logs, pulling in data from unstructured data, from things like collaboration tools, what are your team saying? What are the customers saying about the experience with your application? You have to pull in many different data sets across IT and the business in order to make that AI recommendation the most useful. And so we recommend a more holistic true AI platform versus a very segregated data approach to applying and eating the analytics or AI engine. >> That's awesome, it's like a masterclass right there. Robin, great stuff. Great insight. We'll quickly wrap. I would love to you to take a quick minute to explain and share what are some of the use cases to get started and really get into AIOps system successes for people that want to explore more, dig in, and get into this fast, what are some use case, what's some low hanging fruit? What would you share? >> Yeah, we know that IT teams like to see results and they hate black boxes. They like to see into everything that's happening and understand deeply. And so this is one of our major focus areas as we do. We say, we're making AI purposeful for IT teams but some of the low hanging fruits, we have visions. And lots of our enterprise customers have visions of applying AI to everything from a customer experience of the application, costs management of the application and infrastructure in many different aspects. But some of the low hanging fruit is really expanding the availability and the service level agreements of your applications. So many people will say, you know I have a 93% uptime availability or an agreement with my business that this application will be up 93% of the time. Applying AI, we can increase those numbers to 99.9% of the time because it learns from past problems and it creates that baseline of what's normal in your environment. And then we'll tell you before an application outage occurs. So avoiding application outages, and then improving performance, recommendations and scalability. What's the number of users coming in versus your normal scale rate and automating that scalability. So, performance improvements and scalability is another low-hanging fruit area where many IT teams are starting. >> Yeah, I mean, why wouldn't you want to have the AIOps? They're totally cool, very relevant. You know, you're seeing hybrid cloud, standardized all across business. You've got to have that data and you got to have that incident management work there. Robin, great insight. Thank you for sharing. Robin Hernandez, vice president of Hybrid Cloud Management in Watson AIOps. Thanks for coming on theCUBE. >> Thank you so much for having me John. >> Okay, this theCUBE's coverage of IBM Think 2021. I'm John Furrier your host. Thanks for watching. (bright upbeat music)

(bright upbeat music) >> Narrator: From around the globe. It's theCUBE with digital coverage of IBM Think 2021. Brought to you by IBM. >> Welcome back everyone to theCUBE's coverage of IBM Think 2021 virtual, I'm John Furrier, your host. I've got a great guest here Robin Hernandez, vice president Hybrid Cloud Management and Watson AIOps. Robin, great to see you. Thanks for coming on theCUBE. >> Thanks so much for having me, John. >> You know, Hybrid Cloud, the CEO of IBM Arvind loves Cloud. We know that we've talked to him all the time about it. And Cloud is now part of the entire DNA of the company. Hybrid Cloud is validated multi clouds around the corner. This is the underlying pinnings of the new operating system of business. And with that, that's massive change that we've seen IT move to large scale. You're seeing transformation, driving innovation, driving scale, and AI is the center of it. So AIOps is a huge topic. I want to jump right into it. Can you just tell me about your day to day IT operations teams what you guys are doing? How are you guys organized? How you guys bring in value to the customers? What are your teams responsible for? >> Yeah, so for a few years we've been working with our IT customers, our enterprise customers in this transformation that they're going through. As they move more workloads to cloud, and they still have some of their workloads on premise, or they have a strategy of using multiple public clouds, each of those cloud vendors have different tools. And so they're forced with, how do I keep up with the changing rate and pace of this technology? How do I build skills on a particular public cloud vendor when, you know, maybe six months from now we'll have another cloud vendor that will be introduced or another technology that will be introduced. And it's almost impossible for an it team to keep up with the rate and pace of the change. So we've really been working with IT operations in transforming their processes and their skills within their teams and that looking at what tools do they use to move to this cloud operations model. And then as part of that, how do they leverage the benefits of AI and make that practical and purposeful in this new mode of cloud operations >> And the trend that's been booming is this idea of a site reliability engineer. It's really an IT operations role. It's become kind of a new mix between engineering and IT and development. I mean, classic DevOps, we've seen, you know dev and ops, right? You got to operate the developers and the software modern apps are coming in that's infrastructure as course has been around for a while. But now as the materialization of things like Kubernetes and microservices, people are programming the infrastructure. And so the scale is there, and that's been around for a while. Now it's going to go to a whole enterprise level with containers and other things. How is the site reliability engineering persona if you will, or ITOps changed specifically because that's where the action is. And that's where you hear things like observability and I need more data, break down the silos. What's this all about? What's your view? >> Yeah, so site reliability engineering or SRE practices as we call it has really not changed the processes to say that it has to do, but it's more accelerated at an enormous rate and pace. Those processes and the tools as you mentioned, the cloud native tools like Kubernetes have accelerated how those processes are executed. Everything from releasing new code and how they work with development to actually code the infrastructure and the policies in that development process to maintaining and observing over the life cycle of an application, the performance, the availability, the response time, and the customer experience. All of those processes that used to happen in silos with separate teams and sort of a waterfall approach, with SRA practices now, they're happening instantaneously. They're being scaled out. They're being... Failback is happening much more quickly so that applications didn't do not have outages. And the rate and pace of this has just accelerated so quickly. This is the transformation of what we call cloud operations. And we believe that as IT teams work more closely with developers and they moved towards this SRE model, that they cannot just do this with their personnel and changing skills and changing tools. They have to do this with modernized tools like AI. And this is where we are recommending applying AI to those processes so that you can then get automation out of the back end that you would not think about in a traditional IT operations, or even in an SRE practice. You have to leverage capabilities and new technologies like AI to even accelerate further. >> Let's unpack the AI operations piece because I think that's where I think I'm in hearing. I'd love you to clarify this because it becomes I think the key important point but also kind of confusing to some folks because IT operations people see that changing. You just pointed out why, honestly, the tools and the culture is changing, but AI becomes a scale point because of the automation piece you mentioned. How does that thread together? How does AIOps specifically change the customer's approach in terms of how they work with their teams and how that automation is being applied? 'Cause I think that's the key thread, right? 'Cause everyone kind of gets the cultural shifts and the tools, if they're not living it and putting it in place, but now they want to scale it. That's where automation comes in. Is that right? Is that the right way to think about it? What's your view on this? This is important. >> It's absolutely right. And I always like to talk about AI in other industries before we apply it to IT to help IT understand. Because a lot of times, IT looks at AI as a buzzword and they say, "Oh, you know, yes, sure. "This is going to help me." But if you think about... We've been doing AI for a long time at many different companies not just at IBM, but if you think about the other industries where we've applied it, healthcare in particular is so tangible for most people, right? It didn't replace a doctor but it helps a doctor see the things that would take them weeks and months of studying and analyzing different patients to say, "Hey, John, I think this may be a symptom "that we overlooked or didn't think about "or a diagnosis that we didn't think about," without manually looking at all this research. AI can accelerate that so rapidly for a doctor, the same notion for IT. If we apply AI properly to IT, we can accelerate things like remediating incidents or finding a performance problem that may take your eye months or weeks or even hours to find, AI applied properly find those issues and diagnose just like they could in healthcare it diagnoses issues correctly much more rapidly. >> Now again, I want to get your thoughts on something while you're here 'cause you've been in the business for many, many decades 20 years experience, you know, cloud cold, you know the new modern area you're managing it now. Clients are having a scenario where they, "Okay, I'm changing over the culture." I'm "Okay, I got some cloud, I got some public "and I got some hybrid and man, "we did some agile things. "We're provisioned, it's all done. "It's out there." And all of a sudden someone adds something new and it crashes (chuckles) And now I've got to get in, "Where's the risks? where's the security holes?" They're seeing this kind of day two operations as some people call, another buzz word but it's becoming more of, "Okay, we got it up and running "but we still now going to still push some code "and things are starting to break. "and that's net new thing." So it's kind of like they're out of their comfort zone. This is where I kind of see the AIOps evolving quickly because there's kind of a DevSecOps piece. There's also data involved, observability. How do you talk to that scenario? Where, okay, you sold me on cloud, I've been doing it. I did some projects. We're not been running. We got a production system and we added something new. Something maybe trivial and it breaks stuff? >> Yes. Yeah, so with the new cloud operations and SRE, the IT teams are much more responsible for business outcomes. And not just as you say, the application being deployed and the application being available, but the life cycle of that application and the results that it's bringing to the end users and the business. And what this means is that it needs to partner much more closely with development. And it is hard for them to keep up with the tools that are being used and the new code and the architectures of microservices that developers are using. So we like to apply AI on what we call the change risk management process. And so everyone's familiar with change management that means a new piece of code is being released. You have to maintain where that code is being released to was part of the application architecture and make sure that it's scaled out and rolled out properly within your enterprise policies. When we apply AI, we then apply what we call a risk factor to that change because we know so often, application outages occur not something new within the environment. So by applying AI, we can then give you a risk rating that says, "There's an 80% probability "that this change that you're about to roll out, "a code change is going to cause a problem "in this application." So it allows you to then go back and work with the development team and say, "Hey, how do we reduce this risk?" Or decide to take that calculated risk and put into the visibility of where those risks may occur. So this is a great example, change risk management of how applying AI can make you more intelligent in your decisions much more tied to the business and tied to the application release team. >> That's awesome. Well, I got you here on this point of change management. The term "Shift Left" has come up a lot in the industry. I'd love to get your quick definition of what that is in your mind. What does Shift Left mean for Ops teams with AIOps? >> Yeah, so in the early days of IT there was a hard line definitely between your development and IT team. It was kind of we always said throwing it over the fence, right? The developers would throw the code over the fence and say, good luck IT, you know, figure out how to deploy it where it needs to be deployed and cross your fingers that nothing bad happens. Well, Shift Left is really about a breaking down that fence. And if you think of your developers on your left-hand side you'd being the IT team, it's really shifting more towards that development team and getting involved in that code release process, getting involved in their CI/CD pipeline to make sure that all of your enterprise policies and what that code needs to run effectively in your enterprise application and architecture, those pieces are coded ahead of time with the developer. So it's really about partnering between it and development, shifting left to have a more collaboration versus throwing things over the fence and playing the blame game, which is what happens a lot in the early days IT. >> Yeah, and you get a smarter team out of it, great point. That's great insight. Thanks for sharing that. I think it's super relevant. That's the hot trend right now making dealers more productive, building security from the beginning. While they're doing it code it right in, make it a security proof if you will. I got to ask you one of the organizational questions as IBM leader. What are some of the roadblocks that you see in organizations that when they embrace AIOps, are trying to embrace AI ops are trying to scale it and how they can overcome those blockers. What are some of the things you're seeing that you could share with other folks that are maybe watching and trying to solve this problem? >> Yeah, so you know, AI in any industry or discipline is only as good as the data you feed it. AI is about learning from past trends and creating a normal baseline for what is normal in your environment. What is most optimal in your environment this being your enterprise application running in steady state. And so if you think back to the healthcare example, if we only have five or six pieces of patient data that we feed the AI, then the AI recommendation to the doctor is going to be pretty limited. We need a broad set of use cases across a wide demographic of people in the healthcare example, it's the same with IT, applying AI to IT. You need a broad set of data. So one of the roadblocks that we hear from many customers is, well I using an analytics tool already and I'm not really getting a lot of good recommendations or automation out of that analytics tool. And we often find it's because they're pulling data from one source, likely they're pulling data from performance metrics, performance of what's happening with the infrastructure, CPU utilization or memory utilization, storage utilization. And those are all good metrics, but without the context of everything else in your environment, without pulling in data from what's happening in your logs, pulling in data from unstructured data, from things like collaboration tools, what are your team saying? What are the customers saying about the experience with your application? You have to pull in many different data sets across IT and the business in order to make that AI recommendation the most useful. And so we recommend a more holistic true AI platform versus a very segregated data approach to applying and eating the analytics or AI engine. >> That's awesome, it's like a masterclass right there. Robin, great stuff. Great insight. We'll quickly wrap. I would love to you to take a quick minute to explain and share what are some of the use cases to get started and really get into AIOps system successes for people that want to explore more, dig in, and get into this fast, what are some use case, what's some low hanging fruit? What would you share? >> Yeah, we know that IT teams like to see results and they hate black boxes. They like to see into everything that's happening and understand deeply. And so this is one of our major focus areas as we do. We say, we're making AI purposeful for IT teams but some of the low hanging fruits, we have visions. And lots of our enterprise customers have visions of applying AI to everything from a customer experience of the application, costs management of the application and infrastructure in many different aspects. But some of the low hanging fruit is really expanding the availability and the service level agreements of your applications. So many people will say, you know I have a 93% uptime availability or an agreement with my business that this application will be up 93% of the time. Applying AI, we can increase those numbers to 99.9% of the time because it learns from past problems and it creates that baseline of what's normal in your environment. And then we'll tell you before an application outage occurs. So avoiding application outages, and then improving performance, recommendations and scalability. What's the number of users coming in versus your normal scale rate and automating that scalability. So, performance improvements and scalability is another low-hanging fruit area where many IT teams are starting. >> Yeah, I mean, why wouldn't you want to have the AIOps? They're totally cool, very relevant. You know, you're seeing hybrid cloud, standardized all across business. You've got to have that data and you got to have that incident management work there. Robin, great insight. Thank you for sharing. Robin Hernandez, vice president of Hybrid Cloud Management in Watson AIOps. Thanks for coming on theCUBE. >> Thank you so much for having me John. >> Okay, this theCUBE's coverage of IBM Think 2021. I'm John Furrier your host. Thanks for watching. (bright upbeat music)

>>from around the globe. It's the Cube with digital coverage of AWS reinvent 2020 sponsored by Intel, AWS and our community partners. >>Welcome to the cubes coverage of AWS reinvent 2020. The digital version I'm Lisa Martin and I have a couple of Cuba alumni joining me from Wien. We've got Danny Allen. It's C T O and S VP of product strategy And Dave Russell, VP of Enterprise Strategy, is here as well. Danny and a Welcome back to the Cube. >>Hi, Lisa. Great to be here. >>Hey, Lisa. Great to be here. Love talking with this audience >>It and thankfully, because of technologies like this in the zoom, were still able to engage with that audience, even though we would all be gearing up to be Go spending five days in Vegas with what 47,000 of our closest friends across, you know, and walking a lot. But I wanted Thio. Danny, start with you and you guys had them on virtually this summer. That's an event known for its energy. Talk to me about some of the things that you guys announced there. And how are your customers doing with this rapid change toe? work from home and this massive amount of uncertainty. >>Well, certainly no one would have predicted this the beginning of the year. There has been such transformation. There was a statement made earlier this year that we've gone through two years of transformation in just two months, and I would say that is definitely true. If you look both internally and bean our workforce, we have 4400 employees all of a sudden, 3000 of them that had been going into the office or working from home. And that is true of our customer base as well. There's a lot of remote, uh, remote employ, mental remote working, and so that has. You would think it would have impact on the digital systems. But what it's done is it's accelerated the transformation that organizations were going through, and that's been good in a number of different aspects. One certainly cloud adoption of clouds picked up things like Microsoft teams and collaboration software is certainly picked up, so it's certainly been a challenging year on many fronts. But on the on the other hand, it's also been very beneficial for us as well. >>Yeah, I've talked to so many folks in the last few months. There's silver linings everywhere. There's opportunity everywhere. But give our audience standing an overview of who them is, what you do and how you help customers secure their data. >>Sure, so VM has been in the backup businesses. What I'll say We started right around when virtualization was taking off a little before AWS and you see two left computing services on DWI would do back up a virtual environments. You know, over the last decade, we have grown into a $1 billion company doing backup solutions that enable cloud data management. What do you mean by that? Is we do backup of all kinds of different infrastructures, from virtual to cloud based Assad's based to physical systems, You name it. And then when we ingest that data, what we do is we begin to manage it. So an example of this is we have 400,000 customers, they're going back up on premises. And one of the things that we've seen this year is this massive push of that backup data into S three into the public cloud and s. So this is something that we help our customers with as they go through this transformation. >>And so you've got a team for a ws Cloud native solution. Talk to me a little bit about that. And how does that allow business is to get that centralized view of virtual physical SAS applications? >>Yeah, I think it all starts with architecture er and fundamentally beams, architectures. ER is based upon having a portable data format that self describing. So what >>does >>that mean? That means it reduces the friction from moving data that might have been born on premises to later being Stan Shih ated in, say, the AWS cloud. Or you can also imagine now new workloads being born in the cloud, especially towards the middle and end of this year. A lot of us we couldn't get into our data center. We had to do everything remotely. So we had to try to keep those lights on operationally. But we also had to begin to lift and shift and accelerate your point about silver linings. You know, if there is a silver lining, the very prepared really benefited. And I think those that were maybe a little more laggards they caught up pretty quickly. >>Well, that's good to hear stick big sticking with you. I'd love to get your perspectives on I t challenges in the last nine months in particular, what things have changed, what remains the same. And where is back up as a priority for the the I T folks and really the business folks, too? >>Yeah, I almost want to start with that last piece. Where? Where's backup? So back up? Obviously well understood as a concept, it's well funded. I mean, almost everybody in their right mind has a backup product, especially for critical data. But yet that all sounds very much the same. What's very, very different, though? Where are those workloads? Where do they need to be going forward? What are the service level agreements? Meaning that access times required for those workloads? And while we're arguably transitioning from certain types of applications to new applications, the vast majority of us are dead in the middle of that. So we've got to be able to embrace the new while also anchoring back to the past. >>Yeah, I'm not so easily sudden, done professionally or personally, Danny, I'd love to get your perspective on how your customer conversations have changed. You know, we're executives like you, both of you are so used to getting on planes and flying around and being able Thio, engage with your customers, especially events like Vermont, and reinvent What's the change been like? And from a business perspective, are you having more conversations at that business? Little as the end of the day. If you can't recover the data, that's the whole point, right? >>Yeah, it is. I would say the conversations really have four sentiments to them. The first is always starts with the pandemic and the impact of the pandemic on the business. The second from there is it talks about resource. We talked about resource management. That's resource management, both from a cost perspective. Customers trying to shift the costs from Capex models typically on premises into Op X cloud consumption models and also resource management as well. There's the shift from customers who are used to doing business one way, and they're trying to shift the resources to make it effective in a new and better way. I'd say the third conversation actually pivots from there to things like security and governance. One of the interesting things this year we've seen a lot of is ransomware and malware and attacks, especially because the attack surface has increased with people working from home. There is more opportunity for organizations to be challenged, and then, lastly, always pivots where it ends up his digital transformation. How do I get from where I used to be to where I want to be? >>Yeah, the ransomware increase has been quite substantial. I've seen a number of big. Of course you never want to be. The brand garment was head Carnival Cruise Line. I think canon cameras as well and you're talking about you know you're right, Danny. The attacks are toe surfaces, expanding. Um, you know, with unprotected cloud databases. I think that was the Facebook Tic Tac Instagram pack. And so it's and also is getting more personal, which we have more people from home, more distractions. And that's a big challenge that organizations need to be prepared for, because, really, it's not a matter of are we going to get a hit? But it's It's when, and we need to make sure that we have that resiliency. They've talked to us about how them enables customers toe have that resiliency. >>Yeah, you know, it's a multilayered approach like you know, any good defensive mechanism. It's not one thing it's trying to do all of the right things in advance, meaning passwords and perimeter security and, ideally, virtual private networks. But to your point, some of those things can fail, especially as we're all working remotely, and there's more dependence on now. Suddenly, perhaps not so. I t sophisticated people, too. Now do the right things on a daily basis and your point about how personal is getting. If we're all getting emails about, click on this for helpful information on the pandemic, you know there's the likelihood of this goes up. So in addition to try and do good things ahead of time, we've got some early warning detection capabilities. We can alert that something looks suspicious or a novelist, and bare bears out better investigation to confirm that. But ultimately, the couple of things that we do, they're very interesting and unique to beam are we can lock down copy of the backup data so that even internal employees, even somewhat at Amazon, can't go. If it's marked immutable and destroy it, remove it, alter it in any way before it's due to be modified or deleted, erased in any way. But one of the ones I'm most excited about is we can actually recover from an old backup and now introduce updated virus signatures to ensure we don't reintroduced Day zero threats into production environment. >>Is it across all workloads, physical virtual things like, you know, Microsoft or 65 slack talked about those collaboration tools that immune ability, >>so immune ability. We're expanding out into multiple platforms today. We've got it on on premises object storage through a variety of different partners. Actually, a couple dozen different partners now, and we have something very unique with AWS s three object lock that we you can really lock down that data and ensure that can't be compromised. >>That's excellent, Danny, over to you in terms of cloud adoption, you both talked about this acceleration of digital business transformation that we've all seen. I think everyone has whiplash from that and that this adoption of cloud has increased. We've seen a lot of that is being a facilitator like, are you working with clients who are sort of, you know, maybe Dave at that point you talked about in the beginning, like kind of on that on that. Bring in the beginning and we've got to transform. We've got to go to the cloud. How do you kind of help? Maybe facilitate their adoption of public health services like AWS with the technologies that the off first? >>Yeah, I'd say it's really two things everyone wants to say, Hey, we're disrupting the market. We're changing everything about the world around us. You should come with us. Being actually is a very different approach to this one is we provide stability through the disruption around you. So as your business is changing and evolving and you're going through digital transformation, we can give you the stability through that and not only the stability through that change, but we can help in that change. And what I mean by that is if you have a customer who's been on premises and running the workloads on premises for a long while, and maybe they've been sending their backups and deaths three and flagging that impute ability. But maybe now they want to actually migrate the workloads into E. C to weaken. Do that. It's a It's a three step three clicks and workflow to hit a button and say send it up into Easy to. And then once it's in AWS, we can protect the workload when it's there. So we don't just give the stability in this changing environment around us. But we actually help customers go through that transformation and help them move the workloads to the most appropriate business location for them. >>And how does that Danny contending with you from a cost optimization perspective? Of course, we always talk about cost as a factor. Um, I'm going to the cloud. How does that a facilitator of, like, being able to move some of those workloads like attitude that you talked about? Is that a facilitator of cost optimization? Lower tco? I would imagine at some point Yes, >>Yes, it is. So I have this saying the cloud is not a charity right there later in margin, and often people don't understand necessarily what it's going to cost them. So one of the fundamental things that we've had in being back up for a W s since the very beginning since version one is we give cost forecasting and it's not just a rudimentary cost forecasting. We look at the storage we looked compute. We looked at the networking. We look at what all of the different factors that go into a policy, and we will tell them in advance what it's going to cost. That way you don't end up in a position where you're paying a lot more than you expected to pay. And so giving that transparency, giving the the visibility into what the costs of the cloud migration and adoption are going to be is a critical motivator for customers actually to use our software. >>Awesome. And Dave, I'm curious if we look at some of the things trends wise that have gone on, what are you seeing? I t folks in terms of work from home, the remote workers, but I am imagine they're getting their hands on this. But do you expect that a good amount of certain types of folks from industries won't go back into the office because I ts realizing, like more cost optimization? Zor Hey, we don't need to be on site because we can leverage cloud capabilities. >>Yeah, I think it works, actually, in both directions least, I think we'll see employees continue to work remotely, so the notion of skyscrapers being filled with tens of thousands of people, you know, knowledge workers, as they were once called back in the day. That may not come to pass at least any time soon. But conversely to your point everybody getting back into the data center, you know, from a business perspective, the vast majorities of CEO so they don't wanna be in the real estate business. They don't wanna be in the brick and mortar and the power cooling the facilities business. So >>that was >>a trend that was already directionally happening. And just as an accelerant, I think 2000 and 20 and probably 2021 at least the first half just continues that trend. >>Yeah, Silicon Valley is a bit lonely. The freeways there certainly emptier, which is one thing. But it is. It's one of those things that you think you could be now granted folks that worked from home regardless of the functions they were in before. It's not the same. I think we all know that it's not the same working from home during a pandemic when there's just so much more going on. But at the same time, I think businesses are realizing where they can actually get more cost optimization. Since you point not wanting to manage real estate, big data centers, things like that, that may be a ah, positive spin on what this situation has demonstrated. Daddy Last question to you. I always loved it to hear about successful customers. Talk to me about one of your favorite reference customers that really just articulates beams value, especially in this time of helping customers with so many pivots. >>Well, the whole concept of digital transformation is clearly coming to the forefront with the pandemic. And so one of my favorite customers, for example, ducks unlimited up in Canada. They have i ot sensors where they're collecting data about about climate information. They put it into a repository and they keep it for 60 years. Why 60 years? Because who knows? Over the next 60 years, when these sensors in the data they're collecting may be able to solve problems like climate change. But if you >>look at it >>a broader sense, take that same concept of collection of data. I think we're in a fantastic period right now where things like Callum medicine. Um, in the past, >>it was >>kind of in a slow roll remote education and training was on kind of a slow roll. Climate change. Slow roll. Um, but now the pandemics accelerating. Ah, lot of that. Another customer, Royal Dutch Shell, for example. Traditionally in the oil and petrochemical industry, their now taking the data that they have, they're going through this transformation faster than ever before and saying, How do I move to sustainable energy? And so a lot of people look at 2020 and say, I want how does this year? Or, you know, this is not the transformation I want. I actually take the reverse of that. The customers that we have right now are taking the data sets that they have, and they're actually optimizing for a more sustainable future, a better future for us and for our Children. And I think that's a fantastic thing, and being obviously helps in that transformation. >>That's excellent. And I agree with you, Danny, you know, the necessity is the mother of invention. And sometimes when all of these challenges air exposed, it's hard right away to see what are the what are the positives right? What are the opportunities? But from a business perspective is you guys were talking about the beginning of our segment, you know, in the beginning was keeping the lights on. Well, now we've got to get from keeping the lights on, too. Surviving to pivoting well to thriving. So that hopefully 2021 this is good as everybody hopes it's going to be. Right, Dave? >>Yeah, absolutely. It's all data driven and you're right. We have to move from keep the lights up on going the operational aspect to growing the business in new ways and ideally transforming the business in new ways. And you can see we hit on digital transformation a number of times. Why? Because its data driven, Why do we intercept that with being well? Because if it's important to you, it's probably backed up and held for long term safekeeping. So we want to be able to better leverage the data like Danny mentioned with Ducks Unlimited. >>And of course, as we know, data volumes are only growing. So next time you're on day, you have to play us out with one of your guitars. Deal >>definitely, definitely will. >>Excellent for Dave Russell and Danny Allen. I'm Lisa Martin. Guys, thank you so much for joining. You're watching the Cube

>> Narrator: Live from San Francisco. It's theCUBE. Covering RSA conference 2020 San Francisco. Brought to you by SiliconANGLE Media. (upbeat music) >> Hey, welcome back, everybody. Jeff Rick here with theCUBE. We're at RSA 2020, Moscone and beautiful San Francisco's day four I think Thursday already. This is a crazy conference Monday, Tuesday, Wednesday, Thursday, and Friday. I don't think we'll be here for tomorrow. It's been a pretty full slate. As it is, we're excited to have our next guest. She is Rose Ross, the founder and chief trailblazer, for Tech Trailblazers. Rose. Great to meet you. >> It's great to be here too. >> Absolutely. So what are the Tech Trailblazers? >> So the Tech Trailblazers are an awards lead platform, which recognizes the creme de la creme of the enterprise Tech startup landscape. >> Jeff: Okay. >> So we cover the categories from AI through to storage, but obviously security is a big part of that and we find that security and cloud are usually our most popular awards to be entered into. >> Okay, and I assume you're, really recognizing the individuals more than the companies, >> We do both. >> Or is it more of the companies? You do both. >> We do the Tech category so they can compare like for like apples with apples, pears with pears, security startups with security startups. And then we also acknowledge and recognize some of the key players in those startups. So we have a female trailblazers and a male trailblazer each year . >> Okay, and how long have you been doing this? >> This is our eighth edition. >> The eighth edition. >> Started for a while. 2012 was our first outing. >> Okay, And you said you just gave out this year's Awards on Monday? >> That's right. We announced it. Yeah, day one of RSA. >> Right, so give us some of the highlights. Who were some of the special people that you called out this year? >> Some of the special people, I actually sat down with one of the special people just now interviewed CEO of Shift-left who is our security trailblazer this year. Manish Gupta and yeah, we spent some time chatting about his journey and his challenges and his successes. And finding out more about the technology itself. So. >> And so what are the criteria to win? >> So we kind of look at a number of elements. We have an independent body of judges who are from the analyst community, from the blogger community from industry itself. So we have CSOs, CIOs, and just people who understand the Technology really, at both the technical level and what is needed by the marketplace. So we look at a number of things. One is obviously innovation. If you're looking at the startup world, you want to look at people who are bringing new and exciting things that are needed by companies, to either secure them or store their data or analyze their data. But we also look at how they're doing in the market. So, we'll be looking at what their go to market strategy is, how they're engaging with the end user community, that type of stuff. >> Okay. And at what stage in their growth are they generally you know, kind of coming into your radar? >> So we sort of do the cutoff for a start up as being having not celebrated their sixth birthday yet. >> Six birthday okay. >> Right, so and have not gone beyond Series C funding. >> Okay. >> So you wanted to keep it on the the newer end of the startup spectrum. We also have a special award for those that have not received any VC funding whatsoever. So they're either growing organically or privately funded. That could be seed capital, you know, crowdfunding, whatever that might be. And they have to be two years or younger, and they are all fire starters. >> And those are fire starters. So those are probably it's just really a function of life, 'cause I would imagine the vast majority of the companies that you recognize, eventually get VC funding if you're playing in this crazy technology space. >> It certainly helps to get to where you want to go. Accelerate, put a bit more fuel in the tank. >> So you also announced in your press release the incredible amount of money (laughs) your award winners have raised over time. Do you tell us a little bit more about that? >> Well, yeah, with RSA this week, we thought it'd be a great time to reflect back on what our security trailblazers had done over these eight editions. And obviously, it's a little bit early for expecting additional fundraising from Shift-left, 'cause they literally got the award on Monday. >> Great. >> But hopefully, if you look at the history of it all, we look at the people who've received the accolade over the last eight editions, nearly all of them have been within their first two years. Most of them have done at least one round of funding, but have usually gone on to do another significant round of funding within 12 months of having one, we'd love to take all the credit for that, but I think you really need to put that on the team. >> Jeff: Right. >> And acquisitions have also been quite prevalent. So we looked at the numbers just before RSA, and it was 72 722 million of the disclosed raised, and just in the security, >> Right. >> Space. Unfortunately, or very fortunately for one of our winners, ZeroFOX, they just peeped in with raising 74 million last Friday, which we didn't include. So if we put the undisclosed it would definitely over 800 million now. So well done to the ZeroFOX guys. >> Right, so how did you get involved in this? >> It was an idea that I had. My my other life is a Tech PR person. And we were working on a campaign for a show somewhat like RSA in the UK. And we thought it would be a great idea to run a startup competition to highlight some new entrants to the market. Unfortunately, they didn't think it was a fit for what they wanted to do, but it was such a compelling idea. I've worked with startups all my life and one of the challenges was always with them, particularly in the early stages to get recognition and to get coverage. So we thought we can do something about this. And I thought, well, nobody's going to listen to a PR person. They aren't interested in what I think. I'm not an expert on who's great in this space. So I spoke to Joe Bagley, who's the CTO of Amir for VMware, who's somebody I've worked with a lot over the years. And I said, Look, Joe, if I run something like this, would you come on board as a judge? And he said, Absolutely, I think it's a brilliant idea. And luckily, many other amazing judges has followed in his footsteps. So it's thanks to them, so. >> How many judges are there? >> We have around 40. I mean, we have a number of what a number of categories. So we want a specialist in those areas. Some cover multiple light cloud and security or Cloud and Storage. But obviously, when you look at AI and blockchain and all these other categories, you need people who really understand that space. >> And what's the process kind of how big is the top of the funnel when he started? And then how do you kind of whittle it down to the end when you said 1212 categories, so 12 winners per year about? >> Yeah. So we started off as obviously people enter usually through their PR team or their marketing team, or pull together the information that we request, which is quite a lengthy process, it's a big commitment of time. But not huge, but we do want to get to a certain amount of detail, to make a decision and give the judges something to work with. Then for that period, we then put out the judges to create the shortlist. So they will come back they will score on a number of elements, which are things like innovation and the maturity of the technology, then go to market attractiveness and their own personal view of how exciting and it is intuitive and how trailblazing it actually is. >> Right. >> Then we put it out to a public vote, but also the judges then take the shortlist and take another look at everybody. >> And it gets a public vote too? >> Yes, it does. >> It so does. Do the judges ever meet with the the nominees or is it all done based on the application the application packet that you put together and any other independent information they find on their own? >> Well, we still would encourage. I know the judges do like to reach out to people. And I know that obviously there are relationships because of the nature of the types of judges. >> Jeff: Sure. >> Obviously, we've got people in industry within the vendor community, analysts and bloggers, so they will have people that they know. So I always encourage people, if they say, you know, what would you do? I said, Well, if I was you, I would also reach out to the judges in your area, and just make them aware of who you are. And if they have other questions that they should you know, set up a briefing or something. >> Right. So it's really interesting concept to get the pub into the startup world because it's really, as you know, being in PR, you know, it's really hard to get elevated above the noise, if you will. And you know, we're sitting here surrounded by I don't even know how many thousands of vendors are in this hall. >> The early stage has 51 just as a starter. >> 51 in the early stage expo. >> Yes. >> Which hall is that? >> It's up on the second floor. >> On the second floor. Then there's little like corners of cubbies have of not even 10 by 10s. But you know the kind of the classic kiosks. So, when you're talking to two small companies, regardless of whether they go for the word, what do you tell them as a PR pro? What do you tell them as someone who's, you know, kind of seeing the challenges of trying to raise your profile as a small company? Do you stick to your knitting? Do you in a try to get a high profile? When you know, what are some of the tips and tricks that help little companies rise above the den, if you will, in this great space. >> Validation is always very important. Talk to the influencers in your space, talk to the analysts in your space, the bloggers in your space, and get that feedback and integrate it into your plan of how you create your message. And I think that's one of the hard things, a lot of startups particularly in the technology space, particularly enterprise Tech, they really in the weeds with what's amazing about their products and why they put it together. But you really have to put that into very simple terms. >> Jeff: Right. >> I mean, if you look at someone like RSA, we have got, you know, a lot of buzzwords kicking around here. You do have to try and put that into the deeds and requirements of the end user community. That's always got to be your lens on things >> Right. >> really. >> And you also you always have the vendor viability issues, you know, with your top and even if your Tech relatively inexpensive, maybe as a PLC or this or that, it still takes an investment from your potential customers to put it in and take that risk. And, you know, that's a much bigger hurdle to overcome often than simply the pricing or the structure of the deal. Not a easy, not an easy path. >> It has to be a partnership. I mean, one of the things we were advocating a couple years ago is that the bigger organizations really should have somebody who has a role of being a Chief Collaboration Officer for those smaller companies to engage with them. Because even the procurement process can obviously kill you. >> A little kill a little company, right? Even the pre sales, just having meetings and meetings and meetings and meetings and meetings and meetings to talk about the meetings that you're going to have to maybe eventually (laughs) get to somebody who can make a decision. >> Yeah, Its tough. >> Very cool. >> So, any kind of significant changes in the programme over time? Are you pretty much at the same place you were eight years ago? Or do you see this expanding into different categories? How do you see, you know, kind of the evolution of the Trailblazer? >> Well, we like to review everything and we listened to our judges, we listened to people in the marketplace. I mean, I had a great meeting yesterday with somebody in banking, who works with an awful lot of startups. And there is some really good news coming through that. The enterprise Tech VC community, there's a lot more of an appetite. They're starting to see the value more and more of investing in that type of longer longer term, because you can actually scale beyond where you can do sometimes with a consumer Technology. >> Right >> The potential unicorn sometimes don't quite make it. Those horses aren't always that reliable in the race. >> (laughs) Sometimes too much money is not a good thing that is for sure. >> Yeah. >> Or is good for you? It's a great way I know, I think the kind of the award format is a great way to shine a little bit of extra light on some of these companies that are really struggling to get noticed. It's a really difficult process for a startup, especially in such a deep Technology field. Something is so mission critical that people it's just not that easy for people to give you a try and give you a trial. Takes a lot of investment. So good work and look forward >> Thank you. to continuing to see the winners, raise lots of money and have success. >> Right, absolutely. Thank you, Jeff. >> All right Rose thanks again. She's Rose, I'm Jeff. You're watching theCUBE. We're at RSA 2020. Thanks for watching, we'll see you next time. (upbeat music)

>> Narrator: From San Francisco, it's theCUBE covering Samsung Developer Conference 2017. Brought to you by Samsung. >> Welcome back everyone. Live here in San Francisco at Moscone West is the exclusive coverage from theCUBE SiliconANGLE Media of the SDC 2017. I'm John Furrier the co-founder of SiliconANGLE Media and the co-host of theCUBE. My next guest is Amy Jo Kim who is the CEO of Shufflebrain. It's the parent company of gamethinking.io, a variety of other projects, and expert in the convergence of design, gaming, computer science, and et cetera. Welcome to theCUBE. >> It's a pleasure to be here. >> Thanks for coming on. Obviously we've been seeing the trend, the convergence trend for a while certainly in the tech industry. Computer science and social science coming together, that was our motto when we started our company eight years ago. But really to me the flashpoint was Steve Jobs had the technology-liberal arts crossroads. That really kind of spawned the beginning of a creative generation start thinking about the devices, how it all intersects, and not the pure play handheld. So gamers here at Samsung Development Conference and developers bring game mechanics in. That's communities, gamification, games themselves, user interface. What's your reaction to all this? You've designed a great bunch of interfaces. >> I'm, I think it's fantastic. I think what we're seeing is really a flashpoint that has several trends converging. One of the trends we have is developers, the folks here, you know are right here at this wonderful conference, they've grown up with games. They're familiar with the lexicon of games, with how games work. And so it's very natural for them when they start to build their own apps and say what will make this engaging to turn to games and look for inspiration in games? So that's been going on for a while and it's accelerating. We're also seeing that mobile technology, mobile phones, have become so ubiquitous that most of the traffic coming in on many people's experiences 70%, I recently ran a promotion for Shufflebrain, 70% of our traffic was mobile total traffic. So the ubiquity of mobile phones means that everybody's got a potential gaming machine or a machine where they can have a light, fun, engaging experience right in their pocket. So as you noted, we've moved away from single purpose game consoles, handheld or otherwise they still exist, but more and more what we see is the best games and the best game like experiences that might not be games but they the feel and the pull of games. Those are showing up on mobile phones like Samsung. >> And the screens are awesome. I'll say my Note 8 here is awesome and bigger and better and the graphics. But it's a generational shift too. Like my son was, we're designing a new app and we're kind of sitting at the drawing board and he's like, "Dad, you're a search generation. "No one searches anymore. "You actually type on the keyboard, that's like so old." So he brings up a point which is illuminated here. Which is you see voice touch, voice activation. Harman's got now the kind of interface with this audio. You're seeing cars all over the air with software. This is really the computer science, computer engineering culture interfacing with art. Where new user experiences are coming that quite frankly don't look the same. >> Exactly that's such a good point. So what's happening is that a lot of the user experiences, the back end neural networks, the AI, the sophisticated bots that we've been seeing in gaming for the last five or six years are trickling into the mainstream. And that's what you always see. Gaming is the canary in a coal mine. What we see now happening in games and what we saw a few years ago is becoming more mainstream. So if we look now at what's happening in gaming, that gives us a clue to 18 to 24 months out for app developers. >> Yeah we brought this up on day one. You nailed it. It's an early indicator. >> That's right. >> What are you seeing in that area? Because you're in the vanguard of the user interface so you have a computer science background. You understand how communities work. Which by the way, you look at anything from blockchain ICOs to game communities, community is the most important aspect right now in the world. The community role of the people are so important. You don't have a network effect. You don't have input output into the quote neural aspect of the interface because now people are involved. Not just software and data bits. I need a notification from my friend if they're right around the corner from me. So it's the role of people. >> Exactly, so I'm a multiplayer game designer. The teams I work with, because it's always a team effort, are multiplayer games. Rock Band, Covet Fashion is a more recent one. And so we've known for a long time in the gaming industry that if you want to drive deep lasting engagement, you need to create a multiplayer experience and some sort of community around that. What you'll hear gamers say is "You know, I'm kind of tired of that game "but my friends need me. "It's where my friends are, my team needs me." So that's part of what drives long term engagement. >> John: The socialization piece. >> Exactly. What we're seeing now and the opportunity I think for developers even outside of gaming is we're seeing the intersection of gaming, a style of gaming that's sort of I would call them gaming systems versus game mechanics. We're seeing gaming systems find their way into social media. Musical.ly is a great example. And Discord is another example. Discord is a platform started by gamers but now it's merging into just other people. That's for communication. Sort of like a next generation Slack but mobile and for gamers. Covet Fashion, a game I worked on with a brilliant team who actually came up with the idea at CrowdStar, really merged a cooperative game mechanic like you might see in say Portal 2 or Left for Dead with social media and very lightweight voting systems of the users themselves playing a crucial role in what's good or not. Just like in Facebook or in Instagram, your feed is going to show you what gets liked a lot, what gets popular. And games are starting to incorporate this too so that the players themselves become almost like the game pieces and become a big part of what's entertaining. We see networks like Twitch with a huge rush of popularity. That is people delivering entertainment to each other. It's not scripted. So this user generated content, this systems which let people be entertaining to each other, is the huge push that's going on in gaming. And we have, part of what makes a game so exciting, is when the game makes interacting with other people lower friction or more magical but it's still the people that makes it exciting. >> Amy Jo this is amazing. I think that you're right on it. Because remember when I was a gamer, single player game on the computer, you got bored. I mastered it. Then comes multiplayer. But you're bringing up a new dynamic which is the dynamic nature of the people themselves. And I think Twitch had an interesting experiment where the comments, which we know on Twitch are pretty bad, drove the game experience. So now you have the people being part of the input to the game itself. I mean isn't Life a game in a way? >> Sure, you could look at Life the game. I think that that's a semantic issue. There are people that really enjoy looking at life as a game And if you define a game as a structured activity with roles and goals, sure you could look at it that way. What I think is most exciting is not so much what is and isn't a game but the bleeding over of gaming systems into places like digital health and education and enterprise and fashion, and those are, and genealogy. Right now I have a client who's merging a game like experience with a genealogy crowd source experience. So I think what I'd like to leave you with and to understand is the first wave of this we called gamification where people got very excited about the visible markers of progress that are in games like points and badges and leaderboards. And that's a great opening door, but that's not where the magic is. Where the magic is is in the underlying systems that drive you toward mastery of something you care about. And that's the explosion we're seeing now. So you say what am I seeing? I'm seeing clients come to me, a game designer, in all kinds, banking, call centers, SaaS products, change transformation in companies as well as all kinds of consumer products, saying we tried gamification. It just worked in the short term. We want what makes games interesting in the long term. First of all you said the most important thing which is other people. But it's not just other people. It's other people in a playful and mastery based environment that helps you get better at something you care about getting better at. >> So this great so take me through what game system. What I hear you saying is, okay, people think of gamification as a one trick pony, a shortcut to something. You're taking a much more wholistic approach saying the game system. What does that mean? What is a game system? Because you're, what I hear you saying, is that this is like a fabric. It's not like, or an operating system maybe. How should people think of a game... >> It's a methodology or a system. A good way to think about this, are you familiar with design thinking? >> Mm-hmm. >> Are you familiar with an agile approach or Agile Lean UX? Those are systems. Those are methodologies. Those are approaches to creating great products. And they help you. Game thinking is similar. It's got elements of design thinking, elements of Agile, but it adds game design. The difference between strong game design and gamification is game design is about bringing systems to life from the inside out. And so game thinking is as much about how you bring your product to life as it is about anything that you put into the product once it's brought to life. Which is where gamification usually comes in. So it's really about building a learning architecture into the core of your game using feedback loops and using simple systems. And one more thing. Every complex system starts as a simple system that works. So it's really about building core systems and then bringing them to life with the right approach and the right people. >> It's like having a kernel or a small building block. If you overthink it you could get in trouble. >> Right. But you also have to have the right building block so you build a strong foundation. >> Yeah I remember the old days when game engines came out. There was no market for game engines when the first games came out. Then someone said hey why don't we just take the game engine and become a game engine. That was an interesting dynamic that spawned a lot of innovation. Is there an analogy to that happening now where there's new innovations that people can build on top of? Is it open source? Is there an equivalent? I'm trying to figure out where that next level up is going to be because right now we've gone like this and then we see a new level with AR and these new kinds of games and you're bringing this kind of integrated system approach is coming. >> Right so I think there's two thing that have to happen for those to take off. One of which is technology based. You have to have engines. So Unity's rise has been tremendous for the gaming industry. Many many simple game-like experiences are being built in Unity, not from scratch. And other tools like that. And then ARKit from Apple is causing an explosion of really interesting work happening, making it easier to create and experiment with an experience like Pokemon Go. So those are the bottom-up tools based changes that are really accelerating innovation in our industry. Now at the time, none of that will work if you don't have the customer demand and the customer hunger. So the other thing that's happening is that customers are being trained by Pokemon Go and things like that that oh, this is how AR could work. We've seen that VR has kind of stalled out but again, that's a special purpose hardware that's not something easy that you can get on your mobile phone in between all the other things you do. So I think it can't be overstated how powerful it is to have these platforms combined with a huge consumer base on mobile, with phones in their pocket, ready to have a compelling game-like experience that doesn't necessarily have to be a game. The world is waiting for those. >> Yeah and your point about VR, you don't want a build it they will come mentality. You got to focus on the magic formula which is-- >> Customer demand. >> Call it sticky. But some could say look it's got to be a utility and that mastery component is critical whether it's learning, friendship, or some human dopamine effect right. >> Well that's exactly what we do at gamethinking.io. We help teams and companies create a product that customers love and come back to from the ground up using gaming techniques. So anyone who's interested, that's what we do. And the reason we help people do that is it's hard, and it's incredibly high leverage. >> Yeah and you got to have the expertise to do it. And it really is. It sounds like gamethinking.io, you're going to bring architecture. It's not just going to be jump on the grenade that someone throws a project at you. Sure, if it's a big project maybe. But you're kind of train the trainer it sounds like, you're teaching people to fish if you will. >> It's product development. Gamification is often a marketing campaign. We're talking about product development. If you want to build lasting engagement and you're a product leader, then you can use these techniques to build it from the ground up but it's not a silver bullet. >> Give a plug for what you do at Shufflebrain about your company and share some advice for folks watching that might be interested. Like I want to transform my Web 2.0, my 1.0 web responsive app, or my offshore built mobile app that I hired someone to just iOS it and Android it. I want to actually build from the ground up a new architecture that's going to be, have a lot of headroom, I really want to build it from the ground up with good design thinking, game system, game thinking, with the game systems, all the magic potentially in there. What do they do? I don't know do you call the, you know there's no Yellow Pages anymore. Do you Google search it? >> Thank you that was a great setup because that's, I mean I wish that I had had this years ago when I doing a venture funded startup. I needed help. So that's why I do what I do. So what we do is take 20 years of what works and what doesn't in game and product design and turn it into a step by step toolkit with templates, instruction, training, and coaching. And let me give you a specific tip. So there's, it's a whole system we use, but one of the things that you do and if anybody wants to try this it will amaze you if you're able to do it right, one of the things that the greatest game designers, the Will Wrights and folks at CrowdStar and Harmonics, what they do is when they're bringing a new game idea to life, first of all they find out aggressively as much about what's wrong with their ideas, what's right with it, through iterative, low fidelity testing early. Secondly they test it on their superfans that shortcut for high need, high value, early adopters. Not your target market but people that can get you to your target market. Knowing how to find and identify and then leverage your superfans for very early product testing and iteration, that's how you bring your core systems to life. Not with your ultimate target market. Most people don't know this. Knowing this, and then finding those people and leveraging them will turn what's often a failure into success. >> John: That's gold. >> It's complete gold. Let me just tell you why. Because if you're able to ask very product-focused questions, again with my guidance, of these people, you can build your product around what you know they want rather than guessing. >> And you can also help the person, might have blind spot, your customer, understand what superfans are saying. Sometimes it's like they're just giving you the answer right there early on. >> That's such a good point. And when you're inside of it- >> And I have bias. I'm an entrepreneur. Oh no I want to hear what I want to hear. I'm going to change the world. (laughs) Not really. >> That's why when I was an entrepreneur I knew all this stuff but I needed a coach when I was doing this. Because you can't see outside of your bubble and that's part of the value of doing this. >> Amy, the URL is? >> Gamethinking.io. >> Gamthinking.io. Amy Jo is a coach, she is an entrepreneur, venture backed, probably has some scar tissue from that but now she's kicking ass and taking names on gamethinking.io. Great mind. Thank you for sharing an amazing tutorial. You know that's free consulting here on theCUBE right here from and expert. >> It's what I love to do. Thank you for having me. >> Amy Jo here on theCUBE. Live in San Francisco at the Samsung Developer Conference, I'm John Furrier back with more here in theCUBE after this short break. (techno music)