(upbeat music) >> Hi everyone. Welcome back to this Cube conversation here in Palo Alto, California. I'm John Furrier, host of "theCUBE." Got a great conversation around Cloud Native, Cloud Native Journey, how enterprises are looking at Cloud Native and putting it all together. And it comes down to operations, developer productivity, and security. It's the hottest topic in technology. We got Chris Jones here in the studio, director of Product Management for Platform9. Chris, thanks for coming in. >> Hey, thanks. >> So when we always chat about, when we're at KubeCon. KubeConEU is coming up and in a few, in a few months, the number one conversation is developer productivity. And the developers are driving all the standards. It's interesting to see how they just throw everything out there and whatever gets adopted ends up becoming the standard, not the old school way of kind of getting stuff done. So that's cool. Security Kubernetes and Containers are all kind of now that next level. So you're starting to see the early adopters moving to the mainstream. Enterprises, a variety of different approaches. You guys are at the center of this. We've had a couple conversations with your CEO and your tech team over there. What are you seeing? You're building the products. What's the core product focus right now for Platform9? What are you guys aiming for? >> The core is that blend of enabling your infrastructure and PlatformOps or DevOps teams to be able to go fast and run in a stable environment, but at the same time enable developers. We don't want people going back to what I've been calling Shadow IT 2.0. It's, hey, I've been told to do something. I kicked off this Container initiative. I need to run my software somewhere. I'm just going to go figure it out. We want to keep those people productive. At the same time we want to enable velocity for our operations teams, be it PlatformOps or DevOps. >> Take us through in your mind and how you see the industry rolling out this Cloud Native journey. Where do you see customers out there? Because DevOps have been around, DevSecOps is rocking, you're seeing AI, hot trend now. Developers are still in charge. Is there a change to the infrastructure of how developers get their coding done and the infrastructure, setting up the DevOps is key, but when you add the Cloud Native journey for an enterprise, what changes? What is the, what is the, I guess what is the Cloud Native journey for an enterprise these days? >> The Cloud Native journey or the change? When- >> Let's start with the, let's start with what they want to do. What's the goal and then how does that happen? >> I think the goal is that promise land. Increased resiliency, better scalability, and overall reduced costs. I've gone from physical to virtual that gave me a higher level of density, packing of resources. I'm moving to Containers. I'm removing that OS layer again. I'm getting a better density again, but all of a sudden I'm running Kubernetes. What does that, what does that fundamentally do to my operations? Does it magically give me scalability and resiliency? Or do I need to change what I'm running and how it's running so it fits that infrastructure? And that's the reality, is you can't just take a Container and drop it into Kubernetes and say, hey, I'm now Cloud Native. I've got reduced cost, or I've got better resiliency. There's things that your engineering teams need to do to make sure that application is a Cloud Native. And then there's what I think is one of the largest shifts of virtual machines to containers. When I was in the world of application performance monitoring, we would see customers saying, well, my engineering team have this Java app, and they said it needs a VM with 12 gig of RAM and eight cores, and that's what we gave it. But it's running slow. I'm working with the application team and you can see it's running slow. And they're like, well, it's got all of its resources. One of those nice features of virtualization is over provisioning. So the infrastructure team would say, well, we gave it, we gave it all a RAM it needed. And what's wrong with that being over provisioned? It's like, well, Java expects that RAM to be there. Now all of a sudden, when you move to the world of containers, what we've got is that's not a set resource limit, really is like it used to be in a VM, right? When you set it for a container, your application teams really need to be paying attention to your resource limits and constraints within the world of Kubernetes. So instead of just being able to say, hey, I'm throwing over the fence and now it's just going to run on a VM, and that VMs got everything it needs. It's now really running on more, much more of a shared infrastructure where limits and constraints are going to impact the neighbors. They are going to impact who's making that decision around resourcing. Because that Kubernetes concept of over provisioning and the virtualization concept of over provisioning are not the same. So when I look at this problem, it's like, well, what changed? Well, I'll do my scale tests as an application developer and tester, and I'd see what resources it needs. I asked for that in the VM, that sets the high watermark, job's done. Well, Kubernetes, it's no longer a VM, it's a Kubernetes manifest. And well, who owns that? Who's writing it? Who's setting those limits? To me, that should be the application team. But then when it goes into operations world, they're like, well, that's now us. Can we change those? So it's that amalgamation of the two that is saying, I'm a developer. I used to pay attention, but now I need to pay attention. And an infrastructure person saying, I used to just give 'em what they wanted, but now I really need to know what they've wanted, because it's going to potentially have a catastrophic impact on what I'm running. >> So what's the impact for the developer? Because, infrastructure's code is what everybody wants. The developer just wants to get the code going and they got to pay attention to all these things, or don't they? Is that where you guys come in? How do you guys see the problem? Actually scope the problem that you guys solve? 'Cause I think you're getting at I think the core issue here, which is, I've got Kubernetes, I've got containers, I've got developer productivity that I want to focus on. What's the problem that you guys solve? >> Platform operation teams that are adopting Cloud Native in their environment, they've got that steep learning curve of Kubernetes plus this fundamental change of how an app runs. What we're doing is taking away the burden of needing to operate and run Kubernetes and giving them the choice of the flexibility of infrastructure and location. Be that an air gap environment like a, let's say a telco provider that needs to run a containerized network function and containerized workloads for 5G. That's one thing that we can deploy and achieve in a completely inaccessible environment all the way through to Platform9 running traditionally as SaaS, as we were born, that's remotely managing and controlling your Kubernetes environments on-premise AWS. That hybrid cloud experience that could be also Bare Metal, but it's our platform running your environments with our support there, 24 by seven, that's proactively reaching out. So it's removing a lot of that burden and the complications that come along with operating the environment and standing it up, which means all of a sudden your DevOps and platform operations teams can go and work with your engineers and application developers and say, hey, let's get, let's focus on the stuff that, that we need to be focused on, which is running our business and providing a service to our customers. Not figuring out how to upgrade a Kubernetes cluster, add new nodes, and configure all of the low level. >> I mean there are, that's operations that just needs to work. And sounds like as they get into the Cloud Native kind of ops, there's a lot of stuff that kind of goes wrong. Or you go, oops, what do we buy into? Because the CIOs, let's go, let's go Cloud Native. We want to, we got to get set up for the future. We're going to be Cloud Native, not just lift and shift and we're going to actually build it out right. Okay, that sounds good. And when we have to actually get done. >> Chris: Yeah. >> You got to spin things up and stand up the infrastructure. What specifically use case do you guys see that emerges for Platform9 when people call you up and you go talk to customers and prospects? What's the one thing or use case or cases that you guys see that you guys solve the best? >> So I think one of the, one of the, I guess new use cases that are coming up now, everyone's talking about economic pressures. I think the, the tap blows open, just get it done. CIO is saying let's modernize, let's use the cloud. Now all of a sudden they're recognizing, well wait, we're spending a lot of money now. We've opened that tap all the way, what do we do? So now they're looking at ways to control that spend. So we're seeing that as a big emerging trend. What we're also sort of seeing is people looking at their data centers and saying, well, I've got this huge legacy environment that's running a hypervisor. It's running VMs. Can we still actually do what we need to do? Can we modernize? Can we start this Cloud Native journey without leaving our data centers, our co-locations? Or if I do want to reduce costs, is that that thing that says maybe I'm repatriating or doing a reverse migration? Do I have to go back to my data center or are there other alternatives? And we're seeing that trend a lot. And our roadmap and what we have in the product today was specifically built to handle those, those occurrences. So we brought in KubeVirt in terms of virtualization. We have a long legacy doing OpenStack and private clouds. And we've worked with a lot of those users and customers that we have and asked the questions, what's important? And today, when we look at the world of Cloud Native, you can run virtualization within Kubernetes. So you can, instead of running two separate platforms, you can have one. So all of a sudden, if you're looking to modernize, you can start on that new infrastructure stack that can run anywhere, Kubernetes, and you can start bringing VMs over there as you are containerizing at the same time. So now you can keep your application operations in one environment. And this also helps if you're trying to reduce costs. If you really are saying, we put that Dev environment in AWS, we've got a huge amount of velocity out of it now, can we do that elsewhere? Is there a co-location we can go to? Is there a provider that we can go to where we can run that infrastructure or run the Kubernetes, but not have to run the infrastructure? >> It's going to be interesting too, when you see the Edge come online, you start, we've got Mobile World Congress coming up, KubeCon events we're going to be at, the conversation is not just about public cloud. And you guys obviously solve a lot of do-it-yourself implementation hassles that emerge when people try to kind of stand up their own environment. And we hear from developers consistency between code, managing new updates, making sure everything is all solid so they can go fast. That's the goal. And that, and then people can get standardized on that. But as you get public cloud and do it yourself, kind of brings up like, okay, there's some gaps there as the architecture changes to be more distributed computing, Edge, on-premises cloud, it's cloud operations. So that's cool for DevOps and Cloud Native. How do you guys differentiate from say, some the public cloud opportunities and the folks who are doing it themselves? How do you guys fit in that world and what's the pitch or what's the story? >> The fit that we look at is that third alternative. Let's get your team focused on what's high value to your business and let us deliver that public cloud experience on your infrastructure or in the public cloud, which gives you that ability to still be flexible if you want to make choices to run consistently for your developers in two different locations. So as I touched on earlier, instead of saying go figure out Kubernetes, how do you upgrade a hundred worker nodes in place upgrade. We've solved that problem. That's what we do every single day of the week. Don't go and try to figure out how to upgrade a cluster and then upgrade all of the, what I call Kubernetes friends, your core DNSs, your metrics server, your Kubernetes dashboard. These are all things that we package, we test, we version. So when you click upgrade, we've already handled that entire process. So it's saying don't have your team focused on that lower level piece of work. Get them focused on what is important, which is your business services. >> Yeah, the infrastructure and getting that stood up. I mean, I think the thing that's interesting, if you look at the market right now, you mentioned cost savings and recovery, obviously kind of a recession. I mean, people are tightening their belts for sure. I don't think the digital transformation and Cloud Native spend is going to plummet. It's going to probably be on hold and be squeezed a little bit. But to your point, people are refactoring looking at how to get the best out of what they got. It's not just open the tap of spend the cash like it used to be. Yeah, a couple months, even a couple years ago. So okay, I get that. But then you look at the what's coming, AI. You're seeing all the new data infrastructure that's coming. The containers, Kubernetes stuff, got to get stood up pretty quickly and it's got to be reliable. So to your point, the teams need to get done with this and move on to the next thing. >> Chris: Yeah, yeah, yeah. >> 'Cause there's more coming. I mean, there's a lot coming for the apps that are building in Data Native, AI-Native, Cloud Native. So it seems that this Kubernetes thing needs to get solved. Is that kind of what you guys are focused on right now? >> So, I mean to use a customer, we have a customer that's in AI/ML and they run their platform at customer sites and that's hardware bound. You can't run AI machine learning on anything anywhere. Well, with Platform9 they can. So we're enabling them to deliver services into their customers that's running their AI/ML platform in their customer's data centers anywhere in the world on hardware that is purpose-built for running that workload. They're not Kubernetes experts. That's what we are. We're bringing them that ability to focus on what's important and just delivering their business services whilst they're enabling our team. And our 24 by seven proactive management are always on assurance to keep that up and running for them. So when something goes bump at the night at 2:00am, our guys get woken up. They're the ones that are reaching out to the customer saying, your environments have a problem, we're taking these actions to fix it. Obviously sometimes, especially if it is running on Bare Metal, there's things you can't do remotely. So you might need someone to go and do that. But even when that happens, you're not by yourself. You're not sitting there like I did when I worked for a bank in one of my first jobs, three o'clock in the morning saying, wow, our end of day processing is stuck. Who else am I waking up? Right? >> Exactly, yeah. Got to get that cash going. But this is a great use case. I want to get to the customer. What do some of the successful customers say to you for the folks watching that aren't yet a customer of Platform9, what are some of the accolades and comments or anecdotes that you guys hear from customers that you have? >> It just works, which I think is probably one of the best ones you can get. Customers coming back and being able to show to their business that they've delivered growth, like business growth and productivity growth and keeping their organization size the same. So we started on our containerization journey. We went to Kubernetes. We've deployed all these new workloads and our operations team is still six people. We're doing way more with growth less, and I think that's also talking to the strength that we're bringing, 'cause we're, we're augmenting that team. They're spending less time on the really low level stuff and automating a lot of the growth activity that's involved. So when it comes to being able to grow their business, they can just focus on that, not- >> Well you guys do the heavy lifting, keep on top of the Kubernetes, make sure that all the versions are all done. Everything's stable and consistent so they can go on and do the build out and provide their services. That seems to be what you guys are best at. >> Correct, correct. >> And so what's on the roadmap? You have the product, direct product management, you get the keys to the kingdom. What is, what is the focus? What's your focus right now? Obviously Kubernetes is growing up, Containers. We've been hearing a lot at the last KubeCon about the security containers is getting better. You've seen verification, a lot more standards around some things. What are you focused on right now for at a product over there? >> Edge is a really big focus for us. And I think in Edge you can look at it in two ways. The mantra that I drive is Edge must be remote. If you can't do something remotely at the Edge, you are using a human being, that's not Edge. Our Edge management capabilities and being in the market for over two years are a hundred percent remote. You want to stand up a store, you just ship the server in there, it gets racked, the rest of it's remote. Imagine a store manager in, I don't know, KFC, just plugging in the server, putting in the ethernet cable, pressing the power button. The rest of all that provisioning for that Cloud Native stack, Kubernetes, KubeVirt for virtualization is done remotely. So we're continuing to focus on that. The next piece that is related to that is allowing people to run Platform9 SaaS in their data centers. So we do ag app today and we've had a really strong focus on telecommunications and the containerized network functions that come along with that. So this next piece is saying, we're bringing what we run as SaaS into your data center, so then you can run it. 'Cause there are many people out there that are saying, we want these capabilities and we want everything that the Platform9 control plane brings and simplifies. But unfortunately, regulatory compliance reasons means that we can't leverage SaaS. So they might be using a cloud, but they're saying that's still our infrastructure. We're still closed that network down, or they're still on-prem. So they're two big priorities for us this year. And that on-premise experiences is paramount, even to the point that we will be delivering a way that when you run an on-premise, you can still say, wait a second, well I can send outbound alerts to Platform9. So their support team can still be proactively helping me as much as they could, even though I'm running Platform9s control plane. So it's sort of giving that blend of two experiences. They're big, they're big priorities. And the third pillar is all around virtualization. It's saying if you have economic pressures, then I think it's important to look at what you're spending today and realistically say, can that be reduced? And I think hypervisors and virtualization is something that should be looked at, because if you can actually reduce that spend, you can bring in some modernization at the same time. Let's take some of those nos that exist that are two years into their five year hardware life cycle. Let's turn that into a Cloud Native environment, which is enabling your modernization in place. It's giving your engineers and application developers the new toys, the new experiences, and then you can start running some of those virtualized workloads with KubeVirt, there. So you're reducing cost and you're modernizing at the same time with your existing infrastructure. >> You know Chris, the topic of this content series that we're doing with you guys is finding the right path, trusting the right path to Cloud Native. What does that mean? I mean, if you had to kind of summarize that phrase, trusting the right path to Cloud Native, what does that mean? It mean in terms of architecture, is it deployment? Is it operations? What's the underlying main theme of that quote? What's the, what's? How would you talk to a customer and say, what does that mean if someone said, "Hey, what does that right path mean?" >> I think the right path means focusing on what you should be focusing on. I know I've said it a hundred times, but if your entire operations team is trying to figure out the nuts and bolts of Kubernetes and getting three months into a journey and discovering, ah, I need Metrics Server to make something function. I want to use Horizontal Pod Autoscaler or Vertical Pod Autoscaler and I need this other thing, now I need to manage that. That's not the right path. That's literally learning what other people have been learning for the last five, seven years that have been focused on Kubernetes solely. So the why- >> There's been a lot of grind. People have been grinding it out. I mean, that's what you're talking about here. They've been standing up the, when Kubernetes started, it was all the promise. >> Chris: Yep. >> And essentially manually kind of getting in in the weeds and configuring it. Now it's matured up. They want stability. >> Chris: Yeah. >> Not everyone can get down and dirty with Kubernetes. It's not something that people want to generally do unless you're totally into it, right? Like I mean, I mean ops teams, I mean, yeah. You know what I mean? It's not like it's heavy lifting. Yeah, it's important. Just got to get it going. >> Yeah, I mean if you're deploying with Platform9, your Ops teams can tinker to their hearts content. We're completely compliant upstream Kubernetes. You can go and change an API server flag, let's go and mess with the scheduler, because we want to. You can still do that, but don't, don't have your team investing in all this time to figure it out. It's been figured out. >> John: Got it. >> Get them focused on enabling velocity for your business. >> So it's not build, but run. >> Chris: Correct? >> Or run Kubernetes, not necessarily figure out how to kind of get it all, consume it out. >> You know we've talked to a lot of customers out there that are saying, "I want to be able to deliver a service to my users." Our response is, "Cool, let us run it. You consume it, therefore deliver it." And we're solving that in one hit versus figuring out how to first run it, then operate it, then turn that into a consumable service. >> So the alternative Platform9 is what? They got to do it themselves or use the Cloud or what's the, what's the alternative for the customer for not using Platform9? Hiring more people to kind of work on it? What's the? >> People, building that kind of PaaS experience? Something that I've been very passionate about for the past year is looking at that world of sort of GitOps and what that means. And if you go out there and you sort of start asking the question what's happening? Just generally with Kubernetes as well and GitOps in that scope, then you'll hear some people saying, well, I'm making it PaaS, because Kubernetes is too complicated for my developers and we need to give them something. There's some great material out there from the likes of Intuit and Adobe where for two big contributors to Argo and the Argo projects, they almost have, well they do have, different experiences. One is saying, we went down the PaaS route and it failed. The other one is saying, well we've built a really stable PaaS and it's working. What are they trying to do? They're trying to deliver an outcome to make it easy to use and consume Kubernetes. So you could go out there and say, hey, I'm going to build a Kubernetes cluster. Sounds like Argo CD is a great way to expose that to my developers so they can use Kubernetes without having to use Kubernetes and start automating things. That is an approach, but you're going to be going completely open source and you're going to have to bring in all the individual components, or you could just lay that, lay it down, and consume it as a service and not have to- >> And mentioned to it. They were the ones who kind of brought that into the open. >> They did. Inuit is the primary contributor to the Argo set of products. >> How has that been received in the market? I mean, they had the event at the Computer History Museum last fall. What's the momentum there? What's the big takeaway from that project? >> Growth. To me, growth. I mean go and track the stars on that one. It's just, it's growth. It's unlocking machine learning. Argo workflows can do more than just make things happen. Argo CD I think the approach they're taking is, hey let's make this simple to use, which I think can be lost. And I think credit where credit's due, they're really pushing to bring in a lot of capabilities to make it easier to work with applications and microservices on Kubernetes. It's not just that, hey, here's a GitOps tool. It can take something from a Git repo and deploy it and maybe prioritize it and help you scale your operations from that perspective. It's taking a step back and saying, well how did we get to production in the first place? And what can be done down there to help as well? I think it's growth expansion of features. They had a huge release just come out in, I think it was 2.6, that brought in things that as a product manager that I don't often look at like really deep technical things and say wow, that's powerful. But they have, they've got some great features in that release that really do solve real problems. >> And as the product, as the product person, who's the target buyer for you? Who's the customer? Who's making that? And you got decision maker, influencer, and recommender. Take us through the customer persona for you guys. >> So that Platform Ops, DevOps space, right, the people that need to be delivering Containers as a service out to their organization. But then it's also important to say, well who else are our primary users? And that's developers, engineers, right? They shouldn't have to say, oh well I have access to a Kubernetes cluster. Do I have to use kubectl or do I need to go find some other tool? No, they can just log to Platform9. It's integrated with your enterprise id. >> They're the end customer at the end of the day, they're the user. >> Yeah, yeah. They can log in. And they can see the clusters you've given them access to as a Platform Ops Administrator. >> So job well done for you guys. And your mind is the developers are moving 'em fast, coding and happy. >> Chris: Yeah, yeah. >> And and from a customer standpoint, you reduce the maintenance cost, because you keep the Ops smoother, so you got efficiency and maintenance costs kind of reduced or is that kind of the benefits? >> Yeah, yep, yeah. And at two o'clock in the morning when things go inevitably wrong, they're not there by themselves, and we're proactively working with them. >> And that's the uptime issue. >> That is the uptime issue. And Cloud doesn't solve that, right? Everyone experienced that Clouds can go down, entire regions can go offline. That's happened to all Cloud providers. And what do you do then? Kubernetes isn't your recovery plan. It's part of it, right, but it's that piece. >> You know Chris, to wrap up this interview, I will say that "theCUBE" is 12 years old now. We've been to OpenStack early days. We had you guys on when we were covering OpenStack and now Cloud has just been booming. You got AI around the corner, AI Ops, now you got all this new data infrastructure, it's just amazing Cloud growth, Cloud Native, Security Native, Cloud Native, Data Native, AI Native. It's going to be all, this is the new app environment, but there's also existing infrastructure. So going back to OpenStack, rolling our own cloud, building your own cloud, building infrastructure cloud, in a cloud way, is what the pioneers have done. I mean this is what we're at. Now we're at this scale next level, abstracted away and make it operational. It seems to be the key focus. We look at CNCF at KubeCon and what they're doing with the cloud SecurityCon, it's all about operations. >> Chris: Yep, right. >> Ops and you know, that's going to sound counterintuitive 'cause it's a developer open source environment, but you're starting to see that Ops focus in a good way. >> Chris: Yeah, yeah, yeah. >> Infrastructure as code way. >> Chris: Yep. >> What's your reaction to that? How would you summarize where we are in the industry relative to, am I getting, am I getting it right there? Is that the right view? What am I missing? What's the current state of the next level, NextGen infrastructure? >> It's a good question. When I think back to sort of late 2019, I sort of had this aha moment as I saw what really truly is delivering infrastructure as code happening at Platform9. There's an open source project Ironic, which is now also available within Kubernetes that is Metal Kubed that automates Bare Metal as code, which means you can go from an empty server, lay down your operating system, lay down Kubernetes, and you've just done everything delivered to your customer as code with a Cloud Native platform. That to me was sort of the biggest realization that I had as I was moving into this industry was, wait, it's there. This can be done. And the evolution of tooling and operations is getting to the point where that can be achieved and it's focused on by a number of different open source projects. Not just Ironic and and Metal Kubed, but that's a huge win. That is truly getting your infrastructure. >> John: That's an inflection point, really. >> Yeah. >> If you think about it, 'cause that's one of the problems. We had with the Bare Metal piece was the automation and also making it Cloud Ops, cloud operations. >> Right, yeah. I mean, one of the things that I think Ironic did really well was saying let's just treat that piece of Bare Metal like a Cloud VM or an instance. If you got a problem with it, just give the person using it or whatever's using it, a new one and reimage it. Just tell it to reimage itself and it'll just (snaps fingers) go. You can do self-service with it. In Platform9, if you log in to our SaaS Ironic, you can go and say, I want that physical server to myself, because I've got a giant workload, or let's turn it into a Kubernetes cluster. That whole thing is automated. To me that's infrastructure as code. I think one of the other important things that's happening at the same time is we're seeing GitOps, we're seeing things like Terraform. I think it's important for organizations to look at what they have and ask, am I using tools that are fit for tomorrow or am I using tools that are yesterday's tools to solve tomorrow's problems? And when especially it comes to modernizing infrastructure as code, I think that's a big piece to look at. >> Do you see Terraform as old or new? >> I see Terraform as old. It's a fantastic tool, capable of many great things and it can work with basically every single provider out there on the planet. It is able to do things. Is it best fit to run in a GitOps methodology? I don't think it is quite at that point. In fact, if you went and looked at Flux, Flux has ways that make Terraform GitOps compliant, which is absolutely fantastic. It's using two tools, the best of breeds, which is solving that tomorrow problem with tomorrow solutions. >> Is the new solutions old versus new. I like this old way, new way. I mean, Terraform is not that old and it's been around for about eight years or so, whatever. But HashiCorp is doing a great job with that. I mean, so okay with Terraform, what's the new address? Is it more complex environments? Because Terraform made sense when you had basic DevOps, but now it sounds like there's a whole another level of complexity. >> I got to say. >> New tools. >> That kind of amalgamation of that application into infrastructure. Now my app team is paying way more attention to that manifest file, which is what GitOps is trying to solve. Let's templatize things. Let's version control our manifest, be it helm, customize, or just a straight up Kubernetes manifest file, plain and boring. Let's get that version controlled. Let's make sure that we know what is there, why it was changed. Let's get some auditability and things like that. And then let's get that deployment all automated. So that's predicated on the cluster existing. Well why can't we do the same thing with the cluster, the inception problem. So even if you're in public cloud, the question is like, well what's calling that API to call that thing to happen? Where is that file living? How well can I manage that in a large team? Oh my God, something just changed. Who changed it? Where is that file? And I think that's one of big, the big pieces to be sold. >> Yeah, and you talk about Edge too and on-premises. I think one of the things I'm observing and certainly when DevOps was rocking and rolling and infrastructures code was like the real push, it was pretty much the public cloud, right? >> Chris: Yep. >> And you did Cloud Native and you had stuff on-premises. Yeah you did some lifting and shifting in the cloud, but the cool stuff was going in the public cloud and you ran DevOps. Okay, now you got on-premise cloud operation and Edge. Is that the new DevOps? I mean 'cause what you're kind of getting at with old new, old new Terraform example is an interesting point, because you're pointing out potentially that that was good DevOps back in the day or it still is. >> Chris: It is, I was going to say. >> But depending on how you define what DevOps is. So if you say, I got the new DevOps with public on-premise and Edge, that's just not all public cloud, that's essentially distributed Cloud Native. >> Correct. Is that the new DevOps in your mind or is that? How would you, or is that oversimplifying it? >> Or is that that term where everyone's saying Platform Ops, right? Has it shifted? >> Well you bring up a good point about Terraform. I mean Terraform is well proven. People love it. It's got great use cases and now there seems to be new things happening. We call things like super cloud emerging, which is multicloud and abstraction layers. So you're starting to see stuff being abstracted away for the benefits of moving to the next level, so teams don't get stuck doing the same old thing. They can move on. Like what you guys are doing with Platform9 is providing a service so that teams don't have to do it. >> Correct, yeah. >> That makes a lot of sense, So you just, now it's running and then they move on to the next thing. >> Chris: Yeah, right. >> So what is that next thing? >> I think Edge is a big part of that next thing. The propensity for someone to put up with a delay, I think it's gone. For some reason, we've all become fairly short-tempered, Short fused. You know, I click the button, it should happen now, type people. And for better or worse, hopefully it gets better and we all become a bit more patient. But how do I get more effective and efficient at delivering that to that really demanding- >> I think you bring up a great point. I mean, it's not just people are getting short-tempered. I think it's more of applications are being deployed faster, security is more exposed if they don't see things quicker. You got data now infrastructure scaling up massively. So, there's a double-edged swords to scale. >> Chris: Yeah, yeah. I mean, maintenance, downtime, uptime, security. So yeah, I think there's a tension around, and one hand enthusiasm around pushing a lot of code and new apps. But is the confidence truly there? It's interesting one little, (snaps finger) supply chain software, look at Container Security for instance. >> Yeah, yeah. It's big. I mean it was codified. >> Do you agree that people, that's kind of an issue right now. >> Yeah, and it was, I mean even the supply chain has been codified by the US federal government saying there's things we need to improve. We don't want to see software being a point of vulnerability, and software includes that whole process of getting it to a running point. >> It's funny you mentioned remote and one of the thing things that you're passionate about, certainly Edge has to be remote. You don't want to roll a truck or labor at the Edge. But I was doing a conversation with, at Rebars last year about space. It's hard to do brake fix on space. It's hard to do a, to roll a someone to configure satellite, right? Right? >> Chris: Yeah. >> So Kubernetes is in space. We're seeing a lot of Cloud Native stuff in apps, in space, so just an example. This highlights the fact that it's got to be automated. Is there a machine learning AI angle with all this ChatGPT talk going on? You see all the AI going the next level. Some pretty cool stuff and it's only, I know it's the beginning, but I've heard people using some of the new machine learning, large language models, large foundational models in areas I've never heard of. Machine learning and data centers, machine learning and configuration management, a lot of different ways. How do you see as the product person, you incorporating the AI piece into the products for Platform9? >> I think that's a lot about looking at the telemetry and the information that we get back and to use one of those like old idle terms, that continuous improvement loop to feed it back in. And I think that's really where machine learning to start with comes into effect. As we run across all these customers, our system that helps at two o'clock in the morning has that telemetry, it's got that data. We can see what's changing and what's happening. So it's writing the right algorithms, creating the right machine learning to- >> So training will work for you guys. You have enough data and the telemetry to do get that training data. >> Yeah, obviously there's a lot of investment required to get there, but that is something that ultimately that could be achieved with what we see in operating people's environments. >> Great. Chris, great to have you here in the studio. Going wide ranging conversation on Kubernetes and Platform9. I guess my final question would be how do you look at the next five years out there? Because you got to run the product management, you got to have that 20 mile steer, you got to look at the customers, you got to look at what's going on in the engineering and you got to kind of have that arc. This is the right path kind of view. What's the five year arc look like for you guys? How do you see this playing out? 'Cause KubeCon is coming up and we're you seeing Kubernetes kind of break away with security? They had, they didn't call it KubeCon Security, they call it CloudNativeSecurityCon, they just had in Seattle inaugural events seemed to go well. So security is kind of breaking out and you got Kubernetes. It's getting bigger. Certainly not going away, but what's your five year arc of of how Platform9 and Kubernetes and Ops evolve? >> It's to stay on that theme, it's focusing on what is most important to our users and getting them to a point where they can just consume it, so they're not having to operate it. So it's finding those big items and bringing that into our platform. It's something that's consumable, that's just taken care of, that's tested with each release. So it's simplifying operations more and more. We've always said freedom in cloud computing. Well we started on, we started on OpenStack and made that simple. Stable, easy, you just have it, it works. We're doing that with Kubernetes. We're expanding out that user, right, we're saying bring your developers in, they can download their Kube conflict. They can see those Containers that are running there. They can access the events, the log files. They can log in and build a VM using KubeVirt. They're self servicing. So it's alleviating pressures off of the Ops team, removing the help desk systems that people still seem to rely on. So it's like what comes into that field that is the next biggest issue? Is it things like CI/CD? Is it simplifying GitOps? Is it bringing in security capabilities to talk to that? Or is that a piece that is a best of breed? Is there a reason that it's been spun out to its own conference? Is this something that deserves a focus that should be a specialized capability instead of tooling and vendors that we work with, that we partner with, that could be brought in as a service. I think it's looking at those trends and making sure that what we bring in has the biggest impact to our users. >> That's awesome. Thanks for coming in. I'll give you the last word. Put a plug in for Platform9 for the people who are watching. What should they know about Platform9 that they might not know about it or what should? When should they call you guys and when should they engage? Take a take a minute to give the plug. >> The plug. I think it's, if your operations team is focused on building Kubernetes, stop. That shouldn't be the cloud. That shouldn't be in the Edge, that shouldn't be at the data center. They should be consuming it. If your engineering teams are all trying different ways and doing different things to use and consume Cloud Native services and Kubernetes, they shouldn't be. You want consistency. That's how you get economies of scale. Provide them with a simple platform that's integrated with all of your enterprise identity where they can just start consuming instead of having to solve these problems themselves. It's those, it's those two personas, right? Where the problems manifest. What are my operations teams doing, and are they delivering to my company or are they building infrastructure again? And are my engineers sprinting or crawling? 'Cause if they're not sprinting, you should be asked the question, do I have the right Cloud Native tooling in my environment and how can I get them back? >> I think it's developer productivity, uptime, security are the tell signs. You get that done. That's the goal of what you guys are doing, your mission. >> Chris: Yep. >> Great to have you on, Chris. Thanks for coming on. Appreciate it. >> Chris: Thanks very much. 0 Okay, this is "theCUBE" here, finding the right path to Cloud Native. I'm John Furrier, host of "theCUBE." Thanks for watching. (upbeat music)

(upbeat music) >> Telecommunic^ations is well north of a trillion-dollar business globally that provides critical services on which virtually everyone on the planet relies. Dramatic changes are occurring in the sector, and one of the most important dimensions of this change is the underlying infrastructure that powers global telecommunications networks. Telcos have been thawing out, if you will, their frozen infrastructure, modernizing. They're opening up. They're disaggregating their infrastructure, separating, for example, the control plane from the data plane and adopting open standards. Telco infrastructure is becoming software-defined, and leading telcos are adopting cloud-native microservices to help make developers more productive, so they can respond more quickly to market changes. They're embracing technology consumption models and selectively leveraging the cloud where it makes sense, and these changes are being driven by market forces, the root of which stem from customer demand. So from a customer's perspective, they want services, and they want them fast, meaning not only at high speeds, but also they want them now. Customers want the latest, the greatest, and they want these services to be reliable and stable with high quality of service levels, and they want them to be highly cost effective. Hello and welcome to this preview of Mobile World Congress 2023. My name is Dave Vellante and at this year's event, theCUBE has a major presence at the show, made possible by Dell Technologies, and with me, to unpack the trends in Telco and look ahead to MWC 23, Dennis Hoffman. He's the senior vice-president and general manager of Dell's telecom business and Aaron Chaisson, who is the vice-president of telecom and edge solutions marketing at Dell Technologies. Gentlemen, welcome. Thanks so much for spending some time with me. >> Thank you, Dave. >> Thanks, glad to be here. So, Dennis, let's start with you. Telcos in recent history have been slow to deliver and to monetize new services, in a large part, because their purpose-built infrastructure can been somewhat of a barrier to respondent to these market forces. In many ways, this is what makes telecoms, really, this market, so exciting. So from your perspective, where is the action in this space? >> Yeah, the action, Dave, is kind of all over the place, partly because it's an ecosystem play. You know, I think it's been, as you point out, the disaggregation trend has been going on for a while. The opportunity's been clear, but it has taken a few years to get all of the vendors and all of the components that make up a solution, as well as the operators themselves, to a point where we can start putting this stuff together and actually achieving some of the promise. >> So, Aaron, for those who might not be as familiar with Dell's a activities in this area, you know, here we are just ahead of Mobile World Congress. It's the largest event for telecoms. What should people know about Dell, and what's the key message to this industry? >> Sure, yeah, I think everybody knows that there's a lot of innovation that's been happening in the industry of late. One of the major trends that we're seeing is that shift from more of a vertically-integrated technology stack to more of a disaggregated set of solutions, and that trend has actually created a ton of innovation that's happening across the industry, well, along technology vendors and providers, the telecoms themselves, and so one of the things that Dell's really looking to do is, as Dennis talked about, is build out a really strong ecosystem of partners and vendors that we're working closely together to be able to collaborate on new technologies, new capabilities, that are solving challenges that the networks are seeing today, be able to create new solutions built on those in order to be able to bring new value to the industry and then finally, we want to help both partners as well as our CSP providers activate those changes so that they can bring new solutions to market to be able to serve their customers, and so the key areas that we're really focusing on, with our customers, is technologies to help modernize the network to be able to capitalize on the value of open architectures and bring price performance to what they're expecting and availability that they're expecting today and then also partner with the lines of business to be able to take these new capabilities, produce new solutions and then deliver new value to their customers. >> Great, thank you, Aaron. So, Dennis, I have known you for a number of years. I've watched you. You are a trend spotter, and you're a strategic thinker, and I love now the fact that you're running a business that you had to go out and analyze, and now you got got to make it happen. So how would you describe Dell's strategy in this market? >> Well, it's really two things, and I appreciate the comment. I'm not sure how much of a trend spotter I am, but I certainly enjoy, and I think I'm fascinated by what's going on in this industry right now. Our two main thrusts, Dave, are, first round, trying to catalyze that ecosystem, you know, be a force for pulling together a group of folks, vendors, that have been flying in fairly loose formation for a couple of years to deliver the kinds of solutions that move the needle forward and produce the outcomes that our network-operator customers can actually buy, and consume, and deploy, and have them be supported. The other thing is there's a couple of very key technology areas that need to be advanced here. This ends up being a much anticipated year, in telecom, because of the delivery of some open infrastructure solutions that have been being developed for years, with the Intel Sapphire Rapids program coming to market. We've of course got some purpose-built solutions on top of that for telecommunications networks, some expanded partnerships in the area of multi-cloud infrastructure, and so I would say the second main thrust is we've got to bring some intellectual property to the party. It's not just about pulling the ecosystem together, but those two things together really form the twin thrusts of our strategy. >> Okay, so as you point out, you're obviously not going to go alone in this market. It's way too broad. There's so many routes to market, partnerships, obviously, very, very important. So can you share a little bit more about the ecosystem and partners, maybe give some examples of some of the key partners that you'd be highlighting or working with, maybe at Mobile World Congress or other activities this year? >> Yeah, absolutely. You know, as Aaron touched on. I'm a visual thinker. The way I think about this thing is a very, very vertical architecture is tipping sideways. It's becoming horizontal, and all of the layers of that horizontal architecture are really where the partnerships are at. So let's start at the bottom, silicon. The silicon ecosystem is very much focused on this market and producing very specific products to enable open, high-performance telecom networks. That's both in the form of host processors as well as accelerators. One layer up, of course, is the stuff that we're known for, subsystems, compute, storage, the hardware infrastructure that forms the foundation for telco clouds. A layer above that, all of the cloud software layer, the virtualization and containerization software and all of the usual suspects there, all of whom are very good partners of ours, and we're looking to expand that pretty broadly this year, and then at the top of the layer cake, all of the network functions, all of the VNFs and CNFs that were once kind of the top of proprietary stacks that are now opening up and being delivered as well-formed containers that can run on these clouds. So, you know, we're focusing on all of those, if you will, product partnerships, and there is a services wrapper around all of it, the systems integration necessary to make these systems part of a carrier's network, which, of course, has been running for a long time and needs to be integrated with in a very specific way, and so all of that together kind of forms the ecosystem. All of those are partners, and we're really excited about being at the heart of it. >> Interesting, it's not like we've never seen this movie before, which is sort of repeating itself in telco. Aaron, you heard my little intro up front about the need to modernize infrastructure. I wonder if I could touch on, you know, another major trend which we're seeing, is the cloud, and I'm talking about, not only public, but private and hybrid cloud. The public cloud is an opportunity, but it's also a threat for telcos. You know, telecom providers are looking to the public cloud for specific use cases. You think about, like, bursting for an iPhone launch or whatever but at the same time, these cloud vendors, they're sort of competing with telcos. They're providing, you know, local zones, for example, sometimes trying to do an end run on the telco connectivity services. So telecom companies, they have to find the right balance between what they own and what they rent, and I wonder if you could add some color as to what you see in the market and what Dell, specifically, is doing to support these trends. >> Yeah, I think the most important thing is what we're seeing, as you said, is these aren't things that we haven't seen before, and I think that telecom is really going through their own set of cloud transformations, and so one of the hot topics in the industry now is what is telco cloud and what does that look like going forward? And it's going to be a, as you said, a combination of services that they offer, services that they leverage, but at the end of the day, it's going to help them modernize how they deliver telecommunication services to their customers and then provide value-added services on top of that. From a Dell perspective, you know, we're really providing the technologies to provide the underpinnings to lay a foundation on which that network can be built, whether that's best-of-breed servers that are built and designed for the telecom environments. Recently we announced our, our Infra Block program in partnering with virtualization providers to be able to provide engineered systems that dramatically simplify how our customers can deploy, manage and lifecycle-manage throughout day-two operations, an entire cloud environment, and whether they're using Red Hat, whether they're using Wind River or VMware or other virtualization layers, they can deploy the right virtualization layer at the right part of their network to support the applications they're looking to drive, and Dell is looking to solve how they simplify and manage all of that, both from a hardware as well as a management software perspective. So this is really what Dell's doing to, again, partner with the broader technology community to help make that telco cloud a reality. >> Aaron, let's stay here for a second. I'm interested in some of the use cases that you're going after with customers. You've got edge infrastructure, remote work, 5G. Where's security fit? What are the focus areas for Dell, and can we double-click on that a little bit? >> Yeah, I mean, I think there's two main areas of telecommunication industry that we're talking to. One, we've really been talking about sort of the network buyer, how do they modernize the core, the network edge, the RAN capabilities, to deliver traditional telecommunication services and modernize that as they move into 5G and beyond. I think the other side of the business is telecoms are really looking, from a line of business perspective, to figure out how do they monetize that network and be able to deliver value-added services to their enterprise customers on top of these new networks. So you were just touching on a couple of things that are really critical. You know, in the enterprise space, AI and IoT is driving a tremendous amount of innovation out there, and there's a need for being able to support and manage edge compute at scale, be able to provide connectivity, like private mobility and 4G and 5G, being able to support things like mobile workforces and client capabilities to be able to access these devices that are around all of these edge environments of the enterprises, and telecoms are seen as that, as an opportunity for them to not only provide connectivity, but how do they extend their cloud out into these enterprise environments with compute, with connectivity, with client and connectivity resources, and even also provide protection for those environments as well. So these are areas that Dell's historically very strong at, being able to provide compute, being able to provide connectivity and being able to provide data protection and client services. We are looking to work closely with lines of businesses to be able to develop solutions that they can bring to market in combination with us to be able to serve their end user customers and their enterprises. So those are really the two key areas, not only network buyer, but being able to enable the lines of business to go and capitalize on the services they're developing for their customers. >> I think that line of business aspect is key. I mean, the telcos have had to sit back and provide the plumbing. Cost per bit goes down. Data consumption going through the roof. All the way over to the top guys, you know, had the field day with the data and the customer relationships, and now it's almost like the revenge of the telcos. (chuckles) Dennis, I wonder if we could talk about the future. What can we expect in the years ahead from Dell, if you, you know, break out the binoculars a little bit? >> Yeah, I think you hit it earlier. We've seen the movie before. This has happened in the IT data center. We went from proprietary vertical solutions to horizontal open systems. We went from client server to software-defined, open-hardware, cloud-native and you know, the trend is likely to be exactly that, in the telecom industry, because that's what the operators want. They're not naive to what's happened in the IT data center. They all run very large data centers, and they're trying to get some of the scale economies, some of the agility, the cost of ownership benefits for the reasons Aaron just discussed. You know, it's clear, as you point out, this industry's been really defined by the inability to stop investing and the difficulty to monetize that investment, and I think now everybody's looking at this 5G, and, frankly, 5G plus, 6G and beyond, as the opportunity to really go get a chunk of that revenue, and enterprise edge is the target. >> And 5G is touching so many industries, and that kind of brings me here into Mobile World Congress. I mean, you look at the floor layout, it's amazing. You got industry 4.0. You've got, you know, our traditional industry and telco colliding. There's public policy. So give us a teaser to Mobile World Congress '23. What's on deck at the show for from Dell? >> Yeah, we're really excited about Mobile World Congress. This, as you know, is a massive event for the industry every year, and it's really the event that the whole industry uses to kick off this coming year. So we're going to be using this, obviously, to talk to our customers and our partners about what Dell's looking to do and what we're innovating on right now, and what we're looking to partner with them around. In the front of the house, we're going to be highlighting 13 different solutions and demonstrations to be able to show our customers what we're doing today and show them the use cases and put it into action, so they get to actually look and feel and touch and experience what it is that we're working around. Obviously, meetings are important. Everybody knows Mobile World Congress is the place to get those meetings and kick off for the year. You know, we're looking at several hundred meetings, hundreds of meetings that we're going to be looking to have across the industry with our customers and partners and the broader community, and, of course, we've also got technology that's going to be in a variety of different partner spaces as well. So you can come and see us in hall three, but we're also going to have technologies kind of spread all over the floor, and, of course, there's always theCUBE. You're going to be able to see us live all four days, all day, every day. You're going to be hearing our executives, our partners, our customers, talk about, you know, what Dell is doing to innovate in the industry and how we're looking to leverage the broader open ecosystem to be able to transform, you know, the network and what we're looking to do. So in that space, we're going to be focusing on what we're doing from an ecosystem perspective, our infrastructure focus. We'll be talking about what we're doing to support telco cloud transformation and then finally, as we talked about earlier, how are we helping the lines of business within our telecoms monetize the opportunity. So these are all different things we're really excited to be focusing on and look forward to the event next month. >> Yeah, it's going to be awesome In Barcelona at the Fira. As you say, Dell's big presence in Hall three. Orange is in there, Deutsche Telekom. Intel's in Hall three. VMware's there, Nokia, Vodafone. You got great things to see there. Check that out and of course, theCUBE, we are super excited to be collaborating with you. We got a great setup. We're in the walkway, right between halls four and five, right across from the Government of Catalonia, who are the host partners for the event. So there's going to be a ton of action there. Guys, can't wait to see you there. Really appreciate your time today. >> Great, thanks. >> All right, Mobile World Congress, theCUBE's coverage starts on February 27th, right after the keynotes. So first thing in the morning, East coast time, we'll be broadcasting, as Aaron said, all week, Monday through Thursday, on the show floor. Check that out at thecube.net. Siliconangle.com has all the written coverage, and go to dell.com, see what's happening there. Have all the action from the event. Don't miss us. This is Dave Vellante. We'll see you there. (upbeat music)

>> From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> OpenAI The company, and ChatGPT have taken the world by storm. Microsoft reportedly is investing an additional 10 billion dollars into the company. But in our view, while the hype around ChatGPT is justified, we don't believe OpenAI will lock up the market with its first mover advantage. Rather, we believe that success in this market will be directly proportional to the quality and quantity of data that a technology company has at its disposal, and the compute power that it could deploy to run its system. Hello and welcome to this week's Wikibon CUBE insights, powered by ETR. In this Breaking Analysis, we unpack the excitement around ChatGPT, and debate the premise that the company's early entry into the space may not confer winner take all advantage to OpenAI. And to do so, we welcome CUBE collaborator, alum, Sarbjeet Johal, (chuckles) and John Furrier, co-host of the Cube. Great to see you Sarbjeet, John. Really appreciate you guys coming to the program. >> Great to be on. >> Okay, so what is ChatGPT? Well, actually we asked ChatGPT, what is ChatGPT? So here's what it said. ChatGPT is a state-of-the-art language model developed by OpenAI that can generate human-like text. It could be fine tuned for a variety of language tasks, such as conversation, summarization, and language translation. So I asked it, give it to me in 50 words or less. How did it do? Anything to add? >> Yeah, think it did good. It's large language model, like previous models, but it started applying the transformers sort of mechanism to focus on what prompt you have given it to itself. And then also the what answer it gave you in the first, sort of, one sentence or two sentences, and then introspect on itself, like what I have already said to you. And so just work on that. So it it's self sort of focus if you will. It does, the transformers help the large language models to do that. >> So to your point, it's a large language model, and GPT stands for generative pre-trained transformer. >> And if you put the definition back up there again, if you put it back up on the screen, let's see it back up. Okay, it actually missed the large, word large. So one of the problems with ChatGPT, it's not always accurate. It's actually a large language model, and it says state of the art language model. And if you look at Google, Google has dominated AI for many times and they're well known as being the best at this. And apparently Google has their own large language model, LLM, in play and have been holding it back to release because of backlash on the accuracy. Like just in that example you showed is a great point. They got almost right, but they missed the key word. >> You know what's funny about that John, is I had previously asked it in my prompt to give me it in less than a hundred words, and it was too long, I said I was too long for Breaking Analysis, and there it went into the fact that it's a large language model. So it largely, it gave me a really different answer the, for both times. So, but it's still pretty amazing for those of you who haven't played with it yet. And one of the best examples that I saw was Ben Charrington from This Week In ML AI podcast. And I stumbled on this thanks to Brian Gracely, who was listening to one of his Cloudcasts. Basically what Ben did is he took, he prompted ChatGPT to interview ChatGPT, and he simply gave the system the prompts, and then he ran the questions and answers into this avatar builder and sped it up 2X so it didn't sound like a machine. And voila, it was amazing. So John is ChatGPT going to take over as a cube host? >> Well, I was thinking, we get the questions in advance sometimes from PR people. We should actually just plug it in ChatGPT, add it to our notes, and saying, "Is this good enough for you? Let's ask the real question." So I think, you know, I think there's a lot of heavy lifting that gets done. I think the ChatGPT is a phenomenal revolution. I think it highlights the use case. Like that example we showed earlier. It gets most of it right. So it's directionally correct and it feels like it's an answer, but it's not a hundred percent accurate. And I think that's where people are seeing value in it. Writing marketing, copy, brainstorming, guest list, gift list for somebody. Write me some lyrics to a song. Give me a thesis about healthcare policy in the United States. It'll do a bang up job, and then you got to go in and you can massage it. So we're going to do three quarters of the work. That's why plagiarism and schools are kind of freaking out. And that's why Microsoft put 10 billion in, because why wouldn't this be a feature of Word, or the OS to help it do stuff on behalf of the user. So linguistically it's a beautiful thing. You can input a string and get a good answer. It's not a search result. >> And we're going to get your take on on Microsoft and, but it kind of levels the playing- but ChatGPT writes better than I do, Sarbjeet, and I know you have some good examples too. You mentioned the Reed Hastings example. >> Yeah, I was listening to Reed Hastings fireside chat with ChatGPT, and the answers were coming as sort of voice, in the voice format. And it was amazing what, he was having very sort of philosophy kind of talk with the ChatGPT, the longer sentences, like he was going on, like, just like we are talking, he was talking for like almost two minutes and then ChatGPT was answering. It was not one sentence question, and then a lot of answers from ChatGPT and yeah, you're right. I, this is our ability. I've been thinking deep about this since yesterday, we talked about, like, we want to do this segment. The data is fed into the data model. It can be the current data as well, but I think that, like, models like ChatGPT, other companies will have those too. They can, they're democratizing the intelligence, but they're not creating intelligence yet, definitely yet I can say that. They will give you all the finite answers. Like, okay, how do you do this for loop in Java, versus, you know, C sharp, and as a programmer you can do that, in, but they can't tell you that, how to write a new algorithm or write a new search algorithm for you. They cannot create a secretive code for you to- >> Not yet. >> Have competitive advantage. >> Not yet, not yet. >> but you- >> Can Google do that today? >> No one really can. The reasoning side of the data is, we talked about at our Supercloud event, with Zhamak Dehghani who's was CEO of, now of Nextdata. This next wave of data intelligence is going to come from entrepreneurs that are probably cross discipline, computer science and some other discipline. But they're going to be new things, for example, data, metadata, and data. It's hard to do reasoning like a human being, so that needs more data to train itself. So I think the first gen of this training module for the large language model they have is a corpus of text. Lot of that's why blog posts are, but the facts are wrong and sometimes out of context, because that contextual reasoning takes time, it takes intelligence. So machines need to become intelligent, and so therefore they need to be trained. So you're going to start to see, I think, a lot of acceleration on training the data sets. And again, it's only as good as the data you can get. And again, proprietary data sets will be a huge winner. Anyone who's got a large corpus of content, proprietary content like theCUBE or SiliconANGLE as a publisher will benefit from this. Large FinTech companies, anyone with large proprietary data will probably be a big winner on this generative AI wave, because it just, it will eat that up, and turn that back into something better. So I think there's going to be a lot of interesting things to look at here. And certainly productivity's going to be off the charts for vanilla and the internet is going to get swarmed with vanilla content. So if you're in the content business, and you're an original content producer of any kind, you're going to be not vanilla, so you're going to be better. So I think there's so much at play Dave (indistinct). >> I think the playing field has been risen, so we- >> Risen and leveled? >> Yeah, and leveled to certain extent. So it's now like that few people as consumers, as consumers of AI, we will have a advantage and others cannot have that advantage. So it will be democratized. That's, I'm sure about that. But if you take the example of calculator, when the calculator came in, and a lot of people are, "Oh, people can't do math anymore because calculator is there." right? So it's a similar sort of moment, just like a calculator for the next level. But, again- >> I see it more like open source, Sarbjeet, because like if you think about what ChatGPT's doing, you do a query and it comes from somewhere the value of a post from ChatGPT is just a reuse of AI. The original content accent will be come from a human. So if I lay out a paragraph from ChatGPT, did some heavy lifting on some facts, I check the facts, save me about maybe- >> Yeah, it's productive. >> An hour writing, and then I write a killer two, three sentences of, like, sharp original thinking or critical analysis. I then took that body of work, open source content, and then laid something on top of it. >> And Sarbjeet's example is a good one, because like if the calculator kids don't do math as well anymore, the slide rule, remember we had slide rules as kids, remember we first started using Waze, you know, we were this minority and you had an advantage over other drivers. Now Waze is like, you know, social traffic, you know, navigation, everybody had, you know- >> All the back roads are crowded. >> They're car crowded. (group laughs) Exactly. All right, let's, let's move on. What about this notion that futurist Ray Amara put forth and really Amara's Law that we're showing here, it's, the law is we, you know, "We tend to overestimate the effect of technology in the short run and underestimate it in the long run." Is that the case, do you think, with ChatGPT? What do you think Sarbjeet? >> I think that's true actually. There's a lot of, >> We don't debate this. >> There's a lot of awe, like when people see the results from ChatGPT, they say what, what the heck? Like, it can do this? But then if you use it more and more and more, and I ask the set of similar question, not the same question, and it gives you like same answer. It's like reading from the same bucket of text in, the interior read (indistinct) where the ChatGPT, you will see that in some couple of segments. It's very, it sounds so boring that the ChatGPT is coming out the same two sentences every time. So it is kind of good, but it's not as good as people think it is right now. But we will have, go through this, you know, hype sort of cycle and get realistic with it. And then in the long term, I think it's a great thing in the short term, it's not something which will (indistinct) >> What's your counter point? You're saying it's not. >> I, no I think the question was, it's hyped up in the short term and not it's underestimated long term. That's what I think what he said, quote. >> Yes, yeah. That's what he said. >> Okay, I think that's wrong with this, because this is a unique, ChatGPT is a unique kind of impact and it's very generational. People have been comparing it, I have been comparing to the internet, like the web, web browser Mosaic and Netscape, right, Navigator. I mean, I clearly still remember the days seeing Navigator for the first time, wow. And there weren't not many sites you could go to, everyone typed in, you know, cars.com, you know. >> That (indistinct) wasn't that overestimated, the overhyped at the beginning and underestimated. >> No, it was, it was underestimated long run, people thought. >> But that Amara's law. >> That's what is. >> No, they said overestimated? >> Overestimated near term underestimated- overhyped near term, underestimated long term. I got, right I mean? >> Well, I, yeah okay, so I would then agree, okay then- >> We were off the charts about the internet in the early days, and it actually exceeded our expectations. >> Well there were people who were, like, poo-pooing it early on. So when the browser came out, people were like, "Oh, the web's a toy for kids." I mean, in 1995 the web was a joke, right? So '96, you had online populations growing, so you had structural changes going on around the browser, internet population. And then that replaced other things, direct mail, other business activities that were once analog then went to the web, kind of read only as you, as we always talk about. So I think that's a moment where the hype long term, the smart money, and the smart industry experts all get the long term. And in this case, there's more poo-pooing in the short term. "Ah, it's not a big deal, it's just AI." I've heard many people poo-pooing ChatGPT, and a lot of smart people saying, "No this is next gen, this is different and it's only going to get better." So I think people are estimating a big long game on this one. >> So you're saying it's bifurcated. There's those who say- >> Yes. >> Okay, all right, let's get to the heart of the premise, and possibly the debate for today's episode. Will OpenAI's early entry into the market confer sustainable competitive advantage for the company. And if you look at the history of tech, the technology industry, it's kind of littered with first mover failures. Altair, IBM, Tandy, Commodore, they and Apple even, they were really early in the PC game. They took a backseat to Dell who came in the scene years later with a better business model. Netscape, you were just talking about, was all the rage in Silicon Valley, with the first browser, drove up all the housing prices out here. AltaVista was the first search engine to really, you know, index full text. >> Owned by Dell, I mean DEC. >> Owned by Digital. >> Yeah, Digital Equipment >> Compaq bought it. And of course as an aside, Digital, they wanted to showcase their hardware, right? Their super computer stuff. And then so Friendster and MySpace, they came before Facebook. The iPhone certainly wasn't the first mobile device. So lots of failed examples, but there are some recent successes like AWS and cloud. >> You could say smartphone. So I mean. >> Well I know, and you can, we can parse this so we'll debate it. Now Twitter, you could argue, had first mover advantage. You kind of gave me that one John. Bitcoin and crypto clearly had first mover advantage, and sustaining that. Guys, will OpenAI make it to the list on the right with ChatGPT, what do you think? >> I think categorically as a company, it probably won't, but as a category, I think what they're doing will, so OpenAI as a company, they get funding, there's power dynamics involved. Microsoft put a billion dollars in early on, then they just pony it up. Now they're reporting 10 billion more. So, like, if the browsers, Microsoft had competitive advantage over Netscape, and used monopoly power, and convicted by the Department of Justice for killing Netscape with their monopoly, Netscape should have had won that battle, but Microsoft killed it. In this case, Microsoft's not killing it, they're buying into it. So I think the embrace extend Microsoft power here makes OpenAI vulnerable for that one vendor solution. So the AI as a company might not make the list, but the category of what this is, large language model AI, is probably will be on the right hand side. >> Okay, we're going to come back to the government intervention and maybe do some comparisons, but what are your thoughts on this premise here? That, it will basically set- put forth the premise that it, that ChatGPT, its early entry into the market will not confer competitive advantage to >> For OpenAI. >> To Open- Yeah, do you agree with that? >> I agree with that actually. It, because Google has been at it, and they have been holding back, as John said because of the scrutiny from the Fed, right, so- >> And privacy too. >> And the privacy and the accuracy as well. But I think Sam Altman and the company on those guys, right? They have put this in a hasty way out there, you know, because it makes mistakes, and there are a lot of questions around the, sort of, where the content is coming from. You saw that as your example, it just stole the content, and without your permission, you know? >> Yeah. So as quick this aside- >> And it codes on people's behalf and the, those codes are wrong. So there's a lot of, sort of, false information it's putting out there. So it's a very vulnerable thing to do what Sam Altman- >> So even though it'll get better, others will compete. >> So look, just side note, a term which Reid Hoffman used a little bit. Like he said, it's experimental launch, like, you know, it's- >> It's pretty damn good. >> It is clever because according to Sam- >> It's more than clever. It's good. >> It's awesome, if you haven't used it. I mean you write- you read what it writes and you go, "This thing writes so well, it writes so much better than you." >> The human emotion drives that too. I think that's a big thing. But- >> I Want to add one more- >> Make your last point. >> Last one. Okay. So, but he's still holding back. He's conducting quite a few interviews. If you want to get the gist of it, there's an interview with StrictlyVC interview from yesterday with Sam Altman. Listen to that one it's an eye opening what they want- where they want to take it. But my last one I want to make it on this point is that Satya Nadella yesterday did an interview with Wall Street Journal. I think he was doing- >> You were not impressed. >> I was not impressed because he was pushing it too much. So Sam Altman's holding back so there's less backlash. >> Got 10 billion reasons to push. >> I think he's almost- >> Microsoft just laid off 10000 people. Hey ChatGPT, find me a job. You know like. (group laughs) >> He's overselling it to an extent that I think it will backfire on Microsoft. And he's over promising a lot of stuff right now, I think. I don't know why he's very jittery about all these things. And he did the same thing during Ignite as well. So he said, "Oh, this AI will write code for you and this and that." Like you called him out- >> The hyperbole- >> During your- >> from Satya Nadella, he's got a lot of hyperbole. (group talks over each other) >> All right, Let's, go ahead. >> Well, can I weigh in on the whole- >> Yeah, sure. >> Microsoft thing on whether OpenAI, here's the take on this. I think it's more like the browser moment to me, because I could relate to that experience with ChatG, personally, emotionally, when I saw that, and I remember vividly- >> You mean that aha moment (indistinct). >> Like this is obviously the future. Anything else in the old world is dead, website's going to be everywhere. It was just instant dot connection for me. And a lot of other smart people who saw this. Lot of people by the way, didn't see it. Someone said the web's a toy. At the company I was worked for at the time, Hewlett Packard, they like, they could have been in, they had invented HTML, and so like all this stuff was, like, they just passed, the web was just being passed over. But at that time, the browser got better, more websites came on board. So the structural advantage there was online web usage was growing, online user population. So that was growing exponentially with the rise of the Netscape browser. So OpenAI could stay on the right side of your list as durable, if they leverage the category that they're creating, can get the scale. And if they can get the scale, just like Twitter, that failed so many times that they still hung around. So it was a product that was always successful, right? So I mean, it should have- >> You're right, it was terrible, we kept coming back. >> The fail whale, but it still grew. So OpenAI has that moment. They could do it if Microsoft doesn't meddle too much with too much power as a vendor. They could be the Netscape Navigator, without the anti-competitive behavior of somebody else. So to me, they have the pole position. So they have an opportunity. So if not, if they don't execute, then there's opportunity. There's not a lot of barriers to entry, vis-a-vis say the CapEx of say a cloud company like AWS. You can't replicate that, Many have tried, but I think you can replicate OpenAI. >> And we're going to talk about that. Okay, so real quick, I want to bring in some ETR data. This isn't an ETR heavy segment, only because this so new, you know, they haven't coverage yet, but they do cover AI. So basically what we're seeing here is a slide on the vertical axis's net score, which is a measure of spending momentum, and in the horizontal axis's is presence in the dataset. Think of it as, like, market presence. And in the insert right there, you can see how the dots are plotted, the two columns. And so, but the key point here that we want to make, there's a bunch of companies on the left, is he like, you know, DataRobot and C3 AI and some others, but the big whales, Google, AWS, Microsoft, are really dominant in this market. So that's really the key takeaway that, can we- >> I notice IBM is way low. >> Yeah, IBM's low, and actually bring that back up and you, but then you see Oracle who actually is injecting. So I guess that's the other point is, you're not necessarily going to go buy AI, and you know, build your own AI, you're going to, it's going to be there and, it, Salesforce is going to embed it into its platform, the SaaS companies, and you're going to purchase AI. You're not necessarily going to build it. But some companies obviously are. >> I mean to quote IBM's general manager Rob Thomas, "You can't have AI with IA." information architecture and David Flynn- >> You can't Have AI without IA >> without, you can't have AI without IA. You can't have, if you have an Information Architecture, you then can power AI. Yesterday David Flynn, with Hammersmith, was on our Supercloud. He was pointing out that the relationship of storage, where you store things, also impacts the data and stressablity, and Zhamak from Nextdata, she was pointing out that same thing. So the data problem factors into all this too, Dave. >> So you got the big cloud and internet giants, they're all poised to go after this opportunity. Microsoft is investing up to 10 billion. Google's code red, which was, you know, the headline in the New York Times. Of course Apple is there and several alternatives in the market today. Guys like Chinchilla, Bloom, and there's a company Jasper and several others, and then Lena Khan looms large and the government's around the world, EU, US, China, all taking notice before the market really is coalesced around a single player. You know, John, you mentioned Netscape, they kind of really, the US government was way late to that game. It was kind of game over. And Netscape, I remember Barksdale was like, "Eh, we're going to be selling software in the enterprise anyway." and then, pshew, the company just dissipated. So, but it looks like the US government, especially with Lena Khan, they're changing the definition of antitrust and what the cause is to go after people, and they're really much more aggressive. It's only what, two years ago that (indistinct). >> Yeah, the problem I have with the federal oversight is this, they're always like late to the game, and they're slow to catch up. So in other words, they're working on stuff that should have been solved a year and a half, two years ago around some of the social networks hiding behind some of the rules around open web back in the days, and I think- >> But they're like 15 years late to that. >> Yeah, and now they got this new thing on top of it. So like, I just worry about them getting their fingers. >> But there's only two years, you know, OpenAI. >> No, but the thing (indistinct). >> No, they're still fighting other battles. But the problem with government is that they're going to label Big Tech as like a evil thing like Pharma, it's like smoke- >> You know Lena Khan wants to kill Big Tech, there's no question. >> So I think Big Tech is getting a very seriously bad rap. And I think anything that the government does that shades darkness on tech, is politically motivated in most cases. You can almost look at everything, and my 80 20 rule is in play here. 80% of the government activity around tech is bullshit, it's politically motivated, and the 20% is probably relevant, but off the mark and not organized. >> Well market forces have always been the determining factor of success. The governments, you know, have been pretty much failed. I mean you look at IBM's antitrust, that, what did that do? The market ultimately beat them. You look at Microsoft back in the day, right? Windows 95 was peaking, the government came in. But you know, like you said, they missed the web, right, and >> so they were hanging on- >> There's nobody in government >> to Windows. >> that actually knows- >> And so, you, I think you're right. It's market forces that are going to determine this. But Sarbjeet, what do you make of Microsoft's big bet here, you weren't impressed with with Nadella. How do you think, where are they going to apply it? Is this going to be a Hail Mary for Bing, or is it going to be applied elsewhere? What do you think. >> They are saying that they will, sort of, weave this into their products, office products, productivity and also to write code as well, developer productivity as well. That's a big play for them. But coming back to your antitrust sort of comments, right? I believe the, your comment was like, oh, fed was late 10 years or 15 years earlier, but now they're two years. But things are moving very fast now as compared to they used to move. >> So two years is like 10 Years. >> Yeah, two years is like 10 years. Just want to make that point. (Dave laughs) This thing is going like wildfire. Any new tech which comes in that I think they're going against distribution channels. Lina Khan has commented time and again that the marketplace model is that she wants to have some grip on. Cloud marketplaces are a kind of monopolistic kind of way. >> I don't, I don't see this, I don't see a Chat AI. >> You told me it's not Bing, you had an interesting comment. >> No, no. First of all, this is great from Microsoft. If you're Microsoft- >> Why? >> Because Microsoft doesn't have the AI chops that Google has, right? Google is got so much core competency on how they run their search, how they run their backends, their cloud, even though they don't get a lot of cloud market share in the enterprise, they got a kick ass cloud cause they needed one. >> Totally. >> They've invented SRE. I mean Google's development and engineering chops are off the scales, right? Amazon's got some good chops, but Google's got like 10 times more chops than AWS in my opinion. Cloud's a whole different story. Microsoft gets AI, they get a playbook, they get a product they can render into, the not only Bing, productivity software, helping people write papers, PowerPoint, also don't forget the cloud AI can super help. We had this conversation on our Supercloud event, where AI's going to do a lot of the heavy lifting around understanding observability and managing service meshes, to managing microservices, to turning on and off applications, and or maybe writing code in real time. So there's a plethora of use cases for Microsoft to deploy this. combined with their R and D budgets, they can then turbocharge more research, build on it. So I think this gives them a car in the game, Google may have pole position with AI, but this puts Microsoft right in the game, and they already have a lot of stuff going on. But this just, I mean everything gets lifted up. Security, cloud, productivity suite, everything. >> What's under the hood at Google, and why aren't they talking about it? I mean they got to be freaked out about this. No? Or do they have kind of a magic bullet? >> I think they have the, they have the chops definitely. Magic bullet, I don't know where they are, as compared to the ChatGPT 3 or 4 models. Like they, but if you look at the online sort of activity and the videos put out there from Google folks, Google technology folks, that's account you should look at if you are looking there, they have put all these distinctions what ChatGPT 3 has used, they have been talking about for a while as well. So it's not like it's a secret thing that you cannot replicate. As you said earlier, like in the beginning of this segment, that anybody who has more data and the capacity to process that data, which Google has both, I think they will win this. >> Obviously living in Palo Alto where the Google founders are, and Google's headquarters next town over we have- >> We're so close to them. We have inside information on some of the thinking and that hasn't been reported by any outlet yet. And that is, is that, from what I'm hearing from my sources, is Google has it, they don't want to release it for many reasons. One is it might screw up their search monopoly, one, two, they're worried about the accuracy, 'cause Google will get sued. 'Cause a lot of people are jamming on this ChatGPT as, "Oh it does everything for me." when it's clearly not a hundred percent accurate all the time. >> So Lina Kahn is looming, and so Google's like be careful. >> Yeah so Google's just like, this is the third, could be a third rail. >> But the first thing you said is a concern. >> Well no. >> The disruptive (indistinct) >> What they will do is do a Waymo kind of thing, where they spin out a separate company. >> They're doing that. >> The discussions happening, they're going to spin out the separate company and put it over there, and saying, "This is AI, got search over there, don't touch that search, 'cause that's where all the revenue is." (chuckles) >> So, okay, so that's how they deal with the Clay Christensen dilemma. What's the business model here? I mean it's not advertising, right? Is it to charge you for a query? What, how do you make money at this? >> It's a good question, I mean my thinking is, first of all, it's cool to type stuff in and see a paper get written, or write a blog post, or gimme a marketing slogan for this or that or write some code. I think the API side of the business will be critical. And I think Howie Xu, I know you're going to reference some of his comments yesterday on Supercloud, I think this brings a whole 'nother user interface into technology consumption. I think the business model, not yet clear, but it will probably be some sort of either API and developer environment or just a straight up free consumer product, with some sort of freemium backend thing for business. >> And he was saying too, it's natural language is the way in which you're going to interact with these systems. >> I think it's APIs, it's APIs, APIs, APIs, because these people who are cooking up these models, and it takes a lot of compute power to train these and to, for inference as well. Somebody did the analysis on the how many cents a Google search costs to Google, and how many cents the ChatGPT query costs. It's, you know, 100x or something on that. You can take a look at that. >> A 100x on which side? >> You're saying two orders of magnitude more expensive for ChatGPT >> Much more, yeah. >> Than for Google. >> It's very expensive. >> So Google's got the data, they got the infrastructure and they got, you're saying they got the cost (indistinct) >> No actually it's a simple query as well, but they are trying to put together the answers, and they're going through a lot more data versus index data already, you know. >> Let me clarify, you're saying that Google's version of ChatGPT is more efficient? >> No, I'm, I'm saying Google search results. >> Ah, search results. >> What are used to today, but cheaper. >> But that, does that, is that going to confer advantage to Google's large language (indistinct)? >> It will, because there were deep science (indistinct). >> Google, I don't think Google search is doing a large language model on their search, it's keyword search. You know, what's the weather in Santa Cruz? Or how, what's the weather going to be? Or you know, how do I find this? Now they have done a smart job of doing some things with those queries, auto complete, re direct navigation. But it's, it's not entity. It's not like, "Hey, what's Dave Vellante thinking this week in Breaking Analysis?" ChatGPT might get that, because it'll get your Breaking Analysis, it'll synthesize it. There'll be some, maybe some clips. It'll be like, you know, I mean. >> Well I got to tell you, I asked ChatGPT to, like, I said, I'm going to enter a transcript of a discussion I had with Nir Zuk, the CTO of Palo Alto Networks, And I want you to write a 750 word blog. I never input the transcript. It wrote a 750 word blog. It attributed quotes to him, and it just pulled a bunch of stuff that, and said, okay, here it is. It talked about Supercloud, it defined Supercloud. >> It's made, it makes you- >> Wow, But it was a big lie. It was fraudulent, but still, blew me away. >> Again, vanilla content and non accurate content. So we are going to see a surge of misinformation on steroids, but I call it the vanilla content. Wow, that's just so boring, (indistinct). >> There's so many dangers. >> Make your point, cause we got to, almost out of time. >> Okay, so the consumption, like how do you consume this thing. As humans, we are consuming it and we are, like, getting a nicely, like, surprisingly shocked, you know, wow, that's cool. It's going to increase productivity and all that stuff, right? And on the danger side as well, the bad actors can take hold of it and create fake content and we have the fake sort of intelligence, if you go out there. So that's one thing. The second thing is, we are as humans are consuming this as language. Like we read that, we listen to it, whatever format we consume that is, but the ultimate usage of that will be when the machines can take that output from likes of ChatGPT, and do actions based on that. The robots can work, the robot can paint your house, we were talking about, right? Right now we can't do that. >> Data apps. >> So the data has to be ingested by the machines. It has to be digestible by the machines. And the machines cannot digest unorganized data right now, we will get better on the ingestion side as well. So we are getting better. >> Data, reasoning, insights, and action. >> I like that mall, paint my house. >> So, okay- >> By the way, that means drones that'll come in. Spray painting your house. >> Hey, it wasn't too long ago that robots couldn't climb stairs, as I like to point out. Okay, and of course it's no surprise the venture capitalists are lining up to eat at the trough, as I'd like to say. Let's hear, you'd referenced this earlier, John, let's hear what AI expert Howie Xu said at the Supercloud event, about what it takes to clone ChatGPT. Please, play the clip. >> So one of the VCs actually asked me the other day, right? "Hey, how much money do I need to spend, invest to get a, you know, another shot to the openAI sort of the level." You know, I did a (indistinct) >> Line up. >> A hundred million dollar is the order of magnitude that I came up with, right? You know, not a billion, not 10 million, right? So a hundred- >> Guys a hundred million dollars, that's an astoundingly low figure. What do you make of it? >> I was in an interview with, I was interviewing, I think he said hundred million or so, but in the hundreds of millions, not a billion right? >> You were trying to get him up, you were like "Hundreds of millions." >> Well I think, I- >> He's like, eh, not 10, not a billion. >> Well first of all, Howie Xu's an expert machine learning. He's at Zscaler, he's a machine learning AI guy. But he comes from VMware, he's got his technology pedigrees really off the chart. Great friend of theCUBE and kind of like a CUBE analyst for us. And he's smart. He's right. I think the barriers to entry from a dollar standpoint are lower than say the CapEx required to compete with AWS. Clearly, the CapEx spending to build all the tech for the run a cloud. >> And you don't need a huge sales force. >> And in some case apps too, it's the same thing. But I think it's not that hard. >> But am I right about that? You don't need a huge sales force either. It's, what, you know >> If the product's good, it will sell, this is a new era. The better mouse trap will win. This is the new economics in software, right? So- >> Because you look at the amount of money Lacework, and Snyk, Snowflake, Databrooks. Look at the amount of money they've raised. I mean it's like a billion dollars before they get to IPO or more. 'Cause they need promotion, they need go to market. You don't need (indistinct) >> OpenAI's been working on this for multiple five years plus it's, hasn't, wasn't born yesterday. Took a lot of years to get going. And Sam is depositioning all the success, because he's trying to manage expectations, To your point Sarbjeet, earlier. It's like, yeah, he's trying to "Whoa, whoa, settle down everybody, (Dave laughs) it's not that great." because he doesn't want to fall into that, you know, hero and then get taken down, so. >> It may take a 100 million or 150 or 200 million to train the model. But to, for the inference to, yeah to for the inference machine, It will take a lot more, I believe. >> Give it, so imagine, >> Because- >> Go ahead, sorry. >> Go ahead. But because it consumes a lot more compute cycles and it's certain level of storage and everything, right, which they already have. So I think to compute is different. To frame the model is a different cost. But to run the business is different, because I think 100 million can go into just fighting the Fed. >> Well there's a flywheel too. >> Oh that's (indistinct) >> (indistinct) >> We are running the business, right? >> It's an interesting number, but it's also kind of, like, context to it. So here, a hundred million spend it, you get there, but you got to factor in the fact that the ways companies win these days is critical mass scale, hitting a flywheel. If they can keep that flywheel of the value that they got going on and get better, you can almost imagine a marketplace where, hey, we have proprietary data, we're SiliconANGLE in theCUBE. We have proprietary content, CUBE videos, transcripts. Well wouldn't it be great if someone in a marketplace could sell a module for us, right? We buy that, Amazon's thing and things like that. So if they can get a marketplace going where you can apply to data sets that may be proprietary, you can start to see this become bigger. And so I think the key barriers to entry is going to be success. I'll give you an example, Reddit. Reddit is successful and it's hard to copy, not because of the software. >> They built the moat. >> Because you can, buy Reddit open source software and try To compete. >> They built the moat with their community. >> Their community, their scale, their user expectation. Twitter, we referenced earlier, that thing should have gone under the first two years, but there was such a great emotional product. People would tolerate the fail whale. And then, you know, well that was a whole 'nother thing. >> Then a plane landed in (John laughs) the Hudson and it was over. >> I think verticals, a lot of verticals will build applications using these models like for lawyers, for doctors, for scientists, for content creators, for- >> So you'll have many hundreds of millions of dollars investments that are going to be seeping out. If, all right, we got to wrap, if you had to put odds on it that that OpenAI is going to be the leader, maybe not a winner take all leader, but like you look at like Amazon and cloud, they're not winner take all, these aren't necessarily winner take all markets. It's not necessarily a zero sum game, but let's call it winner take most. What odds would you give that open AI 10 years from now will be in that position. >> If I'm 0 to 10 kind of thing? >> Yeah, it's like horse race, 3 to 1, 2 to 1, even money, 10 to 1, 50 to 1. >> Maybe 2 to 1, >> 2 to 1, that's pretty low odds. That's basically saying they're the favorite, they're the front runner. Would you agree with that? >> I'd say 4 to 1. >> Yeah, I was going to say I'm like a 5 to 1, 7 to 1 type of person, 'cause I'm a skeptic with, you know, there's so much competition, but- >> I think they're definitely the leader. I mean you got to say, I mean. >> Oh there's no question. There's no question about it. >> The question is can they execute? >> They're not Friendster, is what you're saying. >> They're not Friendster and they're more like Twitter and Reddit where they have momentum. If they can execute on the product side, and if they don't stumble on that, they will continue to have the lead. >> If they say stay neutral, as Sam is, has been saying, that, hey, Microsoft is one of our partners, if you look at their company model, how they have structured the company, then they're going to pay back to the investors, like Microsoft is the biggest one, up to certain, like by certain number of years, they're going to pay back from all the money they make, and after that, they're going to give the money back to the public, to the, I don't know who they give it to, like non-profit or something. (indistinct) >> Okay, the odds are dropping. (group talks over each other) That's a good point though >> Actually they might have done that to fend off the criticism of this. But it's really interesting to see the model they have adopted. >> The wildcard in all this, My last word on this is that, if there's a developer shift in how developers and data can come together again, we have conferences around the future of data, Supercloud and meshs versus, you know, how the data world, coding with data, how that evolves will also dictate, 'cause a wild card could be a shift in the landscape around how developers are using either machine learning or AI like techniques to code into their apps, so. >> That's fantastic insight. I can't thank you enough for your time, on the heels of Supercloud 2, really appreciate it. All right, thanks to John and Sarbjeet for the outstanding conversation today. Special thanks to the Palo Alto studio team. My goodness, Anderson, this great backdrop. You guys got it all out here, I'm jealous. And Noah, really appreciate it, Chuck, Andrew Frick and Cameron, Andrew Frick switching, Cameron on the video lake, great job. And Alex Myerson, he's on production, manages the podcast for us, Ken Schiffman as well. Kristen Martin and Cheryl Knight help get the word out on social media and our newsletters. Rob Hof is our editor-in-chief over at SiliconANGLE, does some great editing, thanks to all. Remember, all these episodes are available as podcasts. All you got to do is search Breaking Analysis podcast, wherever you listen. Publish each week on wikibon.com and siliconangle.com. Want to get in touch, email me directly, david.vellante@siliconangle.com or DM me at dvellante, or comment on our LinkedIn post. And by all means, check out etr.ai. They got really great survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching, We'll see you next time on Breaking Analysis. (electronic music)

>>Hey everyone, welcome to this event, HPE Compute Security. I'm your host, Lisa Martin. Kevin Dee joins me next Senior director, future Surfer Architecture at hpe. Kevin, it's great to have you back on the program. >>Thanks, Lisa. I'm glad to be here. >>One of the topics that we're gonna unpack in this segment is, is all about cybersecurity. And if we think of how dramatically the landscape has changed in the last couple of years, I was looking at some numbers that H P V E had provided. Cybercrime will reach 10.5 trillion by 2025. It's a couple years away. The average total cost of a data breach is now over 4 million, 15% year over year crime growth predicted over the next five years. It's no longer if we get hit, it's when it's how often. What's the severity? Talk to me about the current situation with the cybersecurity landscape that you're seeing. >>Yeah, I mean the, the numbers you're talking about are just staggering and then that's exactly what we're seeing and that's exactly what we're hearing from our customers is just absolutely key. Customers have too much to lose. The, the dollar cost is just, like I said, staggering. And, and here at HP we know we have a huge part to play, but we also know that we need partnerships across the industry to solve these problems. So we have partnered with, with our, our various partners to deliver these Gen 11 products. Whether we're talking about partners like a M D or partners like our Nick vendors, storage card vendors. We know we can't solve the problem alone. And we know this, the issue is huge. And like you said, the numbers are staggering. So we're really, we're really partnering with, with all the right players to ensure we have a secure solution so we can stay ahead of the bad guys to try to limit the, the attacks on our customers. >>Right. Limit the damage. What are some of the things that you've seen particularly change in the last 18 months or so? Anything that you can share with us that's eye-opening, more eye-opening than some of the stats we already shared? >>Well, there, there's been a massive number of attacks just in the last 12 months, but I wouldn't really say it's so much changed because the amount of attacks has been increasing dramatically over the years for many, many, many years. It's just a very lucrative area for the bad guys, whether it's ransomware or stealing personal data, whatever it is, it's there. There's unfortunately a lot of money to be made into it, made from it, and a lot of money to be lost by the good guys, the good guys being our customers. So it's not so much that it's changed, it's just that it's even accelerating faster. So the real change is, it's accelerating even faster because it's becoming even more lucrative. So we have to stay ahead of these bad guys. One of the statistics of Microsoft operating environments, the number of tax in the last year, up 50% year over year, that's a huge acceleration and we've gotta stay ahead of that. We have to make sure our customers don't get impacted to the level that these, these staggering number of attacks are. The, the bad guys are out there. We've gotta protect, protect our customers from the bad guys. >>Absolutely. The acceleration that you talked about is, it's, it's kind of frightening. It's very eye-opening. We do know that security, you know, we've talked about it for so long as a, as a a C-suite priority, a board level priority. We know that as some of the data that HPE e also sent over organizations are risking are, are listing cyber risks as a top five concern in their organization. IT budgets spend is going up where security is concerned. And so security security's on everyone's mind. In fact, the cube did, I guess in the middle part of last, I did a series on this really focusing on cybersecurity as a board issue and they went into how companies are structuring security teams changing their assumptions about the right security model, offense versus defense. But security's gone beyond the board, it's top of mind and it's on, it's in an integral part of every conversation. So my question for you is, when you're talking to customers, what are some of the key challenges that they're saying, Kevin, these are some of the things the landscape is accelerating, we know it's a matter of time. What are some of those challenges and that they're key pain points that they're coming to you to help solve? >>Yeah, at the highest level it's simply that security is incredibly important to them. We talked about the numbers. There's so much money to be lost that what they come to us and say, is security's important for us? What can you do to protect us? What can you do to prevent us from being one of those statistics? So at a high level, that's kind of what we're seeing at a, with a little more detail. We know that there's customers doing digital transformations. We know that there's customers going hybrid cloud, they've got a lot of initiatives on their own. They've gotta spend a lot of time and a lot of bandwidth tackling things that are important to their business. They just don't have the bandwidth to worry about yet. Another thing which is security. So we are doing everything we can and partnering with everyone we can to help solve those problems for customers. >>Cuz we're hearing, hey, this is huge, this is too big of a risk. How do you protect us? And by the way, we only have limited bandwidth, so what can we do? What we can do is make them assured that that platform is secure, that we're, we are creating a foundation for a very secure platform and that we've worked with our partners to secure all the pieces. So yes, they still have to worry about security, but there's pieces that we've taken care of that they don't have to worry about and there's capabilities that we've provided that they can use and we've made that easy so they can build su secure solutions on top of it. >>What are some of the things when you're in customer conversations, Kevin, that you talk about with customers in terms of what makes HPE E'S approach to security really unique? >>Well, I think a big thing is security is part of our, our dna. It's part of everything we do. Whether we're designing our own asics for our bmc, the ilo ASIC ILO six used on Gen 11, or whether it's our firmware stack, the ILO firmware, our our system, UFI firmware, all those pieces in everything we do. We're thinking about security. When we're building products in our factory, we're thinking about security. When we're think designing our supply chain, we're thinking about security. When we make requirements on our suppliers, we're driving security to be a key part of those components. So security is in our D N a security's top of mind. Security is something we think about in everything we do. We have to think like the bad guys, what could the bad guy take advantage of? What could the bad guy exploit? So we try to think like them so that we can protect our customers. >>And so security is something that that really is pervasive across all of our development organizations, our supply chain organizations, our factories, and our partners. So that's what we think is unique about HPE is because security is so important and there's a whole lot of pieces of our reliance servers that we do ourselves that many others don't do themselves. And since we do it ourselves, we can make sure that security's in the design from the start, that those pieces work together in a secure manner. So we think that gives us a, an advantage from a security standpoint. >>Security is very much intention based at HPE e I was reading in some notes, and you just did a great job of talking about this, that fundamental security approach, security is fundamental to defend against threats that are increasingly complex through what you also call an uncompromising focus to state-of-the-art security and in in innovations built into your D N A. And then organizations can protect their infrastructure, their workloads, their data from the bad guys. Talk to us briefly in our final few minutes here, Kevin, about fundamental uncompromising protected the value in it for me as an HPE customer. >>Yeah, when we talk about fundamental, we're talking about the those fundamental technologies that are part of our platform. Things like we've integrated TPMS and sorted them down in our platforms. We now have platform certificates as a standard part of the platform. We have I dev id and probably most importantly, our platforms continue to support what we really believe was a groundbreaking technology, Silicon Root of trust and what that's able to do. We have millions of lines of firmware code in our platforms and with Silicon Root of trust, we can authenticate all of those lines of firmware. Whether we're talking about the the ILO six firmware, our U E I firmware, our C P L D in the system, there's other pieces of firmware. We authenticate all those to make sure that not a single line of code, not a single bit has been changed by a bad guy, even if the bad guy has physical access to the platform. >>So that silicon route of trust technology is making sure that when that system boots off and that hands off to the operating system and then eventually the customer's application stack that it's starting with a solid foundation, that it's starting with a system that hasn't been compromised. And then we build other things into that silicon root of trust, such as the ability to do the scans and the authentications at runtime, the ability to automatically recover if we detect something has been compromised, we can automatically update that compromised piece of firmware to a good piece before we've run it because we never want to run firmware that's been compromised. So that's all part of that Silicon Root of Trust solution and that's a fundamental piece of the platform. And then when we talk about uncompromising, what we're really talking about there is how we don't compromise security. >>And one of the ways we do that is through an extension of our Silicon Root of trust with a capability called S Spdm. And this is a technology that we saw the need for, we saw the need to authenticate our option cards and the firmware in those option cards. Silicon Root Prota, Silicon Root Trust protects against many attacks, but one piece it didn't do is verify the actual option card firmware and the option cards. So we knew to solve that problem we would have to partner with others in the industry, our nick vendors, our storage controller vendors, our G vendors. So we worked with industry standards bodies and those other partners to design a capability that allows us to authenticate all of those devices. And we worked with those vendors to get the support both in their side and in our platform side so that now Silicon Rivers and trust has been extended to where we protect and we trust those option cards as well. >>So that's when, when what we're talking about with Uncompromising and with with Protect, what we're talking about there is our capabilities around protecting against, for example, supply chain attacks. We have our, our trusted supply chain solution, which allows us to guarantee that our server, when it leaves our factory, what the server is, when it leaves our factory, will be what it is when it arrives at the customer. And if a bad guy does anything in that transition, the transit from our factory to the customer, they'll be able to detect that. So we enable certain capabilities by default capability called server configuration lock, which can ensure that nothing in the server exchange, whether it's firmware, hardware, configurations, swapping out processors, whatever it is, we'll detect if a bad guy did any of that and the customer will know it before they deploy the system. That gets enabled by default. >>We have an intrusion detection technology option when you use by the, the trusted supply chain that is included by default. That lets you know, did anybody open that system up, even if the system's not plugged in, did somebody take the hood off and potentially do something malicious to it? We also enable a capability called U EFI secure Boot, which can go authenticate some of the drivers that are located on the option card itself. Those kind of capabilities. Also ilo high security mode gets enabled by default. So all these things are enabled in the platform to ensure that if it's attacked going from our factory to the customer, it will be detected and the customer won't deploy a system that's been maliciously attacked. So that's got >>It, >>How we protect the customer through those capabilities. >>Outstanding. You mentioned partners, my last question for you, we've got about a minute left, Kevin is bring AMD into the conversation, where do they fit in this >>AMD's an absolutely crucial partner. No one company even HP can do it all themselves. There's a lot of partnerships, there's a lot of synergies working with amd. We've been working with AMD for almost 20 years since we delivered our first AM MD base ProLiant back in 2004 H HP ProLiant, DL 5 85. So we've been working with them a long time. We work with them years ahead of when a processor is announced, we benefit each other. We look at their designs and help them make their designs better. They let us know about their technology so we can take advantage of it in our designs. So they have a lot of security capabilities, like their memory encryption technologies, their a MD secure processor, their secure encrypted virtualization, which is an absolutely unique and breakthrough technology to protect virtual machines and hypervisor environments and protect them from malicious hypervisors. So they have some really great capabilities that they've built into their processor, and we also take advantage of the capabilities they have and ensure those are used in our solutions and in securing the platform. So a really such >>A great, great partnership. Great synergies there. Kevin, thank you so much for joining me on the program, talking about compute security, what HPE is doing to ensure that security is fundamental, that it is unpromised and that your customers are protected end to end. We appreciate your insights, we appreciate your time. >>Thank you very much, Lisa. >>We've just had a great conversation with Kevin Depu. Now I get to talk with David Chang, data center solutions marketing lead at a md. David, welcome to the program. >>Thank, thank you. And thank you for having me. >>So one of the hot topics of conversation that we can't avoid is security. Talk to me about some of the things that AMD is seeing from the customer's perspective, why security is so important for businesses across industries. >>Yeah, sure. Yeah. Security is, is top of mind for, for almost every, every customer I'm talking to right now. You know, there's several key market drivers and, and trends, you know, in, out there today that's really needing a better and innovative solution for, for security, right? So, you know, the high cost of data breaches, for example, will cost enterprises in downtime of, of the data center. And that time is time that you're not making money, right? And potentially even leading to your, to the loss of customer confidence in your, in your cust in your company's offerings. So there's real costs that you, you know, our customers are facing every day not being prepared and not having proper security measures set up in the data center. In fact, according to to one report, over 400 high-tech threats are being introduced every minute. So every day, numerous new threats are popping up and they're just, you know, the, you know, the bad guys are just getting more and more sophisticated. So you have to take, you know, measures today and you have to protect yourself, you know, end to end with solutions like what a AM MD and HPE has to offer. >>Yeah, you talked about some of the costs there. They're exorbitant. I've seen recent figures about the average, you know, cost of data breacher ransomware is, is close to, is over $4 million, the cost of, of brand reputation you brought up. That's a great point because nobody wants to be the next headline and security, I'm sure in your experiences. It's a board level conversation. It's, it's absolutely table stakes for every organization. Let's talk a little bit about some of the specific things now that A M D and HPE E are doing. I know that you have a really solid focus on building security features into the EPIC processors. Talk to me a little bit about that focus and some of the great things that you're doing there. >>Yeah, so, you know, we partner with H P E for a long time now. I think it's almost 20 years that we've been in business together. And, and you know, we, we help, you know, we, we work together design in security features even before the silicons even, you know, even born. So, you know, we have a great relationship with, with, with all our partners, including hpe and you know, HPE has, you know, an end really great end to end security story and AMD fits really well into that. You know, if you kind of think about how security all started, you know, in, in the data center, you, you've had strategies around encryption of the, you know, the data in, in flight, the network security, you know, you know, VPNs and, and, and security on the NS. And, and even on the, on the hard drives, you know, data that's at rest. >>You know, encryption has, you know, security has been sort of part of that strategy for a a long time and really for, you know, for ages, nobody really thought about the, the actual data in use, which is, you know, the, the information that's being passed from the C P U to the, the, the memory and, and even in virtualized environments to the, the, the virtual machines that, that everybody uses now. So, you know, for a long time nobody really thought about that app, you know, that third leg of, of encryption. And so a d comes in and says, Hey, you know, this is things that as, as the bad guys are getting more sophisticated, you, you have to start worrying about that, right? And, you know, for example, you know, you know, think, think people think about memory, you know, being sort of, you know, non-persistent and you know, when after, you know, after a certain time, the, the, you know, the, the data in the memory kind of goes away, right? >>But that's not true anymore because even in in memory data now, you know, there's a lot of memory modules that still can retain data up to 90 minutes even after p power loss. And with something as simple as compressed, compressed air or, or liquid nitrogen, you can actually freeze memory dams now long enough to extract the data from that memory module for up, you know, up, up to two or three hours, right? So lo more than enough time to read valuable data and, and, and even encryption keys off of that memory module. So our, our world's getting more complex and you know, more, the more data out there, the more insatiable need for compute and storage. You know, data management is becoming all, all the more important, you know, to keep all of that going and secure, you know, and, and creating security for those threats. It becomes more and more important. And, and again, especially in virtualized environments where, you know, like hyperconverged infrastructure or vir virtual desktop memories, it's really hard to keep up with all those different attacks, all those different attack surfaces. >>It sounds like what you were just talking about is what AMD has been able to do is identify yet another vulnerability Yes. Another attack surface in memory to be able to, to plug that hole for organizations that didn't, weren't able to do that before. >>Yeah. And, you know, and, and we kind of started out with that belief that security needed to be scalable and, and able to adapt to, to changing environments. So, you know, we, we came up with, you know, the, you know, the, the philosophy or the design philosophy that we're gonna continue to build on those security features generational generations and stay ahead of those evolving attacks. You know, great example is in, in the third gen, you know, epic C P U, that family that we had, we actually created this feature called S E V S N P, which stands for SECURENESS Paging. And it's really all around this, this new attack where, you know, your, the, the, you know, it's basically hypervisor based attacks where people are, you know, the bad actors are writing in to the memory and writing in basically bad data to corrupt the mem, you know, to corrupt the data in the memory. So s e V S and P is, was put in place to help, you know, secure that, you know, before that became a problem. And, you know, you heard in the news just recently that that becoming a more and more, more of a bigger issue. And the great news is that we had that feature built in, you know, before that became a big problem. >>And now you're on the fourth gen, those epic crosses talk of those epic processes. Talk to me a little bit about some of the innovations that are now in fourth gen. >>Yeah, so in fourth gen we actually added, you know, on top of that. So we've, we've got, you know, the sec the, the base of our, our, what we call infinity guard is, is all around the secure boot. The, you know, the, the, the, the secure root of trust that, you know, that we, we work with HPE on the, the strong memory encryption and the S E V, which is the secure encrypted virtualization. And so remember those s s and p, you know, incap capabilities that I talked about earlier. We've actually, in the fourth gen added two x the number of sev v s and P guests for even higher number of confidential VMs to support even more customers than before. Right? We've also added more guest protection from simultaneous multi threading or S M T side channel attacks. And, you know, while it's not officially part of Infinity Guard, we've actually added more APEC acceleration, which greatly benefits the security of those confidential VMs with the larger number of VCPUs, which basically means that you can build larger VMs and still be secured. And then lastly, we actually added even stronger a e s encryption. So we went from 128 bit to 256 bit, which is now military grade encryption on top of that. And, you know, and, and that's really, you know, the de facto crypto cryptography that is used for most of the applications for, you know, customers like the US federal government and, and all, you know, the, is really an essential element for memory security and the H B C applications. And I always say if it's good enough for the US government, it's good enough for you. >>Exactly. Well, it's got to be, talk a little bit about how AMD is doing this together with HPE a little bit about the partnership as we round out our conversation. >>Sure, absolutely. So security is only as strong as the layer below it, right? So, you know, that's why modern security must be built in rather than, than, you know, bolted on or, or, or, you know, added after the fact, right? So HPE and a MD actually developed this layered approach for protecting critical data together, right? Through our leadership and, and security features and innovations, we really deliver a set of hardware based features that, that help decrease potential attack surfaces. With, with that holistic approach that, you know, that safeguards the critical information across system, you know, the, the entire system lifecycle. And we provide the confidence of built-in silicon authentication on the world's most secure industry standard servers. And with a 360 degree approach that brings high availability to critical workloads while helping to defend, you know, against internal and external threats. So things like h hp, root of silicon root of trust with the trusted supply chain, which, you know, obviously AMD's part of that supply chain combined with AMD's Infinity guard technology really helps provide that end-to-end data protection in today's business. >>And that is so critical for businesses in every industry. As you mentioned, the attackers are getting more and more sophisticated, the vulnerabilities are increasing. The ability to have a pa, a partnership like H P E and a MD to deliver that end-to-end data protection is table stakes for businesses. David, thank you so much for joining me on the program, really walking us through what am MD is doing, the the fourth gen epic processors and how you're working together with HPE to really enable security to be successfully accomplished by businesses across industries. We appreciate your insights. >>Well, thank you again for having me, and we appreciate the partnership with hpe. >>Well, you wanna thank you for watching our special program HPE Compute Security. I do have a call to action for you. Go ahead and visit hpe com slash security slash compute. Thanks for watching.

(bright upbeat music) >> Well, hello everybody. John Walls is here on "the CUBE". Great to have you with us as we continue our series here at the AWS Executive Summit sponsored by Accenture. And today we're talking about public service and not just a little slice of public service but probably the largest public sector offering in the UK and for with us or with us. Now to talk about that is Lianne Anderton, who is in with the Intelligent Automation Garage Delivery Lead at the UK Department of Work and Pension. Lianne, good to see you today. Thanks for joining us here on "the CUBE". >> Hi, thanks for having me. >> And also with this us is Amar Narayan, who is a Manager Director at Accenture the AWS Business Group for the Lead in Health and Public Sector, also UK and Ireland. And Amar, I think, you and Lianne, are in the same location, Newcastle, I believe in the UK, is that right? >> Yeah, absolutely. Yep, yeah, we're, here in the northeast of UK. >> Well, thank you for being with us. I appreciate the time. Lianne, let's talk about what you do, the Department of Work and Pension, the famous DWP in England. You have influence or certainly touchpoints with a huge amount of the British population. In what respects, what are you doing for the working class in England and what does technology have to do with all that? >> Sure, so for the Department for Work and Pensions I think the pensions bit is fairly self explanatory so anybody who is over state pension age within the UK. for the work part of that we also deal with people of working age. So, these are people who are either in employment and need additional help through various benefits we offer in the UK. Those people who are out of work. And we also deal with health related benefits as well. And we are currently serving over 20 million claimants every year at this moment in time. So, we're aware of a huge part of the UK government. >> All right, so say that number again. How many? >> 20 million claimants every year. >> Million with an M, right? >> Yeah. >> So, and that's individuals. And so how many transactions, if you will, how many do you think you process in a month? How, much traffic basically, are you seeing? >> An extraordinary amount? I'm not even, I don't think I even know that number. (Lianne laughing) >> Mind blowing, right? So, it's- >> A huge, huge amount. >> Mind blowing. >> Yeah, so, basically the we kind of keep the country going. So, you know, if the department for Work and Pensions kind of didn't exist anymore then actually it would cause an infinite number of problems in society. We, kind of help and support the people who need that. And, yeah, so we play a really vital role in kind of you know, social care and kind of public service. >> So, what was your journey to Accenture then? What, eventually led you to them? What problem were you having and how have you collaborated to solve that? >> So, in terms of how we work with Accenture. So, we had in around 2017 DWP was looking at a projected number of transactions growing by about 210 million which was, you know, an extraordinary amount. And, you know, I think as we've kind of covered everything that we do is on a massive scale. So, we as DWP as an organization we had absolutely no idea how we were going to be able to handle such a massive increase in the transactions. And actually, you know, after kind of various kind of paths and ideas of how we were going to do that, automation, was actually the answer. But the problem that we have with that is that we have, like many governments around the world, we have really older legacy systems. So, each of these benefits that we deal with are on legacy systems. So, whatever we were going to develop had to, you know, connect to all of these, it had to ingest and then process all of these pieces of data some of which, you know, given the fact that a lot of these systems have a lot of manual input you have data issues there that you have to solve and whatever we did, you know, as we've talked about in terms of volumes has to scale instantly as well. So, it has to be able to scale up and down to meet demand and, you know, and that down scaling is also equally as important. So yeah, you've got to be able to scale up to meet the volumes but also you've got to be able to downscale when when it's not needed. But we had nothing that was like that kind of helped us to meet that demand. So, we built our own automation platform, The Intelligent Automation Garage and we did that with Accenture. >> So Amar, I'd like you to chime in here then. So, you're looking at this client who has this massive footprint and obviously vital services, right? So, that's paramount that you have to keep that in mind and the legacy systems that Lianne was just talking about. So, now you're trying to get 'em in the next gen but also respecting that they have a serious investment already in a lot of technology. How do you approach that kind of problem solving, those dynamics and how in this case did you get them to automation as the solution? >> Sure, so I think I think one of the interesting things, yeah as Lianne has sort of described it, right? It's effectively like, you know the department has to have be running all of the time, right? They can't, you know, they can't effectively stop and then do a bunch of IT transformation, you know it's effectively like, you know, changing the wheels of a jumbo jet whilst it's taking off, right? And you've got to do all of that all in one go. But what I think we really, really liked about the situation that we were in and the client relationship we had was that we knew we had to it wasn't just a technology play, we couldn't just go, "All right, let's just put some new technology in." What we also needed to do was really sort of create a culture, an innovation culture, and go, "Well how do we think about the problems that we currently have and how do we think about solving them differently and in collaboration, right?" So, not just the, "Let's just outsource a bunch of technology for to, you know, to Accenture and build a bunch of stuff." So, we very carefully thought about, well actually, the unique situation that they're in the demands that the citizens have on the services that the department provide. And as Lianne mentioned, that technology didn't exist. So, we fundamentally looked at this in a different way. So, we worked really closely with the department. We said, Look, actually what we ultimately need is the equivalent of a virtual workforce. Something where if you already, you know all of a sudden had a hundred thousand pension claims that needed to be processed in a week that you could click your fingers and, you know in a physical world you'd have another building all of your kits, a whole bunch of trained staff that would be able to process that work. And if in the following week you didn't need that you no longer needed that building that stuff or the machinery. And we wanted to replicate that in the virtual world. So, we started designing a platform we utilized and focused on using AWS because it had the scalability. And we thought about, how were we going to connect something as new as AWS to all of these legacy systems. How are we going to make that work in the modern world? How are we going to integrate it? How we going to make sure it's secure? And frankly, we're really honest with the client we said, "Look, this hasn't been done before. Like, nowhere in Accenture has done it. No one's done it in the industry. We've got some smart people, I think we can do it." And, we've prototyped and we've built and we were able to prove that we can do that. And that in itself just created an environment of solving tricky problems and being innovative but most importantly not doing sort of proof of concepts that didn't go anywhere but building something that actually scaled. And I think that was really the real the start of what was has been the Garage. >> So, And Lianne, you mentioned this and you just referred to it Amar, about The Garage, right? The Intelligent Automation Garage. What exactly is it? I mean, we talked about it, what the needs are all this and that, but Lianne, I'll let you jump in first and Amar, certainly compliment her remarks, but what is the IAG, what's the... >> So, you know, I think exactly what kind of Amar, has said from a from a kind of a development point of view I think it started off, you know, really, really small. And the idea is that this is DWP, intelligent automation center of excellence. So, you know, it's aims are that, you know, it makes sure that it scopes out kind of the problems that DWP are are facing properly. So, we really understand what the crux of the problem is. In large organizations It's very easy, I think to think you understand what the problem is where actually, you know, it is really about kind of delving into what that is. And actually we have a dedicated design team that really kind of get under the bonnet of what these issues really are. It then kind of architects what the solutions need to look like using as Amar said, all the exciting new technology that we kind of have available to us. That kind of sensible solution as to what that should look like. We then build that sensible solution and we then, you know as part of that, we make sure that it scales to demand. So, something that might start out with, I dunno, you know a few hundred claimants or kind of cases going through it can quite often, you know, once that's that's been successful scale really, really quickly because as you know, we have 20 million claimants that come through us every year. So, these types of things can grow and expand but also a really key function of what we do is that we have a fully supported in-house service as well. So, all of those automations that we build are then maintained and you know, so any changes that kind of needed to be need to be made to them, we have all that and we have that control and we have our kind of arms wrapped around all of those. But also what that allows us to do is it allows us to be very kind of self-sufficient in making sure that we are as sufficient, sorry, as efficient as possible. And what I mean by that is looking at, you know as new technologies come around and they can allow us to do things more effectively. So, it allows us to kind of almost do that that kind of continuous improvement ourselves. So, that's a huge part of what we do as well. And you know, I think from a size point of view I said this started off really small as in the idea was this was a kind of center of excellence but actually as automation, I think as Amar alluded to is kind of really started to embed in DWP culture what we've started to kind of see is the a massive expansion in the types of of work that people want us to do and the volume of work that we are doing. So, I think we're currently running at around around a hundred people at the moment and I think, you know we started off with a scrum, a couple of scrum teams under Amar, so yeah, it's really grown. But you know, I think this is here to stay within DWP. >> Yeah, well when we talk about automation, you know virtual and robotics and all this I like to kind of keep the human element in mind here too. And Amar, maybe you can touch on that in certain terms of the human factors in this equation. 'Cause people think about, you know, robots it means different things to different people. In your mind, how does automation intersect with the human element here and in terms of the kinds of things Lianne wants to do down the road, you know, is a road for people basically? >> Oh yeah, absolutely. I think fundamentally what the department does is support people and therefore the solutions that we designed and built had to factor that in mind right? We were trying to best support and provide the best service we possibly can. And not only do we need to support the citizens that it supports. The department itself is a big organization, right? We're up to, we're talking between sort of 70 and 80,000 employees. So, how do we embed automation but also make the lives of the, of the DWP agents better as well? And that's what we thought about. So we said, "Well look, we think we can design solutions that do both." So, a lot of our automations go through a design process and we work closely with our operations team and we go, well actually, you know in processing and benefit, there are some aspects of that processing that benefit that are copy and paste, right? It doesn't require much thought around it, but it just requires capturing data and there's elements of that solution or that process that requires actual thought and understanding and really empathy around going, "Well how do I best support this citizen?" And what we tended to do is we took all of the things that were sort of laborious and took a lot of time and would slow down the overall process and we automated those and then we really focused on making sure that the elements that required the human, the human input was made as user friendly and centric as we possibly could. So, if there's a really complex case that needs to be processed, we were able to present the information in a really digestible and understandable way for the agents so that they could make a informed and sensible decision based around a citizen. And what that enabled us to do is essentially meet the demands of the volumes and the peaks that came in but also maintain the quality and if not improve, you know the accuracy of the claims processing that we had. >> So, how do you know, and maybe Lianne, you can address this. How do you know that it's successful on both sides of that equation? And, 'cause Amar raised a very good point. You have 70 to 80,000 employees that you're trying to make their work life much more efficient, much simpler and hopefully make them better at their jobs at the end of the day. But you're also taking care of 20 million clients on the, your side too. So, how do you, what's your measurement for success and what kind of like raw feedback do you get that says, "Okay, this has worked for both of our client bases, both our citizens and our employees?" >> Yeah, so we can look at this both from a a quantitative and a qualitative point of view as well. So, I think from a let take the kind figures first. So we are really hot on making sure that whatever automations we put in place we are there to measure how that automation is working what it's kind of doing and the impact that it's having from an operational point of view. So I think, you know, I think the proof of the fact that the Intelligent Automation Garage is working is that, you know, in the, in its lifetime, we've processed over 20 million items and cases so far. We have 65 scaled and transitioned automations and we've saved over 2 million operational hours. I was going to say that again that's 2 million operational hours. And what that allows us to do as an organization those 2 million hours have allowed us to rather than people as Amar, said, cutting and pasting and doing work that that is essentially very time consuming and repetitive. That 2 million hours we've been able to use on actual decision making. So, the stuff that you need as sentient human being to make judgment calls on and you know and kind of make those decisions that's what it's allowed us as an organization to do. And then I think from a quality point of view I think the feedback that we have from our operational teams is, you know is equally as as great. So, we have that kind of feedback from, you know all the way up from to the director level about, you know how it's kind of like I said that freeing up that time but actually making the operational, you know they don't have an easy job and it's making that an awful lot easier on a day to day basis. It has a real day to day impact. But also, you know, there are other things that kind of the knock on effects in terms of accuracy. So for example, robot will do is exactly as it's told it doesn't make any mistakes, it doesn't have sick days, you know, it does what it says on the tin and actually that kind of impact. So, it's not necessarily, you know, counting your numbers it's the fact that then doesn't generate a call from a customer that kind of says, "Well you, I think you've got this wrong." So, it's all that kind of, these kind of ripple effects that go out. I think is how we measure the fact that A, the garage is working and b, it's delivering the value that we needed to deliver. >> Robots, probably ask better questions too so yeah... (Lianne laughing) So, real quick, just real quick before you head out. So, the big challenge next, eureka, this works, right? Amar, you put together this fantastic system it's in great practice at the DWP, now what do we do? So, it's just in 30 seconds, Amar, maybe if you can look at, be the headlights down the road here for DWP and say, "This is where I think we can jump to next." >> Yeah, so I think, what we've been able to prove as I say is that is scaled innovation and having the return and the value that it creates is here to stay, right? So, I think the next things for us are a continuous expand the stuff that we're doing. Keeping hold of that culture, right? That culture of constantly solving difficult problems and being able to innovate and scale them. So, we are now doing a lot more automations across the department, you know, across different benefits across the digital agenda. I think we're also now becoming almost a bit of the fabric of enabling some of the digital transformation that big organizations look at, right? So moving to a world where you can have a venture driven architectures and being able to sort of scale that. I also think the natural sort of expansion of the team and the type of work that we're going to do is probably also going to expand into sort of the analytics side of it and understanding and seeing how we can take the data from the cases that we're processing to overall have a smoother journey across for our citizens. But it's looking, you know, the future's looking bright. I think we've got a number of different backlogs of items to work on. >> Well, you've got a great story to tell and thank you for sharing it with us here on "the CUBE", talking about DWP, the Department of Work and Pensions in the UK and the great work that Accenture's doing to make 20 million lives plus, a lot simpler for our friends in England. You've been watching ""the CUBE"" the AWS Executive Summit sponsored by Accenture. (bright upbeat music)

>>Welcome back here on the Cube. I'm John Walls. We are in Las Vegas at the Venetian, and this is Reinvent 22 in the Executive Summit sponsored by Accenture. Glad to have you with us here as we continue our conversations. I'm joined by Paul Puckett, who's the former director of the Enterprise Cloud Management Services at the US Army. Paul, good to see you sir. Hey, you as well, John. Thank you. And Justin, she who is managing director and cloud go to market lead at Accenture Federal Services. Justin, good morning to you. Good morning, John. Yeah, glad to have you both here on the cube. First time too, I believe, right? Yes sir. Well, welcome. I wish we had some kind of baptism or indoctrination, but I'll see what I can come up with in the next 10 minutes for you. Let's talk about the Army, Paul. So enterprise cloud management, US Army. You know, I can't imagine the scale we're talking about here. I can't imagine the solutions we're talking about. I can't imagine the users we're talking about. Just for our folks at home, paint the picture a little bit of what kind of landscape it is that you have to cover with that kind of title. >>Sure. The United States Army, about 1.4 million people. Obviously a global organization responsible for protecting and defending the United States as part of our sister services in the Department of Defense. And scale often comes up a lot, right? And we talk about any capability to your solution for the United States Army scale is the, the number one thing, but oftentimes people overlook quality first. And actually when you think of the partnership between the Army and Accenture Federal, we thought a lot when it came to establishing the enterprise Cloud management agency that we wanted to deliver quality first when it came to adopting cloud computing and then scale that quality and not so much be afraid of the, the scale of the army and the size that forces us to make bad decisions. Cuz we wanted to make sure that we proved that there was opportunity and value in the cloud first, and then we wanted to truly scale that. And so no doubt, an immense challenge. The organization's been around for now three years, but I think that we've established irreversible momentum when it comes to modernization, leveraging cloud computing >>For the army. So let's back up. You kind of threw it in there, the ecma. So this agency was, was your a collaboration, right? To create from the ground up and it's in three years in existence. So let's just talk about that. What went into that thinking? What went into the planning and then how did you actually get it up and run into the extent that it is today? >>Sure. Well, it was once the enterprise cloud management office. It was a directorate within the, the CIO G six of the United States Army. So at the headquarters, the army, the chief information Officer, and the G six, which is essentially the military arm for all IT capability were once a joint's organization and the ECMO was created to catalyze the adoption of cloud computing. The army had actually been on a, a cloud adoption journey for many years, but there wasn't a lot of value that was actually derived. And so they created the ecma, well, the ECMO at the time brought me in as the director. And so we were responsible for establishing the new strategy for the adoption of cloud. One of the components of that strategy was essentially we needed an opportunity to be able to buy cloud services at scale. And this was part of our buy secure and build model that we had in place. And so part of the buy piece, we put an acquisition strategy together around how we wanted to buy cloud at scale. We called it the cloud account management optimization. OTA >>Just rolls right off the >>Tongue, it just rolls right off the tongue. And for those that love acronyms, camo, >>Which I liked it when I was say cama, I loved that. That was, that was, >>You always have to have like a tundra, a little >>Piece of that. Very good. It was good. >>But at the time it was novetta, no, Nevada's been bought up by afs, but Novea won that agreement. And so we've had this partnership in place now for just about a year and a half for buying cloud computing net scale. >>So let's talk about, about what you deal with on, on the federal services side here, Justin, in terms of the army. So obviously governance, a major issue, compliance, a major issue, security, you know, paramount importance and all that STEM leads up to quality that Paul was talking about. So when you were looking at this and keeping all those factors in, in your mind, right? I mean, how many, like, oh my God, what kind of days did you have? Oh, well, because this was a handful. >>Well, it was, but you could see when we were responding to the acquisition that it was really, you know, forward thinking and forward leaning in terms of how they thought about cloud acquisition and cloud governance and cloud management. And it's really kind of a sleepy area like cloud account acquisition. Everyone's like, oh, it's easy to get in the cloud, you know, run your credit card on Amazon and you're in, in 30 seconds or less. That's really not the case inside the federal government, whether it's the army, the Air Force or whoever, right? Those, those are, they're real challenges in procuring and acquiring cloud. And so it was clear from, you know, Paul's office that they understood those challenges and we were excited to really meet them with them. >>And, and how, I guess from an institutional perspective, before this was right, I I assume very protective, very tight cloistered, right? You, you, in terms of being open to or, or a more open environment, there might have been some pushback was they're not. Right? So dealing with that, what did you find that to be the case? Well, so >>There's kind of a few pieces to unpacking that. There's a lot of fear in trepidation around something you don't understand, right? And so part of it is the teaching and training and the, and the capability and the opportunity in the cloud and the ability to be exceptionally secure when it comes to no doubt, the sensitivity of the information of the Department of Defense, but also from an action acquisition strategy perspective, more from a financial perspective, the DOD is accustomed to buying hardware. We make these big bets of these big things to, to live in today's centers. And so when we talk about consuming cloud as a utility, there's a lot of fear there as well, because they don't really understand how to kind of pay for something by the drink, if you will, because it incentivizes them to be more efficient with their utilization of resources. >>But when you look at the budgeting process of the d od, there really is not that much of incentive for efficiency. The p PPE process, the planning program, budgeting, execution, they care about execution, which is spending money and you can spend a lot of money in the cloud, right? But how are you actually utilizing that? And so what we wanted to do is create that feedback loop and so the utilization is actually fed into our financial systems that help us then estimate into the future. And that's the capability that we partnered with AFS on is establishing the closing of that feedback loop. So now we can actually optimize our utilization of the cloud. And that's actually driving better incentives in the PPE >>Process. You know, when you think about these keywords here, modernized, digitized, data driven, so on, so forth, I, I don't think a lot of people might connect that to the US government in general just because of, you know, it's a large intentionally slow moving bureaucratic machine, right? Is that fair to characterize it that way? It >>Is, but not in this case. Right? So what we done, >>You you totally juxtapose that. Yeah. >>Yeah. So what we've done is we've really enabled data driven decision making as it relates to cloud accounts and cloud governance. And so we have a, a tool called Cloud Tracker. We deployed for the army at a number of different classifications, and you get a full 360 view of all of your cloud utilization and cloud spend, you know, really up to date within 24 hours of it occurring, right? And there a lot of folks, you know, they didn't never went into the console, they never looked at what they were spending in cloud previously. And so now you just go to a simple web portal and see the entire entirety of the army cloud spend right there at your fingertips. So that really enables like better decision making in terms of like purchasing savings plans and reserved instances and other sorts of AWS specific tools to help you save money. >>So Paul, tell me about Cloud Tracker then. Yeah, I mean from the client side then, can you just say this dashboard lays it out for you right? In great detail about what kind of usage, what kind of efficiencies I assume Yeah. What's working, what's not? >>Absolutely. Well, and, and I think a few things to unpack that's really important here is listen, any cloud service provider has a concept. You can see what you're actually spending. But when it comes to money in the United States government, there are different colors of money. There's regulations when it comes to how money is identified for different capabilities or incentives. And you've gotta be very explicit in how you track and how you spend that money from an auditability perspective. Beyond that, there is a move when it comes to the technology business management, which is the actual labeling of what we actually spend money on for different services or labor or software. And what Cloud Tracker allows us to do is speak the language of the different colors of money. It allows us to also get very fine grain in the actual analysis of, from a TBM perspective, what we're spending on. >>But then also it has real time hooks into our financial systems for execution. And so what that really does for us is it allows us to complete the picture, not just be able to see our spend in the cloud, but also be able to able to see that spending context of all things in the P P P E process as well as the execution process that then really empowers the government to make better investments. And all we're seeing is either cost avoidance or cost savings simply because we're able to close that loop, like I said. Yep. And then we're able to redirect those funds, retag them, remove them through our actual financial office within the headquarters of the army, and be able to repurpose that to other modernization efforts that Congress is essentially asking us to invest >>In. Right. So you know how much money you have, basically. Exactly. Right. You know how much you've already spent, you know how you're spending it, and now you how much you have left, >>You can provide a reliable forecast for your spend. >>Right. You know, hey, we're, we're halfway through this quarter, we're halfway through the, the fiscal year, whatever the case might be. >>Exactly. And the focus on expenditures, you know, the government rates you on, you know, how much have you spent, right? So you have a clear total transparency into what you're going to spend through the rest of the fiscal. Sure. >>All right. Let's just talk about the relationship quickly then about going forward then in terms of federal services and then what on, on the, the US Army side. I mean, what now you've laid this great groundwork, right? You have a really solid foundation where now what next? >>We wanna be all things cloud to the army. I mean, we think there's tremendous opportunity to really aid the modernization efforts and governance across the holistic part of the army. So, you know, we just, we want to, we wanna do it all with the Army as much as we can. It's, it's, it's a fantastic >>Opportunity. Yeah. AFS is, is in a very kind of a strategic role. So as part of the ecma, we own the greater strategy and execution for adoption of cloud on behalf of the entire army. Now, when it comes to delivery of individual capabilities for mission here and there, that's all specific to system owners and different organizations. AFS plays a different role in this instance where they're able to more facilitate the greater strategy on the financial side of the house. And what we've done is we've proven the ability to adopt cloud as a utility rather than this fixed thing, kind of predict the future, spend a whole bunch of money and never use the resource. We're seeing the efficiency for the actual utilization of cloud as a utility. This actually came out as one of the previous NDAs. And so how we actually address nda, I believe it was 2018 in the adoption of cloud as a utility, really is now cornerstone of modernization across all of the do d and really feeds into the Jo Warfighting cloud capability, major acquisition on behalf of all of the D O D to establish buying cloud as just a common service for everyone. >>And so we've been fortunate to inform that team of some of our lessons learned, but when it comes to the partnership, we just see camo moving into production. We've been live for now a year and a half. And so there's another two and a half years of runway there. And then AFS also plays a strategic role at part of our cloud enablement division, which is essentially back to that teaching part, helping the Army understand the opportunity of cloud computing, align the architectures to actually leverage those resources and then deliver capabilities that save soldier's >>Lives. Well, you know, we've, we've always known that the Army does its best work on the ground, and you've done all this groundwork for the military, so I'm not surprised, right? It's, it's a winning formula. Thanks to both of you for being with us here in the executive summit. Great conversation. Awesome. Thanks for having us. A good deal. All right. Thank you. All right. You are watching the executive summit sponsored by Accenture here at Reinvent 22, and you're catching it all on the cube, the leader in high tech coverage.

(bright upbeat music) >> Well, hello everybody. John Walls is here on "the CUBE". Great to have you with us as we continue our series here at the AWS Executive Summit sponsored by Accenture. And today we're talking about public service and not just a little slice of public service but probably the largest public sector offering in the UK and for with us or with us. Now to talk about that is Lianne Anderton, who is in with the Intelligent Automation Garage Delivery Lead at the UK Department of Work and Pension. Lianne, good to see you today. Thanks for joining us here on "the CUBE". >> Hi, thanks for having me. >> And also with this us is Amar Narayan, who is a Manager Director at Accenture the AWS Business Group for the Lead in Health and Public Sector, also UK and Ireland. And Amar, I think, you and Lianne, are in the same location, Newcastle, I believe in the UK, is that right? >> Yeah, absolutely. Yep, yeah, we're, here in the northeast of UK. >> Well, thank you for being with us. I appreciate the time. Lianne, let's talk about what you do, the Department of Work and Pension, the famous DWP in England. You have influence or certainly touchpoints with a huge amount of the British population. In what respects, what are you doing for the working class in England and what does technology have to do with all that? >> Sure, so for the Department for Work and Pensions I think the pensions bit is fairly self explanatory so anybody who is over state pension age within the UK. for the work part of that we also deal with people of working age. So, these are people who are either in employment and need additional help through various benefits we offer in the UK. Those people who are out of work. And we also deal with health related benefits as well. And we are currently serving over 20 million claimants every year at this moment in time. So, we're aware of a huge part of the UK government. >> All right, so say that number again. How many? >> 20 million claimants every year. >> Million with an M, right? >> Yeah. >> So, and that's individuals. And so how many transactions, if you will, how many do you think you process in a month? How, much traffic basically, are you seeing? >> An extraordinary amount? I'm not even, I don't think I even know that number. (Lianne laughing) >> Mind blowing, right? So, it's- >> A huge, huge amount. >> Mind blowing. >> Yeah, so, basically the we kind of keep the country going. So, you know, if the department for Work and Pensions kind of didn't exist anymore then actually it would cause an infinite number of problems in society. We, kind of help and support the people who need that. And, yeah, so we play a really vital role in kind of you know, social care and kind of public service. >> So, what was your journey to Accenture then? What, eventually led you to them? What problem were you having and how have you collaborated to solve that? >> So, in terms of how we work with Accenture. So, we had in around 2017 DWP was looking at a projected number of transactions growing by about 210 million which was, you know, an extraordinary amount. And, you know, I think as we've kind of covered everything that we do is on a massive scale. So, we as DWP as an organization we had absolutely no idea how we were going to be able to handle such a massive increase in the transactions. And actually, you know, after kind of various kind of paths and ideas of how we were going to do that, automation, was actually the answer. But the problem that we have with that is that we have, like many governments around the world, we have really older legacy systems. So, each of these benefits that we deal with are on legacy systems. So, whatever we were going to develop had to, you know, connect to all of these, it had to ingest and then process all of these pieces of data some of which, you know, given the fact that a lot of these systems have a lot of manual input you have data issues there that you have to solve and whatever we did, you know, as we've talked about in terms of volumes has to scale instantly as well. So, it has to be able to scale up and down to meet demand and, you know, and that down scaling is also equally as important. So yeah, you've got to be able to scale up to meet the volumes but also you've got to be able to downscale when when it's not needed. But we had nothing that was like that kind of helped us to meet that demand. So, we built our own automation platform, The Intelligent Automation Garage and we did that with Accenture. >> So Amar, I'd like you to chime in here then. So, you're looking at this client who has this massive footprint and obviously vital services, right? So, that's paramount that you have to keep that in mind and the legacy systems that Lianne was just talking about. So, now you're trying to get 'em in the next gen but also respecting that they have a serious investment already in a lot of technology. How do you approach that kind of problem solving, those dynamics and how in this case did you get them to automation as the solution? >> Sure, so I think I think one of the interesting things, yeah as Lianne has sort of described it, right? It's effectively like, you know the department has to have be running all of the time, right? They can't, you know, they can't effectively stop and then do a bunch of IT transformation, you know it's effectively like, you know, changing the wheels of a jumbo jet whilst it's taking off, right? And you've got to do all of that all in one go. But what I think we really, really liked about the situation that we were in and the client relationship we had was that we knew we had to it wasn't just a technology play, we couldn't just go, "All right, let's just put some new technology in." What we also needed to do was really sort of create a culture, an innovation culture, and go, "Well how do we think about the problems that we currently have and how do we think about solving them differently and in collaboration, right?" So, not just the, "Let's just outsource a bunch of technology for to, you know, to Accenture and build a bunch of stuff." So, we very carefully thought about, well actually, the unique situation that they're in the demands that the citizens have on the services that the department provide. And as Lianne mentioned, that technology didn't exist. So, we fundamentally looked at this in a different way. So, we worked really closely with the department. We said, Look, actually what we ultimately need is the equivalent of a virtual workforce. Something where if you already, you know all of a sudden had a hundred thousand pension claims that needed to be processed in a week that you could click your fingers and, you know in a physical world you'd have another building all of your kits, a whole bunch of trained staff that would be able to process that work. And if in the following week you didn't need that you no longer needed that building that stuff or the machinery. And we wanted to replicate that in the virtual world. So, we started designing a platform we utilized and focused on using AWS because it had the scalability. And we thought about, how were we going to connect something as new as AWS to all of these legacy systems. How are we going to make that work in the modern world? How are we going to integrate it? How we going to make sure it's secure? And frankly, we're really honest with the client we said, "Look, this hasn't been done before. Like, nowhere in Accenture has done it. No one's done it in the industry. We've got some smart people, I think we can do it." And, we've prototyped and we've built and we were able to prove that we can do that. And that in itself just created an environment of solving tricky problems and being innovative but most importantly not doing sort of proof of concepts that didn't go anywhere but building something that actually scaled. And I think that was really the real the start of what was has been the Garage. >> So, And Lianne, you mentioned this and you just referred to it Amar, about The Garage, right? The Intelligent Automation Garage. What exactly is it? I mean, we talked about it, what the needs are all this and that, but Lianne, I'll let you jump in first and Amar, certainly compliment her remarks, but what is the IAG, what's the... >> So, you know, I think exactly what kind of Amar, has said from a from a kind of a development point of view I think it started off, you know, really, really small. And the idea is that this is DWP, intelligent automation center of excellence. So, you know, it's aims are that, you know, it makes sure that it scopes out kind of the problems that DWP are are facing properly. So, we really understand what the crux of the problem is. In large organizations It's very easy, I think to think you understand what the problem is where actually, you know, it is really about kind of delving into what that is. And actually we have a dedicated design team that really kind of get under the bonnet of what these issues really are. It then kind of architects what the solutions need to look like using as Amar said, all the exciting new technology that we kind of have available to us. That kind of sensible solution as to what that should look like. We then build that sensible solution and we then, you know as part of that, we make sure that it scales to demand. So, something that might start out with, I dunno, you know a few hundred claimants or kind of cases going through it can quite often, you know, once that's that's been successful scale really, really quickly because as you know, we have 20 million claimants that come through us every year. So, these types of things can grow and expand but also a really key function of what we do is that we have a fully supported in-house service as well. So, all of those automations that we build are then maintained and you know, so any changes that kind of needed to be need to be made to them, we have all that and we have that control and we have our kind of arms wrapped around all of those. But also what that allows us to do is it allows us to be very kind of self-sufficient in making sure that we are as sufficient, sorry, as efficient as possible. And what I mean by that is looking at, you know as new technologies come around and they can allow us to do things more effectively. So, it allows us to kind of almost do that that kind of continuous improvement ourselves. So, that's a huge part of what we do as well. And you know, I think from a size point of view I said this started off really small as in the idea was this was a kind of center of excellence but actually as automation, I think as Amar alluded to is kind of really started to embed in DWP culture what we've started to kind of see is the a massive expansion in the types of of work that people want us to do and the volume of work that we are doing. So, I think we're currently running at around around a hundred people at the moment and I think, you know we started off with a scrum, a couple of scrum teams under Amar, so yeah, it's really grown. But you know, I think this is here to stay within DWP. >> Yeah, well when we talk about automation, you know virtual and robotics and all this I like to kind of keep the human element in mind here too. And Amar, maybe you can touch on that in certain terms of the human factors in this equation. 'Cause people think about, you know, robots it means different things to different people. In your mind, how does automation intersect with the human element here and in terms of the kinds of things Lianne wants to do down the road, you know, is a road for people basically? >> Oh yeah, absolutely. I think fundamentally what the department does is support people and therefore the solutions that we designed and built had to factor that in mind right? We were trying to best support and provide the best service we possibly can. And not only do we need to support the citizens that it supports. The department itself is a big organization, right? We're up to, we're talking between sort of 70 and 80,000 employees. So, how do we embed automation but also make the lives of the, of the DWP agents better as well? And that's what we thought about. So we said, "Well look, we think we can design solutions that do both." So, a lot of our automations go through a design process and we work closely with our operations team and we go, well actually, you know in processing and benefit, there are some aspects of that processing that benefit that are copy and paste, right? It doesn't require much thought around it, but it just requires capturing data and there's elements of that solution or that process that requires actual thought and understanding and really empathy around going, "Well how do I best support this citizen?" And what we tended to do is we took all of the things that were sort of laborious and took a lot of time and would slow down the overall process and we automated those and then we really focused on making sure that the elements that required the human, the human input was made as user friendly and centric as we possibly could. So, if there's a really complex case that needs to be processed, we were able to present the information in a really digestible and understandable way for the agents so that they could make a informed and sensible decision based around a citizen. And what that enabled us to do is essentially meet the demands of the volumes and the peaks that came in but also maintain the quality and if not improve, you know the accuracy of the claims processing that we had. >> So, how do you know, and maybe Lianne, you can address this. How do you know that it's successful on both sides of that equation? And, 'cause Amar raised a very good point. You have 70 to 80,000 employees that you're trying to make their work life much more efficient, much simpler and hopefully make them better at their jobs at the end of the day. But you're also taking care of 20 million clients on the, your side too. So, how do you, what's your measurement for success and what kind of like raw feedback do you get that says, "Okay, this has worked for both of our client bases, both our citizens and our employees?" >> Yeah, so we can look at this both from a a quantitative and a qualitative point of view as well. So, I think from a let take the kind figures first. So we are really hot on making sure that whatever automations we put in place we are there to measure how that automation is working what it's kind of doing and the impact that it's having from an operational point of view. So I think, you know, I think the proof of the fact that the Intelligent Automation Garage is working is that, you know, in the, in its lifetime, we've processed over 20 million items and cases so far. We have 65 scaled and transitioned automations and we've saved over 2 million operational hours. I was going to say that again that's 2 million operational hours. And what that allows us to do as an organization those 2 million hours have allowed us to rather than people as Amar, said, cutting and pasting and doing work that that is essentially very time consuming and repetitive. That 2 million hours we've been able to use on actual decision making. So, the stuff that you need as sentient human being to make judgment calls on and you know and kind of make those decisions that's what it's allowed us as an organization to do. And then I think from a quality point of view I think the feedback that we have from our operational teams is, you know is equally as as great. So, we have that kind of feedback from, you know all the way up from to the director level about, you know how it's kind of like I said that freeing up that time but actually making the operational, you know they don't have an easy job and it's making that an awful lot easier on a day to day basis. It has a real day to day impact. But also, you know, there are other things that kind of the knock on effects in terms of accuracy. So for example, robot will do is exactly as it's told it doesn't make any mistakes, it doesn't have sick days, you know, it does what it says on the tin and actually that kind of impact. So, it's not necessarily, you know, counting your numbers it's the fact that then doesn't generate a call from a customer that kind of says, "Well you, I think you've got this wrong." So, it's all that kind of, these kind of ripple effects that go out. I think is how we measure the fact that A, the garage is working and b, it's delivering the value that we needed to deliver. >> Robots, probably ask better questions too so yeah... (Lianne laughing) So, real quick, just real quick before you head out. So, the big challenge next, eureka, this works, right? Amar, you put together this fantastic system it's in great practice at the DWP, now what do we do? So, it's just in 30 seconds, Amar, maybe if you can look at, be the headlights down the road here for DWP and say, "This is where I think we can jump to next." >> Yeah, so I think, what we've been able to prove as I say is that is scaled innovation and having the return and the value that it creates is here to stay, right? So, I think the next things for us are a continuous expand the stuff that we're doing. Keeping hold of that culture, right? That culture of constantly solving difficult problems and being able to innovate and scale them. So, we are now doing a lot more automations across the department, you know, across different benefits across the digital agenda. I think we're also now becoming almost a bit of the fabric of enabling some of the digital transformation that big organizations look at, right? So moving to a world where you can have a venture driven architectures and being able to sort of scale that. I also think the natural sort of expansion of the team and the type of work that we're going to do is probably also going to expand into sort of the analytics side of it and understanding and seeing how we can take the data from the cases that we're processing to overall have a smoother journey across for our citizens. But it's looking, you know, the future's looking bright. I think we've got a number of different backlogs of items to work on. >> Well, you've got a great story to tell and thank you for sharing it with us here on "the CUBE", talking about DWP, the Department of Work and Pensions in the UK and the great work that Accenture's doing to make 20 million lives plus, a lot simpler for our friends in England. You've been watching ""the CUBE"" the AWS Executive Summit sponsored by Accenture. (bright upbeat music)

>>Hey everyone, welcome to this cube conversation. I'm your host Lisa Martin, and I have the pleasure of welcoming back our most prolific guest on the cube in its history, the CMO of Fin Ad, Eric Herzog. Eric, it's great to see you. Welcome back, >>Lisa. It's great to be here. Love being on the cube. I think this might be number 55 or 56. Been doing 'em a long time with the Cube. You guys are great. >>You, you have, and we always recognize you lately with the Hawaiian shirts. It's your brand that's, that's the Eric Hizo brand. We love it. But I like the pin, the infin nut pin on brand. Thank you. >>Yeah. Oh, gotta be on brand. >>Exactly. So talk about the current IT landscape. So much change we've seen in the last couple of years. Specifically, what are some of the big challenges that you are talking with enterprise customers and cloud service providers? About what, what are some of those major things on their minds? >>So there's a couple things. First of all is obviously with the Rocky economy and even before covid, just for storage in particular, CIOs hate storage. I've been doing this now since 1986. I have never, ever, ever met a CIO at any company I've bid with. And I've been with four of the biggest storage companies on this planet. Never met a cio. Used to be a storage guy. So they know they need it, but boy, they really don't like it. So the storage admins have to manage more and more storage. Exabytes, exabytes, it just ballooning for what a storage admin has to do. Then you then have the covid and is it recession? No. Is it a growth? And then clearly what's happened in the last year with what's going on in Europe and the, is it a recession, the inflation. So they're always looking to, how do we cut money on storage yet still get what we need for our applications, workloads, and use cases. So that's definitely the biggest, the first topic. >>So never met a CIO that was a storage admin or as a fan, but as you point out, they need it. And we've seen needs changing in customer landscapes, especially as the threat landscape has changed so dramatically the last couple of years. Ransomware, you've said it before, I say it too. It's no longer if it's when it's how often. It's the frequency. We've gotta be able to recover. Backups are being targeted. Talk to me about some of, in that landscape, some of the evolutions of customer challenges and maybe those CIOs going, We've gotta make sure that our, our storage data is protected. >>So it's starting to change. However, historically with the cio and then when they started hiring CISOs or security directors, whatever they had, depending on the company size, it was very much about protecting the edge. Okay, if you will, the moat and the wall of the castle. Then it was the network in between. So keep the streets inside the castle clean. Then it was tracking down the bad guy. So if they did get over, the issue is, if I remember correctly, the sheriff of Nottingham never really caught Robinhood. So the problem is the dwell time where the ransomware malware's hidden on storage could be as much as 200 days. So I think they're starting to realize at the security level now, forget, forget the guys on the storage side, the security guys, the cso, the CIO, are starting to realize that if you're gonna have a comprehensive cybersecurity strategy, must include storage. And that is new >>That, well, that's promising then. That's new. I mean obviously promising given the, the challenges and the circumstances. So then from a storage perspective, customers that are in this multi-cloud hybrid cloud environment, you talked about the the edge cloud on-prem. What are some of the key things from a storage perspective that customers have to achieve these days to be secure as data volumes continue to grow and spread? >>So what we've done is implement on both primary storage and secondary storage and technology called infin safe. So Infin Safe has the four legs of the storage cyber security stool. So first of all is creating an air gap. In this case, a logical air gap can be local or remote. We create an immutable snapshot, which means it can't be changed, it can't be altered, so you can't change it. We have a fenced forensic environment to check out the storage because you don't wanna recover. Again, malware and rans square can is hidden. So you could be making amenable snapshots of actually malware, ransomware, and never know you're doing it right. So you have to check it out. Then you need to do a rapid recovery. The most important thing if you have an attack is how fast can you be up and going with recovery? So we have actually instituted now a number of cyber storage security guarantees. >>We will guarantee the SLAs on a, the snapshot is absolutely immutable. So they know that what they're getting is what they were supposed to be getting. And then also we are guaranteeing recovery times on primary storage. We're guaranteeing recovery of under one minute. We'll make the snapshot available under one minute and on secondary storage under 20 minutes. So those are things you gotta look for from a security perspective. And then the other thing you gotta practice, in my world, ransomware, malware, cyber tech is basically a disaster. So yes, you got the hurricane, yes, you got the flood, yes, you got the earthquake. Yes, you got the fire in the building. Yes you got whatever it may be. But if you don't practice malware, ransomware, recoveries and protection, then it might as well be a hurricane or earthquake. It will take your data, >>It will take your data on the numbers of customers that pay ransom is pretty high, isn't it? And and not necessarily able to recover their data. So it's a huge risk. >>So if you think about it, the government documented that last year, roughly $6 trillion was spent either protecting against ransomware and malware or paying ransomware attacks. And there's been several famous ones. There was one in Korea, 72 million ransom. It was one of the Korea's largest companies. So, and those are only the ones that make the news. Most of 'em don't make the news. Right. >>So talk to me then, speaking and making the news. Nobody wants to do that. We, we know every industry is vulnerable to this. Some of the ones that might be more vulnerable, healthcare, government, public sector education. I think the Los Angeles Unified School district was just hit as well in September. They >>Were >>What, talk to me about how infin out is helping customers really dial down the risk when the threat actors are becoming more and more sophisticated? >>Well, there's a couple things. First of all, our infin safe software comes free on our main product. So we have a product called infin Guard for Secondary Storage and it comes for free on that. And then our primary storage product's called the Infin Box. It also comes for free. So they don't have to use it, but we embed it. And then we have reference architectures that we give them our ses, our solutions architects and our technical advisors all up to speed on why they should do it, how they should do it. We have a number of customers doing it. You know, we're heavily concentrated the global Fortune 2000, for example, we publicly announced that 26% of the Fortune 50 use our technology, even though we're a small company. So we go to extra lengths to a B, educated on our own front, our own teams, and then B, make sure they portray that to the end users and our channel partners. But the end users don't pay a dime for the software that does what I just described, it's free, it's included when you get you're Infin box or you're ingar, it's included at no charge. >>That's pretty differentiating from a competitive standpoint. I might, I would guess >>It is. And also the guarantee. So for example, on primary storage, okay, whether you'd put your Oracle or put your SAP or I Mongo or your sequel or your highly transactional workloads, right? Your business finance workload, all your business critical stuff. We are the first and only storage company that offers a primary guarantee on cyber storage resilience. And we offer two of them on primary storage. No other vendor offers a guarantee, which we do on primary storage. Whether you the first and right now as of here we are sitting in the middle of October. We are still the only vendor that offers anything on primary storage from a guaranteed SLA on primary storage for cyber storage resilience. >>Let's talk about those guarantees. Walk me through what you just announced. There's been a a very, a lot of productivity at Infin DAT in 2022. A lot of things that you've announced but on crack some of the things you're announcing. Sure. Talk to me specifically about those guarantees and what's in it for me as a customer. It sounds pretty obvious, but I'd love to hear it from you. >>Okay, so we've done really three different types of guarantees. The first one is we have a hundred percent availability guarantee on our primary storage. And we've actually had that for the last, since 2019. So it's a hundred percent availability. We're guaranteed no downtime, a hundred percent availability, which for our customer base being heavily concentrated, the global Fortune 2000 large government enterprises, big universities and even smaller companies, we do a lot of business with CSPs and MSPs. In fact, at the Flash Memory Summit are Infin Box ssa All Flash was named the best product for hyperscaler deployment. Hyperscaler basically means cloud servers provider. So they need a hundred percent availability. So we have a guarantee on that. Second guarantee we have is a performance guarantee. We'll do an analysis, we look at all their workloads and then we will guarantee in writing what the performance should be based on which, which of our products they want to buy are Infin Box or Infin Box ssa, which is all flash. >>Then we have the third one is all about cyber resilience. So we have two on our Infin box, our Infin box SSA for primary storage, which is a one the immutability of the snapshot and immediately means you can't erase the data. Right? Camp tamper with it. Second one is on the recovery time, which is under a minute. We just announced in the middle of October that we are doing a similar cyber storage resilience guarantee on our ARD secondary product, which is designed for backup recovery, et cetera. We will also offer the immutably snapshot guarantee and also one on the recoverability of that data in under 20 minutes. In fact, we just did a demo at our live launch earlier this week and we demoed 20 petabytes of Veeam backup data recovered in 12 minutes. 12 >>Minutes 2012. >>20 petabytes In >>12 bytes in 12 minutes. Yes. That's massive. That's massively differentiating. But that's essential for customers cuz you know, in terms of backups and protecting the data, it's all about recovery >>A and once they've had the attack, it's how fast you get back online, right? That that's what happens if they've, if they can't stop the attack, can't stop the threat and it happens. They need to get that back as fast as they can. So we have the speed of recovery on primary stores, the first in the industry and we have speed on the backup software and we'll do the same thing for a backup data set recovery as well. Talk >>To me about the, the what's in it for me, For the cloud service providers, they're obviously the ones that you work with are competing with the hyperscalers. How does the guarantees and the differentiators that Fin out is bringing to market? How do you help those cloud SPS dial up their competitiveness against the big cheeses? >>Well, what we do is we provide that underlying infrastructure. We, first of all, we only sell things that are petabyte in scale. That's like always sell. So for example, on our in fitter guard product, the raw capacity is over four petabytes. And the effective capacity, cuz you do data reduction is over 85 petabytes on our newest announced product, on our primary storage product, we now can do up to 17 petabytes of effective capacity in a single rack. So the value to the service rider is they can save on what slots? Power and floor. A greener data center. Yeah, right. Which by the way is not just about environmentals, but guess what? It also translate into operational expense. >>Exactly. CapEx office, >>With a lot of these very large systems that we offer, you can consolidate multiple products from our competitors. So for example, with one of the competitors, we had a deal that we did last quarter 18 competitive arrays into one of ours. So talk about saving, not just on all of the operational expense, including operational manpower, but actually dramatically on the CapEx. In fact, one of our Fortune 500 customers in the telco space over the last five years have told us on CapEx alone, we've saved them $104 million on CapEx by consolidating smaller technology into our larger systems. And one of the key things we do is everything is automated. So we call it autonomous automation use AI based technology. So once you install it, we've got several public references who said, I haven't touched this thing in three or four years. It automatically configures itself. It automatically adjusts to changes in performance and new apps. When I put in point a new app at it automatically. So in the old days the storage admin would optimize performance for a new application. We don't do that, we automatically do it and autonomously the admin doesn't even click a button. We just sense there's new applications and we automate ourselves and configure ourselves without the admin having to do anything. So that's about saving operational expense as well as operational manpower. >>Absolutely. I was, one of the things that was ringing in my ear was workforce productivity and obviously those storage admins being able to to focus on more strategic projects. Can't believe the CIOs aren't coming around yet. But you said there's, there's a change, there's a wave coming. But if we think about the the, the what's in it for me as a customer, the positive business outcomes that I'm hearing, lower tco, your greener it, which is key. So many customers that we talk to are so focused on sustainability and becoming greener, especially with an on-prem footprint, workforce productivity. Talk about some of the other key business outcomes that you're helping customers achieve and how it helps them to be more competitive. >>Sure. So we've got a, a couple different things. First of all, storage can't go down. When the storage goes down, everyone gets blamed. Mission. When an app goes down, no one really thinks about it. It's always the storage guy's fault. So you want to be a hundred percent available. And that's today's businesses, and I'd actually argue it's been this way for 20 years are 24 by seven by 365. So that's one thing that we deliver. Second thing is performance. So we have public references talk about their SAP workload that used to take two hours, now takes 20 minutes, okay? We have another customer that was doing SAP queries. They improved their performance three times, Not 3%, not 3%, three times. So 300% better performance just by using our storages. They didn't touch the sap, they didn't touch the servers. All they do is to put our storage in there. >>So performance relates basically to applications, workloads and use cases and productivity beyond it. So think the productivity of supply chain guys, logistics guys, the shipping guys, the finance guys, right? All these applications that run today's enterprises. So we can automate all that. And then clearly the cyber threat. Yeah, that is a huge issue. And every CIO is concerned about the cyber threat. And in fact, it was interesting, Fortune magazine did a survey of CEOs, and this was last May, the number one concern, 66% in that may survey was cyber security number one concern. So this is not just a CIO thing, this is a CEO thing and a board level >>Thing. I was gonna say it's at at the board level that the cyber security threats are so real, they're so common. No one wants to be the next headline, like the colonial pipeline, right? Or the school districts or whatnot. And everybody is at risk. So then what you're enabling with what you've just announced, the all the guarantees on the SLAs, the massively fast recovery times, which is critical in cyber recovery. Obviously resilience is is key there. Modern data protection it sounds like to me. How do you define that and and what are customers looking for with respect to modern cyber resilience versus data protection? >>Yeah, so we've got normal data protection because we work with all the backup vendors. Our in ARD is what's known as a purpose built backup appliance. So that allows you to back at a much faster rate. And we work all the big back backup vendors, IBM spectrum Protect, we work with veritas vem com vault, oracle arm, anybody who does backup. So that's more about the regular side, the traditional backup. But the other part of modern data protection is infusing that with the cyber resilience. Cuz cyber resilience is a new thing. Yes, from a storage guy perspective, it hasn't been around a long time. Many of our competitors have almost nothing. One or two of our competitors have a pretty robust, but they don't guarantee it the way we guarantee it. So they're pretty good at it. But the fact that we're willing to put our money where our mouth is, we think says we price stand above and then most of the other guys in the storage industry are just starting to get on the bandwagon of having cyber resilience. >>So that changes what you do from data protection, what would call modern data protection is a combination of traditional backup recovery, et cetera. Now with this influence and this infusion of cybersecurity cyber resilience into a storage environment. And then of course we've also happened to add it on primary storage as well. So whether it's primary storage or backup and archive storage, we make sure you have that right cyber resilience to make it, if you will, modern data protection and diff different from what it, you know, the old backup of your grandfather, father, son backup in tape or however you used to do it. We're well beyond that now we adding this cyber resilience aspect. Well, >>From a cyber resilience perspective, ransomware, malware, cyber attacks are, that's a disaster, right? But traditional disaster recovery tools aren't really built to be able to pull back that data as quickly as it sounds like in Trinidad is able to facilitate. >>Yeah. So one of the things we do is in our reference architectures and written documentation as well as when we do the training, we'd sell the customers you need to practice, if you practice when there's a fire, a flood, a hurricane, an earthquake or whatever is the natural disaster you're practicing that you need to practice malware and ran somewhere. And because our recovery is so rapid and the case of our ingar, our fenced environment to do the testing is actually embedded in it. Several of our competitors, if you want the fenced environment, you have to buy a second product with us. It's all embedded in the one item. So A, that makes it more effective from a CapEx and opex perspective, but it also makes it easier. So we recommend that they do the practice recoveries monthly. Now whether they do it or not separate issue, but at least that's what we're recommending and say, you should be doing this on a monthly basis just like you would practice a disaster, like a hurricane or fire or a flood or an earthquake. Need to be practicing. And I think people are starting to hear it, but they don't still think more about, you know, the flood. Yeah. Or about >>The H, the hurricane. >>Yeah. That's what they think about. They not yet thinking about cybersecurity as really a disaster model. And it is. >>Absolutely. It is. Is is the theme of cyber resilience, as you said, this is a new concept, A lot of folks are talking about it, applying it differently. Is that gonna help dial up those folks just really being much more prepared for that type of cyber disaster? >>Well, we've made it so it's automated. Once you set up the immutable snapshots, it just does its thing. You don't set it and forget it. We create the logical air back. Once you do it, same thing. Set it and forget it. The fence forensic environment, easy to deploy. You do have to just configure it once and then obviously the recovery is almost instantaneous. It's under a minute guaranteed on primary storage and under 20 minutes, like I told you when we did our launch this week, we did 20 petabytes of Veeam backup data in 12 minutes. So that's pretty incredible. That's a lot of data to have recovered in 12 minutes. So the more automated we make it, which is what our real forte is, is this autonomous automation and automating as much as possible and make it easy to configure when you do have to configure. That's what differentiates what we do from our perspective. But overall in the storage industry, it's the recognition finally by the CISOs and the CIOs that, wait a second, maybe storage might be an essential part of my corporate cybersecurity strategy. Yes. Which it has not been historically, >>But you're seeing that change. Yes. >>We're starting to see that change. >>Excellent. So talk to me a little bit before we wrap here about the go to market one. Can folks get their hands on the updates to in kindergar and Finn and Safe and Penta box? >>So all these are available right now. They're available now either through our teams or through our, our channel partners globally. We do about 80% of our business globally through the channel. So whether you talk to us or talk to our channel partners, we're there to help. And again, we put our money where your mouth is with those guarantees, make sure we stand behind our products. >>That's awesome. Eric, thank you so much for joining me on the program. Congratulations on the launch. The the year of productivity just continues for infinit out is basically what I'm hearing. But you're really going in the extra mile for customers to help them ensure that the inevitable cyber attacks, that they, that they're complete storage environment on prem will be protected and more importantly, recoverable Very quickly. We appreciate your insights and your input. >>Great. Absolutely love being on the cube. Thank you very much for having us. Of >>Course. It's great to have you back. We appreciate it. For Eric Herzog, I'm Lisa Martin. You're watching this cube conversation live from Palo Alto.

[Music] the cyber security landscape has changed dramatically over the past 24 to 36 months rapid cloud migration has created a new layer of security defense sure but that doesn't mean csos can relax in many respects it further complicates or at least changes the cso's scope of responsibilities in particular the threat surface has expanded and that creates more seams and csos have to make sure their teams pick up where the hyperscaler clouds leave off application developers have become a critical execution point for cyber assurance shift left is the kind of new buzz phrase for devs but organizations still have to shield right meaning the operational teams must continue to partner with secops to make sure infrastructure is resilient so it's no wonder that an etr's latest survey of nearly 1500 cios and it buyers that business technology executives cite security as their number one priority well ahead of other critical technology initiatives including collaboration software cloud computing and analytics rounding out the top four but budgets are under pressure and csos have to prioritize it's not like they have an open checkbook they have to contend with other key initiatives like those just mentioned to secure the funding and what about zero trust can you go out and buy zero trust or is it a framework a mindset in a series of best practices applied to create a security consciousness throughout the organization can you implement zero trust in other words if a machine or human is not explicitly allowed access then access is denied can you implement that policy without constricting organizational agility the question is what's the most practical way to apply that premise and what role does infrastructure play as the enforcer how does automation play in the equation the fact is that today's approach to cyber resilient type resilience can't be an either or it has to be an and conversation meaning you have to ensure data protection while at the same time advancing the mission of the organization with as little friction as possible and don't even talk to me about the edge that's really going to keep you up at night hello and welcome to the special cube presentation a blueprint for trusted infrastructure made possible by dell technologies in this program we explore the critical role that trusted infrastructure plays in cyber security strategies how organizations should think about the infrastructure side of the cyber security equation and how dell specifically approaches securing infrastructure for your business we'll dig into what it means to transform and evolve toward a modern security infrastructure that's both trusted and agile first up are pete gear and steve kenniston they're both senior cyber security consultants at dell technologies and they're going to talk about the company's philosophy and approach to trusted infrastructure and then we're going to speak to paris our godaddy who's a senior consultant for storage at dell technologies to understand where and how storage plays in this trusted infrastructure world and then finally rob emsley who heads product marketing for data protection and cyber security he's going to take a deeper dive with rob into data protection and explain how it has become a critical component of a comprehensive cyber security strategy okay let's get started pete gear steve kenniston welcome to the cube thanks for coming into the marlboro studios today great to be here dave thanks dave good to see you great to see you guys pete start by talking about the security landscape you heard my little rap up front what are you seeing i thought you wrapped it up really well and you touched on all the key points right technology is ubiquitous today it's everywhere it's no longer confined to a monolithic data center it lives at the edge it lives in front of us it lives in our pockets and smartphones along with that is data and as you said organizations are managing sometimes 10 to 20 times the amount of data that they were just five years ago and along with that cyber crime has become a very profitable uh enterprise in fact it's been more than 10 years since uh the nsa chief actually called cybercrime the biggest transfer of wealth in history that was 10 years ago and we've seen nothing but accelerating cybercrime and really sophistication of how those attacks are are perpetrated and so the new security landscape is really more of an evolution we're finally seeing security catch up with all of the technology adoption all the build out the work from home and work from anywhere that we've seen over the last couple of years we're finally seeing organizations and really it goes beyond the i.t directors it's a board level discussion today security's become a board level discussion so yeah i think that's true as well it's like it used to be the security was okay the sec ops team you're responsible for security now you've got the developers are involved the business lines are involved it's part of onboarding for most companies you know steve this concept of zero trust it was kind of a buzzword before the pandemic and i feel like i've often said it's now become a a mandate but it's it's it's still fuzzy to a lot of people how do you guys think about zero trust what does it mean to you how does it fit yeah i thought again i thought your opening was fantastic in this whole lead into to what is zero trust it had been a buzzword for a long time and now ever since the federal government came out with their implementation or or desire to drive zero trust a lot more people are taking a lot more seriously because i don't think they've seen the government do this but ultimately let's see ultimately it's just like you said right if you don't have trust to those particular devices applications or data you can't get at it the question is and and you phrase it perfectly can you implement that as well as allow the business to be as agile as it needs to be in order to be competitive because we're seeing with your whole notion around devops and the ability to kind of build make deploy build make deploy right they still need that functionality but it also needs to be trusted it needs to be secure and things can't get away from you yeah so it's interesting we attended every uh reinforce since 2019 and the narrative there is hey everything in this in the cloud is great you know and this narrative around oh security is a big problem is you know doesn't help the industry the fact is that the big hyperscalers they're not strapped for talent but csos are they don't have the the capabilities to really apply all these best practices they're they're playing whack-a-mole so they look to companies like yours to take their your r d and bake it into security products and solutions so what are the critical aspects of the so-called dell trusted infrastructure that we should be thinking about yeah well dell trusted infrastructure for us is a way for us to describe uh the the work that we do through design development and even delivery of our it system so dell trusted infrastructure includes our storage it includes our servers our networking our data protection our hyper-converged everything that infrastructure always has been it's just that today customers consume that infrastructure at the edge as a service in a multi-cloud environment i mean i view the cloud as really a way for organizations to become more agile and to become more flexible and also to control costs i don't think organizations move to the cloud or move to a multi-cloud environment to enhance security so i don't see cloud computing as a panacea for security i see it as another attack surface and another uh aspect in front that organizations and and security organizations and departments have to manage it's part of their infrastructure today whether it's in their data center in a cloud or at the edge i mean i think it's a huge point because a lot of people think oh the data's in the cloud i'm good it's like steve we've talked about oh why do i have to back up my data it's in the cloud well you might have to recover it someday so i don't know if you have anything to add to that or any additional thoughts on it no i mean i think i think like what pete was saying when it comes to when it comes to all these new vectors for attack surfaces you know people did choose the cloud in order to be more agile more flexible and all that did was open up to the csos who need to pay attention to now okay where can i possibly be attacked i need to be thinking about is that secure and part of the part of that is dell now also understands and thinks about as we're building solutions is it is it a trusted development life cycle so we have our own trusted development life cycle how many times in the past did you used to hear about vendors saying you got to patch your software because of this we think about what changes to our software and what implementations and what enhancements we deliver can actually cause from a security perspective and make sure we don't give up or or have security become a whole just in order to implement a feature we got to think about those things yeah and as pete alluded to our secure supply chain so all the way through knowing what you're going to get when you actually receive it is going to be secure and not be tampered with becomes vitally important and pete and i were talking earlier when you have tens of thousands of devices that need to be delivered whether it be storage or laptops or pcs or or whatever it is you want to be tr you want to know that that that those devices are can be trusted okay guys maybe pete you could talk about the how dell thinks about it's its framework and its philosophy of cyber security and then specifically what dell's advantages are relative to the competition yeah definitely dave thank you so i we've talked a lot about dell as a technology provider but one thing dell also is is a partner in this larger ecosystem we realize that security whether it's a zero trust paradigm or any other kind of security environment is an ecosystem with a lot of different vendors so we look at three areas uh one is protecting data in systems we know that it starts with and ends with data that helps organizations combat threats across their entire infrastructure and what it means is dell's embedding security features consistently across our portfolios of storage servers networking the second is enhancing cyber resiliency over the last decade a lot of the funding and spending has been in protecting or trying to prevent cyber threats not necessarily in responding to and recovering from threats right we call that resiliency organizations need to build resiliency across their organization so not only can they withstand a threat but they can respond recover and continue with their operations and the third is overcoming security complexity security is hard it's more difficult because of the the things we've talked about about distributed data distributed technology and and attack surfaces everywhere and so we're enabling organizations to scale confidently to continue their business but know that all all the i.t decisions that they're making um have these intrinsic security features and are built and delivered in a consistent security so those are kind of the three pillars maybe we could end on what you guys see as the key differentiators uh that people should know about that that dell brings to the table maybe each of you could take take a shot at that yeah i i think first of all from from a holistic portfolio perspective right the secure supply chain and the secure development life cycle permeate through everything dell does when building things so we build things with security in mind all the way from as pete mentioned from from creation to delivery we want to make sure you have that that secure device or or asset that permeates everything from servers networking storage data protection through hyper converge through everything that to me is really a key asset because that means you can you understand when you receive something it's a trusted piece of your infrastructure i think the other core component to think about and pete mentioned as dell being a partner for um making sure you can deliver these things is that even though those are that's part of our framework these pillars are our framework of how we want to deliver security it's also important to understand that we are partners and that you don't need to rip and replace but as you start to put in new components you can be you can be assured that the components that you're replacing as you're evolving as you're growing as you're moving to the cloud as you're moving to more on-prem type services or whatever that your environment is secure i think those are two key things got it okay pete bring us home yeah i think one of one of the big advantages of dell uh is our scope and our scale right we're a large technology vendor that's been around for decades and we develop and sell almost every piece of technology we also know that organizations are might make different decisions and so we have a large services organization with a lot of experienced services people that can help customers along their security journey depending on uh whatever type of infrastructure or solutions that they're looking at the other thing we do is make it very easy to consume our technology whether that's traditional on-premise in a multi-cloud environment uh or as a service and so the best of breed technology can be consumed in any variety of fashion and know that you're getting that consistent secure infrastructure that dell provides well and dell's forgot the probably top supply chain not only in the tech business but probably any business and so you can actually take take your dog food and then and allow other your champagne sorry allow other people to you know share share best practices with your with your customers all right guys thanks so much for coming thank you appreciate it okay keep it right there after this short break we'll be back to drill into the storage domain you're watching a blueprint for trusted infrastructure on the cube the leader in enterprise and emerging tech coverage be right back you

(upbeat music) >> Hello and welcome to theCUBE's presentation of the AWS Startup Showcase. This is season two, episode four of the ongoing series covering the exciting hot startups from the AWS ecosystem. Here we're talking about cybersecurity in this episode. I'm your host, John Furrier here we're excited to have CUBE alumni who's back Snehal Antani who's the CEO and co-founder of Horizon3.ai talking about exploitable weaknesses and vulnerabilities with autonomous pen testing. Snehal, it's great to see you. Thanks for coming back. >> Likewise, John. I think it's been about five years since you and I were on the stage together. And I've missed it, but I'm glad to see you again. >> Well, before we get into the showcase about your new startup, that's extremely successful, amazing margins, great product. You have a unique journey. We talked about this prior to you doing the journey, but you have a great story. You left the startup world to go into the startup, like world of self defense, public defense, NSA. What group did you go to in the public sector became a private partner. >> My background, I'm a software engineer by education and trade. I started my career at IBM. I was a CIO at GE Capital, and I think we met once when I was there and I became the CTO of Splunk. And we spent a lot of time together when I was at Splunk. And at the end of 2017, I decided to take a break from industry and really kind of solve problems that I cared deeply about and solve problems that mattered. So I left industry and joined the US Special Operations Community and spent about four years in US Special Operations, where I grew more personally and professionally than in anything I'd ever done in my career. And exited that time, met my co-founder in special ops. And then as he retired from the air force, we started Horizon3. >> So there's really, I want to bring that up one, 'cause it's fascinating that not a lot of people in Silicon Valley and tech would do that. So thanks for the service. And I know everyone who's out there in the public sector knows that this is a really important time for the tactical edge in our military, a lot of things going on around the world. So thanks for the service and a great journey. But there's a storyline with the company you're running now that you started. I know you get the jacket on there. I noticed get a little military vibe to it. Cybersecurity, I mean, every company's on their own now. They have to build their own militia. There is no government supporting companies anymore. There's no militia. No one's on the shores of our country defending the citizens and the companies, they got to offend for themselves. So every company has to have their own military. >> In many ways, you don't see anti-aircraft rocket launchers on top of the JP Morgan building in New York City because they rely on the government for air defense. But in cyber it's very different. Every company is on their own to defend for themselves. And what's interesting is this blend. If you look at the Ukraine, Russia war, as an example, a thousand companies have decided to withdraw from the Russian economy and those thousand companies we should expect to be in the ire of the Russian government and their proxies at some point. And so it's not just those companies, but their suppliers, their distributors. And it's no longer about cyber attack for extortion through ransomware, but rather cyber attack for punishment and retaliation for leaving. Those companies are on their own to defend themselves. There's no government that is dedicated to supporting them. So yeah, the reality is that cybersecurity, it's the burden of the organization. And also your attack surface has expanded to not just be your footprint, but if an adversary wants to punish you for leaving their economy, they can get, if you're in agriculture, they could disrupt your ability to farm or they could get all your fruit to spoil at the border 'cause they disrupted your distributors and so on. So I think the entire world is going to change over the next 18 to 24 months. And I think this idea of cybersecurity is going to become truly a national problem and a problem that breaks down any corporate barriers that we see in previously. >> What are some of the things that inspired you to start this company? And I loved your approach of thinking about the customer, your customer, as defending themselves in context to threats, really leaning into it, being ready and able to defend. Horizon3 has a lot of that kind of military thinking for the good of the company. What's the motivation? Why this company? Why now? What's the value proposition? >> So there's two parts to why the company and why now. The first part was what my observation, when I left industry realm or my military background is watching "Jack Ryan" and "Tropic Thunder" and I didn't come from the military world. And so when I entered the special operations community, step one was to keep my mouth shut, learn, listen, and really observe and understand what made that community so impressive. And obviously the people and it's not about them being fast runners or great shooters or awesome swimmers, but rather there are learn-it-alls that can solve any problem as a team under pressure, which is the exact culture you want to have in any startup, early stage companies are learn-it-alls that can solve any problem under pressure as a team. So I had this immediate advantage when we started Horizon3, where a third of Horizon3 employees came from that special operations community. So one is this awesome talent. But the second part that, I remember this quote from a special operations commander that said we use live rounds in training because if we used fake rounds or rubber bullets, everyone would act like metal of honor winners. And the whole idea there is you train like you fight, you build that muscle memory for crisis and response and so on upfront. So when you're in the thick of it, you already know how to react. And this aligns to a pain I had in industry. I had no idea I was secure until the bad guy showed up. I had no idea if I was fixing the right vulnerabilities, logging the right data in Splunk, or if my CrowdStrike EDR platform was configured correctly, I had to wait for the bad guys to show up. I didn't know if my people knew how to respond to an incident. So what I wanted to do was proactively verify my security posture, proactively harden my systems. I needed to do that by continuously pen testing myself or continuously testing my security posture. And there just wasn't any way to do that where an IT admin or a network engineer could in three clicks have the power of a 20 year pen testing expert. And that was really what we set out to do, not build a autonomous pen testing platform for security people, build it so that anybody can quickly test their security posture and then use the output to fix problems that truly matter. >> So the value preposition, if I get this right is, there's a lot of companies out there doing pen tests. And I know I hate pen tests. They're like, cause you do DevOps, it changes you got to do another pen test. So it makes sense to do autonomous pen testing. So congratulations on seeing that that's obvious to that, but a lot of other have consulting tied to it. Which seems like you need to train someone and you guys taking a different approach. >> Yeah, we actually, as a company have zero consulting, zero professional services. And the whole idea is that build a true software as a service offering where an intern, in fact, we've got a video of a nine year old that in three clicks can run pen tests against themselves. And because of that, you can wire pen tests into your DevOps tool chain. You can run multiple pen tests today. In fact, I've got customers running 40, 50 pen tests a month against their organization. And that what that does is completely lowers the barrier of entry for being able to verify your posture. If you have consulting on average, when I was a CIO, it was at least a three month lead time to schedule consultants to show up and then they'd show up, they'd embarrass the security team, they'd make everyone look bad, 'cause they're going to get in, leave behind a report. And that report was almost identical to what they found last year because the older that report, the one the date itself gets stale, the context changes and so on. And then eventually you just don't even bother fixing it. Or if you fix a problem, you don't have the skills to verify that has been fixed. So I think that consulting led model was acceptable when you viewed security as a compliance checkbox, where once a year was sufficient to meet your like PCI requirements. But if you're really operating with a wartime mindset and you actually need to harden and secure your environment, you've got to be running pen test regularly against your organization from different perspectives, inside, outside, from the cloud, from work, from home environments and everything in between. >> So for the CISOs out there, for the CSOs and the CXOs, what's the pitch to them because I see your jacket that says Horizon3 AI, trust but verify. But this trust is, but is canceled out, just as verify. What's the product that you guys are offering the service. Describe what it is and why they should look at it. >> Yeah, sure. So one, when I back when I was the CIO, don't tell me we're secure in PowerPoint. Show me we're secure right now. Show me we're secure again tomorrow. And then show me we're secure again next week because my environment is constantly changing and the adversary always has a vote and they're always evolving. And this whole idea of show me we're secure. Don't trust that your security tools are working, verify that they can detect and respond and stifle an attack and then verify tomorrow, verify next week. That's the big mind shift. Now what we do is-- >> John: How do they respond to that by the way? Like they don't believe you at first or what's the story. >> I think, there's actually a very bifurcated response. There are still a decent chunk of CIOs and CSOs that have a security is a compliance checkbox mindset. So my attitude with them is I'm not going to convince you. You believe it's a checkbox. I'll just wait for you to get breached and sell to your replacement, 'cause you'll get fired. And in the meantime, I spend all my energy with those that actually care about proactively securing and hardening their environments. >> That's true. People do get fired. Can you give an example of what you're saying about this environment being ready, proving that you're secure today, tomorrow and a few weeks out. Give me an example. >> Of, yeah, I'll give you actually a customer example. There was a healthcare organization and they had about 5,000 hosts in their environment and they did everything right. They had Fortinet as their EDR platform. They had user behavior analytics in place that they had purchased and tuned. And when they ran a pen test self-service, our product node zero immediately started to discover every host on the network. It then fingerprinted all those hosts and found it was able to get code execution on three machines. So it got code execution, dumped credentials, laterally maneuvered, and became a domain administrator, which in IT, if an attacker becomes a domain admin, they've got keys to the kingdom. So at first the question was, how did the node zero pen test become domain admin? How'd they get code execution, Fortinet should have detected and stopped it. Well, it turned out Fortinet was misconfigured on three boxes out of 5,000. And these guys had no idea and it's just automation that went wrong and so on. And now they would've only known they had misconfigured their EDR platform on three hosts if the attacker had showed up. The second question though was, why didn't they catch the lateral movement? Which all their marketing brochures say they're supposed to catch. And it turned out that that customer purchased the wrong Fortinet modules. One again, they had no idea. They thought they were doing the right thing. So don't trust just installing your tools is good enough. You've got to exercise and verify them. We've got tons of stories from patches that didn't actually apply to being able to find the AWS admin credentials on a local file system. And then using that to log in and take over the cloud. In fact, I gave this talk at Black Hat on war stories from running 10,000 pen tests. And that's just the reality is, you don't know that these tools and processes are working for you until the bad guys have shown. >> The velocities there. You can accelerate through logs, you know from the days you've been there. This is now the threat. Being, I won't say lazy, but just not careful or just not thinking. >> Well, I'll do an example. We have a lot of customers that are Horizon3 customers and Splunk customers. And what you'll see their behavior is, is they'll have Horizon3 up on one screen. And every single attacker command executed with its timestamp is up on that screen. And then look at Splunk and say, hey, we were able to dump vCenter credentials from VMware products at this time on this host, what did Splunk see or what didn't they see? Why were no logs generated? And it turns out that they had some logging blind spots. So what they'll actually do is run us to almost like stimulate the defensive tools and then see what did the tools catch? What did they miss? What are those blind spots and how do they fix it. >> So your price called node zero. You mentioned that. Is that specifically a suite, a tool, a platform. How do people consume and engage with you guys? >> So the way that we work, the whole product is designed to be self-service. So once again, while we have a sales team, the whole intent is you don't need to have to talk to a sales rep to start using the product, you can log in right now, go to Horizon3.ai, you can run a trial log in with your Google ID, your LinkedIn ID, start running pen test against your home or against your network against this organization right now, without talking to anybody. The whole idea is self-service, run a pen test in three clicks and give you the power of that 20 year pen testing expert. And then what'll happen is node zero will execute and then it'll provide to you a full report of here are all of the different paths or attack paths or sequences where we are able to become an admin in your environment. And then for every attack path, here is the path or the kill chain, the proof of exploitation for every step along the way. Here's exactly what you've got to do to fix it. And then once you've fixed it, here's how you verify that you've truly fixed the problem. And this whole aha moment is run us to find problems. You fix them, rerun us to verify that the problem has been fixed. >> Talk about the company, how many people do you have and get some stats? >> Yeah, so we started writing code in January of 2020, right before the pandemic hit. And then about 10 months later at the end of 2020, we launched the first version of the product. We've been in the market for now about two and a half years total from start of the company till present. We've got 130 employees. We've got more customers than we do employees, which is really cool. And instead our customers shift from running one pen test a year to 40, 50 pen test. >> John: And it's full SaaS. >> The whole product is full SaaS. So no consulting, no pro serve. You run as often as you-- >> Who's downloading, who's buying the product. >> What's amazing is, we have customers in almost every section or sector now. So we're not overly rotated towards like healthcare or financial services. We've got state and local education or K through 12 education, state and local government, a number of healthcare companies, financial services, manufacturing. We've got organizations that large enterprises. >> John: Security's diverse. >> It's very diverse. >> I mean, ransomware must be a big driver. I mean, is that something that you're seeing a lot. >> It is. And the thing about ransomware is, if you peel back the outcome of ransomware, which is extortion, at the end of the day, what ransomware organizations or criminals or APTs will do is they'll find out who all your employees are online. They will then figure out if you've got 7,000 employees, all it takes is one of them to have a bad password. And then attackers are going to credential spray to find that one person with a bad password or whose Netflix password that's on the dark web is also their same password to log in here, 'cause most people reuse. And then from there they're going to most likely in your organization, the domain user, when you log in, like you probably have local admin on your laptop. If you're a windows machine and I've got local admin on your laptop, I'm going to be able to dump credentials, get the admin credentials and then start to laterally maneuver. Attackers don't have to hack in using zero days like you see in the movies, often they're logging in with valid user IDs and passwords that they've found and collected from somewhere else. And then they make that, they maneuver by making a low plus a low equal a high. And the other thing in financial services, we spend all of our time fixing critical vulnerabilities, attackers know that. So they've adapted to finding ways to chain together, low priority vulnerabilities and misconfigurations and dangerous defaults to become admin. So while we've over rotated towards just fixing the highs and the criticals attackers have adapted. And once again they have a vote, they're always evolving their tactics. >> And how do you prevent that from happening? >> So we actually apply those same tactics. Rarely do we actually need a CVE to compromise your environment. We will harvest credentials, just like an attacker. We will find misconfigurations and dangerous defaults, just like an attacker. We will combine those together. We'll make use of exploitable vulnerabilities as appropriate and use that to compromise your environment. So the tactics that, in many ways we've built a digital weapon and the tactics we apply are the exact same tactics that are applied by the adversary. >> So you guys basically simulate hacking. >> We actually do the hacking. Simulate means there's a fakeness to it. >> So you guys do hack. >> We actually compromise. >> Like sneakers the movie, those sneakers movie for the old folks like me. >> And in fact that was my inspiration. I've had this idea for over a decade now, which is I want to be able to look at anything that laptop, this Wi-Fi network, gear in hospital or a truck driving by and know, I can figure out how to gain initial access, rip that environment apart and be able to opponent. >> Okay, Chuck, he's not allowed in the studio anymore. (laughs) No, seriously. Some people are exposed. I mean, some companies don't have anything. But there's always passwords or so most people have that argument. Well, there's nothing to protect here. Not a lot of sensitive data. How do you respond to that? Do you see that being kind of putting the head in the sand or? >> Yeah, it's actually, it's less, there's not sensitive data, but more we've installed or applied multifactor authentication, attackers can't get in now. Well MFA only applies or does not apply to lower level protocols. So I can find a user ID password, log in through SMB, which isn't protected by multifactor authentication and still upon your environment. So unfortunately I think as a security industry, we've become very good at giving a false sense of security to organizations. >> John: Compliance drives that behavior. >> Compliance drives that. And what we need. Back to don't tell me we're secure, show me, we've got to, I think, change that to a trust but verify, but get rid of the trust piece of it, just to verify. >> Okay, we got a lot of CISOs and CSOs watching this showcase, looking at the hot startups, what's the message to the executives there. Do they want to become more leaning in more hawkish if you will, to use the military term on security? I mean, I heard one CISO say, security first then compliance 'cause compliance can make you complacent and then you're unsecure at that point. >> I actually say that. I agree. One definitely security is different and more important than being compliant. I think there's another emerging concept, which is I'd rather be defensible than secure. What I mean by that is security is a point in time state. I am secure right now. I may not be secure tomorrow 'cause something's changed. But if I'm defensible, then what I have is that muscle memory to detect, respondent and stifle an attack. And that's what's more important. Can I detect you? How long did it take me to detect you? Can I stifle you from achieving your objective? How long did it take me to stifle you? What did you use to get in to gain access? How long did that sit in my environment? How long did it take me to fix it? So on and so forth. But I think it's being defensible and being able to rapidly adapt to changing tactics by the adversary is more important. >> This is the evolution of how the red line never moved. You got the adversaries in our networks and our banks. Now they hang out and they wait. So everyone thinks they're secure. But when they start getting hacked, they're not really in a position to defend, the alarms go off. Where's the playbook. Team springs into action. I mean, you kind of get the visual there, but this is really the issue being defensible means having your own essentially military for your company. >> Being defensible, I think has two pieces. One is you've got to have this culture and process in place of training like you fight because you want to build that incident response muscle memory ahead of time. You don't want to have to learn how to respond to an incident in the middle of the incident. So that is that proactively verifying your posture and continuous pen testing is critical there. The second part is the actual fundamentals in place so you can detect and stifle as appropriate. And also being able to do that. When you are continuously verifying your posture, you need to verify your entire posture, not just your test systems, which is what most people do. But you have to be able to safely pen test your production systems, your cloud environments, your perimeter. You've got to assume that the bad guys are going to get in, once they're in, what can they do? So don't just say that my perimeter's secure and I'm good to go. It's the soft squishy center that attackers are going to get into. And from there, can you detect them and can you stop them? >> Snehal, take me through the use. You got to be sold on this, I love this topic. Alright, pen test. Is it, what am I buying? Just pen test as a service. You mentioned dark web. Are you actually buying credentials online on behalf of the customer? What is the product? What am I buying if I'm the CISO from Horizon3? What's the service? What's the product, be specific. >> So very specifically and one just principles. The first principle is when I was a buyer, I hated being nickled and dimed buyer vendors, which was, I had to buy 15 different modules in order to achieve an objective. Just give me one line item, make it super easy to buy and don't nickel and dime me. Because I've spent time as a buyer that very much has permeated throughout the company. So there is a single skew from Horizon3. It is an annual subscription based on how big your environment is. And it is inclusive of on-prem internal pen tests, external pen tests, cloud attacks, work from home attacks, our ability to harvest credentials from the dark web and from open source sources. Being able to crack those credentials, compromise. All of that is included as a singles skew. All you get as a CISO is a singles skew, annual subscription, and you can run as many pen tests as you want. Some customers still stick to, maybe one pen test a quarter, but most customers shift when they realize there's no limit, we don't nickel and dime. They can run 10, 20, 30, 40 a month. >> Well, it's not nickel and dime in the sense that, it's more like dollars and hundreds because they know what to expect if it's classic cloud consumption. They kind of know what their environment, can people try it. Let's just say I have a huge environment, I have a cloud, I have an on-premise private cloud. Can I dabble and set parameters around pricing? >> Yes you can. So one is you can dabble and set perimeter around scope, which is like manufacturing does this, do not touch the production line that's on at the moment. We've got a hospital that says every time they run a pen test, any machine that's actually connected to a patient must be excluded. So you can actually set the parameters for what's in scope and what's out of scope up front, most again we're designed to be safe to run against production so you can set the parameters for scope. You can set the parameters for cost if you want. But our recommendation is I'd rather figure out what you can afford and let you test everything in your environment than try to squeeze every penny from you by only making you buy what can afford as a smaller-- >> So the variable ratio, if you will is, how much they spend is the size of their environment and usage. >> Just size of the environment. >> So it could be a big ticket item for a CISO then. >> It could, if you're really large, but for the most part-- >> What's large? >> I mean, if you were Walmart, well, let me back up. What I heard is global 10 companies spend anywhere from 50 to a hundred million dollars a year on security testing. So they're already spending a ton of money, but they're spending it on consultants that show up maybe a couple of times a year. They don't have, humans can't scale to test a million hosts in your environment. And so you're already spending that money, spend a fraction of that and use us and run as much as you want. And that's really what it comes down to. >> John: All right. So what's the response from customers? >> What's really interesting is there are three use cases. The first is that SOC manager that is using us to verify that their security tools are actually working. So their Splunk environment is logging the right data. It's integrating properly with CrowdStrike, it's integrating properly with their active directory services and their password policies. So the SOC manager is using us to verify the effectiveness of their security controls. The second use case is the IT director that is using us to proactively harden their systems. Did they install VMware correctly? Did they install their Cisco gear correctly? Are they patching right? And then the third are for the companies that are lucky to have their own internal pen test and red teams where they use us like a force multiplier. So if you've got 10 people on your red team and you still have a million IPs or hosts in your environment, you still don't have enough people for that coverage. So they'll use us to do recon at scale and attack at scale and let the humans focus on the really juicy hard stuff that humans are successful at. >> Love the product. Again, I'm trying to think about how I engage on the test. Is there pilots? Is there a demo version? >> There's a free trials. So we do 30 day free trials. The output can actually be used to meet your SOC 2 requirements. So in many ways you can just use us to get a free SOC 2 pen test report right now, if you want. Go to the website, log in for a free trial, you can log into your Google ID or your LinkedIn ID, run a pen test against your organization and use that to answer your PCI segmentation test requirements, your SOC 2 requirements, but you will be hooked. You will want to run us more often. And you'll get a Horizon3 tattoo. >> The first hits free as they say in the drug business. >> Yeah. >> I mean, so you're seeing that kind of response then, trial converts. >> It's exactly. In fact, we have a very well defined aha moment, which is you run us to find, you fix, you run us to verify, we have 100% technical win rate when our customers hit a find, fix, verify cycle, then it's about budget and urgency. But 100% technical win rate because of that aha moment, 'cause people realize, holy crap, I don't have to wait six months to verify that my problems have actually been fixed. I can just come in, click, verify, rerun the entire pen test or rerun a very specific part of it on what I just patched my environment. >> Congratulations, great stuff. You're here part of the AWS Startup Showcase. So I have to ask, what's the relationship with AWS, you're on their cloud. What kind of actions going on there? Is there secret sauce on there? What's going on? >> So one is we are AWS customers ourselves, our brains command and control infrastructure. All of our analytics are all running on AWS. It's amazing, when we run a pen test, we are able to use AWS and we'll spin up a virtual private cloud just for that pen test. It's completely ephemeral, it's all Lambda functions and graph analytics and other techniques. When the pen test ends, you can delete, there's a single use Docker container that gets deleted from your environment so you have nothing on-prem to deal with and the entire virtual private cloud tears itself down. So at any given moment, if we're running 50 pen tests or a hundred pen tests, self-service, there's a hundred virtual private clouds being managed in AWS that are spinning up, running and tearing down. It's an absolutely amazing underlying platform for us to make use of. Two is that many customers that have hybrid environments. So they've got a cloud infrastructure, an Office 365 infrastructure and an on-prem infrastructure. We are a single attack platform that can test all of that together. No one else can do it. And so the AWS customers that are especially AWS hybrid customers are the ones that we do really well targeting. >> Got it. And that's awesome. And that's the benefit of cloud? >> Absolutely. And the AWS marketplace. What's absolutely amazing is the competitive advantage being part of the marketplace has for us, because the simple thing is my customers, if they already have dedicated cloud spend, they can use their approved cloud spend to pay for Horizon3 through the marketplace. So you don't have to, if you already have that budget dedicated, you can use that through the marketplace. The other is you've already got the vendor processes in place, you can purchase through your existing AWS account. So what I love about the AWS company is one, the infrastructure we use for our own pen test, two, the marketplace, and then three, the customers that span that hybrid cloud environment. That's right in our strike zone. >> Awesome. Well, congratulations. And thanks for being part of the showcase and I'm sure your product is going to do very, very well. It's very built for what people want. Self-service get in, get the value quickly. >> No agents to install, no consultants to hire. safe to run against production. It's what I wanted. >> Great to see you and congratulations and what a great story. And we're going to keep following you. Thanks for coming on. >> Snehal: Phenomenal. Thank you, John. >> This is the AWS Startup Showcase. I'm John John Furrier, your host. This is season two, episode four on cybersecurity. Thanks for watching. (upbeat music)

(upbeat music) >> Hey everyone and welcome back to The Cube. We are covering VMware Explore live in San Francisco. This is our third day of wall to wall coverage. And John Furrier is here with me, Lisa Martin. We are excited to welcome two guests from Kasten by Veeam, please welcome Tom Laden, VP of marketing and Matt LeBlanc, not Joey from friends, Matt LeBlanc, the systems engineer from North America at Kasten by Veeam. Welcome guys, great to have you. >> Thank you. >> Thank you for having us. >> Tom-- >> Great, go ahead. >> Oh, I was going to say, Tom, talk to us about some of the key challenges customers are coming to you with. >> Key challenges that they have at this point is getting up to speed with Kubernetes. So everybody has it on their list. We want to do Kubernetes, but where are they going to start? Back when VMware came on the market, I was switching from Windows to Mac and I needed to run a Windows application on my Mac and someone told me, "Run a VM." Went to the internet, I downloaded it. And in a half hour I was done. That's not how it works with Kubernetes. So that's a bit of a challenge. >> I mean, Kubernetes, Lisa, remember the early days of The Cube Open Stack was kind of transitioning, Cloud was booming and then Kubernetes was the paper that became the thing that pulled everybody together. It's now de facto in my mind. So that's clear, but there's a lot of different versions of it and you hear VMware, they call it the dial tone. Usually, remember, Pat Gelter, it's a dial tone. Turns out that came from Kit Colbert or no, I think AJ kind of coined the term here, but it's since been there, it's been adopted by everyone. There's different versions. It's open source. AWS is involved. How do you guys look at the relationship with Kubernetes here and VMware Explore with Kubernetes and the customers because they have choices. They can go do it on their own. They can add a little bit with Lambda, Serverless. They can do more here. It's not easy. It's not as easy as people think it is. And then this is a skill gaps problem too. We're seeing a lot of these problems out there. What's your take? >> I'll let Matt talk to that. But what I want to say first is this is also the power of the cloud native ecosystem. The days are gone where companies were selecting one enterprise application and they were building their stack with that. Today they're building applications using dozens, if not hundreds of different components from different vendors or open source platforms. And that is really what creates opportunities for those cloud native developers. So maybe you want to... >> Yeah, we're seeing a lot of hybrid solutions out there. So it's not just choosing one vendor, AKS, EKS, or Tanzu. We're seeing all the above. I had a call this morning with a large healthcare provider and they have a hundred clusters and that's spread across AKS, EKS and GKE. So it is covering everything. Plus the need to have a on-prem solution manage it all. >> I got a stat, I got to share that I want to get your reactions and you can laugh or comment, whatever you want to say. Talk to big CSO, CXO, executive, big company, I won't say the name. We got a thousand developers, a hundred of them have heard of Kubernetes, okay. 10 have touched it and used it and one's good at it. And so his point is that there's a lot of Kubernetes need that people are getting aware. So it shows that there's more and more adoption around. You see a lot of managed services out there. So it's clear it's happening and I'm over exaggerating the ratio probably. But the point is the numbers kind of make sense as a thousand developers. You start to see people getting adoption to it. They're aware of the value, but being good at it is what we're hearing is one of those things. Can you guys share your reaction to that? Is that, I mean, it's hyperbole at some level, but it does point to the fact of adoption trends. You got to get good at it, you got to know how to use it. >> It's very accurate, actually. It's what we're seeing in the market. We've been doing some research of our own, and we have some interesting numbers that we're going to be sharing soon. Analysts don't have a whole lot of numbers these days. So where we're trying to run our own surveys to get a grasp of the market. One simple survey or research element that I've done myself is I used Google trends. And in Google trends, if you go back to 2004 and you compare VMware against Kubernetes, you get a very interesting graph. What you're going to see is that VMware, the adoption curve is practically complete and Kubernetes is clearly taking off. And the volume of searches for Kubernetes today is almost as big as VMware. So that's a big sign that this is starting to happen. But in this process, we have to get those companies to have all of their engineers to be up to speed on Kubernetes. And that's one of the community efforts that we're helping with. We built a website called learning.kasten.io We're going to rebrand it soon at CubeCon, so stay tuned, but we're offering hands on labs there for people to actually come learn Kubernetes with us. Because for us, the faster the adoption goes, the better for our business. >> I was just going to ask you about the learning. So there's a big focus here on educating customers to help dial down the complexity and really get them, these numbers up as John was mentioning. >> And we're really breaking it down to the very beginning. So at this point we have almost 10 labs as we call them up and they start really from install a Kubernetes Cluster and people really hands on are going to install a Kubernetes Cluster. They learn to build an application. They learn obviously to back up the application in the safest way. And then there is how to tune storage, how to implement security, and we're really building it up so that people can step by step in a hands on way learn Kubernetes. >> It's interesting, this VMware Explore, their first new name change, but VMWorld prior, big community, a lot of customers, loyal customers, but they're classic and they're foundational in enterprises and let's face it. Some of 'em aren't going to rip out VMware anytime soon because the workloads are running on it. So in Broadcom we'll have some good action to maybe increase prices or whatnot. So we'll see how that goes. But the personas here are definitely going cloud native. They did with Tanzu, was a great thing. Some stuff was coming off, the fruit's coming off the tree now, you're starting to see it. CNCF has been on this for a long, long time, CubeCon's coming up in Detroit. And so that's just always been great, 'cause you had the day zero event and you got all kinds of community activity, tons of developer action. So here they're talking, let's connect to the developer. There the developers are at CubeCon. So the personas are kind of connecting or overlapping. I'd love to get your thoughts, Matt on? >> So from the personnel that we're talking to, there really is a split between the traditional IT ops and a lot of the people that are here today at VMWare Explore, but we're also talking with the SREs and the dev ops folks. What really needs to happen is we need to get a little bit more experience, some more training and we need to get these two groups to really start to coordinate and work together 'cause you're basically moving from that traditional on-prem environment to a lot of these traditional workloads and the only way to get that experience is to get your hands dirty. >> Right. >> So how would you describe the persona specifically here versus say CubeCon? IT ops? >> Very, very different, well-- >> They still go ahead. Explain. >> Well, I mean, from this perspective, this is all about VMware and everything that they have to offer. So we're dealing with a lot of administrators from that regard. On the Kubernetes side, we have site reliability engineers and their goal is exactly as their title describes. They want to architect arch applications that are very resilient and reliable and it is a different way of working. >> I was on a Twitter spaces about SREs and dev ops and there was people saying their title's called dev ops. Like, no, no, you do dev ops, you don't really, you're not the dev ops person-- >> Right, right. >> But they become the dev ops person because you're the developer running operations. So it's been weird how dev ops been co-opted as a position. >> And that is really interesting. One person told me earlier when I started Kasten, we have this new persona. It's the dev ops person. That is the person that we're going after. But then talking to a few other people who were like, "They're not falling from space." It's people who used to do other jobs who now have a more dev ops approach to what they're doing. It's not a new-- >> And then the SRE conversation was in site, reliable engineer comes from Google, from one person managing multiple clusters to how that's evolved into being the dev ops. So it's been interesting and this is really the growth of scale, the 10X developer going to more of the cloud native, which is okay, you got to run ops and make the developer go faster. If you look at the stuff we've been covering on The Cube, the trends have been cloud native developers, which I call dev ops like developers. They want to go faster. They want self-service and they don't want to slow down. They don't want to deal with BS, which is go checking security code, wait for the ops team to do something. So data and security seem to be the new ops. Not so much IT ops 'cause that's now cloud. So how do you guys see that in, because Kubernetes is rationalizing this, certainly on the compute side, not so much on storage yet but it seems to be making things better in that grinding area between dev and these complicated ops areas like security data, where it's constantly changing. What do you think about that? >> Well there are still a lot of specialty folks in that area in regards to security operations. The whole idea is be able to script and automate as much as possible and not have to create a ticket to request a VM to be billed or an operating system or an application deployed. They're really empowered to automatically deploy those applications and keep them up. >> And that was the old dev ops role or person. That was what dev ops was called. So again, that is standard. I think at CubeCon, that is something that's expected. >> Yes. >> You would agree with that. >> Yeah. >> Okay. So now translating VM World, VMware Explore to CubeCon, what do you guys see as happening between now and then? Obviously got re:Invent right at the end in that first week of December coming. So that's going to be two major shows coming in now back to back that're going to be super interesting for this ecosystem. >> Quite frankly, if you compare the persona, maybe you have to step away from comparing the personas, but really compare the conversations that we're having. The conversations that you're having at a CubeCon are really deep dives. We will have people coming into our booth and taking 45 minutes, one hour of the time of the people who are supposed to do 10 minute demos because they're asking more and more questions 'cause they want to know every little detail, how things work. The conversations here are more like, why should I learn Kubernetes? Why should I start using Kubernetes? So it's really early day. Now, I'm not saying that in a bad way. This is really exciting 'cause when you hear CNCF say that 97% of enterprises are using Kubernetes, that's obviously that small part of their world. Those are their members. We now want to see that grow to the entire ecosystem, the larger ecosystem. >> Well, it's actually a great thing, actually. It's not a bad thing, but I will counter that by saying I am hearing the conversation here, you guys'll like this on the Veeam side, the other side of the Veeam, there's deep dives on ransomware and air gap and configuration errors on backup and recovery and it's all about Veeam on the other side. Those are the guys here talking deep dive on, making sure that they don't get screwed up on ransomware, not Kubernete, but they're going to Kub, but they're now leaning into Kubernetes. They're crossing into the new era because that's the apps'll end up writing the code for that. >> So the funny part is all of those concepts, ransomware and recovery, they're all, there are similar concepts in the world of Kubernetes and both on the Veeam side as well as the Kasten side, we are supporting a lot of those air gap solutions and providing a ransomware recovery solution and from a air gap perspective, there are a many use cases where you do need to live. It's not just the government entity, but we have customers that are cruise lines in Europe, for example, and they're disconnected. So they need to live in that disconnected world or military as well. >> Well, let's talk about the adoption of customers. I mean this is the customer side. What's accelerating their, what's the conversation with the customer at base, not just here but in the industry with Kubernetes, how would you guys categorize that? And how does that get accelerated? What's the customer situation? >> A big drive to Kubernetes is really about the automation, self-service and reliability. We're seeing the drive to and reduction of resources, being able to do more with less, right? This is ongoing the way it's always been. But I was talking to a large university in Western Canada and they're a huge Veeam customer worth 7000 VMs and three months ago, they said, "Over the next few years, we plan on moving all those workloads to Kubernetes." And the reason for it is really to reduce their workload, both from administration side, cost perspective as well as on-prem resources as well. So there's a lot of good business reasons to do that in addition to the technical reliability concerns. >> So what is those specific reasons? This is where now you start to see the rubber hit the road on acceleration. >> So I would say scale and flexibility that ecosystem, that opportunity to choose any application from that or any tool from that cloud native ecosystem is a big driver. I wanted to add to the adoption. Another area where I see a lot of interest is everything AI, machine learning. One example is also a customer coming from Veeam. We're seeing a lot of that and that's a great thing. It's an AI company that is doing software for automated driving. They decided that VMs alone were not going to be good enough for all of their workloads. And then for select workloads, the more scalable one where scalability was more of a topic, would move to Kubernetes. I think at this point they have like 20% of their workloads on Kubernetes and they're not planning to do away with VMs. VMs are always going to be there just like mainframes still exist. >> Yeah, oh yeah. They're accelerating actually. >> We're projecting over the next few years that we're going to go to a 50/50 and eventually lean towards more Kubernetes than VMs, but it was going to be a mix. >> Do you have a favorite customer example, Tom, that you think really articulates the value of what Kubernetes can deliver to customers where you guys are really coming in and help to demystify it? >> I would think SuperStereo is a really great example and you know the details about it. >> I love the SuperStereo story. They were a AWS customer and they're running OpenShift version three and they need to move to OpenShift version four. There is no upgrade in place. You have to migrate all your apps. Now SuperStereo is a large French IT firm. They have over 700 developers in their environment and it was by their estimation that this was going to take a few months to get that migration done. We're able to go in there and help them with the automation of that migration and Kasten was able to help them architect that migration and we did it in the course of a weekend with two people. >> A weekend? >> A weekend. >> That's a hackathon. I mean, that's not real come on. >> Compared to thousands of man hours and a few months not to mention since they were able to retire that old OpenShift cluster, the OpenShift three, they were able to stop paying Jeff Bezos for a couple of those months, which is tens of thousands of dollars per month. >> Don't tell anyone, keep that down low. You're going to get shot when you leave this place. No, seriously. This is why I think the multi-cloud hybrid is interesting because these kinds of examples are going to be more than less coming down the road. You're going to see, you're going to hear more of these stories than not hear them because what containerization now Kubernetes doing, what Dockers doing now and the role of containers not being such a land grab is allowing Kubernetes to be more versatile in its approach. So I got to ask you, you can almost apply that concept to agility, to other scenarios like spanning data across clouds. >> Yes, and that is what we're seeing. So the call I had this morning with a large insurance provider, you may have that insurance provider, healthcare provider, they're across three of the major hyperscalers clouds and they do that for reliability. Last year, AWS went down, I think three times in Q4 and to have a plan of being able to recover somewhere else, you can actually plan your, it's DR, it's a planned migration. You can do that in a few hours. >> It's interesting, just the sidebar here for a second. We had a couple chats earlier today. We had the influences on and all the super cloud conversations and trying to get more data to share with the audience across multiple areas. One of them was Amazon and that super, the hyper clouds like Amazon, as your Google and the rest are out there, Oracle, IBM and everyone else. There's almost a consensus that maybe there's time for some peace amongst the cloud vendors. Like, "Hey, you've already won." (Tom laughs) Everyone's won, now let's just like, we know where everyone is. Let's go peace time and everyone, then 'cause the relationship's not going to change between public cloud and the new world. So there's a consensus, like what does peace look like? I mean, first of all, the pie's getting bigger. You're seeing ecosystems forming around all the big new areas and that's good thing. That's the tides rise and the pie's getting bigger, there's bigger market out there now so people can share and share. >> I've never worked for any of these big players. So I would have to agree with you, but peace would not drive innovation. And in my heart is with tech innovation. I love it when vendors come up with new solutions that will make things better for customers and if that means that we're moving from on-prem to cloud and back to on-prem, I'm fine with that. >> What excites me is really having the flexibility of being able to choose any provider you want because you do have open standards, being cloud native in the world of Kubernetes. I've recently discovered that the Canadian federal government had mandated to their financial institutions that, "Yes, you may have started all of your on cloud presence in Azure, you need to have an option to be elsewhere." So it's not like-- >> Well, the sovereign cloud is one of those big initiatives, but also going back to Java, we heard another guest earlier, we were thinking about Java, right once ran anywhere, right? So you can't do that today in a cloud, but now with containers-- >> You can. >> Again, this is, again, this is the point that's happening. Explain. >> So when you have, Kubernetes is a strict standard and all of the applications are written to that. So whether you are deploying MongoDB or Postgres or Cassandra or any of the other cloud native apps, you can deploy them pretty much the same, whether they're in AKS, EKS or on Tanzu and it makes it much easier. The world became just a lot less for proprietary. >> So that's the story that everybody wants to hear. How does that happen in a way that is, doesn't stall the innovation and the developer growth 'cause the developers are driving a lot of change. I mean, for all the talk in the industry, the developers are doing pretty good right now. They've got a lot of open source, plentiful, open source growing like crazy. You got shifting left in the CICD pipeline. You got tools coming out with Kubernetes. Infrastructure has code is almost a 100% reality right now. So there's a lot of good things going on for developers. That's not an issue. The issue is just underneath. >> It's a skillset and that is really one of the biggest challenges I see in our deployments is a lack of experience. And it's not everyone. There are some folks that have been playing around for the last couple of years with it and they do have that experience, but there are many people that are still young at this. >> Okay, let's do, as we wrap up, let's do a lead into CubeCon, it's coming up and obviously re:Invent's right behind it. Lisa, we're going to have a lot of pre CubeCon interviews. We'll interview all the committee chairs, program chairs. We'll get the scoop on that, we do that every year. But while we got you guys here, let's do a little pre-pre-preview of CubeCon. What can we expect? What do you guys think is going to happen this year? What does CubeCon look? You guys our big sponsor of CubeCon. You guys do a great job there. Thanks for doing that. The community really recognizes that. But as Kubernetes comes in now for this year, you're looking at probably the what third year now that I would say Kubernetes has been on the front burner, where do you see it on the hockey stick growth? Have we kicked the curve yet? What's going to be the level of intensity for Kubernetes this year? How's that going to impact CubeCon in a way that people may or may not think it will? >> So I think first of all, CubeCon is going to be back at the level where it was before the pandemic, because the show, as many other shows, has been suffering from, I mean, virtual events are not like the in-person events. CubeCon LA was super exciting for all the vendors last year, but the attendees were not really there yet. Valencia was a huge bump already and I think Detroit, it's a very exciting city I heard. So it's going to be a blast and it's going to be a huge attendance, that's what I'm expecting. Second I can, so this is going to be my third personally, in-person CubeCon, comparing how vendors evolved between the previous two. There's going to be a lot of interesting stories from vendors, a lot of new innovation coming onto the market. And I think the conversations that we're going to be having will yet, again, be much more about live applications and people using Kubernetes in production rather than those at the first in-person CubeCon for me in LA where it was a lot about learning still, we're going to continue to help people learn 'cause it's really important for us but the exciting part about CubeCon is you're talking to people who are using Kubernetes in production and that's really cool. >> And users contributing projects too. >> Also. >> I mean Lyft is a poster child there and you've got a lot more. Of course you got the stealth recruiting going on there, Apple, all the big guys are there. They have a booth and no one's attending you like, "Oh come on." Matt, what's your take on CubeCon? Going in, what do you see? And obviously a lot of dynamic new projects. >> I'm going to see much, much deeper tech conversations. As experience increases, the more you learn, the more you realize you have to learn more. >> And the sharing's going to increase too. >> And the sharing, yeah. So I see a lot of deep conversations. It's no longer the, "Why do I need Kubernetes?" It's more, "How do I architect this for my solution or for my environment?" And yeah, I think there's a lot more depth involved and the size of CubeCon is going to be much larger than we've seen in the past. >> And to finish off what I think from the vendor's point of view, what we're going to see is a lot of applications that will be a lot more enterprise-ready because that is the part that was missing so far. It was a lot about the what's new and enabling Kubernetes. But now that adoption is going up, a lot of features for different components still need to be added to have them enterprise-ready. >> And what can the audience expect from you guys at CubeCon? Any teasers you can give us from a marketing perspective? >> Yes. We have a rebranding sitting ready for learning website. It's going to be bigger and better. So we're not no longer going to call it, learning.kasten.io but I'll be happy to come back with you guys and present a new name at CubeCon. >> All right. >> All right. That sounds like a deal. Guys, thank you so much for joining John and me breaking down all things Kubernetes, talking about customer adoption, the challenges, but also what you're doing to demystify it. We appreciate your insights and your time. >> Thank you so much. >> Thank you very much. >> Our pleasure. >> Thanks Matt. >> For our guests and John Furrier, I'm Lisa Martin. You've been watching The Cube's live coverage of VMware Explore 2022. Thanks for joining us. Stay safe. (gentle music)

>>Hey everyone. Welcome back to the cubes day two coverage of VMware Explorer, 22 from San Francisco. Lisa Martin, back here with you with Dave Nicholson, we have a couple of guests from VMware. Joining us, please. Welcome Jay Workman, senior director, cloud partner, and alliances marketing, and Jeff Thompson, VP cloud provider sales at VMware guys. It's great to have you on the program. >>Ah, good to be here. Thanks for having us on. >>We're gonna be talking about a really interesting topic. Sovereign cloud. What is sovereign cloud? Jeff? Why is it important, but fundamentally, what is >>It? Yeah, well, we were just talking a second ago. Aren't we? And it's not about royalty. So yeah, data sovereignty is really becoming super important. It's about the regulation and control of data. So lots of countries now are being very careful and advising companies around where to place data and the jurisdictional controls mandate that personal data or otherwise has to be secured. We ask, we have to have access controls around it and privacy controls around it. So data sovereign clouds are clouds that have been built by our cloud providers in, in, in VMware that specifically satisfy the requirements of those jurisdictions and regulated industries. So we've built a, a little program around that. We launched it about a year ago and continuing to add cloud providers to that. >>Yeah, and I, I think it's also important just to build on what Jeff said is, is who can access that data is becoming increasingly important data is, is almost in it's. It is becoming a bit of a currency. There's a lot of value in data and securing that data is, is becoming over the years increasingly important. So it's, it's not like we built a problem or we created a solution for problem that didn't exist. It's gotten it's, it's been a problem for a while. It's getting exponentially bigger data is expanding and growing exponentially, and it's becoming increasingly important for organizations and companies to realize where my data sits, who can access it, what types of data needs to go and what type of clouds. And it's very, very aligned with multi-cloud because some data can sit in a, in a public cloud, which is fine, but some data needs to be secure. It needs to be resident within country. And so this is, this is what we're addressing through our partners. >>Yeah, I, yeah, I was just gonna add to that. I think there's a classification there there's data residency, and then there's data sovereignty. So residency is just about where is the data, which country is it in sovereignty is around who can access that data. And that's the critical aspect of, of data sovereignty who's got control and access to that data. And how do we make sure that all the controls are in place to make sure that only the right people can get access to that data? Yeah. >>So let's, let's sort of build from the ground up an example, and let's use Western Europe as an example, just because state to state in the United States, although California is about to adopt European standards for privacy in a, in a unique, in a unique, unique way, pick a country in, in Europe, I'm a service provider. I have an offering and that offering includes a stack of hardware and I'm running what we frequently refer to as the STDC or software defined data center stack. So I've got NEX and I've got vs N and I've got vSphere and I'm running and I have a cloud and you have all of the operational tools around that, and you can spin up VMs and render under applications there. And here we are within the borders of this country, what makes it a sovereign cloud at that? So at that point, is that a sovereign cloud or? >>No, not yet. Not it's close. I mean, you nailed, >>What's >>A secret sauce. You nailed the technology underpinning. So we've got 4,500 plus cloud provider partners around the world. Less than 10% of those partners are running the full STDC stack, which we've branded as VMware cloud verified. So the technology underpinning from our perspective is the starting point. Okay. For sovereignty. So they, they, they need that right. Technology. Okay. >>Verified is required for sovereign. Yes. >>Okay. Cloud verified is the required technology stack for sovereign. So they've got vSphere vs. A NSX in there. Okay. A lot of these partners are also offering a multitenant cloud with VMware cloud director on top of that, which is great. That's the starting point. But then we've, we've set a list of standards above and beyond that, in addition to the technology, they've gotta meet certain jurisdiction requirements, certain local compliance requirements and certifications. They've gotta be able to address the data re data residency requirements of their particular jurisdiction. So it's going above and beyond. But to your point, it does vary by country. >>Okay. So, so in this hypothetical example, this is this country. You a stand, I love it. When people talk about Stan, people talk about EMIA and you know, I, I love AMEA food. Isn't AIAN food. One. There's no such thing as a European until you have an Italian, a Britain, a German yep. In Florida arguing about how our beer and our coffee is terrible. Right. Right. Then they're all European. They go home and they don't like each other. Yeah. So, but let's just pretend that there's a thing called Europe. So this, so there's this, so we've got a border, we know residency, right. Because it physically is here. Yep. But what are the things in terms of sovereignty? So you're talking about a lot of kind of certification and validation, making sure that, that everything maps to those existing rules. So is, this is, this is a lot of this administrative and I mean, administrative in the, in the sort of state administrative terminology, >>I I'm let's build on your example. Yeah. So we were talking about food and obviously we know the best food in the world comes from England. >>Of course it does. Yeah. I, no doubt. I agree. I Don not get that. I do. I do do agree. Yeah. >>So UK cloud, fantastic partner for us. Okay. Whether they're one of our first sovereign cloud providers in the program. So UK cloud, they satisfied the requirements with the local UK government. They built out their cloud verified. They built out a stack specifically that enables them to satisfy the requirements of being a sovereign cloud provider. They have local data centers inside the UK. The data from the local government is placed into those data centers. And it's managed by UK people on UK soil so that they know the privacy, they know the security aspects, the compliance, all of that wrapped up on top of a secure SDDC platform. Okay. Satisfies the requirements of the UK government, that they are managing that data in a sovereign way that, that, that aligns to the jurisdictional control that they expect from a company like UK cloud. Well, >>I think to build on that, a UK cloud is an example of certain employees at UK, UK cloud will have certain levels of clearance from the UK government who can access and work on certain databases that are stored within UK cloud. So they're, they're addressing it from multiple fronts, not just with their hardware, software data center framework, but actually at the individual compliance level and individual security clearance level as to who can go in and work on that data. And it's not just a governmental, it's not a public sector thing. I mean, any highly regulated industry, healthcare, financial services, they're all gonna need this type of data protection and data sovereignty. >>Can this work in a hyperscaler? So you've got you, have, you have VMC AVS, right? GC V C >>O >>CVAs O CVS. Thank you. Can it be, can, can a sovereign cloud be created on top of physical infrastructure that is in one of those hyperscalers, >>From our perspective, it's not truly sovereign. If, if it's a United States based company operating in Germany, operating in the UK and a local customer or organization in Germany, or the UK wants to deploy workloads in that cloud, we wouldn't classify that as totally sovereign. Okay. Because by virtue of the cloud act in the United States, that gives the us government rights to request or potentially view some of that data. Yeah. Because it's, it's coming out of a us based operator data center sitting on foreign soil so that the us government has some overreach into that. And some of that data may actually be stored. Some of the metadata may reside back in the us and the customer may not know. So certain workloads would be ideally suited for that. But for something that needs to be truly sovereign and local data residency, that it wouldn't be a good fit. I think that >>Perspectives key thing, going back to residency versus sovereignty. Yeah. It can be, let's go to our UK example. It can be on a hyperscaler in the UK now it's resident in the UK, but some of the metadata, the profiling information could be accessible by the entity in the United States. For example, there now it's not sovereign anymore. So that's the key difference between a, what we view as a pro you know, a pure sovereign cloud play and then maybe a hyperscaler that's got more residency than sovereignty. >>Yeah. We talk a lot about partnerships. This seems to be a unique opportunity for a certain segment of partners yeah. To give that really is an opportunity for them to have a line of business established. That's unique from some of the hyperscale cloud providers. Yeah. Where, where sort of the, the modesty of your size might be an advantage if you're in a local. Yes. You're in Italy and you are a service provider. There sounds like a great fit, >>That's it? Yeah. You've always had the, the beauty of our program. We have 4,500 cloud providers and obviously not, all of them are able to provide a data, a sovereign cloud. We have 20 in the program today in, in the country. You you'd expect them to be in, you know, the UK, Italy, Italy, France, Germany, over in Asia Pacific. We have in Australia and New Zealand, Japan, and, and we have Canada and Latin America to, to dovetail, you know, the United States. But those are the people that have had these long term relationships with the local governments, with these regulated industries and providing those services for many, many years. It's just that now data sovereignty has become more important. And they're able to go that extra mile and say, Hey, we've been doing this pretty much, you know, for decades, but now we're gonna put a wrap and some branding around it and do these extra checks because we absolutely know that we can provide the sovereignty that's required. >>And that's been one of the beautiful things about the entire initiative is we're actually, we're learning a lot from our partners in these countries to Jeff's point have been doing this. They've been long time, VMware partners they've been doing sovereignty. And so collectively together, we're able to really establish a pretty robust framework from, from our perspective, what does data sovereignty mean? Why does it matter? And then that's gonna help us work with the customers, help them decide which workloads need to go and which type of cloud. And it dovetails very, very nicely into a multi-cloud that's a reality. So some of those workloads can sit in the public sector and the hyperscalers and some of 'em need to be sovereign. Yeah. So it's, it's a great solution for our customers >>When you're in customer conversations, especially as, you know, data sovereign to be is becomes a global problem. Where, who are you talking to? Are you talking to CIOs? Are you talking to chief data officers? I imagine this is a pretty senior level conversation. >>Yeah. I it's, I think it's all of the above. Really. It depends. Who's managing the data. What type of customer is it? What vertical market are they in? What compliance regulations are they are they beholden to as a, as an enterprise, depending on which country they're in and do they have a need for a public cloud, they may already be all localized, you know? So it really depends, but it, it could be any of those. It's generally I think a fair, fairly senior level conversation. And it's, it's, it's, it's consultancy, it's us understanding what their needs are working with our partners and figuring out what's the best solution for them. >>And I think going back to, they've probably having those conversations for a long time already. Yeah. Because they probably have had workloads in there for years, maybe even decades. It's just that now sovereignty has become, you know, a more popular, you know, requirements to satisfy. And so they've gone going back to, they've gone the extra mile with those as the trusted advisor with those people. They've all been working with for many, many years to do that work. >>And what sort of any examples you mentioned some of the highly regulated industries, healthcare, financial services, any customer come to mind that you think really articulates the value of what VMware's delivering through its service through its cloud provider program. That makes the obvious why VMware an obvious answer? >>Wow. I, I, I get there's, there's so many it's, it's actually, it's each of our different cloud providers. They bring their win wise to us. And we just have, we have a great library now of assets that are on our sovereign cloud website of those win wires. So it's many industries, many, many countries. So you can really pick, pick your, your choice. There. That's >>A good problem >>To have, >>To the example of UK cloud they're, they're really focused on the UK government. So some of them aren't gonna be referenced. Well, we may have indication of a major financial services company in Australia has deployed with AU cloud, one of our partners. So we we've also got some semi blind references like that. And, and to some degree, a lot of these are maintained as fairly private wins and whatnot for obvious security reasons, but, and we're building it and building that library up, >>You mentioned the number 4,500, a couple of times, you, you referencing VMware cloud provider partners or correct program partners. So VCP P yes. So 45, 4500 is the, kind of, is the, is the number, you know, >>That's the number >>Globally of our okay. >>Partners that are offering a commercial cloud service based at a minimum with vSphere and they're. And many of 'em have many more of our technologies. And we've got little under 10% of those that have the cloud verified designation that are running that full STDC, stack >>Somebody, somebody Talli up, all of that. And the argument has been made that, that rep that, that would mean that VMware cloud. And although some of it's on IAS from hyperscale cloud providers. Sure. But that, that rep, that means that VMware has the third or fourth largest cloud on the planet already right now. >>Right. Yep. >>Which is kind of interesting because yeah. If you go back to when, what 2016 or so when VMC was at least baned about yeah. Is that right? A lot of people were skeptical. I was skeptical very long history with VMware at the time. And I was skeptical. I I'm thinking, nah, it's not gonna work. Yeah. This is desperation. Sorry, pat. I love you. But it's desperation. Right. AWS, their attitude is in this transaction. Sure. Send us some customers we'll them. Yeah. Right. I very, very cynical about it. Completely proved me wrong. Obviously. Where did it go? Went from AWS to Azure to right. Yeah. To GCP, to Oracle, >>Oracle, Alibaba, >>Alibaba. Yep. Globally. >>We've got IBM. Yep. Right. >>Yeah. So along the way, it would be easy to look at that trajectory and say, okay, wow, hyperscale cloud. Yeah. Everything's consolidating great. There's gonna be five or six or 10 of these players. And that's it. And everybody else is out in the cold. Yeah. But it turns out that long tail, if you look at the chart of who the largest VCP P partners are, that long tail of the smaller ones seem to be carving out specialized yes. Niches where you can imagine now, at some point in the future, you sum up this long tail and it becomes larger than maybe one of the hyperscale cloud providers. Right. I don't think a lot of people predicted that. I think, I think people predicted the demise of VMware and frankly, a lot of people in the VMware ecosystem, just like they predicted the demise of the mainframe. Sure. The storage area network fill in the blank. I >>Mean, Jeff and I we've oh yeah. We've been on the, Jeff's been a little longer than I have, but we've been working together for 10 plus years on this. And we've, we've heard that many times. Yeah. Yeah. Our, our ecosystem has grown over the years. We've seen some consolidation, some M and a activity, but we're, we're not even actively recruiting partners and it's growing, we're focused on helping our partners gain more, share internally, gain, more share at wallet, but we're still getting organic growth in the program. Really. So it, it shows, I think that there is value in what we can offer them as a platform to build a cloud on. >>Yeah. What's been interesting is there's there's growth and there's some transition as well. Right? So there's been traditional cloud providers. Who've built a cloud in their data center, some sovereign, some not. And then there's other partners that are adopting VCP P because of our SA. So we've either converted some technology from product into SA or we've built net new SA or we've acquired companies that have been SA only. And now we have a bigger portfolio that service providers, cloud providers, managed service providers are all interested in. So you get resellers channel partners. Who've historically been doing ELAs and reselling to end customers. They're transitioning their business into doing recurring revenue and the only game in town where you really wanna do recurring revenues, VCP P. So our ecosystem is both growing because our cloud providers with their data center are doing more with our customers. And then we're adding more managed service providers because of our SA portfolio. And that, that, that combo, that one, two punch is creating a much bigger VCP P ecosystem overall. >>Yeah. >>Impressive. >>Do you think we have a better idea of what sovereign cloud means? Yes. I think we do. >>It's not Royal. >>It's all about royalty, >>All royalty. What are some of the things Jeff, as we look on the horizon, obviously seven to 10,000 people here at, at VMwares where people really excited to be back. They want to hear it from VMware. They wanna hear from its partner ecosystem, the community. What are some of the things that you think are on the horizon where sovereign cloud is concerned that are really opportunities yeah. For businesses to get it right. >>Yeah. We're in the early days of this, I think there's still a whole bunch of rules, regulatory laws that have not been defined yet. So I think there's gonna be some more learning. There's gonna be some top down guidance like Gaia X in Europe. That's the way that they're defining who gets access and control over what data and what's in. And what's out of that. So we're gonna get more of these Gaia X type things happening around the world, and they're all gonna be slightly different. Everyone's gonna have to understand what they are, how to interpret and then build something around them. So we need to stay on top of that, myself and Jay, to make sure that we've got the right cloud providers in the right space to capitalize on that, build out the sovereign cloud program over time and make sure that what they're building to support aligns with these different requirements that are out there across different countries. So it's an evolving landscape. That's >>Yeah. And one of the things too, we're also doing from a product perspective to better enable partners to, to address these sovereign cloud workloads is where we have, we have gaps maybe in our portfolio is we're partner partnering with some of our ISVs, like a, Konic like a Forex vem. So we can give our partners object storage or ransomware protection to add on to their sovereign cloud service, all accessible through our cloud director consult. So we're, we're enhancing the program that way. And to Jeff's point earlier, we've got 20 partners today. We're hoping to double that by the end of our fiscal year and, and just take a very methodical approach to growth of the program. >>Sounds great guys, early innings though. Thank you so much for joining Dave and me talking about what software and cloud is describing it to us, and also talking about the difference between that data residency and all the, all of the challenges and the, in the landscape that customers are facing. They can go turn to VMware and its ecosystem for that help. We appreciate your insights and your time. Guys. Thank >>You >>For >>Having us. Our >>Pleasure. Appreciate it >>For our guests and Dave Nicholson. I'm Lisa Martin. You've been watching the cube. This is the end of day, two coverage of VMware Explorer, 2022. Have a great rest of your day. We'll see you tomorrow.

>> From theCUBE Studios in Palo Alto in Boston, bringing you data driven insights from theCUBE and ETR, This is "Breaking Analysis with Dave Vellante". >> Black Hat 22 was held in Las Vegas last week, the same time as theCUBE Supercloud event. Unlike AWS re:Inforce where words are carefully chosen to put a positive spin on security, Black Hat exposes all the warts of cyber and openly discusses its hard truths. It's a conference that's attended by technical experts who proudly share some of the vulnerabilities they've discovered, and, of course, by numerous vendors marketing their products and services. Hello, and welcome to this week's Wikibon CUBE Insights powered by ETR. In this "Breaking Analysis", we summarize what we learned from discussions with several people who attended Black Hat and our analysis from reviewing dozens of keynotes, articles, sessions, and data from a recent Black Hat Attendees Survey conducted by Black Hat and Informa, and we'll end with the discussion of what it all means for the challenges around securing the supercloud. Now, I personally did not attend, but as I said at the top, we reviewed a lot of content from the event which is renowned for its hundreds of sessions, breakouts, and strong technical content that is, as they say, unvarnished. Chris Krebs, the former director of Us cybersecurity and infrastructure security agency, CISA, he gave the keynote, and he spoke about the increasing complexity of tech stacks and the ripple effects that that has on organizational risk. Risk was a big theme at the event. Where re:Inforce tends to emphasize, again, the positive state of cybersecurity, it could be said that Black Hat, as the name implies, focuses on the other end of the spectrum. Risk, as a major theme of the event at the show, got a lot of attention. Now, there was a lot of talk, as always, about the expanded threat service, you hear that at any event that's focused on cybersecurity, and tons of emphasis on supply chain risk as a relatively new threat that's come to the CISO's minds. Now, there was also plenty of discussion about hybrid work and how remote work has dramatically increased business risk. According to data from in Intel 471's Mark Arena, the previously mentioned Black Hat Attendee Survey showed that compromise credentials posed the number one source of risk followed by infrastructure vulnerabilities and supply chain risks, so a couple of surveys here that we're citing, and we'll come back to that in a moment. At an MIT cybersecurity conference earlier last decade, theCUBE had a hypothetical conversation with former Boston Globe war correspondent, Charles Sennott, about the future of war and the role of cyber. We had similar discussions with Dr. Robert Gates on theCUBE at a ServiceNow event in 2016. At Black Hat, these discussions went well beyond the theoretical with actual data from the war in Ukraine. It's clear that modern wars are and will be supported by cyber, but the takeaways are that they will be highly situational, targeted, and unpredictable because in combat scenarios, anything can happen. People aren't necessarily at their keyboards. Now, the role of AI was certainly discussed as it is at every conference, and particularly cyber conferences. You know, it was somewhat dissed as over hyped, not surprisingly, but while AI is not a panacea to cyber exposure, automation and machine intelligence can definitely augment, what appear to be and have been stressed out, security teams can do this by recommending actions and taking other helpful types of data and presenting it in a curated form that can streamline the job of the SecOps team. Now, most cyber defenses are still going to be based on tried and true monitoring and telemetry data and log analysis and curating known signatures and analyzing consolidated data, but increasingly, AI will help with the unknowns, i.e. zero-day threats and threat actor behaviors after infiltration. Now, finally, while much lip service was given to collaboration and public-private partnerships, especially after Stuxsnet was revealed early last decade, the real truth is that threat intelligence in the private sector is still evolving. In particular, the industry, mid decade, really tried to commercially exploit proprietary intelligence and, you know, do private things like private reporting and monetize that, but attitudes toward collaboration are trending in a positive direction was one of the sort of outcomes that we heard at Black Hat. Public-private partnerships are being both mandated by government, and there seems to be a willingness to work together to fight an increasingly capable adversary. These things are definitely on the rise. Now, without this type of collaboration, securing the supercloud is going to become much more challenging and confined to narrow solutions. and we're going to talk about that little later in the segment. Okay, let's look at some of the attendees survey data from Black Hat. Just under 200 really serious security pros took the survey, so not enough to slice and dice by hair color, eye color, height, weight, and favorite movie genre, but enough to extract high level takeaways. You know, these strongly agree or disagree survey responses can sometimes give vanilla outputs, but let's look for the ones where very few respondents strongly agree or disagree with a statement or those that overwhelmingly strongly agree or somewhat agree. So it's clear from this that the respondents believe the following, one, your credentials are out there and available to criminals. Very few people thought that that was, you know, unavoidable. Second, remote work is here to stay, and third, nobody was willing to really jinx their firms and say that they strongly disagree that they'll have to respond to a major cybersecurity incident within the next 12 months. Now, as we've reported extensively, COVID has permanently changed the cybersecurity landscape and the CISO's priorities and playbook. Check out this data that queries respondents on the pandemic's impact on cybersecurity, new requirements to secure remote workers, more cloud, more threats from remote systems and remote users, and a shift away from perimeter defenses that are no longer as effective, e.g. firewall appliances. Note, however, the fifth response that's down there highlighted in green. It shows a meaningful drop in the percentage of remote workers that are disregarding corporate security policy, still too many, but 10 percentage points down from 2021 survey. Now, as we've said many times, bad user behavior will trump good security technology virtually every time. Consistent with the commentary from Mark Arena's Intel 471 threat report, fishing for credentials is the number one concern cited in the Black Hat Attendees Survey. This is a people and process problem more than a technology issue. Yes, using multifactor authentication, changing passwords, you know, using unique passwords, using password managers, et cetera, they're all great things, but if it's too hard for users to implement these things, they won't do it, they'll remain exposed, and their organizations will remain exposed. Number two in the graphic, sophisticated attacks that could expose vulnerabilities in the security infrastructure, again, consistent with the Intel 471 data, and three, supply chain risks, again, consistent with Mark Arena's commentary. Ask most CISOs their number one problem, and they'll tell you, "It's a lack of talent." That'll be on the top of their list. So it's no surprise that 63% of survey respondents believe they don't have the security staff necessary to defend against cyber threats. This speaks to the rise of managed security service providers that we've talked about previously on "Breaking Analysis". We've seen estimates that less than 50% of organizations in the US have a SOC, and we see those firms as ripe for MSSP support as well as larger firms augmenting staff with managed service providers. Now, after re:Invent, we put forth this conceptual model that discussed how the cloud was becoming the first line of defense for CISOs, and DevOps was being asked to do more, things like securing the runtime, the containers, the platform, et cetera, and audit was kind of that last line of defense. So a couple things we picked up from Black Hat which are consistent with this shift and some that are somewhat new, first, is getting visibility across the expanded threat surface was a big theme at Black Hat. This makes it even harder to identify risk, of course, this being the expanded threat surface. It's one thing to know that there's a vulnerability somewhere. It's another thing to determine the severity of the risk, but understanding how easy or difficult it is to exploit that vulnerability and how to prioritize action around that. Vulnerability is increasingly complex for CISOs as the security landscape gets complexified. So what's happening is the SOC, if there even is one at the organization, is becoming federated. No longer can there be one ivory tower that's the magic god room of data and threat detection and analysis. Rather, the SOC is becoming distributed following the data, and as we just mentioned, the SOC is being augmented by the cloud provider and the managed service providers, the MSSPs. So there's a lot of critical security data that is decentralized and this will necessitate a new cyber data model where data can be synchronized and shared across a federation of SOCs, if you will, or mini SOCs or SOC capabilities that live in and/or embedded in an organization's ecosystem. Now, to this point about cloud being the first line of defense, let's turn to a story from ETR that came out of our colleague Eric Bradley's insight in a one-on-one he did with a senior IR person at a manufacturing firm. In a piece that ETR published called "Saved by Zscaler", check out this comment. Quote, "As the last layer, we are filtering all the outgoing internet traffic through Zscaler. And when an attacker is already on your network, and they're trying to communicate with the outside to exchange encryption keys, Zscaler is already blocking the traffic. It happened to us. It happened and we were saved by Zscaler." So that's pretty cool. So not only is the cloud the first line of defense, as we sort of depicted in that previous graphic, here's an example where it's also the last line of defense. Now, let's end on what this all means to securing the supercloud. At our Supercloud 22 event last week in our Palo Alto CUBE Studios, we had a session on this topic on supercloud, securing the supercloud. Security, in our view, is going to be one of the most important and difficult challenges for the idea of supercloud to become real. We reviewed in last week's "Breaking Analysis" a detailed discussion with Snowflake co-founder and president of products, Benoit Dageville, how his company approaches security in their data cloud, what we call a superdata cloud. Snowflake doesn't use the term supercloud. They use the term datacloud, but what if you don't have the focus, the engineering depth, and the bank roll that Snowflake has? Does that mean superclouds will only be developed by those companies with deep pockets and enormous resources? Well, that's certainly possible, but on the securing the supercloud panel, we had three technical experts, Gee Rittenhouse of Skyhigh Security, Piyush Sharrma who's the founder of Accurics who sold to Tenable, and Tony Kueh, who's the former Head of Product at VMware. Now, John Furrier asked each of them, "What is missing? What's it going to take to secure the supercloud? What has to happen?" Here's what they said. Play the clip. >> This is the final question. We have one minute left. I wish we had more time. This is a great panel. We'll bring you guys back for sure after the event. What one thing needs to happen to unify or get through the other side of this fragmentation and then the challenges for supercloud? Because remember, the enterprise equation is solve complexity with more complexity. Well, that's not what the market wants. They want simplicity. They want SaaS. They want ease of use. They want infrastructure risk code. What has to happen? What do you think, each of you? >> So I can start, and extending to the previous conversation, I think we need a consortium. We need a framework that defines that if you really want to operate on supercloud, these are the 10 things that you must follow. It doesn't matter whether you take AWS, Slash, or TCP or you have all, and you will have the on-prem also, which means that it has to follow a pattern, and that pattern is what is required for supercloud, in my opinion. Otherwise, security is going everywhere. They're like they have to fix everything, find everything, and so on and so forth. It's not going to be possible. So they need a framework. They need a consortium, and this consortium needs to be, I think, needs to led by the cloud providers because they're the ones who have these foundational infrastructure elements, and the security vendor should contribute on providing more severe detections or severe findings. So that's, in my opinion, should be the model. >> Great, well, thank you, Gee. >> Yeah, I would think it's more along the lines of a business model. We've seen in cloud that the scale matters, and once you're big, you get bigger. We haven't seen that coalesce around either a vendor, a business model, or whatnot to bring all of this and connect it all together yet. So that value proposition in the industry, I think, is missing, but there's elements of it already available. >> I think there needs to be a mindset. If you look, again, history repeating itself. The internet sort of came together around set of IETF, RSC standards. Everybody embraced and extended it, right? But still, there was, at least, a baseline, and I think at that time, the largest and most innovative vendors understood that they couldn't do it by themselves, right? And so I think what we need is a mindset where these big guys, like Google, let's take an example. They're not going to win at all, but they can have a substantial share. So how do they collaborate with the ecosystem around a set of standards so that they can bring their differentiation and then embrace everybody together. >> Okay, so Gee's point about a business model is, you know, business model being missing, it's broadly true, but perhaps Snowflake serves as a business model where they've just gone out and and done it, setting or trying to set a de facto standard by which data can be shared and monetized. They're certainly setting that standard and mandating that standard within the Snowflake ecosystem with its proprietary framework. You know, perhaps that is one answer, but Tony lays out a scenario where there's a collaboration mindset around a set of standards with an ecosystem. You know, intriguing is this idea of a consortium or a framework that Piyush was talking about, and that speaks to the collaboration or lack thereof that we spoke of earlier, and his and Tony's proposal that the cloud providers should lead with the security vendor ecosystem playing a supporting role is pretty compelling, but can you see AWS and Azure and Google in a kumbaya moment getting together to make that happen? It seems unlikely, but maybe a better partnership between the US government and big tech could be a starting point. Okay, that's it for today. I want to thank the many people who attended Black Hat, reported on it, wrote about it, gave talks, did videos, and some that spoke to me that had attended the event, Becky Bracken, who is the EIC at Dark Reading. They do a phenomenal job and the entire team at Dark Reading, the news desk there, Mark Arena, whom I mentioned, Garrett O'Hara, Nash Borges, Kelly Jackson, sorry, Kelly Jackson Higgins, Roya Gordon, Robert Lipovsky, Chris Krebs, and many others, thanks for the great, great commentary and the content that you put out there, and thanks to Alex Myerson, who's on production, and Alex manages the podcasts for us. Ken Schiffman is also in our Marlborough studio as well, outside of Boston. Kristen Martin and Cheryl Knight, they help get the word out on social media and in our newsletters, and Rob Hoff is our Editor-in-Chief at SiliconANGLE and does some great editing and helps with the titles of "Breaking Analysis" quite often. Remember these episodes, they're all available as podcasts, wherever you listen, just search for "Breaking Analysis Podcasts". I publish each on wikibon.com and siliconangle.com, and you could email me, get in touch with me at david.vellante@siliconangle.com or you can DM me @dvellante or comment on my LinkedIn posts, and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching, and we'll see you next time on "Breaking Analysis". (upbeat music)

>> Announcer: TheCube presents HPE Discover 2022, brought to you by HPE. >> Welcome back to HPE Discover 2022, theCube's continuous wall to wall coverage, Dave Vellante with John Furrier. Keith Basil is here as the General Manager for the Edge Business Unit at SUSE. Keith, welcome to theCube, man good to see you. >> Great to be here, it's my first time here and I've seen many shows and you guys are the best. >> Thanks you. >> Thank you very much. >> Big fans of SUSE you know, we've had Melissa on several times. >> Yes. >> Let's start with kind of what you guys are doing here at Discover. >> Well, we're here to support our wonderful partner HPE, as you know SUSE's products and services are now being integrated into the GreenLake offering. So that's very exciting for us. >> Yeah. Now tell us about your background. It's quite interesting you've kind of been in the mix in some really cool places. Tell us a little bit about yourself. >> Probably the most relevant was I used to work at Red Hat, I was a Product Manager working in security for OpenStack and OpenShift working with DOD customers in the intelligence community. Left Red Hat to go to Rancher, started out there as VP of Edge Solutions and then transitioned over to VP of Product for all of Rancher. And then obviously we know SUSE acquired Rancher and as of November 1st, of 2020, I think it was. >> Dave: 2020. >> Yeah, yeah time is flying. I came over, I still remained VP of Product for Rancher for Cloud Native Infrastructure. And I was working on the edge strategy for SUSE and about four months ago we internally built three business units, one for the Linux business, one for enterprise container management, basically the Rancher business, and then the newly minted business unit was the Edge business. And I was offered the role to be GM for that business unit and I happily accepted it. >> Very cool. I mean the market dynamics since the 2018 have changed dramatically, IBM bought Red Hat. A lot of customers said, "Hmm let's see what other alternatives are out there." SUSE popped its head up. You know, Melissa's been quite, you know forthcoming about that. And then you acquire Rancher in 2020, IPO in 2021. That kind of gives you another tailwind. So there's a new market when you go from 2018 to 2022, it's a completely changed dynamic. >> Yes and I'm going to answer your question from the Rancher perspective first, because as we were at Rancher, we had experimented with different flavors of the underlying OS underneath Kubernetes or Kubernetes offerings. And we had, as I said, different flavors, we weren't really operating system people for example. And so post-acquisition, you know, one of my internal roles was to bring the two halves of the house together, the philosophies together where you had a cloud native side in the form of Rancher, very progressive leading innovative products with Rancher with K3s for example. And then you had, you know, really strong enterprise roots around compliance and security, secure supply chain with the enterprise grade Linux. And what we found out was SUSE had been building a version of Linux called SLE Micro, and it was perfectly designed for Edge. And so what we've done over that time period since the acquisition is that we've brought those two things together. And now we're using Kubernetes directives and philosophies to manage all the way down to the operating system. And it is a winning strategy for our customers. And we're really excited about that. >> And what does that product look like? Is that a managed service? How are customers consuming that? >> It could be a managed service, it's something that our managed service providers could embrace and offer to their customers. But we have some customers who are very sophisticated who want to do the whole thing themselves. And so they stand up Rancher, you know at a centralized location at cloud GreenLake for example which is why this is very relevant. And then that control plane if you will, manages thousands of downstream clusters that are running K3s at these Edge locations. And so that's what the complete stack looks like. And so when you add the Linux capability to that scenario we can now roll a new operating system, new kernel, CVE updates, build that as an OCI container image registry format, right? Put that into a registry and then have that thing cascade down through all the downstream clusters and up through a rolling window upgrade of the operating system underneath Kubernetes. And it is a tremendous amount of value when you talk to customers that have this massive scale. >> What's the impact of that, just take us through what happens next. Is it faster? Is it more performant? Is it more reliable? Is it processing data at the Edge? What's the impact of the customer? >> Yes, the answer is yes to that. So let's actually talk about one customer that we we highlighted in our keynote, which is Home Depot. So as we know, Kubernetes is on fire, right? It is the technology everybody's after. So by being in demand, the skills needed, the people shortage is real and people are commanding very high, you know, salaries. And so it's hard to attract talent is the bottom line. And so using our software and our solution and our approach it allows people to scale their existing teams to preserve those precious human resources and that human capital. So that now you can take a team of seven people and manage let's say 3000 downstream stores. >> Yeah it's like the old SRE model for DevOps. >> Correct. >> It's not servers they're managing one to many. >> Yes. >> One to many clusters. >> Correct so you've got the cluster, the life cycle of the cluster. You already have the application life cycle with the classic DevOps. And now what we've built and added to the stack is going down one step further, clicking down if you will to managing the life cycle of the operating system. So you have the SUSE enterprise build chain, all the value, the goodness, compliance, security. Again, all of that comes with that build process. And now we're hooking that into a cloud native flow that ends up downstream in our customers. >> So what I'm hearing is your Edge strategy is not some kind of bespoke, "Hey, I'm going after Edge." It connects to the entire value chain. >> Yes, yeah it's a great point. We want to reuse the existing philosophies that are being used today. We don't want to create something net new, cause that's really the point in leverage that we get by having these teams, you know, do these things at scale. Another point I'm going to make here is that we've defined the Edge into three segments. One is the near Edge, which is the realm of the-- >> I was going to ask about this, great. >> The telecommunications companies. So those use cases and profiles look very different. They're almost data center lite, right? So you've had regional locations, central offices where they're standing up gear classic to you machines, right? So things you find from HPE, for example. And then once you get on the other side of the access device right? The cable modem, the router, whatever it is you get into what we call the far Edge. And this is where the majority of the use cases reside. This is where the diversity of use cases presents itself as well. >> Also security challenges. >> Security challenges. Yes and we can talk about that following in a moment. And then finally, if you look at that far Edge as a box, right? Think of it as a layer two domain, a network. Inside that location, on that network you'll have industrial IOT devices. Those devices are too small to run a full blown operating system such as Linux and Kubernetes in the stack but they do have software on them, right? So we need to be able to discover those devices and manage those devices and pull data from those devices and do it in a cloud native way. So that's what we called the tiny Edge. And I stole that name from the folks over at Microsoft. Kate and Edrick are are leading a project upstream called Akri, A-K-R-I, and we are very much heavily involved in Akri because it will discover the industrial IOT devices and plug those into a local Kubernetes cluster running at that location. >> And Home Depot would fit into the near edge is that correct? >> Yes. >> Yeah okay. >> So each Home Depot store, just to bring it home, is a far Edge location and they have over 2,600 of these locations. >> So far Edge? You would put far Edge? >> Keith: Far Edge yes. >> Far edge, okay. >> John: Near edge is like Metro. Think of Metro. >> And Teleco, communication, service providers MSOs, multi-service operators. Those guys are-- >> Near Edge. >> The near edge, yes. >> Don't you think, John's been asking all week about machine learning and AI, in that tiny Edge. We think there's going to be a lot of AI influencing. >> Keith: Oh absolutely. >> Real time. And it actually is going to need some kind of lighter weight you know, platform. How do you fit into that? >> So going on this, like this model I just described if you go back and look at the SUSECON 2022 demo keynote that I did, we actually on stage stood up that exact stack. So we had a single Intel nook running SLE Micro as we mentioned earlier, running K3s and we plugged into that device, a USB camera which was automatically detected and it loaded Akri and gave us a driver to plug it into a container. Now, to answer your question, that is the point in time where we bring in the ML and the AI, the inference and the pattern recognition, because that camera when you showed the SUSE plush doll, it actually recognized it and put a QR code up on the screen. So that's where it all comes together. So we tried to showcase that in a complete demo. >> Last week, I was here in Vegas for an event Amazon and AWS put on called re:Mars, machine learning, automation, robotics, and space. >> Okay. >> Kind of but basically for me was an industrial edge show. Cause The space is the ultimate like glam to edge is like, you're doing stuff in space that's pretty edgy so to speak, pun intended. But the industrial side of the Edge is going to, we think, accelerate with machine learning. >> Keith: Absolutely. >> And with these kinds of new portable I won't say flash compute or just like connected power sources software. The industrial is going to move really fast. We've been kind of in a snails pace at the Edge, in my opinion. What's your reaction to that? Do you think we're going to see a mass acceleration of growth at the Edge industrial, basically physical, the physical world. >> Yes, first I agree with your assessment okay, wholeheartedly, so much so that it's my strategy to go after the tiny Edge space and be a leader in the industrial IOT space from an open source perspective. So yes. So a few things to answer your question we do have K3s in space. We have a customer partner called Hypergiant where they've launched satellites with K3s running in space same model, that's a far Edge location, probably the farthest Edge location we have. >> John: Deep Edge, deep space. >> Here at HPE Discover, we have a business unit called SUSE RGS, Rancher Government Services, which focuses on the US government and DOD and IC, right? So little bit of the world that I used to work in my past career. Brandon Gulla the CTO of of that unit gave a great presentation about what we call the tactical Edge. And so the same technology that we're using on the commercial and the manufacturing side. >> Like the Jedi contract, the tactical military Edge I think. >> Yes so imagine some of these military grade industrial IOT devices in a disconnected environment. The same software stack and technology would apply to that use case as well. >> So basically the tactical Edge is life? We're humans, we're at the Edge? >> Or it's maintenance, right? So maybe it's pulling sensors from aircraft, Humvees, submarines and doing predictive analysis on the maintenance for those items, those assets. >> All these different Edges, they underscore the diversity that you were just talking Keith and we also see a new hardware architecture emerging, a lot of arm based stuff. Just take a look at what Tesla's doing at the tiny Edge. Keith Basil, thanks so much. >> Sure. >> For coming on theCube. >> John: Great to have you. >> Grateful to be here. >> Awesome story. Okay and thank you for watching. This is Dave Vellante for John Furrier. This is day three of HPE Discover 2022. You're watching theCube, the leader in enterprise and emerging tech coverage. We'll be right back. (upbeat music)