(upbeat music) >> Live, from Washington DC. It's theCUBE. Covering AWS Public Sector Summit. Brought to you by Amazon Web Services. >> Welcome back everyone to theCUBE's live coverage of the AWS Public Sector Summit here in Washington DC. I'm your host Rebecca Knight, co-hosting alongside of John Furrier. We are excited to welcome to the program, General Keith Alexander former NSA Director, the first Commander to lead the US Cyber Command, Four-star General with a 40 year career. Thank you so much for coming theCUBE, we are honored, we are honored to have you. >> It is an honor to be here. Thank you. >> So let's talk about cyber threats. Let's start there and have you just give us your observations, your thoughts on what are the most pressing cyber threats that keep you up at night? >> Well, so, when you think about threats, you think about Nation States, so you can go to Iran, Russia, China, North Korea. And then you think about criminal threats, well all the things like ransomware. Some of the Nation State actors are also criminals at night so they can use Nation State tools. And my concern about all the evolution of cyber-threats, is that the attacks are getting more destructive, the malware has more legs with worms and the impact on our commercial sector and our nation, increasingly bigger. So you have all those from cyber. And then I think the biggest impact to our country is the theft of intellectual property, right. That's our future. So you look out on this floor here, think about all the technical talent. Now imagine that every idea that we have, somebody else is stealing, making a product out of it, competing with us, and beating us. That's kind of what Huawei did, taking CISCO code to make Huawei, and now they're racing down that road. So we have a couple of big issues here to solve, protect our future, that intellectual property, stop the theft of money and other ideas, and protect our nation. So when you think about cyber, that's what I think about going to. Often times I'll talk about the Nation State threat. The most prevalent threats is this criminal threat and the most, I think, right now, important for us strategically is the theft of intellectual property. >> So why don't we just have a digital force to counter all this? Why doesn't, you know, we take the same approach we did when we, you know, we celebrated the 75th anniversary D-day, okay, World War II, okay, that was just recently in the news. That's a physical war, okay. We have a digital war happening whether you call it or not. I think it is, personally my opinion. I think it is. You're seeing the misinformation campaigns, financial institutions leaving England, like it's nobody's business. I mean it crippled the entire UK, that like a big hack. Who knows? But its happening digitally. Where's the forces? Is that Cyber Command? What do you do? >> So that's Cyber Command. You bring out an important issue. And protecting the nation, the reason we set up Cyber Command not just to get me promoted, but that was a good outcome. (laughing) But it was actually how do we defend the country? How do we defend ourselves in cyber? So you need a force to do it. So you're right, you need a force. That force is Cyber Command. There's an issue though. Cyber Command cannot see today, attacks on our country. So they're left to try to go after the offense, but all the offense has to do is hit over here. They're looking at these sets of targets. They don't see the attacks. So they wouldn't have seen the attack on Sony. They don't see these devastating attacks. They don't see the thefts. So the real solution to what you bring up is make it visible, make it so our nation can defend itself from cyber by seeing the attacks that are hitting us. That should help us protect companies in sectors and help us share that information. It has to be at speed. So we talk about sharing, but it's senseless for me to send you for air traffic control, a letter, that a plane is located overhead. You get it in the mail seven days later, you think, well-- >> Too late. >> That's too late. >> Or fighting blindfolded. >> That's right. >> I mean-- >> So you can't do either. And so what it gets you to, is we have to create the new norm for visibility in cyber space. This does a whole host of things and you were good to bring out, it's also fake news. It's also deception. It's all these other things that are going on. We have to make that visible. >> How do you do that, though? >> What do you do? I do that. (laughing) So the way you do it, I think, is start at the beginning. What's happening to the network? So, on building a defensible framework, you've got to be able to see the attacks. Not what you expect, but all the attacks. So that's anomaly detection. So that's one of the things we have to do. And then you have to share that at network speed. And then you have to have a machine-learning expert system AI to help you go at the speeds the attacker's going to go at. On fake-news, this is a big problem. >> Yeah. >> You know. This has, been throughout time. Somebody pointed out about, you know, George Washington, right, seven fake letters, written to say, "Oh no, I think the King's good." He never wrote that. And the reason that countries do it, like Russia, in the elections, is to change something to more beneficial for them. Or at least what they believe is more beneficial. It is interesting, MIT has done some studies, so I've heard, on this. And that people are 70% more like to re-Tweet, re-Tweet fake news than they are the facts. So. >> Because it's more sensational, because it's-- >> That's food. It's good for you, in a way. But it's tasty. >> Look at this. It's kind of something that you want to talk about. "Can you believe what these guys are doing? "That's outrageous, retweet." >> Not true. >> Not true. Oh, yeah, but it makes me mad just thinking about it. >> Right, right. >> And so, you get people going, and you think, You know, it's like going into a bar and you know, you go to him, "He thinks you're ugly." and you go to me, and you go, "He thinks you're ugly." (laughs) And so we get going and you started it and we didn't even talk. >> Right, right. >> And so that's what Russia does. >> At scale too. >> At scale. >> At the scale point. >> So part of the solution to that is understanding where information is coming from, being able to see the see the environment like you do the physical environment at speed. I think step one, if I were to pick out the logical sequence of what'll happen, we'll get to a defensible architecture over the next year or two. We're already starting to see that with other sectors, so I think we can get there. As soon as you do that, now you're into, how do I know that this news is real. It's kind of like a block-chain for facts. How do we now do that in this way. We've got to figure that out. >> We're doing our part there. But I want to get back to this topic of infrastructure, because digital, okay, there's roads, there's digital roads, there's packets moving round. You mentioned Huawei ripping off CISCO, which takes their R and D and puts it in their pockets. They have to get that. But we let fake news and other things, you've got payload, content or payload, and then you've got infrastructure distribution. Right, so, we're getting at here as that there are literally roads and bridges and digital construction apparatus, infrastructure, that needs to be understood, addressed, monitored, or reset, because you've had email that's been around for awhile. But these are new kinds of infrastructure, but the payload, malware, fake news, whatever it is. There's an interaction between payload and infrastructure. Your thoughts and reaction to that as a Commander, thinking about how to combat all this? >> I, my gut reaction, is that you're going to have to change, we will have to change, how we think about that. It's not any more roads and avenues in. It's all the environment. You know, it's like this whole thing. Now the whole world is opened up. It's like the Matrix. You open it up and there it is. It's everything. So what we have to do is think about is if it's everything, how do we now operate in a world where you have both truths and fiction? That's the harder problem. So that's where I say, if we solve the first problem, we're so far along in establishing perhaps the level so it raises us up to a level where we're now securing it, where we can begin to see now the ideas for the pedigree of information I think will come out. If you think about the amount of unique information created every year, there are digital videos that claim it's doubling every year or more. If that's true, that half of, 75% of it is fiction, we've got a big road to go. And you know there is a lot of fiction out there, so we've got to fix it. And the unfortunate part is both sides of that, both the fiction and the finding the fiction, has consequences because somebody says that "A wasn't true, "That person, you know, they're saying, he was a rapist, "he was a robber, he was a drugger," and then they find out it was all fake, but he still has that stigma. And then the person over here says, "See, they accused me of that. "They're out to get me in other areas. "They can exclaim what they want." >> But sometimes the person saying that is also a person who has a lot of power in our government, who is saying that it's fake news, when it's not fake news, or, you know what, I-- >> So that's part of the issue. >> It's a very different climate >> Some of it is fake. Some of it's not. And that's what makes it so difficult for the public. So you could say, "That piece was fake, "maybe not the other six." But the reality is, and I think this is where the media can really help. This is where you can help. How do we set up the facts? And I think that's the hardest part. >> It's the truth. >> Yeah, yeah. >> It's a data problem. And you know, we've talked about this off camera in the past. Data is critical for the systems to work. The visibility of the data. Having contextual data, the behavioral data. This gets a lot of the consequences. There's real consequences to this one. Theft, IP, freedom, lives. My son was video-gaming the other day and I could hear his friends all talking, "What's your ping start word? "What's your ping time? "I got lag, I'm dead." And this is a video game. Military, lagging, is not a game. People are losing their lives, potentially if they don't have the right tactical edge, access to technology. I know this is near and dear to your heart. I want to get your reaction. The Department of Defense is deploying strategies to make our military in the field, which represents 85% infantry, I believe, some statistic around that number, is relying on equipment. Technology can help, you know, that. Your thoughts on, the same direction. >> Going to the Cloud. Their effort to go to the Cloud is a great step forward, because it addresses just what you're saying. You know, everybody used to have their own data centers. But a data center has a fixed amount of computational capability. Once you reach it, you have to get another data center, or you just live with what you've got. In the Cloud if the problem's bigger, elasticity. Just add more corridors. And you can do things now that we could never do before. Perhaps even more importantly, you can make the Clouds global. And you can see around the world. Now you're talking about encrypted data. You're talking about ensuring that you have a level of encryption that you need, accesses and stuff. For mobile forces, that's the future. You don't carry a data center around with an infantry battalion. So you want that elasticity and you need the connectivity and you need the training to go with it. And the training gets you to what we were just talking about. When somebody serves up something wrong, and this happened to me in combat, in Desert Storm. We were launched on, everybody was getting ready to launch on something, and I said, "This doesn't sound right." And I told the Division Commander, "I don't agree. "I think this is crazy. "The Iraqis are not attacking us down this line. "I think it's old news. "I think somebody's taken an old report that we had "and re-read it and said oh my God, they're coming." And when we found out that was a JSTARS, remember how the JSTARS MTI thing would off of a wire, would look like a convoy. And that's what it was. So you have to have both. >> So you were on the cusp of an attack, deploying troops. >> That's right. >> On fake information, or misinformation, not accurate-- >> Old information. >> Old information. >> Old information. >> Old, fake, it's all not relevant. >> Well what happens is somebody interprets that to be true. So it gets back to you, how do you interpret the information? So there's training. It's a healthy dose of skepticism, you know. There are aliens in this room. Well, maybe not. (laughing) >> As far as we know. >> That's what everybody. >> But what a fascinating anecdote that you just told, about being in Desert Storm and having this report come and you saying, "Guys, this doesn't sound right." I mean, how often do you harken back to your experience in the military and when you were actually in combat, versus what you are doing today in terms of thinking about these threats? >> A lot. Because in the military, when you have troops in danger your first thought is how can I do more, how can I do better, what can I do to get them the intelligence they need? And you can innovate, and pressure is great innovator. (crunching sound) And it was amazing. And our Division Commander, General Griffith, was all into that. He said, "I trust you. "Do whatever you want." And we, it was amazing. So, I think that's a good thing. Note that when you go back and look at military campaigns, there's always this thing, the victor writes the history. (laughing) So you know, hopefully, the victor will write the truthful history. But that's not always the case. Sometimes history is re-written to be more like what they would like it to be. So, this fake news isn't new. This is something where I think journalists, historians, and others, can come together and say, "You know, that don't make sense. "Let's get the facts." >> But there's so much pressure on journalists today in this 24-hour news cycle, where you're not only expected to write the story, but you're expected to be Tweeting about it, or do a podcast about it later, to get that first draft of history right. >> So it may be part of that is as the reporter is saying it, step back and say, "Here's what we've been told." You know, we used to call those a certain type of sandwich, not a good-- (laughing) If memory serves it's a sandwich. One of these sandwiches. You're getting fed that, you're thinking, "You know, this doesn't make sense. "This time and day that this would occur." "So while we've heard this report. "It's sensational. "We need to go with the facts." And that's one of the areas that I think we really got to work. >> Journalism's changing too. I can tell you, from we've talked, data drives us. We've no advertising. Completely different model. In-depth interviews. The truth is out there. The key is how do you get the truth in context to real-time information for those right opportunities. Well, I want to get before we go, and thanks for coming on, and spending the time, General, I really appreciate it. Your company that you've formed, IronNet, okay, you're applying a lot of your discipline and knowledge in military cyber and cutting-edge tech. Tell us about your company. >> So one of the things that you, we brought up, and discussed here. When I had Cyber Command, one of the frustrations that I discussed with both Secretary Gates and Secretary Panetta, we can't see attacks on our country. And that's the commercial sector needs to help go fix that. The government can't fix that. So my thought was now that I'm in the commercial sector, I'll help fix the ability to see attacks on the commercial sector so we can share it with the government. What that entails is creating a behavioral analytic system that creates events, anomalies, an expert system with machine-learning and AI, that helps you understand what's going on and the ability to correlate and then give that to the government, so they can see that picture, so they have a chance of defending our country. So step one is doing that. Now, truth and lending, it's a lot harder than I thought it would be. (laughing) You know, I had this great saying, "Nothing is too hard "for those of us who don't have to do it." "How hard can this be?" Those were two of my favorite sayings. Now that I have to do it, I can say that it's hard, but it's doable. We can do this. And it's going to take some time. We are getting traction. The energy sector has been great to work with in this area. I think within a year, what we deploy with the companies, and what we push up to the Cloud and the ability to now start sharing that with government will change the way we think about cyber security. I think it's a disruptor. And we have to do that because that's the way they're going to attack us, with AI. We have to have a fast system to defend. >> I know you got to go, tight schedule here, but I want to get one quick question in. I know you're not a policy, you know, wonk, as they say, or expert. Well, you probably are an expert on policy, but if we can get a re-do on reshaping policy to enable these hard problems to be solved by entrepreneurs like yourself expertise that are coming into the space, quickly, with ideas to solve these big problems, whether it's fake news or understanding attacks. What do the policy makers need to do? Is it get out of the way? Do they rip up everything? Do they reshape it? What's your vision on this? What's your opinion? >> I think and I think the acting Secretary of Defense is taking this on and others. We've got to have a way of quickly going, this technology changes every two years or better. Our acquisition cycle is in many years. Continue to streamline the acquisition process. Break through that. Trust that the military and civilian leaders will do the right thing. Hold 'em accountable. You know, making the mistake, Amazon, Jeff Bezos, says a great thing, "Go quickly to failure so we can get "to success." And we in the military say, "If you fail, you're a dummy." No, no, try it. If it doesn't work, go on to success. So don't crush somebody because they failed, because they're going to succeed at some point. Try and try again. Persevere. The, so, I think a couple of things, ensure we fix the acquisition process. Streamline it. And allow Commanders and thought leaders the flexibility and agility to bring in the technology and ideas we need to make this a better military, a better intelligence community, and a better country. We can do this. >> All right. All right, I'm thinking Rosie the Riveter. We can do this. (laughing) >> We can do it. Just did it. >> General Alexander, thank you so much for coming on the show. >> Thank you. >> I'm Rebecca Knight for John Furrier. Stay tuned for more of theCUBE. (electronic music)

>> Narrator: theCUBE's live coverage is made possible by funding from Dell Technologies, creating technologies that drive human progress. (upbeat music) >> Welcome back to the Fira in Barcelona. This is Dave Vellante with David Nicholson. Lisa Martin is also here. This is day two of our coverage of MWC 23 on theCUBE. We're super excited. We're in between hall four and five. Stop by if you're here. Dennis Hoffman is here. He's the senior vice president and general manager of the Telecom systems business at Dell Technologies, and he's joined by Yousef Khalidi, who's the corporate vice president of Azure for Operators from Microsoft. Gents, Welcome. >> Thanks, Dave. >> Thank you. >> So we saw Satya in the keynote. He wired in. We saw T.K. came in. No AWS. I don't know. They're maybe not part of the show, but maybe next year they'll figure it out. >> Indeed, indeed. >> Lots of stuff happened in the Telecom, but the Azure operator distributed service is the big news, you guys got here. What's that all about? >> Oh, first of all, we changed the name. >> Oh, you did? >> You did? >> Oh, yeah. We have a real name now. It's called the Azure Operator Nexus. >> Oh, I like Nexus better than that. >> David: That's much better, much better. >> Dave: The engineers named it first time around. >> I wish, long story, but thank you for our marketing team. But seriously, not only did we rename the platform, we expanded the platform. >> Dave: Yeah. >> So it now covers the whole spectrum from the far-edge to the public cloud as well, including the near-edge as well. So essentially, it's a hybrid platform that can also run network functions. So all these operators around you, they now have a platform which combines cloud technologies with the choice where they want to run, optimized for the network. >> Okay and so, you know, we've talked about the disaggregation of the network and how you're bringing kind of engineered systems to the table. We've seen this movie before, but Dennis, there are differences, right? I mean, you didn't really have engineered systems in the 90s. You didn't have those integration points. You really didn't have the public cloud, you didn't have AI. >> Right. >> So you have all those new powers that you can tap, so give us the update from your perspective, having now spent a day and a half here. What's the vibe, what's the buzz, and what's your take on everything? >> Yeah, I think to build on what Yousef said, there's a lot going on with people still trying to figure out exactly how to architect the Telecom network of the future. They know it's got to have a lot to do with cloud. It does have some pretty significant differences, one of those being, there's definitely got to be a hybrid component because there are pieces of the Telecom network that even when modernized will not end up centralized, right? They're going to be highly distributed. I would say though, you know, we took away two things, yesterday, from all the meetings. One, people are done, I think the network operators are done, questioning technology readiness. They're now beginning to wrestle with operationalization of it all, right? So it's like, okay, it's here. I can in fact build a modern network in a very cloud native way, but I've got to figure out how to do that all. And another big part of it is the ecosystem and certainly the partnership long standing between Dell and Microsoft which we're extending into this space is part of that, making it easier on people to actually acquire, deploy, and importantly, support these new technologies. >> So a lot of the traditional carriers, like you said, they're sort of beyond the technology readiness. Jose Maria Alvarez in the keynote said there are three pillars to the future Telecom network. He said low latency, programmable networks, and then cloud and edge, kind of threw that in. You agree with that, Yousef? (Dave and Yousef speaking altogether) >> I mean, we've been for years talking about the cloud and edge. >> Yeah. >> Satya for years had the same graphic. We still have it. Today, we have expanded the graphic a bit to include the network as one, because you can have a cloud without connectivity as well but this is very, very, very, very much true. >> And so the question then, Dennis, is okay, you've got disruptors, we had Dish on yesterday. >> Oh, did you? Good. >> Yeah, yeah, and they're talking about what they're doing with, you know, ORAN and all the applications, really taking account of it. What I see is a developer friendly, you know, environment. You got the carriers talking about how they're going to charge developers for APIs. I think they've published eight APIs which is nowhere near enough. So you've got that sort of, you know, inertia and yet, you have the disruptors that are going to potentially be a catalyst to, you know, cross the chasm, if you will. So, you know, put on your strategy hat. >> Yeah. >> Dave: How do you see that playing out? >> Well, they're trying to tap into three things, the disruptors. You know, I think the thesis is, "If I get to a truly cloud native, communications network first, I ought to have greater agility so that I can launch more services and create more revenue streams. I ought to be lower cost in terms of both acquisition cost and operating cost, right, and I ought to be able to create scale between my IT organization, everything I know how to do there and my Telecom network." You know, classic, right? Better, faster, cheaper if I embrace cloud early on. And people like Dish, you know, they have a clean sheet of paper with which to do that. So innovation and rate of innovation is huge for them. >> So what would you do? We put your Clay Christensen hat on, now. What if you were at a traditional Telco who's like, complaining about- >> You're going to get me in trouble. >> Dave: Come on, come on. >> Don't do it. >> Dave: Help him out. Help him out, help him out. So if, you know, they're complaining about CapEx, they're highly regulated, right, they want net neutrality but they want to be able to sort of dial up the cost of those using the network. So what would you do? Would you try to disrupt yourself? Would you create a skunkworks? Would you kind of spin off a disruptor? That's a real dilemma for those guys. >> Well for mobile network operators, the beauty of 5G is it's the first cloud native cellular standard. So I don't know if anybody's throwing these terms around, but 5G SA is standalone, right? >> Dave: Yeah, yeah. >> So a lot of 'em, it's not a skunkworks. They're just literally saying, "I've got to have a 5G network." And some of 'em are deciding, "I'm going to stand it up all by itself." Now, that's duplicative expense in a lot of ways, but it creates isolation from the two networks. Others are saying, "No, it's got to be NSA. I've got to be able to combine 4G and 5G." And then you're into the brownfield thing. >> That's the hybrid. >> Not hybrid as in cloud, but hybrid as in, you know. >> Yeah, yeah. >> It's a converge network. >> Dave: Yeah, yeah. >> So, you know, I would say for a lot of them, they're adopting, probably rightly so, a wait and see attitude. One thing we haven't talked about and you got to get on the table, their high order bit is resilience. >> Dave: Yeah, totally. >> David: Yeah. >> Right? Can't go down. It's national, secure infrastructure, first responder. >> Indeed. >> Anytime you ask them to embrace any new technology, the first thing that they have to work through in their minds is, you know, "Is the juice worth the squeeze? Like, can I handle the risk?" >> But you're saying they're not questioning the technology. Aren't they questioning ORAN in terms of the quality of service, or are they beyond that? >> Dennis: They're questioning the timing, not the inevitability. >> Okay, so they agree that ORAN is going to be open over time. >> At some point, RAN will be cloud native, whether it's ORAN the spec, open RAN the concept, (Yousef speaking indistinctly) >> Yeah. >> Virtual RAN. But yeah, I mean I think it seems pretty evident at this point that the mainframe will give way to open systems once again. >> Dave: Yeah, yeah, yeah. >> ERAN, ecosystem RAN. >> Any RAN. (Dave laughing) >> You don't have to start with the ORAN where they're inside the house. So as you probably know, our partner AT&T started with the core. >> Dennis: They almost all have. >> And they've been on the virtualization path since 2014 and 15. And what we are working with them on is the hybrid cloud model to expand all the way, if you will, as I mentioned to the far-edge or the public cloud. So there's a way to be in the brownfield environment, yet jump on the new bandwagon of technology without necessarily taking too much risk, because you're quite right. I mean, resiliency, security, service assurance, I mean, for example, AT&T runs the first responder network for the US on their network, on our platform, and I'm personally very familiar of how high the bar is. So it's doable, but you need to go in stages, of course. >> And they've got to do that integration. >> Yes. >> They do. >> And Yousef made a great point. Like, out of the top 30 largest Telcos by CapEx outside of China, three quarters of them have virtualized their core. So the cloudification, if you will, software definition run on industry standard hardware, embraced cloud native principles, containerized apps, that's happened in the core. It's well accepted. Now it's just a ripple-down through the network which will happen as and when things are faster, better, cheaper. >> Right. >> So as implemented, what does this look like? Is it essentially what we used to loosely refer to as Azure stacked software, running with Dell optimized Telecom infrastructure together, sometimes within a BBU, out in a hybrid cloud model communicating back to Azure locations in some cases? Is that what we're looking at? >> Approximately. So you start with the near-edge, okay? So the near-edge lives in the operator's data centers, edges, whatever the case may be, built out of off the shelf hardware. Dell is our great partner there but in principle, it could be different mix and match. So once you have that true near-edge, then you can think of, "Okay, how can I make sure this environment is as uniform, same APIs, same everything, regardless what the physical location is?" And this is key, key for the network function providers and the NEPs because they need to be able to port once, run everywhere, and it's key for the operator to reduce their costs. You want to teach your workforce, your operations folks, if you will, how to manage this system one time, to automation and so forth. So, and that is actually an expansion of the Azure capabilities that people are familiar with in a public cloud, projected into different locations. And we have technology called Arc which basically models everything. >> Yeah, yeah. >> So if you have trained your IT side, you are halfway there, how to manage your new network. Even though of course the network is carrier graded, there's different gear. So yes, what you said, a lot of it is true but the actual components, whatever they might be running, are carrier grade, highly optimized, the next images and our solution is not a DIY solution, okay? I know you cater to a wide spectrum here but for us, we don't believe in the TCO. The proper TCO can be achieved by just putting stuff by yourself. We just published a report with Analysys Mason that shows that our approach will save 36 percent of the cost compared to a DIY approach. >> Dave: What percent? >> 36 percent. >> Dave: Of the cost? >> Of, compared to DIY, which is already cheaper than classical models. >> And there's a long history of fairly failed DIY, right, >> Yeah. >> That preceded this. As in the early days of public cloud, the network operators wrestled with, "Do I have to become one to survive?" >> Dave: Yeah. Right. >> So they all ended up having cloud projects and by and large, they've all dematerialized in favor of this. >> Yeah, and it's hard for them to really invest at scale. Let me give you an example. So, your biggest tier one operator, without naming anybody, okay, how many developers do they have that can build and maintain an OS image, or can keep track of container technology, or build monitoring at scale? In our company, we have literally thousands of developers doing it already for the cloud and all we're doing for the operator segment is customizing it and focusing it at the carrier grade aspects of it. But so, I don't have half a dozen exterior experts. I literally have a building of developers who can do that and I'm being literal, here. So it's a scale thing. Once you have a product that you can give to multiple people, everybody benefits. >> Dave: Yeah, and the carriers are largely, they're equipment engineers in a large setting. >> Oh, they have a tough job. I always have total respect what they do. >> Oh totally, and a lot of the work happens, you know, kind of underground and here they are. >> They are network operators. >> They don't touch. >> It's their business. >> Right, absolutely, and they're good at it. They're really good at it. That's right. You know, you think about it, we love to, you know, poke fun at the big carriers, but think about what happened during the pandemic. When they had us shift everything to remote work, >> Dennis: Yes. >> Landline traffic went through the roof. You didn't even notice. >> Yep. That's very true. >> I mean, that's the example. >> That's very true. >> However, in the future where there's innovation and it's going to be driven by developers, right, that's where the open ecosystem comes in. >> Yousef: Indeed. >> And that's the hard transition for a lot of these folks because the developers are going to win that with new workloads, new applications that we can't even think of. >> Dennis: Right. And a lot of it is because if you look at it, there's the fundamental back strategy hat back on, fundamental dynamics of the industry, forced investment, flat revenues. >> Dave: Yeah. Right. >> Very true. >> Right? Every few years, a new G comes out. "Man, I got to retool this massive thing and where I can't do towers, I'm dropping fiber or vice a versa." And meanwhile, most diversification efforts into media have failed. They've had to unwind them and resell them. There's a lot of debt in the industry. >> Yousef: Yeah. >> Dennis: And so, they're looking for that next big, adjacent revenue stream and increasingly deciding, "If I don't modernize my network, I can't get it." >> Can't do it. >> Right, and again, what I heard from some of the carriers in the keynote was, "We're going to charge for API access 'cause we have data in the network." Okay, but I feel like there's a lot more innovation beyond that that's going to come from the disruptors. >> Dennis: Oh yeah. >> Yousef: Yes. >> You know, that's going to blow that away, right? And then that may not be the right model. We'll see, you know? I mean, what would Microsoft do? They would say, "Here, here's a platform. Go develop." >> No, I'll tell you. We are actually working with CAMARA and GSMA on the whole API layer. We actually announced a service as well as (indistinct). >> Dave: Yeah, yeah, right. >> And the key there, frankly, in my opinion, are not the disruptors as in operators. It's the ISV community. You want to get developers that can write to a global set of APIs, not per Telco APIs, such that they can do the innovation. I mean, this is what we've seen in other industries, >> Absolutely. >> That I critically can think of. >> This is the way they get a slice of that pie, right? The recent history of this industry is one where 4G LTE begot the smartphone and app store era, a bevy of consumer services, and almost every single profit stream went somewhere other than the operator, right? >> Yousef: Someone else. So they're looking at this saying, "Okay, 5G is the enterprise G and there's going to be a bevy of applications that are business service related, based on 5G capability and I can't let the OTT, over the top, thing happen again." >> Right. >> They'll say that. "We cannot let this happen." >> "We can't let this happen again." >> Okay, but how do they, >> Yeah, how do they make that not happen? >> Not let it happen again? >> Eight APIs, Dave. The answer is eight APIs. No, I mean, it's this approach. They need to make it easy to work with people like Yousef and more importantly, the developer community that people like Yousef and his company have found a way to harness. And by the way, they need to be part of that developer community themselves. >> And they're not, today. They're not speaking that developer language. >> Right. >> It's hard. You know, hey. >> Dennis: Hey, what's the fastest way to sell an enterprise, a business service? Resell Azure, Teams, something, right? But that's a resale. >> Yeah, that's a resale thing. >> See, >> That's not their service. >> They also need to free their resources from all the plumbing they do and leave it to us. We are plumbers, okay? >> Dennis: We are proud plumbers. >> We are proud plumbers. I'm a plumber. I keep telling people this thing. We had the same discussion with banks and enterprises 10 years ago, by the way. Don't do the plumbing. Go add value on the top. Retool your workforce to do applications and work with ISVs to the verticals, as opposed to either reselling, which many do, or do the plumbing. You'd be surprised. Traditionally, many operators do around, "I want to plumb this thing to get this small interrupt per second." Like, who cares? >> Well, 'cause they made money on connectivity. >> Yes. >> And we've seen this before. >> And in a world without telephone poles and your cables- >> Hey, if what you have is a hammer, everything's a nail, right? And we sell connectivity services and that's what we know how to do, and that both build and sell. And if that's no longer driving a revenue stream sufficient to cover this forced investment march, not to mention Huawei rip and government initiatives to pull infrastructure out and accelerate investment, they got to find new ways. >> I mean, the regulations have been tough, right? They don't go forward and ask for permission. They really can't, right? They have to be much more careful. >> Dennis: It is tough. >> So, we don't mean to sound like it's easy for these guys. >> Dennis: No, it's not. >> But it does require a new mindset, new skillsets, and I think some of 'em are going to figure it out and then pff, the wave, and you guys are going to be riding that wave. >> We're going to try. >> Definitely. Definitely. >> As a veteran of working with both Dell and Microsoft, specifically Azure on things, I am struck by how you're very well positioned in this with Microsoft in particular. Because of Azure's history, coming out of the on-premises world that Microsoft knows so well, there's a natural affinity to the hybrid nature of Telecom. We talk about edge, we talk about hybrid, this is it, absolutely the center of it. So it seems like a- >> Yousef: Indeed. Actually, if you look at the history of Azure, from day one, and I was there from day one, we always spoke of the hybrid model. >> Yeah. >> The third point, we came from the on-premises world. >> David: Right. >> And don't get me wrong, I want people to use the public cloud, but I also know due to physics, regulation, geopolitical boundaries, there's something called on-prem, something called an edge here. I want to add something else. Remember our deal on how we are partner-centric? We're applying the same playbook, here. So, you know, for every dollar we make, so many of it's been done by the ecosystem. Same applies here. So we have announced partnerships with Ericson, Nokia, (indistinct), all the names, and of course with Dell and many others. The ecosystem has to come together and customers must retain their optionality to drum up whatever they are on. So it's the same playbook, with this. >> And enterprise technology companies are, actually, really good at, you know, decoding the customer, figuring out specific requirements, making some mistakes the first time through and then eventually getting it right. And as these trends unfold, you know, you're in a good position, I think, as are others and it's an exciting time for enterprise tech in this industry, you know? >> It really is. >> Indeed. >> Dave: Guys, thanks so much for coming on. >> Thank you. >> Dave: It's great to see you. Have a great rest of the show. >> Thank you. >> Thanks, Dave. Thank you, Dave. >> All right, keep it right there. John Furrier is live in our studio. He's breaking down all the news. Go to siliconangle.com to go to theCUBE.net. Dave Vellante, David Nicholson and Lisa Martin, we'll be right back from the theater in Barcelona, MWC 23 right after this short break. (relaxing music)

(upbeat music) >> We are back, approaching the finish line here at Supercomputing 22, our last interview of the day, our last interview of the show. And I have to say Dave Nicholson, my co-host, My name is Paul Gillin. I've been attending trade shows for 40 years Dave, I've never been to one like this. The type of people who are here, the type of problems they're solving, what they talk about, the trade shows are typically, they're so speeds and feeds. They're so financial, they're so ROI, they all sound the same after a while. This is truly a different event. Do you get that sense? >> A hundred percent. Now, I've been attending trade shows for 10 years since I was 19, in other words, so I don't have necessarily your depth. No, but seriously, Paul, totally, completely, completely different than any other conference. First of all, there's the absolute allure of looking at the latest and greatest, coolest stuff. I mean, when you have NASA lecturing on things when you have Lawrence Livermore Labs that we're going to be talking to here in a second it's a completely different story. You have all of the academics you have students who are in competition and also interviewing with organizations. It's phenomenal. I've had chills a lot this week. >> And I guess our last two guests sort of represent that cross section. Armando Acosta, director of HPC Solutions, High Performance Solutions at Dell. And Matt Leininger, who is the HPC Strategist at Lawrence Livermore National Laboratory. Now, there is perhaps, I don't know you can correct me on this, but perhaps no institution in the world that uses more computing cycles than Lawrence Livermore National Laboratory and is always on the leading edge of what's going on in Supercomputing. And so we want to talk to both of you about that. Thank you. Thank you for joining us today. >> Sure, glad to be here. >> For having us. >> Let's start with you, Armando. Well, let's talk about the juxtaposition of the two of you. I would not have thought of LLNL as being a Dell reference account in the past. Tell us about the background of your relationship and what you're providing to the laboratory. >> Yeah, so we're really excited to be working with Lawrence Livermore, working with Matt. But actually this process started about two years ago. So we started looking at essentially what was coming down the pipeline. You know, what were the customer requirements. What did we need in order to make Matt successful. And so the beauty of this project is that we've been talking about this for two years, and now it's finally coming to fruition. And now we're actually delivering systems and delivering racks of systems. But what I really appreciate is Matt coming to us, us working together for two years and really trying to understand what are the requirements, what's the schedule, what do we need to hit in order to make them successful >> At Lawrence Livermore, what drives your computing requirements I guess? You're working on some very, very big problems but a lot of very complex problems. How do you decide what you need to procure to address them? >> Well, that's a difficult challenge. I mean, our mission is a national security mission dealing with making sure that we do our part to provide the high performance computing capabilities to the US Department of Energy's National Nuclear Security Administration. We do that through the Advanced Simulation computing program. Its goal is to provide that computing power to make sure that the US nuclear rep of the stockpile is safe, secure, and effective. So how we go about doing that? There's a lot of work involved. We have multiple platform lines that we accomplish that goal with. One of them is the advanced technology systems. Those are the ones you've heard about a lot, they're pushing towards exit scale, the GPU technologies incorporated into those. We also have a second line, a platform line, called the Commodity Technology Systems. That's where right now we're partnering with Dell on the latest generation of those. Those systems are a little more conservative, they're right now CPU only driven but they're also intended to be the everyday work horses. So those are the first systems our users get on. It's very easy for them to get their applications up and running. They're the first things they use usually on a day to day basis. They run a lot of small to medium size jobs that you need to do to figure out how to most effectively use what workloads you need to move to the even larger systems to accomplish our mission goals. >> The workhorses. >> Yeah. >> What have you seen here these last few days of the show, what excites you? What are the most interesting things you've seen? >> There's all kinds of things that are interesting. Probably most interesting ones I can't talk about in public, unfortunately, 'cause of NDA agreements, of course. But it's always exciting to be here at Supercomputing. It's always exciting to see the products that we've been working with industry and co-designing with them on for, you know, several years before the public actually sees them. That's always an exciting part of the conference as well specifically with CTS-2, it's exciting. As was mentioned before, I've been working with Dell for nearly two years on this, but the systems first started being delivered this past August. And so we're just taking the initial deliveries of those. We've deployed, you know, roughly about 1600 nodes now but that'll ramp up to over 6,000 nodes over the next three or four months. >> So how does this work intersect with Sandia and Los Alamos? Explain to us the relationship there. >> Right, so those three laboratories are the laboratories under the National Nuclear Security Administration. We partner together on CTS. So the architectures, as you were asking, how do we define these things, it's the labs coming together. Those three laboratories we define what we need for that architecture. We have a joint procurement that is run out of Livermore but then the systems are deployed at all three laboratories. And then they serve the programs that I mentioned for each laboratory as well. >> I've worked in this space for a very long time you know I've worked with agencies where the closest I got to anything they were actually doing was the sort of guest suite outside the secure area. And sometimes there are challenges when you're communicating, it's like you have a partner like Dell who has all of these things to offer, all of these ideas. You have requirements, but maybe you can't share 100% of what you need to do. How do you navigate that? Who makes the decision about what can be revealed in these conversations? You talk about NDA in terms of what's been shared with you, you may be limited in terms of what you can share with vendors. Does that cause inefficiency? >> To some degree. I mean, we do a good job within the NSA of understanding what our applications need and then mapping that to technical requirements that we can talk about with vendors. We also have kind of in between that we've done this for many years. A recent example is of course with the exit scale computing program and some things it's doing creating proxy apps or mini apps that are smaller versions of some of the things that we are important to us. Some application areas are important to us, hydrodynamics, material science, things like that. And so we can collaborate with vendors on those proxy apps to co-design systems and tweak the architectures. In fact, we've done a little bit that with CTS-2, not as much in CTS as maybe in the ATS platforms but that kind of general idea of how we collaborate through these proxy applications is something we've used across platforms. >> Now is Dell one of your co-design partners? >> In CTS-2 absolutely, yep. >> And how, what aspects of CTS-2 are you working on with Dell? >> Well, the architecture itself was the first, you know thing we worked with them on, we had a procurement come out, you know they bid an architecture on that. We had worked with them, you know but previously on our requirements, understanding what our requirements are. But that architecture today is based on the fourth generation Intel Xeon that you've heard a lot about at the conference. We are one of the first customers to get those systems in. All the systems are interconnected together with the Cornell Network's Omni-Path Network that we've used before and are very excited about as well. And we build up from there. The systems get integrated in by the operations teams at the laboratory. They get integrated into our production computing environment. Dell is really responsible, you know for designing these systems and delivering to the laboratories. The laboratories then work with Dell. We have a software stack that we provide on top of that called TOSS, for Tri-Lab Operating System. It's based on Redhead Enterprise Linux. But the goal there is that it allows us, a common user environment, a common simulation environment across not only CTS-2, but maybe older systems we have and even the larger systems that we'll be deploying as well. So from a user perspective they see a common user interface, a common environment across all the different platforms that they use at Livermore and the other laboratories. >> And Armando, what does Dell get out of the co-design arrangement with the lab? >> Well, we get to make sure that they're successful. But the other big thing that we want to do, is typically when you think about Dell and HPC, a lot of people don't make that connection together. And so what we're trying to do is make sure that, you know they know that, hey, whether you're a work group customer at the smallest end or a super computer customer at the highest end, Dell wants to make sure that we have the right setup portfolio to match any needs across this. But what we were really excited about this, this is kind of our, you know big CTS-2 first thing we've done together. And so, you know, hopefully this has been successful. We've made Matt happy and we look forward to the future what we can do with bigger and bigger things. >> So will the labs be okay with Dell coming up with a marketing campaign that said something like, "We can't confirm that alien technology is being reverse engineered." >> Yeah, that would fly. >> I mean that would be right, right? And I have to ask you the question directly and the way you can answer it is by smiling like you're thinking, what a stupid question. Are you reverse engineering alien technology at the labs? >> Yeah, you'd have to suck the PR office. >> Okay, okay. (all laughing) >> Good answer. >> No, but it is fascinating because to a degree it's like you could say, yeah, we're working together but if you really want to dig into it, it's like, "Well I kind of can't tell you exactly how some of this stuff is." Do you consider anything that you do from a technology perspective, not what you're doing with it, but the actual stack, do you try to design proprietary things into the stack or do you say, "No, no, no, we're going to go with standards and then what we do with it is proprietary and secret."? >> Yeah, it's more the latter. >> Is the latter? Yeah, yeah, yeah. So you're not going to try to reverse engineer the industry? >> No, no. We want the solutions that we develop to enhance the industry to be able to apply to a broader market so that we can, you know, gain from the volume of that market, the lower cost that they would enable, right? If we go off and develop more and more customized solutions that can be extraordinarily expensive. And so we we're really looking to leverage the wider market, but do what we can to influence that, to develop key technologies that we and others need that can enable us in the high forms computing space. >> We were talking with Satish Iyer from Dell earlier about validated designs, Dell's reference designs for for pharma and for manufacturing, in HPC are you seeing that HPC, Armando, and is coming together traditionally and more of an academic research discipline beginning to come together with commercial applications? And are these two markets beginning to blend? >> Yeah, I mean so here's what's happening, is you have this convergence of HPC, AI and data analytics. And so when you have that combination of those three workloads they're applicable across many vertical markets, right? Whether it's financial services, whether it's life science, government and research. But what's interesting, and Matt won't brag about, but a lot of stuff that happens in the DoE labs trickles down to the enterprise space, trickles down to the commercial space because these guys know how to do it at scale, they know how to do it efficiently and they know how to hit the mark. And so a lot of customers say, "Hey we want what CTS-2 does," right? And so it's very interesting. The way I love it is their process the way they do the RFP process. Matt talked about the benchmarks and helping us understand, hey here's kind of the mark you have to hit. And then at the same time, you know if we make them successful then obviously it's better for all of us, right? You know, I want to secure nuclear stock pile so I hope everybody else does as well. >> The software stack you mentioned, I think Tia? >> TOSS. >> TOSS. >> Yeah. >> How did that come about? Why did you feel the need to develop your own software stack? >> It originated back, you know, even 20 years ago when we first started building Linux clusters when that was a crazy idea. Livermore and other laboratories were really the first to start doing that and then push them to larger and larger scales. And it was key to have Linux running on that at the time. And so we had the. >> So 20 years ago you knew you wanted to run on Linux? >> Was 20 years ago, yeah, yeah. And we started doing that but we needed a way to have a version of Linux that we could partner with someone on that would do, you know, the support, you know, just like you get from an EoS vendor, right? Security support and other things. But then layer on top of that, all the HPC stuff you need either to run the system, to set up the system, to support our user base. And that evolved into to TOSS which is the Tri-Lab Operating System. Now it's based on the latest version of Redhead Enterprise Linux, as I mentioned before, with all the other HPC magic, so to speak and all that HPC magic is open source things. It's not stuff, it may be things that we develop but it's nothing closed source. So all that's there we run it across all these different environments as I mentioned before. And it really originated back in the early days of, you know, Beowulf clusters, Linux clusters, as just needing something that we can use to run on multiple systems and start creating that common environment at Livermore and then eventually the other laboratories. >> How is a company like Dell, able to benefit from the open source work that's coming out of the labs? >> Well, when you look at the open source, I mean open source is good for everybody, right? Because if you make a open source tool available then people start essentially using that tool. And so if we can make that open source tool more robust and get more people using it, it gets more enterprise ready. And so with that, you know, we're all about open source we're all about standards and really about raising all boats 'cause that's what open source is all about. >> And with that, we are out of time. This is our 28th interview of SC22 and you're taking us out on a high note. Armando Acosta, director of HPC Solutions at Dell. Matt Leininger, HPC Strategist, Lawrence Livermore National Laboratories. Great discussion. Hopefully it was a good show for you. Fascinating show for us and thanks for being with us today. >> Thank you very much. >> Thank you for having us >> Dave it's been a pleasure. >> Absolutely. >> Hope we'll be back next year. >> Can't believe, went by fast. Absolutely at SC23. >> We hope you'll be back next year. This is Paul Gillin. That's a wrap, with Dave Nicholson for theCUBE. See here in next time. (soft upbear music)

[Music] the cyber security landscape has changed dramatically over the past 24 to 36 months rapid cloud migration has created a new layer of security defense sure but that doesn't mean csos can relax in many respects it further complicates or at least changes the cso's scope of responsibilities in particular the threat surface has expanded and that creates more seams and csos have to make sure their teams pick up where the hyperscaler clouds leave off application developers have become a critical execution point for cyber assurance shift left is the kind of new buzz phrase for devs but organizations still have to shield right meaning the operational teams must continue to partner with secops to make sure infrastructure is resilient so it's no wonder that an etr's latest survey of nearly 1500 cios and it buyers that business technology executives cite security as their number one priority well ahead of other critical technology initiatives including collaboration software cloud computing and analytics rounding out the top four but budgets are under pressure and csos have to prioritize it's not like they have an open checkbook they have to contend with other key initiatives like those just mentioned to secure the funding and what about zero trust can you go out and buy zero trust or is it a framework a mindset in a series of best practices applied to create a security consciousness throughout the organization can you implement zero trust in other words if a machine or human is not explicitly allowed access then access is denied can you implement that policy without constricting organizational agility the question is what's the most practical way to apply that premise and what role does infrastructure play as the enforcer how does automation play in the equation the fact is that today's approach to cyber resilient type resilience can't be an either or it has to be an and conversation meaning you have to ensure data protection while at the same time advancing the mission of the organization with as little friction as possible and don't even talk to me about the edge that's really going to keep you up at night hello and welcome to the special cube presentation a blueprint for trusted infrastructure made possible by dell technologies in this program we explore the critical role that trusted infrastructure plays in cyber security strategies how organizations should think about the infrastructure side of the cyber security equation and how dell specifically approaches securing infrastructure for your business we'll dig into what it means to transform and evolve toward a modern security infrastructure that's both trusted and agile first up are pete gear and steve kenniston they're both senior cyber security consultants at dell technologies and they're going to talk about the company's philosophy and approach to trusted infrastructure and then we're going to speak to paris our godaddy who's a senior consultant for storage at dell technologies to understand where and how storage plays in this trusted infrastructure world and then finally rob emsley who heads product marketing for data protection and cyber security he's going to take a deeper dive with rob into data protection and explain how it has become a critical component of a comprehensive cyber security strategy okay let's get started pete gear steve kenniston welcome to the cube thanks for coming into the marlboro studios today great to be here dave thanks dave good to see you great to see you guys pete start by talking about the security landscape you heard my little rap up front what are you seeing i thought you wrapped it up really well and you touched on all the key points right technology is ubiquitous today it's everywhere it's no longer confined to a monolithic data center it lives at the edge it lives in front of us it lives in our pockets and smartphones along with that is data and as you said organizations are managing sometimes 10 to 20 times the amount of data that they were just five years ago and along with that cyber crime has become a very profitable uh enterprise in fact it's been more than 10 years since uh the nsa chief actually called cybercrime the biggest transfer of wealth in history that was 10 years ago and we've seen nothing but accelerating cybercrime and really sophistication of how those attacks are are perpetrated and so the new security landscape is really more of an evolution we're finally seeing security catch up with all of the technology adoption all the build out the work from home and work from anywhere that we've seen over the last couple of years we're finally seeing organizations and really it goes beyond the i.t directors it's a board level discussion today security's become a board level discussion so yeah i think that's true as well it's like it used to be the security was okay the sec ops team you're responsible for security now you've got the developers are involved the business lines are involved it's part of onboarding for most companies you know steve this concept of zero trust it was kind of a buzzword before the pandemic and i feel like i've often said it's now become a a mandate but it's it's it's still fuzzy to a lot of people how do you guys think about zero trust what does it mean to you how does it fit yeah i thought again i thought your opening was fantastic in this whole lead into to what is zero trust it had been a buzzword for a long time and now ever since the federal government came out with their implementation or or desire to drive zero trust a lot more people are taking a lot more seriously because i don't think they've seen the government do this but ultimately let's see ultimately it's just like you said right if you don't have trust to those particular devices applications or data you can't get at it the question is and and you phrase it perfectly can you implement that as well as allow the business to be as agile as it needs to be in order to be competitive because we're seeing with your whole notion around devops and the ability to kind of build make deploy build make deploy right they still need that functionality but it also needs to be trusted it needs to be secure and things can't get away from you yeah so it's interesting we attended every uh reinforce since 2019 and the narrative there is hey everything in this in the cloud is great you know and this narrative around oh security is a big problem is you know doesn't help the industry the fact is that the big hyperscalers they're not strapped for talent but csos are they don't have the the capabilities to really apply all these best practices they're they're playing whack-a-mole so they look to companies like yours to take their your r d and bake it into security products and solutions so what are the critical aspects of the so-called dell trusted infrastructure that we should be thinking about yeah well dell trusted infrastructure for us is a way for us to describe uh the the work that we do through design development and even delivery of our it system so dell trusted infrastructure includes our storage it includes our servers our networking our data protection our hyper-converged everything that infrastructure always has been it's just that today customers consume that infrastructure at the edge as a service in a multi-cloud environment i mean i view the cloud as really a way for organizations to become more agile and to become more flexible and also to control costs i don't think organizations move to the cloud or move to a multi-cloud environment to enhance security so i don't see cloud computing as a panacea for security i see it as another attack surface and another uh aspect in front that organizations and and security organizations and departments have to manage it's part of their infrastructure today whether it's in their data center in a cloud or at the edge i mean i think it's a huge point because a lot of people think oh the data's in the cloud i'm good it's like steve we've talked about oh why do i have to back up my data it's in the cloud well you might have to recover it someday so i don't know if you have anything to add to that or any additional thoughts on it no i mean i think i think like what pete was saying when it comes to when it comes to all these new vectors for attack surfaces you know people did choose the cloud in order to be more agile more flexible and all that did was open up to the csos who need to pay attention to now okay where can i possibly be attacked i need to be thinking about is that secure and part of the part of that is dell now also understands and thinks about as we're building solutions is it is it a trusted development life cycle so we have our own trusted development life cycle how many times in the past did you used to hear about vendors saying you got to patch your software because of this we think about what changes to our software and what implementations and what enhancements we deliver can actually cause from a security perspective and make sure we don't give up or or have security become a whole just in order to implement a feature we got to think about those things yeah and as pete alluded to our secure supply chain so all the way through knowing what you're going to get when you actually receive it is going to be secure and not be tampered with becomes vitally important and pete and i were talking earlier when you have tens of thousands of devices that need to be delivered whether it be storage or laptops or pcs or or whatever it is you want to be tr you want to know that that that those devices are can be trusted okay guys maybe pete you could talk about the how dell thinks about it's its framework and its philosophy of cyber security and then specifically what dell's advantages are relative to the competition yeah definitely dave thank you so i we've talked a lot about dell as a technology provider but one thing dell also is is a partner in this larger ecosystem we realize that security whether it's a zero trust paradigm or any other kind of security environment is an ecosystem with a lot of different vendors so we look at three areas uh one is protecting data in systems we know that it starts with and ends with data that helps organizations combat threats across their entire infrastructure and what it means is dell's embedding security features consistently across our portfolios of storage servers networking the second is enhancing cyber resiliency over the last decade a lot of the funding and spending has been in protecting or trying to prevent cyber threats not necessarily in responding to and recovering from threats right we call that resiliency organizations need to build resiliency across their organization so not only can they withstand a threat but they can respond recover and continue with their operations and the third is overcoming security complexity security is hard it's more difficult because of the the things we've talked about about distributed data distributed technology and and attack surfaces everywhere and so we're enabling organizations to scale confidently to continue their business but know that all all the i.t decisions that they're making um have these intrinsic security features and are built and delivered in a consistent security so those are kind of the three pillars maybe we could end on what you guys see as the key differentiators uh that people should know about that that dell brings to the table maybe each of you could take take a shot at that yeah i i think first of all from from a holistic portfolio perspective right the secure supply chain and the secure development life cycle permeate through everything dell does when building things so we build things with security in mind all the way from as pete mentioned from from creation to delivery we want to make sure you have that that secure device or or asset that permeates everything from servers networking storage data protection through hyper converge through everything that to me is really a key asset because that means you can you understand when you receive something it's a trusted piece of your infrastructure i think the other core component to think about and pete mentioned as dell being a partner for um making sure you can deliver these things is that even though those are that's part of our framework these pillars are our framework of how we want to deliver security it's also important to understand that we are partners and that you don't need to rip and replace but as you start to put in new components you can be you can be assured that the components that you're replacing as you're evolving as you're growing as you're moving to the cloud as you're moving to more on-prem type services or whatever that your environment is secure i think those are two key things got it okay pete bring us home yeah i think one of one of the big advantages of dell uh is our scope and our scale right we're a large technology vendor that's been around for decades and we develop and sell almost every piece of technology we also know that organizations are might make different decisions and so we have a large services organization with a lot of experienced services people that can help customers along their security journey depending on uh whatever type of infrastructure or solutions that they're looking at the other thing we do is make it very easy to consume our technology whether that's traditional on-premise in a multi-cloud environment uh or as a service and so the best of breed technology can be consumed in any variety of fashion and know that you're getting that consistent secure infrastructure that dell provides well and dell's forgot the probably top supply chain not only in the tech business but probably any business and so you can actually take take your dog food and then and allow other your champagne sorry allow other people to you know share share best practices with your with your customers all right guys thanks so much for coming thank you appreciate it okay keep it right there after this short break we'll be back to drill into the storage domain you're watching a blueprint for trusted infrastructure on the cube the leader in enterprise and emerging tech coverage be right back you

(upbeat music) >> Hello and welcome to theCUBE's presentation of the AWS Startup Showcase. This is season two, episode four of the ongoing series covering the exciting hot startups from the AWS ecosystem. Here we're talking about cybersecurity in this episode. I'm your host, John Furrier here we're excited to have CUBE alumni who's back Snehal Antani who's the CEO and co-founder of Horizon3.ai talking about exploitable weaknesses and vulnerabilities with autonomous pen testing. Snehal, it's great to see you. Thanks for coming back. >> Likewise, John. I think it's been about five years since you and I were on the stage together. And I've missed it, but I'm glad to see you again. >> Well, before we get into the showcase about your new startup, that's extremely successful, amazing margins, great product. You have a unique journey. We talked about this prior to you doing the journey, but you have a great story. You left the startup world to go into the startup, like world of self defense, public defense, NSA. What group did you go to in the public sector became a private partner. >> My background, I'm a software engineer by education and trade. I started my career at IBM. I was a CIO at GE Capital, and I think we met once when I was there and I became the CTO of Splunk. And we spent a lot of time together when I was at Splunk. And at the end of 2017, I decided to take a break from industry and really kind of solve problems that I cared deeply about and solve problems that mattered. So I left industry and joined the US Special Operations Community and spent about four years in US Special Operations, where I grew more personally and professionally than in anything I'd ever done in my career. And exited that time, met my co-founder in special ops. And then as he retired from the air force, we started Horizon3. >> So there's really, I want to bring that up one, 'cause it's fascinating that not a lot of people in Silicon Valley and tech would do that. So thanks for the service. And I know everyone who's out there in the public sector knows that this is a really important time for the tactical edge in our military, a lot of things going on around the world. So thanks for the service and a great journey. But there's a storyline with the company you're running now that you started. I know you get the jacket on there. I noticed get a little military vibe to it. Cybersecurity, I mean, every company's on their own now. They have to build their own militia. There is no government supporting companies anymore. There's no militia. No one's on the shores of our country defending the citizens and the companies, they got to offend for themselves. So every company has to have their own military. >> In many ways, you don't see anti-aircraft rocket launchers on top of the JP Morgan building in New York City because they rely on the government for air defense. But in cyber it's very different. Every company is on their own to defend for themselves. And what's interesting is this blend. If you look at the Ukraine, Russia war, as an example, a thousand companies have decided to withdraw from the Russian economy and those thousand companies we should expect to be in the ire of the Russian government and their proxies at some point. And so it's not just those companies, but their suppliers, their distributors. And it's no longer about cyber attack for extortion through ransomware, but rather cyber attack for punishment and retaliation for leaving. Those companies are on their own to defend themselves. There's no government that is dedicated to supporting them. So yeah, the reality is that cybersecurity, it's the burden of the organization. And also your attack surface has expanded to not just be your footprint, but if an adversary wants to punish you for leaving their economy, they can get, if you're in agriculture, they could disrupt your ability to farm or they could get all your fruit to spoil at the border 'cause they disrupted your distributors and so on. So I think the entire world is going to change over the next 18 to 24 months. And I think this idea of cybersecurity is going to become truly a national problem and a problem that breaks down any corporate barriers that we see in previously. >> What are some of the things that inspired you to start this company? And I loved your approach of thinking about the customer, your customer, as defending themselves in context to threats, really leaning into it, being ready and able to defend. Horizon3 has a lot of that kind of military thinking for the good of the company. What's the motivation? Why this company? Why now? What's the value proposition? >> So there's two parts to why the company and why now. The first part was what my observation, when I left industry realm or my military background is watching "Jack Ryan" and "Tropic Thunder" and I didn't come from the military world. And so when I entered the special operations community, step one was to keep my mouth shut, learn, listen, and really observe and understand what made that community so impressive. And obviously the people and it's not about them being fast runners or great shooters or awesome swimmers, but rather there are learn-it-alls that can solve any problem as a team under pressure, which is the exact culture you want to have in any startup, early stage companies are learn-it-alls that can solve any problem under pressure as a team. So I had this immediate advantage when we started Horizon3, where a third of Horizon3 employees came from that special operations community. So one is this awesome talent. But the second part that, I remember this quote from a special operations commander that said we use live rounds in training because if we used fake rounds or rubber bullets, everyone would act like metal of honor winners. And the whole idea there is you train like you fight, you build that muscle memory for crisis and response and so on upfront. So when you're in the thick of it, you already know how to react. And this aligns to a pain I had in industry. I had no idea I was secure until the bad guy showed up. I had no idea if I was fixing the right vulnerabilities, logging the right data in Splunk, or if my CrowdStrike EDR platform was configured correctly, I had to wait for the bad guys to show up. I didn't know if my people knew how to respond to an incident. So what I wanted to do was proactively verify my security posture, proactively harden my systems. I needed to do that by continuously pen testing myself or continuously testing my security posture. And there just wasn't any way to do that where an IT admin or a network engineer could in three clicks have the power of a 20 year pen testing expert. And that was really what we set out to do, not build a autonomous pen testing platform for security people, build it so that anybody can quickly test their security posture and then use the output to fix problems that truly matter. >> So the value preposition, if I get this right is, there's a lot of companies out there doing pen tests. And I know I hate pen tests. They're like, cause you do DevOps, it changes you got to do another pen test. So it makes sense to do autonomous pen testing. So congratulations on seeing that that's obvious to that, but a lot of other have consulting tied to it. Which seems like you need to train someone and you guys taking a different approach. >> Yeah, we actually, as a company have zero consulting, zero professional services. And the whole idea is that build a true software as a service offering where an intern, in fact, we've got a video of a nine year old that in three clicks can run pen tests against themselves. And because of that, you can wire pen tests into your DevOps tool chain. You can run multiple pen tests today. In fact, I've got customers running 40, 50 pen tests a month against their organization. And that what that does is completely lowers the barrier of entry for being able to verify your posture. If you have consulting on average, when I was a CIO, it was at least a three month lead time to schedule consultants to show up and then they'd show up, they'd embarrass the security team, they'd make everyone look bad, 'cause they're going to get in, leave behind a report. And that report was almost identical to what they found last year because the older that report, the one the date itself gets stale, the context changes and so on. And then eventually you just don't even bother fixing it. Or if you fix a problem, you don't have the skills to verify that has been fixed. So I think that consulting led model was acceptable when you viewed security as a compliance checkbox, where once a year was sufficient to meet your like PCI requirements. But if you're really operating with a wartime mindset and you actually need to harden and secure your environment, you've got to be running pen test regularly against your organization from different perspectives, inside, outside, from the cloud, from work, from home environments and everything in between. >> So for the CISOs out there, for the CSOs and the CXOs, what's the pitch to them because I see your jacket that says Horizon3 AI, trust but verify. But this trust is, but is canceled out, just as verify. What's the product that you guys are offering the service. Describe what it is and why they should look at it. >> Yeah, sure. So one, when I back when I was the CIO, don't tell me we're secure in PowerPoint. Show me we're secure right now. Show me we're secure again tomorrow. And then show me we're secure again next week because my environment is constantly changing and the adversary always has a vote and they're always evolving. And this whole idea of show me we're secure. Don't trust that your security tools are working, verify that they can detect and respond and stifle an attack and then verify tomorrow, verify next week. That's the big mind shift. Now what we do is-- >> John: How do they respond to that by the way? Like they don't believe you at first or what's the story. >> I think, there's actually a very bifurcated response. There are still a decent chunk of CIOs and CSOs that have a security is a compliance checkbox mindset. So my attitude with them is I'm not going to convince you. You believe it's a checkbox. I'll just wait for you to get breached and sell to your replacement, 'cause you'll get fired. And in the meantime, I spend all my energy with those that actually care about proactively securing and hardening their environments. >> That's true. People do get fired. Can you give an example of what you're saying about this environment being ready, proving that you're secure today, tomorrow and a few weeks out. Give me an example. >> Of, yeah, I'll give you actually a customer example. There was a healthcare organization and they had about 5,000 hosts in their environment and they did everything right. They had Fortinet as their EDR platform. They had user behavior analytics in place that they had purchased and tuned. And when they ran a pen test self-service, our product node zero immediately started to discover every host on the network. It then fingerprinted all those hosts and found it was able to get code execution on three machines. So it got code execution, dumped credentials, laterally maneuvered, and became a domain administrator, which in IT, if an attacker becomes a domain admin, they've got keys to the kingdom. So at first the question was, how did the node zero pen test become domain admin? How'd they get code execution, Fortinet should have detected and stopped it. Well, it turned out Fortinet was misconfigured on three boxes out of 5,000. And these guys had no idea and it's just automation that went wrong and so on. And now they would've only known they had misconfigured their EDR platform on three hosts if the attacker had showed up. The second question though was, why didn't they catch the lateral movement? Which all their marketing brochures say they're supposed to catch. And it turned out that that customer purchased the wrong Fortinet modules. One again, they had no idea. They thought they were doing the right thing. So don't trust just installing your tools is good enough. You've got to exercise and verify them. We've got tons of stories from patches that didn't actually apply to being able to find the AWS admin credentials on a local file system. And then using that to log in and take over the cloud. In fact, I gave this talk at Black Hat on war stories from running 10,000 pen tests. And that's just the reality is, you don't know that these tools and processes are working for you until the bad guys have shown. >> The velocities there. You can accelerate through logs, you know from the days you've been there. This is now the threat. Being, I won't say lazy, but just not careful or just not thinking. >> Well, I'll do an example. We have a lot of customers that are Horizon3 customers and Splunk customers. And what you'll see their behavior is, is they'll have Horizon3 up on one screen. And every single attacker command executed with its timestamp is up on that screen. And then look at Splunk and say, hey, we were able to dump vCenter credentials from VMware products at this time on this host, what did Splunk see or what didn't they see? Why were no logs generated? And it turns out that they had some logging blind spots. So what they'll actually do is run us to almost like stimulate the defensive tools and then see what did the tools catch? What did they miss? What are those blind spots and how do they fix it. >> So your price called node zero. You mentioned that. Is that specifically a suite, a tool, a platform. How do people consume and engage with you guys? >> So the way that we work, the whole product is designed to be self-service. So once again, while we have a sales team, the whole intent is you don't need to have to talk to a sales rep to start using the product, you can log in right now, go to Horizon3.ai, you can run a trial log in with your Google ID, your LinkedIn ID, start running pen test against your home or against your network against this organization right now, without talking to anybody. The whole idea is self-service, run a pen test in three clicks and give you the power of that 20 year pen testing expert. And then what'll happen is node zero will execute and then it'll provide to you a full report of here are all of the different paths or attack paths or sequences where we are able to become an admin in your environment. And then for every attack path, here is the path or the kill chain, the proof of exploitation for every step along the way. Here's exactly what you've got to do to fix it. And then once you've fixed it, here's how you verify that you've truly fixed the problem. And this whole aha moment is run us to find problems. You fix them, rerun us to verify that the problem has been fixed. >> Talk about the company, how many people do you have and get some stats? >> Yeah, so we started writing code in January of 2020, right before the pandemic hit. And then about 10 months later at the end of 2020, we launched the first version of the product. We've been in the market for now about two and a half years total from start of the company till present. We've got 130 employees. We've got more customers than we do employees, which is really cool. And instead our customers shift from running one pen test a year to 40, 50 pen test. >> John: And it's full SaaS. >> The whole product is full SaaS. So no consulting, no pro serve. You run as often as you-- >> Who's downloading, who's buying the product. >> What's amazing is, we have customers in almost every section or sector now. So we're not overly rotated towards like healthcare or financial services. We've got state and local education or K through 12 education, state and local government, a number of healthcare companies, financial services, manufacturing. We've got organizations that large enterprises. >> John: Security's diverse. >> It's very diverse. >> I mean, ransomware must be a big driver. I mean, is that something that you're seeing a lot. >> It is. And the thing about ransomware is, if you peel back the outcome of ransomware, which is extortion, at the end of the day, what ransomware organizations or criminals or APTs will do is they'll find out who all your employees are online. They will then figure out if you've got 7,000 employees, all it takes is one of them to have a bad password. And then attackers are going to credential spray to find that one person with a bad password or whose Netflix password that's on the dark web is also their same password to log in here, 'cause most people reuse. And then from there they're going to most likely in your organization, the domain user, when you log in, like you probably have local admin on your laptop. If you're a windows machine and I've got local admin on your laptop, I'm going to be able to dump credentials, get the admin credentials and then start to laterally maneuver. Attackers don't have to hack in using zero days like you see in the movies, often they're logging in with valid user IDs and passwords that they've found and collected from somewhere else. And then they make that, they maneuver by making a low plus a low equal a high. And the other thing in financial services, we spend all of our time fixing critical vulnerabilities, attackers know that. So they've adapted to finding ways to chain together, low priority vulnerabilities and misconfigurations and dangerous defaults to become admin. So while we've over rotated towards just fixing the highs and the criticals attackers have adapted. And once again they have a vote, they're always evolving their tactics. >> And how do you prevent that from happening? >> So we actually apply those same tactics. Rarely do we actually need a CVE to compromise your environment. We will harvest credentials, just like an attacker. We will find misconfigurations and dangerous defaults, just like an attacker. We will combine those together. We'll make use of exploitable vulnerabilities as appropriate and use that to compromise your environment. So the tactics that, in many ways we've built a digital weapon and the tactics we apply are the exact same tactics that are applied by the adversary. >> So you guys basically simulate hacking. >> We actually do the hacking. Simulate means there's a fakeness to it. >> So you guys do hack. >> We actually compromise. >> Like sneakers the movie, those sneakers movie for the old folks like me. >> And in fact that was my inspiration. I've had this idea for over a decade now, which is I want to be able to look at anything that laptop, this Wi-Fi network, gear in hospital or a truck driving by and know, I can figure out how to gain initial access, rip that environment apart and be able to opponent. >> Okay, Chuck, he's not allowed in the studio anymore. (laughs) No, seriously. Some people are exposed. I mean, some companies don't have anything. But there's always passwords or so most people have that argument. Well, there's nothing to protect here. Not a lot of sensitive data. How do you respond to that? Do you see that being kind of putting the head in the sand or? >> Yeah, it's actually, it's less, there's not sensitive data, but more we've installed or applied multifactor authentication, attackers can't get in now. Well MFA only applies or does not apply to lower level protocols. So I can find a user ID password, log in through SMB, which isn't protected by multifactor authentication and still upon your environment. So unfortunately I think as a security industry, we've become very good at giving a false sense of security to organizations. >> John: Compliance drives that behavior. >> Compliance drives that. And what we need. Back to don't tell me we're secure, show me, we've got to, I think, change that to a trust but verify, but get rid of the trust piece of it, just to verify. >> Okay, we got a lot of CISOs and CSOs watching this showcase, looking at the hot startups, what's the message to the executives there. Do they want to become more leaning in more hawkish if you will, to use the military term on security? I mean, I heard one CISO say, security first then compliance 'cause compliance can make you complacent and then you're unsecure at that point. >> I actually say that. I agree. One definitely security is different and more important than being compliant. I think there's another emerging concept, which is I'd rather be defensible than secure. What I mean by that is security is a point in time state. I am secure right now. I may not be secure tomorrow 'cause something's changed. But if I'm defensible, then what I have is that muscle memory to detect, respondent and stifle an attack. And that's what's more important. Can I detect you? How long did it take me to detect you? Can I stifle you from achieving your objective? How long did it take me to stifle you? What did you use to get in to gain access? How long did that sit in my environment? How long did it take me to fix it? So on and so forth. But I think it's being defensible and being able to rapidly adapt to changing tactics by the adversary is more important. >> This is the evolution of how the red line never moved. You got the adversaries in our networks and our banks. Now they hang out and they wait. So everyone thinks they're secure. But when they start getting hacked, they're not really in a position to defend, the alarms go off. Where's the playbook. Team springs into action. I mean, you kind of get the visual there, but this is really the issue being defensible means having your own essentially military for your company. >> Being defensible, I think has two pieces. One is you've got to have this culture and process in place of training like you fight because you want to build that incident response muscle memory ahead of time. You don't want to have to learn how to respond to an incident in the middle of the incident. So that is that proactively verifying your posture and continuous pen testing is critical there. The second part is the actual fundamentals in place so you can detect and stifle as appropriate. And also being able to do that. When you are continuously verifying your posture, you need to verify your entire posture, not just your test systems, which is what most people do. But you have to be able to safely pen test your production systems, your cloud environments, your perimeter. You've got to assume that the bad guys are going to get in, once they're in, what can they do? So don't just say that my perimeter's secure and I'm good to go. It's the soft squishy center that attackers are going to get into. And from there, can you detect them and can you stop them? >> Snehal, take me through the use. You got to be sold on this, I love this topic. Alright, pen test. Is it, what am I buying? Just pen test as a service. You mentioned dark web. Are you actually buying credentials online on behalf of the customer? What is the product? What am I buying if I'm the CISO from Horizon3? What's the service? What's the product, be specific. >> So very specifically and one just principles. The first principle is when I was a buyer, I hated being nickled and dimed buyer vendors, which was, I had to buy 15 different modules in order to achieve an objective. Just give me one line item, make it super easy to buy and don't nickel and dime me. Because I've spent time as a buyer that very much has permeated throughout the company. So there is a single skew from Horizon3. It is an annual subscription based on how big your environment is. And it is inclusive of on-prem internal pen tests, external pen tests, cloud attacks, work from home attacks, our ability to harvest credentials from the dark web and from open source sources. Being able to crack those credentials, compromise. All of that is included as a singles skew. All you get as a CISO is a singles skew, annual subscription, and you can run as many pen tests as you want. Some customers still stick to, maybe one pen test a quarter, but most customers shift when they realize there's no limit, we don't nickel and dime. They can run 10, 20, 30, 40 a month. >> Well, it's not nickel and dime in the sense that, it's more like dollars and hundreds because they know what to expect if it's classic cloud consumption. They kind of know what their environment, can people try it. Let's just say I have a huge environment, I have a cloud, I have an on-premise private cloud. Can I dabble and set parameters around pricing? >> Yes you can. So one is you can dabble and set perimeter around scope, which is like manufacturing does this, do not touch the production line that's on at the moment. We've got a hospital that says every time they run a pen test, any machine that's actually connected to a patient must be excluded. So you can actually set the parameters for what's in scope and what's out of scope up front, most again we're designed to be safe to run against production so you can set the parameters for scope. You can set the parameters for cost if you want. But our recommendation is I'd rather figure out what you can afford and let you test everything in your environment than try to squeeze every penny from you by only making you buy what can afford as a smaller-- >> So the variable ratio, if you will is, how much they spend is the size of their environment and usage. >> Just size of the environment. >> So it could be a big ticket item for a CISO then. >> It could, if you're really large, but for the most part-- >> What's large? >> I mean, if you were Walmart, well, let me back up. What I heard is global 10 companies spend anywhere from 50 to a hundred million dollars a year on security testing. So they're already spending a ton of money, but they're spending it on consultants that show up maybe a couple of times a year. They don't have, humans can't scale to test a million hosts in your environment. And so you're already spending that money, spend a fraction of that and use us and run as much as you want. And that's really what it comes down to. >> John: All right. So what's the response from customers? >> What's really interesting is there are three use cases. The first is that SOC manager that is using us to verify that their security tools are actually working. So their Splunk environment is logging the right data. It's integrating properly with CrowdStrike, it's integrating properly with their active directory services and their password policies. So the SOC manager is using us to verify the effectiveness of their security controls. The second use case is the IT director that is using us to proactively harden their systems. Did they install VMware correctly? Did they install their Cisco gear correctly? Are they patching right? And then the third are for the companies that are lucky to have their own internal pen test and red teams where they use us like a force multiplier. So if you've got 10 people on your red team and you still have a million IPs or hosts in your environment, you still don't have enough people for that coverage. So they'll use us to do recon at scale and attack at scale and let the humans focus on the really juicy hard stuff that humans are successful at. >> Love the product. Again, I'm trying to think about how I engage on the test. Is there pilots? Is there a demo version? >> There's a free trials. So we do 30 day free trials. The output can actually be used to meet your SOC 2 requirements. So in many ways you can just use us to get a free SOC 2 pen test report right now, if you want. Go to the website, log in for a free trial, you can log into your Google ID or your LinkedIn ID, run a pen test against your organization and use that to answer your PCI segmentation test requirements, your SOC 2 requirements, but you will be hooked. You will want to run us more often. And you'll get a Horizon3 tattoo. >> The first hits free as they say in the drug business. >> Yeah. >> I mean, so you're seeing that kind of response then, trial converts. >> It's exactly. In fact, we have a very well defined aha moment, which is you run us to find, you fix, you run us to verify, we have 100% technical win rate when our customers hit a find, fix, verify cycle, then it's about budget and urgency. But 100% technical win rate because of that aha moment, 'cause people realize, holy crap, I don't have to wait six months to verify that my problems have actually been fixed. I can just come in, click, verify, rerun the entire pen test or rerun a very specific part of it on what I just patched my environment. >> Congratulations, great stuff. You're here part of the AWS Startup Showcase. So I have to ask, what's the relationship with AWS, you're on their cloud. What kind of actions going on there? Is there secret sauce on there? What's going on? >> So one is we are AWS customers ourselves, our brains command and control infrastructure. All of our analytics are all running on AWS. It's amazing, when we run a pen test, we are able to use AWS and we'll spin up a virtual private cloud just for that pen test. It's completely ephemeral, it's all Lambda functions and graph analytics and other techniques. When the pen test ends, you can delete, there's a single use Docker container that gets deleted from your environment so you have nothing on-prem to deal with and the entire virtual private cloud tears itself down. So at any given moment, if we're running 50 pen tests or a hundred pen tests, self-service, there's a hundred virtual private clouds being managed in AWS that are spinning up, running and tearing down. It's an absolutely amazing underlying platform for us to make use of. Two is that many customers that have hybrid environments. So they've got a cloud infrastructure, an Office 365 infrastructure and an on-prem infrastructure. We are a single attack platform that can test all of that together. No one else can do it. And so the AWS customers that are especially AWS hybrid customers are the ones that we do really well targeting. >> Got it. And that's awesome. And that's the benefit of cloud? >> Absolutely. And the AWS marketplace. What's absolutely amazing is the competitive advantage being part of the marketplace has for us, because the simple thing is my customers, if they already have dedicated cloud spend, they can use their approved cloud spend to pay for Horizon3 through the marketplace. So you don't have to, if you already have that budget dedicated, you can use that through the marketplace. The other is you've already got the vendor processes in place, you can purchase through your existing AWS account. So what I love about the AWS company is one, the infrastructure we use for our own pen test, two, the marketplace, and then three, the customers that span that hybrid cloud environment. That's right in our strike zone. >> Awesome. Well, congratulations. And thanks for being part of the showcase and I'm sure your product is going to do very, very well. It's very built for what people want. Self-service get in, get the value quickly. >> No agents to install, no consultants to hire. safe to run against production. It's what I wanted. >> Great to see you and congratulations and what a great story. And we're going to keep following you. Thanks for coming on. >> Snehal: Phenomenal. Thank you, John. >> This is the AWS Startup Showcase. I'm John John Furrier, your host. This is season two, episode four on cybersecurity. Thanks for watching. (upbeat music)

(upbeat music) >> The cybersecurity landscape has changed dramatically over the past 24 to 36 months. Rapid cloud migration has created a new layer of security defense, sure, but that doesn't mean CISOs can relax. In many respects, it further complicates, or at least changes, the CISO's scope of responsibilities. In particular, the threat surface has expanded. And that creates more seams, and CISOs have to make sure their teams pick up where the hyperscaler clouds leave off. Application developers have become a critical execution point for cyber assurance. "Shift left" is the kind of new buzz phrase for devs, but organizations still have to "shield right," meaning the operational teams must continue to partner with SecOps to make sure infrastructure is resilient. So it's no wonder that in ETR's latest survey of nearly 1500 CIOs and IT buyers, that business technology executives cite security as their number one priority, well ahead of other critical technology initiatives including collaboration software, cloud computing, and analytics rounding out the top four. But budgets are under pressure and CISOs have to prioritize. It's not like they have an open checkbook. They have to contend with other key initiatives like those just mentioned, to secure the funding. And what about zero trust? Can you go out and buy zero trust or is it a framework, a mindset in a series of best practices applied to create a security consciousness throughout the organization? Can you implement zero trust? In other words, if a machine or human is not explicitly allowed access, then access is denied. Can you implement that policy without constricting organizational agility? The question is, what's the most practical way to apply that premise? And what role does infrastructure play as the enforcer? How does automation play in the equation? The fact is, that today's approach to cyber resilience can't be an "either/or," it has to be an "and" conversation. Meaning, you have to ensure data protection while at the same time advancing the mission of the organization with as little friction as possible. And don't even talk to me about the edge. That's really going to keep you up at night. Hello and welcome to this special CUBE presentation, "A Blueprint for Trusted Infrastructure," made possible by Dell Technologies. In this program, we explore the critical role that trusted infrastructure plays in cybersecurity strategies, how organizations should think about the infrastructure side of the cybersecurity equation, and how Dell specifically approaches securing infrastructure for your business. We'll dig into what it means to transform and evolve toward a modern security infrastructure that's both trusted and agile. First up are Pete Gerr and Steve Kenniston, they're both senior cyber security consultants at Dell Technologies. And they're going to talk about the company's philosophy and approach to trusted infrastructure. And then we're going to speak to Parasar Kodati, who's a senior consultant for storage at Dell Technologies to understand where and how storage plays in this trusted infrastructure world. And then finally, Rob Emsley who heads product marketing for data protection and cyber security. We're going to going to take a deeper dive with Rob into data protection and explain how it has become a critical component of a comprehensive cyber security strategy. Okay, let's get started. Pete Gerr, Steve Kenniston, welcome to theCUBE. Thanks for coming into the Marlborough studios today. >> Great to be here, Dave. Thanks. >> Thanks, Dave. Good to see you. >> Great to see you guys. Pete, start by talking about the security landscape. You heard my little wrap up front. What are you seeing? >> I thought you wrapped it up really well. And you touched on all the key points, right? Technology is ubiquitous today. It's everywhere. It's no longer confined to a monolithic data center. It lives at the edge. It lives in front of us. It lives in our pockets and smartphones. Along with that is data. And as you said, organizations are managing sometimes 10 to 20 times the amount of data that they were just five years ago. And along with that, cyber crime has become a very profitable enterprise. In fact, it's been more than 10 years since the NSA chief actually called cyber crime the biggest transfer of wealth in history. That was 10 years ago. And we've seen nothing but accelerating cyber crime and really sophistication of how those attacks are perpetrated. And so the new security landscape is really more of an evolution. We're finally seeing security catch up with all of the technology adoption, all the build out, the work from home and work from anywhere that we've seen over the last couple of years. We're finally seeing organizations, and really it goes beyond the IT directors, it's a board level discussion today. Security's become a board level discussion. >> Yeah, I think that's true as well. It's like it used to be that security was, "Okay, the SecOps team. You're responsible for security." Now you've got, the developers are involved, the business lines are involved, it's part of onboarding for most companies. You know, Steve, this concept of zero trust. It was kind of a buzzword before the pandemic. And I feel like I've often said it's now become a mandate. But it's still fuzzy to a lot of people. How do you guys think about zero trust? What does it mean to you? How does it fit? >> Yeah. Again, I thought your opening was fantastic. And this whole lead in to, what is zero trust? It had been a buzzword for a long time. And now, ever since the federal government came out with their implementation or desire to drive zero trust, a lot more people are taking it a lot more seriously, 'cause I don't think they've seen the government do this. But ultimately, it's just like you said, right? If you don't have trust to those particular devices, applications, or data, you can't get at it. The question is, and you phrase it perfectly, can you implement that as well as allow the business to be as agile as it needs to be in order to be competitive? 'Cause we're seeing, with your whole notion around DevOps and the ability to kind of build, make, deploy, build, make, deploy, right? They still need that functionality but it also needs to be trusted. It needs to be secure and things can't get away from you. >> Yeah. So it's interesting. I've attended every Reinforce since 2019, and the narrative there is, "Hey, everything in the cloud is great. And this narrative around, 'Oh, security is a big problem.' doesn't help the industry." The fact is that the big hyperscalers, they're not strapped for talent, but CISOs are. They don't have the capabilities to really apply all these best practices. They're playing Whac-A-Mole. So they look to companies like yours, to take your R&D and bake it into security products and solutions. So what are the critical aspects of the so-called Dell Trusted Infrastructure that we should be thinking about? >> Yeah, well, Dell Trusted Infrastructure, for us, is a way for us to describe the the work that we do through design, development, and even delivery of our IT system. So Dell Trusted Infrastructure includes our storage, it includes our servers, our networking, our data protection, our hyper-converged, everything that infrastructure always has been. It's just that today customers consume that infrastructure at the edge, as a service, in a multi-cloud environment. I mean, I view the cloud as really a way for organizations to become more agile and to become more flexible, and also to control costs. I don't think organizations move to the cloud, or move to a multi-cloud environment, to enhance security. So I don't see cloud computing as a panacea for security, I see it as another attack surface. And another aspect in front that organizations and security organizations and departments have to manage. It's part of their infrastructure today, whether it's in their data center, in a cloud, or at the edge. >> I mean, I think that's a huge point. Because a lot of people think, "Oh, my data's in the cloud. I'm good." It's like Steve, we've talked about, "Oh, why do I have to back up my data? It's in the cloud?" Well, you might have to recover it someday. So I don't know if you have anything to add to that or any additional thoughts on it? >> No, I mean, I think like what Pete was saying, when it comes to all these new vectors for attack surfaces, you know, people did choose the cloud in order to be more agile, more flexible. And all that did was open up to the CISOs who need to pay attention to now, okay, "Where can I possibly be attacked? I need to be thinking about is that secure?" And part of that is Dell now also understands and thinks about, as we're building solutions, is it a trusted development life cycle? So we have our own trusted development life cycle. How many times in the past did you used to hear about vendors saying you got to patch your software because of this? We think about what changes to our software and what implementations and what enhancements we deliver can actually cause from a security perspective, and make sure we don't give up or have security become a hole just in order to implement a feature. We got to think about those things. And as Pete alluded to, our secure supply chain. So all the way through, knowing what you're going to get when you actually receive it is going to be secure and not be tampered with, becomes vitally important. And then Pete and I were talking earlier, when you have tens of thousands of devices that need to be delivered, whether it be storage or laptops or PCs, or whatever it is, you want to be know that those devices can be trusted. >> Okay, guys, maybe Pete, you could talk about how Dell thinks about its framework and its philosophy of cyber security, and then specifically what Dell's advantages are relative to the competition. >> Yeah, definitely, Dave. Thank you. So we've talked a lot about Dell as a technology provider. But one thing Dell also is is a partner in this larger ecosystem. We realize that security, whether it's a zero trust paradigm or any other kind of security environment, is an ecosystem with a lot of different vendors. So we look at three areas. One is protecting data in systems. We know that it starts with and ends with data. That helps organizations combat threats across their entire infrastructure. And what it means is Dell's embedding security features consistently across our portfolios of storage, servers, networking. The second is enhancing cyber resiliency. Over the last decade, a lot of the funding and spending has been in protecting or trying to prevent cyber threats, not necessarily in responding to and recovering from threats. We call that resiliency. Organizations need to build resiliency across their organization, so not only can they withstand a threat, but they can respond, recover, and continue with their operations. And the third is overcoming security complexity. Security is hard. It's more difficult because of the things we've talked about, about distributed data, distributed technology, and attack surfaces everywhere. And so we're enabling organizations to scale confidently, to continue their business, but know that all the IT decisions that they're making have these intrinsic security features and are built and delivered in a consistent, secure way. >> So those are kind of the three pillars. Maybe we could end on what you guys see as the key differentiators that people should know about that Dell brings to the table. Maybe each of you could take a shot at that. >> Yeah, I think, first of all, from a holistic portfolio perspective, right? The secure supply chain and the secure development life cycle permeate through everything Dell does when building things. So we build things with security in mind, all the way from, as Pete mentioned, from creation to delivery, we want to make sure you have that secure device or asset. That permeates everything from servers, networking, storage, data protection, through hyperconverged, through everything. That to me is really a key asset. Because that means you understand when you receive something it's a trusted piece of your infrastructure. I think the other core component to think about, and Pete mentioned, as Dell being a partner for making sure you can deliver these things, is that even though that's part of our framework, these pillars are our framework of how we want to deliver security, it's also important to understand that we are partners and that you don't need to rip and replace. But as you start to put in new components, you can be assured that the components that you're replacing as you're evolving, as you're growing, as you're moving to the cloud, as you're moving to more on-prem type services or whatever, that your environment is secure. I think those are two key things. >> Got it. Okay. Pete, bring us home. >> Yeah, I think one of the big advantages of Dell is our scope and our scale, right? We're a large technology vendor that's been around for decades, and we develop and sell almost every piece of technology. We also know that organizations might make different decisions. And so we have a large services organization with a lot of experienced services people that can help customers along their security journey, depending on whatever type of infrastructure or solutions that they're looking at. The other thing we do is make it very easy to consume our technology, whether that's traditional on premise, in a multi-cloud environment, or as a service. And so the best-of-breed technology can be consumed in any variety of fashion, and know that you're getting that consistent, secure infrastructure that Dell provides. >> Well, and Dell's got probably the top supply chain, not only in the tech business, but probably any business. And so you can actually take your dog food, or your champagne, sorry, (laughter) allow other people to share best practices with your customers. All right, guys, thanks so much for coming up. I appreciate it. >> Great. Thank you. >> Thanks, Dave. >> Okay, keep it right there. After this short break, we'll be back to drill into the storage domain. You're watching "A Blueprint for Trusted Infrastructure" on theCUBE, the leader in enterprise and emerging tech coverage. Be right back. (upbeat music)

>>We're seeing green here at Vemo in 2022, you're watching the cube, Dave ante and David Nicholson wrapping up our second day of coverage. Dave, good show. Good to be, you know, again, good to be back. This is our third show in a row. We're a Cuban as well. So the cube is, is out there, but same every, every show we go to so far has been most of the people here haven't been out in two plus years. Yeah. Right. And, and, and they're like, Hey, let's go. Let's hug. Let's shake. I got my red band on cuz we've been on a lot of shows or just being careful <laugh> um, you know, Hey, but it's great to see people back, uh, >>Absolutely >>Such a different vibe than virtual virtual sucks. Everybody hates it now, but now it's going hybrid. People are trying to figure that out. Yeah. Uh, but it's, it's in your view, what's different. What's the same >>In terms of, uh, in person versus hybrid kind of what's happened since what's >>Different being here now versus say 2019, not that you were here in 2019, but a show in 2019. >>I, I think there's right now, there's a certain sense of, uh, of appreciation for the ability to come and do this. Mm-hmm <affirmative> um, >>As opposed to on we or oh, another show, right? >>Yeah. Yeah, exactly. And, and, uh, a personal opinion is that, um, I think that the hybrid model moving forward is going to end up being additive. I don't know that I don't, you know, people say we'll never go back to having in person the way we did before. Um, I'm holding out hope that that's not the case because I, I think so there's so much value to the kinds of conversations that we have, not only here on the set with folks in person, but just the hallway conversations, uh, the dinner conversations, um, those are so critical, uh, not only with between vendors and customers, but between different business units. Um, you know, I, I, I came into this thinking, you know, I know Veeam very well. I've known them since the beginning. Um, but you think I'm going to a conference to talk about backup software and it wasn't like that at all. I mean, this is, this is an overarching, very, very interesting subject to cover. So how is it different? I think people are appreciative. I wouldn't say we're backed full throttle a hundred percent, um, uh, back in the game yet. But, uh, but we we're getting there. Some >>Of the highlights Veeam now, number one, statistical tie for first place in revenue. There aren't a lot of segments, especially in storage where Dell is not number one, I guess technically Dell is like, I don't know, half a percentage point ahead, but Veeam's gonna blow by that. Unless Dell gets its data, >>Protect me as the luxury of focus, they can focus >>Like a laser on it focus. Right? That, that we, we saw this in the P PC where focused, we saw Dell's ascendancy cuz they were focused on PCs, right? Yeah. We saw Seagate on dis drives Intel and microprocesors Oracle on databases and, and, and Veeam applied that model to what they call modern data protection. Um, and, and the, so the reason why we think they're gonna go past is they growing at 20 plus percent each year. And, and I can almost guarantee Dell's data protection business isn't although it's been in a, I, I sense a downward slope lately, they don't divulge that data. Um, but if they were growing nicely, they would be talking about it. So I think they've been kind of hiding that ball, but Dell, you know, you can't count those guys out they're baby. >>No, you can't. And there's always >>A, they don't like to lose. They get that EMC DNA still in >>There. Yeah. You take, you can, you might take your eye off the ball for a little while to focus on other things. But uh, I think it'll be healthy for the industry at large, as Veeam continues to take market share. There's definitely gonna be pushback from, from others in the field, but >>The pure software play. Um, and you know that no hardware agenda thing and all that I think is, is clearly in Veeam's favor. Uh, but we'll see. I mean, Dell's got other, other strengths as do others. I mean, this is, this is, let's not forget this, this, this market is crowded and getting kind. I mean, you got, you got other players, new, new entrants, like cohesive in Rubrik Rubic, by the way is the one I was kind of referring to. That seems to be, you go to their LinkedIn, they seem to be pivoting to security. I was shocked when I saw that. I'm like, wow, is that just like a desperation move? Is that a way to get your valuation up? Is that, is there something I'm missing? I, I don't know. I haven't talked to those guys in a little bit, need to get, get there, but cause he and Rubrik couldn't get to IPO prior to, uh, you know, the, the, the, the, the tech sell off the tech lash. >>If you will Veeam, didn't need toves. We have 30% EBITDA and, and has had it for a while. So they've been, they caught lightning in a bottle years ago, and then now they got the inside capital behind them. Um, you got new entrance, like, like Kuo, you got com. Vault is out there. You still got, you know, Veritas is still out there competing and you know, a number of other, you get you got is wherever HP software landed in, in the MicroStrategy, uh, micro strategy. <laugh> um, no not micro strategy anyway, in that portfolio of companies that HP sold its software business to, you know, they're still out there. So, you know, a lot of ways to, to buy backup and recovery software, but these guys being the leader is no surprise. >>Yeah. You know, it's, I, I, I have to say it to me. It's a classic story of discipline >>Microfocus, sorry, >>Microfocus. Yeah, that's right. That's right. You know, it's funny. I, I, I could see that logo on a, I know I've got a notebook at home. Um, but, but theme is a classic example of well disciplined growth where you're not playing the latest buzzword game and trying to create adjacent businesses that are really, that might sound sexy, but have nothing to do with your core. They've been very, very disciplined about their approach, starting with, you know, looking at VMFS and saying, this is what we're gonna do, and then branching out from there in a logical way. So, so they're not out ahead of the tips of their skis in a way that some others have have gotten. And those, you know, sometimes swinging for the fence is great, but you can strike out that way also. And they've been hitting, you know, you could say they've been hitting singles and doubles just over and over and over again for years now. Well, that's been a great strategy. >>You've seen this a lot. I mean, I, I think you watched this at EMC when you were there as you, it was acquisitions to try to keep the growth up. It was, it was great marketing. I mean, unbelievable marketing cloud meets big data. Oh yeah. And you'd hear on CNBC. AMC is the cloud company. You're like, eh, fucking have a cloud. So, so you, you you've seen companies do that to your point about getting ahead of your skis. VMs never done that EMS like, eh, this is the product that works great. Yeah. Customers love it. They buy it, you know, we got the distribution channel set up and so that's always been, been, been part of their DNA. Um, and I think the other piece is putting meat on the bone of the tagline of modern data protection. When I first heard that I'm like, mm, okay. >>But then when you peel the onion on that, the core is back up in recovery, a lot of focus on recovery. And then the way they, I remember it was there in the audience when they announced, you know, support for bare metal, people went crazy. I'm like, wow, okay. They cuz they used to say, oh, never virtualization forever. Okay. So they beat that drum and you never say never in this business, do you, and then moving on to cloud and hybrid and containers and we're hearing about super cloud now, and maybe there'll be an edge use case there it's still unclear what that pattern is. You've talked about that with Zs, but it's not clear to me where you put your muscle yet in, um, in edge, but really being able to manage all that data that is people talk about data management that starts to be data management. And they've got a footprint that enables 'em to do that. >>Yeah. And, and I'd like to see that same discipline approach. That's gotten them here to continue no need to get on board a hype cycle. Um, what I really love from a business execution perspective from Veeam is the fact that they know their place in terms of the, their strategic advisory role for end user customers and their places largely in partnership with folks in the channel partners, large and small, um, in a couple of the conversations we had over the last few days, we talked about this idea that there are fewer and fewer seats at the table. Uh, working with customers, customers can't have 25 strategic vendor partners and a lot of smaller niche players that focus on something even as important as backup will pretend that they are, that they hold the same sort of strategic weight as a hyperscale cloud provider. Does they pretend that they're gonna be there in the CX O meetings? Um, when they're not Veeam knows exactly how to best leverage what they do with customers and that's through partners in the channel. >>The other thing is, um, new CEO, a non Eron, uh, the fifth CEO, I think I'm correct. Is that right at, at VE yes. Um, so two founders, uh, and then when Peter McKay came on, he was co CEO. Um, and then, um, yep. And let's see, I think yep. You the fifth. Okay. So each of the CEOs kind of had their own mark. Right. Um, and we asked an on in the analyst thing, what do you want your legacy to be? And I, I loved his answer. He's like, this is a fragmented business with a lot of adjacencies and we are the leader in revenue, but we only have 12% revenue share. I want to take that to 25%, 40%. That's like EMC at 30 plus percent of the storage market, Cisco of 60% of the networking market. Wow. If anybody could ever get there, but so 25 to 30% of a market that's that's big. Yeah. I liked his demeanor thought he had a really good style philosophy. Well-spoken well spoken. So new leadership, obviously insight brought him in to take them to the next level. Um, and, and really drive. I gotta believe get ready for IPO. We kind of admitted that. >>Yeah. And I, and IPO for them, one thing he mentioned is that, um, in this case, this is not an IPO let's high five and go to Vegas and get table service because now we finally have money. Uh, they're not doing, you know, obviously an injection in capital from an IPO is always a good thing or should be a good thing if handled properly, but that's not their primary driver. So it'll be very interesting to see if they can hit the timing. Right. Um, how that, how that works out >>Well and, and bill large is his was predecessor. Uh, he, he, he took over, uh, once the company, excuse me, went private. Um, >>Yeah, that phone backed up. >>I still good in the mic once the company went private, uh, well, no, they were always private. Once they got acquired for five plus billion dollars from inside capital, um, they, they put bill in charge, perfect choice for the transition. And it was like, okay, bill. It's like, when you, my brother's a sailor. He says, Hey, take, take the wheel, see that lighthouse or see that tree go for it, keep it on track. And that's what bill did. Perfect. And he knew the company knew where all the skeletons were buried and, and was perfect. Perfect transition for that. Now they're bringing in somebody who they feel can take it to the next level. They're at a billion. He said he could see 5 billion and, and beyond. So that's kind of cool. Um, the other thing was ecosystem as companies got a really robust ecosystem, all the storage array vendors came on. >>The, the, the backup appliance companies, you know, came on to the cube and had a presence here. Why? Because this is where all the customers are. This is the leader in backup in recovery. Yeah. They all want to partner with that leader. Now they're at out the other shows as well, uh, for the Veeam competitors, but frankly, Veeam, Veeam competitors. They don't have, like you said, they're pure play. Many of them don't have a show like this, or it's a smaller event. Um, and so they gotta be here. Uh, and I think the, the, the other thing was the ransomware study. What I really liked about Veeam is they not only just talked about it, they not only talked about their solution. They sh they did deep dive surveys and shared a ton of data with guys that knew data. Um, Dave Russell and Jason Buffington, both former analysts, Russell was a Gartner very well respected top Gartner analyst for years. Jason buff, Buffington at ESG who those guys did always did some really good, still do deep research. So you had them representing that data, but sharing it with the community, of course, it's, it's gonna be somewhat self-serving, but it wasn't as blatant. It that wasn't nearly as blatant as I often see with these surveys, gender surveys, I'll look at 'em. I can tell within like, seconds, whether it's just a bunch of marketing, you know, what, or there's real substance. Yeah. And this one had real substance to >>It. Yeah. And it's okay. When substance supports your business model. >>Yeah. Cool. >>It's great. Good >>Marketing. But yeah, as an best marketing, I'm not gonna use it. The whole industry can use this and build on it. Yeah. I think there were a lot of unanswered questions. I, what I love about Vema is they're going back and they, they did it in February. They, they updated it just recently. Now they're going back and doing more cuz they want to get it by country. So they're making investments. And then they're sharing that with the industry. I love that. >>It'll be interesting to see if they continue it over time, how things change if things change. Um, one of the things that we really didn't talk a lot about is, uh, and you know, it's, I know it's talked about behind closed doors, um, this idea of, uh, stockpiling day zero exploits, and the fact that a lot of these, these >>Things, >>A lot of these problems arguably could have been headed off, had our taxpayer funded organizations, shared information with private industry in a more timely fashion. Um, um, we had, um, uh, uh, was it, uh, Gina from AWS who gave the example of, uh, the not Petia, uh, experience in the hospital environment. And that came directly out of frankly a day zero exploit that the NSA had identified years earlier within Microsoft's operating system. And, uh, somehow others got ahold of that and used it for nefarious means. So the intent to stockpile and hang onto these things is always, um, noble, but sometimes the result is, uh, less than desirable. So that's, it'll be an interesting conversation. >>We'd be remiss if we didn't mention the, the casting acquisition, the, the, the container data protection, small piece of the business today. Uh, but strategic in the sense that, yeah, absolutely. If you want to appeal to developers, if, if, if, if, if you want to be in the cloud, you know, you better be able to talk containers generally in Kubernetes specifically. So they gotta play there as well. >>Well, they, they, they hit virtualization cloud containers. Maybe I'm missing something in between, but they seem to be >>Ransomware >>Catching waves effectively. Yeah. Ransomware, uh, catching waves effectively, uh, again, not in an artificial buzzword driven way, but in a legitimate disciplined business growth approach that, uh, that's impressive. >>And I, and I think Danny mentioned this, we, he said we've been a PLG product led growth company. Um, and I think they're evolving now. We talked about platforms versus product. We still got still a product company. Uh, but they're bill wants to build out a Supercloud. So we're watching that very closely. I, I think it is a thing. You got a lot of grief for the term, super cloud. Some people wince at it, but it's, there's something brewing. There's something different. That's not just cloud public cloud, not hybrid cloud, not private cloud it's across cloud it's super cloud. All right, Dave, Hey, it was a pleasure working with you this week. Always kind of funny. I mean, we're, the crew was out in, uh, in Valencia, Spain. Yeah. Uh, they'll in fact, they'll be broadcasting, I believe all the way through Friday. Uh, that's an early morning thing for the, uh, for the west coast and, but east coast should be able to catch that easily. >>Of course you can all check out all the replays on the cube.net, also YouTube, youtube.com/silicon angle go to wikibon.com. There's some, you know, research there I publish every week and, and others do, uh, as well, maybe not as frequently, but, uh, we have a great relationship with ETR. I'm gonna poke into some data protection stuff in their survey. See if I can find some interesting, uh, data there. And don't forget to go to Silicon an angle.com, which is all the news. This is the cube, our flagship production we're out at VEON 2022. Thanks for watching.

(digital music) >> Welcome back to VeeamON 2022. We're in the home stretch, actually, Dave Nicholson and Dave Vellante here. Daniel Fried is the general manager and senior vice president for EMEA and Worldwide Channel. Daniel, welcome to theCUBE. You got a big job. >> No, I don't have a big job. I have a job that I love. (chuckles) >> Yeah, a job you love. But seriously Veeam, all channel. I mean it has been. >> Yeah, I mean, it's something which just, just a few seconds on, on that piece here, the channel piece, it's something that I love because the ecosystem of partners, an ecosystem of partners, is something which is spending its time moving and developing and changing. You've got a lot of partners changing their roles, their missions, the type of services, type of product that they offer. They all adapt to what the market needs and all the markets around the world are very different because of all these different cultures, languages, and everything. So it's very interesting. In the middle of all that, you know, these tens of thousands of partners and you try to create and try to understand how you can organize, how you can make them happy. So this is fantastic. >> So you're a native of the continent in Europe, obviously. We heard Anton, today, who couldn't be here or chose not to be here, cause he's supporting family and friends in Ukraine. What's the climate like now? Can you share with us what's it like Europe? Just the overall climate and obviously the business climate. >> So the overall climate, the way I see it or I feel it, and obviously there may be some different opinions, that I will always appreciate as also very good opinions. My view is that it seems in Europe that there are a distinction between what people do for businesses, Their thinking for the business, which may be impacted by the situations that we know in Europe between, because of obviously the issues between Ukraine, because of Russia, let's put it this way. And then there is the personal view, which is okay. That happens from time to time, but life continues and we just continue pushing things and enjoying life, and getting the families together and so on and so forth. So, this is in most of the countries in Europe. Obviously, there are a number of countries, which are a little bit more sensitive, a little bit more impacted. All the ones who are next to Russia, or Belarus, so on and so forth. From an emotional standpoint, which is totally understandable. But overall, I'm pretty impressed by how the economy, how people, how the businesses are, you know, continue to thrive in Europe. >> Has Brexit had any...? What impact, if any, has it had? >> So for us Veeam, the impact is... So first there is an impact which is on the currencies. So all the European currencies are no, have slowed down and, and the US dollar is becoming much stronger. >> Despite its debt. >> Right. >> Shouldn't be, but yeah. >> But that doesn't impact on the business. I just... >> Yeah. Right. >> So everything which is economical, macroeconomical is impacted. We have the inflation also, which has an impact, which also has increased because of the oil, because of the gas of everything that they have been stuck, to be stuck. But people get used to it. As Veeam from a business standpoint, one of the big things is we stopped sales, selling into Russia and into Belarus and we are giving our technology, our product, our solutions for free to Ukraine. And that was a piece of the business that we were doing, within EMEA, which was non-neglectable. So it's, I would say a business hole, now that we need to try to fill with accelerating the business service in the other countries of Europe. >> I mean, okay. So thank you for that but we really didn't see it in last quarter's numbers that you guys shared with I mean, IBM. Similarly IBM said, it's noticeable, but it's not really a big impact on our business, but given the cultural ties that you had to Russia and the affinity, I mean you knew how to do business in Russia. It's quite remarkable that you're able to sort of power through that. How about privacy in, around data, in Europe, particularly versus the US? it seems like Europe is setting the trend on things like privacy, certainly on things like acquisitions, we saw the arm acquisition fail. >> Yeah. So there is a big difference. Effectively, there is a big difference between, I would say North America and the rest of the world. And I would say that EMEA, and within EMEA would say the EU is leading very much on what we call server sovereign cloud. So data privacy, which in other words, data is to as much as possible is to remain within either the EU or better within each of the countries, which means that there is again... It's I would say for in EMEA it's good, I would say for the business, for the partners, because then they have to develop around the cloud a number of functions to ensure that because of this data privacy, because of this GDPR or rules and things, all the data remains and resides in a given geographical environment. So it's, which is good because it creates a number of opportunities for the partners. It makes obviously the life of customers and their self a bit more difficult. But again, I think it's good. It's good. It's part of all the way we structure and we organize. And I think that it's going to expand because data is becoming so key, a key limit, a key asset of companies that we absolutely need to take care of it. And it is where Veeam plays a big role in that because we help paying companies managing their data and secure the data in sort of way. >> Yeah. Ransomware has been a big topic of conversation this week. Do you sense that the perception of that as a threat is universal? Are there, are there differences between North America and the EU and other parts of the world? Universal? >> Yeah, it is universal. We see that everywhere. And I think this is a good point, a good question too, is that it's very interesting because we need to get acquainted to the fact that we are going to ever. And so we are going to be attacked. No way out, no. There... Anybody the morning, is waking up, is going on emails and click clicking on an email. Too late. Was a run somewhere. What can you do against that? You know, all humans make mistakes. You can't so it'll happen, but where, where it's absolutely very important and where Veeam plays a big role and where our partners are going to play an even bigger role with our technology is that they can educate the customers to understand that, to have run somewhere is not an issue. What has, what happened is not a problem. What they have to do is to organize so that if they have run somewhere, their letter is safe. And this is where our place a big place. A couple hours back, I was, I was doing a kind of bar with something else. It's totally crazy, but that's okay. I'm going to say it. It's about the COVID. What, no, what do we do? Do we have, do we have something against COVID? No. People were going to get COVID, certainly many people still doing it, but what is important is to be capable of not being too sick. So it is the prevention, which is important. It's the same thing here. So there is this mindset we have psychologically with the partners and they have, they have to provide that services to their customers on how to organize their data using the technology of Veeam in order to be safe, if anything happens. >> So another related question, if I may. When Snowden blew the whistle on the NSA and divulged that the NSA was listening to all the phone calls, there was seemed to be at the time, as I recall, a backlash sentiment in Europe, particularly toward big tech and cloud providers and skepticism toward the cloud. Has the pandemic and the reliance on cloud and the rise of ransomware changed that sentiment? Had the sentiment changed before then? Obviously plenty of Cloud going on in Europe. But can you describe that dynamic? >> Yeah, no, I think that's... Yeah. I think that people were too... You know, as usual. It absolutely reminds me when I was at VMware, when we went from the physical boxes to the virtual machines. I remember the IT people in the company said, "No, I want to be capable of touching." Something here. When you talk about cloud, you talk about something which is virtual, but virtual outside, even outside somewhere. So there is a resistance, psychological resistance to where is my data? How do I control my data? And that is, I think that is very human. Then you need to, you know, it takes time. And again, depending on the cultures, you need to get acquainted to it. So that's what happened be before the pandemic, but then the pandemic took place. And then there was a big problem. There was nobody anymore in the data centers because they couldn't work there and then people were starting to, to work remotely. So the IT needed to be organized to compensate for all these different changes. And cloud was one of them where the data could be stored, where the data could reside, where things could happen. And that's how actually it has accelerated at least in a number of countries where people are a bit leg out to accept the adoption of cloud, cloud-based data. >> So is there a difference in terms of the level of domination by a small group of hyperscale clouds versus smaller service providers? You know, in theory, you have EU behaving in a unified way in sort of the same way that the United States behaves in sort of a federated way. Do you have that same level of domination or is there more, is there more market share available for smaller players in cloud? Any regional differences? >> Yeah. There are big differences. There are big differences again, because of this sovereignty, which is absolutely approved very much in Europe. I'm tell you, I'm going... I'm giving you an example that it was in, I think in October last year, somewhere. The French, the French administration said, "We don't want anymore. Any administration investing in Microsoft 365, because the data is in Azure. The data is out in the cloud." That's what they said. So now these last days, this last week that has changed because Microsoft, you know, introduced a number of technologies, data centers in France, and so on and so forth. So things are going to get better. But the sovereignty, the fact that the data, the privacy of data, everything has to remain in the countries is doing something like the technology of the hyperscalers is used locally wrapped by local companies like systematic writers, local systematic writers, to ensure that the sovereign is set and that the privacy of the data is for real and according to GDPR. So again, it's a value add. It makes things more complex. It doesn't mean that the Google, the Google cloud, the Azure, or the AWS are not going to exist in Europe, but there are going to be a number of layers between them and the customers in order to make sure that everything is totally brought up and that it complies with the EU regulations. >> Help us understand the numbers, Daniel. So the number of customers is mind-boggling it's over 400,000 now, is that right? >> Yeah. Correct. >> Yes. Comparable to VMware, which is again, pretty astounding and the partner ecosystem. Can you help us understand the scope of that? Part one. part two is how do you service and provide that partnership love to all those companies? >> The partners. So yeah, we have about 35,000 around the world, 35,000 partners, but again, it's 10 times less than Microsoft, by the way. So, and this is very interesting. I often have the questions, how do we manage? So first of all, we do tiering, like anybody does. >> Sure. >> We have an organization for that. And we have a two chair sales motion. That means that we use the distributors to take care of the mass, the volume of the smaller, smaller partners. We help the distributors, we help. So it's a leverage system. And we take care obviously more directly, of the large partners or the more complex partners or the ones of interest. But we don't want to forget any of those because even the small one is very important to us because he has these customers maybe in the middle of nowhere, but he's got a few of them. And again, to have a few of these customers, when you adapt, you know, it makes.. At the end, it makes a big business. You know, one plus one plus 1 million times makes, you know, makes huge things. And plus we are in the recurring business now, now that we've introduced three, four years ago, our subscription licenses, which means that it's only incremental. So it's just like the know the telephony, know the telephony business, where the number, the cell phone plans, you know, it's always grabbing as many as possible consumers in this case. So it was the same thing or I have the same, the same kind of, I do a parallel with the French, the French bakery, the French Boulangerie where I say they do their business with the baguette. And then from time to time, they sell the patisserie or they sell the cake, cookie or something, but the same of small things makes a big things. So it is important to have all these small partners everywhere that, that have their small customers or big customers, and that can serve them. So that's that's way. We segment by geography and what we do now is, it is something which is new. We segment by competencies. So it's what I call the soft segmentation. Because if not, we will have a lot of these partners competing to each other, just to sell Veeam. Veeam being number one in many countries, that is what is taking place. And we want them to be happy. We want, we don't want them to fight against each other. So what we do is we do soft segmentation and soft segmentation is this partner is competent in this field with that kind of use case doing this or this or this or this. It's just like you, when you go to the restaurant, you want the restaurant next to your place. So you click for the geography and then you want to, to go for Indian food. So you click restaurant Indian food, and then you want something. So we want to give that possibility to the customers to say, "Yeah, I think I know what I want." And then you can just click and get the partners or the list of partners, which are the most suited for, for his needs. So it's what I call the soft segmentation. The other thing which is important is the network. It's very interesting because when we look at a lot of companies, it's not the network. You've got VARs, you've got cloud and service providers. You've got SARs, you've got all the things. But if you take each of those individually, they don't have the competencies to answer all the request of the customer. So the networking is partnering with partner. That means to have the, the connection so that the partner A who has his customer, but these customer's are requests that this partner cannot fulfill because it's not its competency. That it's going to find the partners or the other partners that can feel this competency and work together. And then it's between them to have the model that they want so that together they can please the customer with their requests. >> Do you ever want to have VeeamON... I mean, I'm happy it's in the US and I like going to Europe, but you, have you ever want to have VeeamON in Europe? >> Yeah, we have VeeamON. We have many VeeamONs in Europe. >> Yeah. The mini ones. Okay. >> VeeamON tours. >> Globally. So where do you have them? >> Europe in APJ, that's what we do. Yes. >> Where do you do it in a APJ? In Japan, obviously in... >> Yeah. I don't know all the locations, tens and tens of them. >> A lot of them. Okay. >> The small ones. What we do, replicate what is done here on one day and then it goes. >> And you'll do that in UK. France, Germany. >> Yeah. Yeah. >> Local. >> And also small countries in Saudi, in South Africa, in Israel, in Bulgaria, in all these countries. Because, you know, we can be virtual. That's nice. >> Oh, right. >> But I love to be having a breakfast or a lunch or drink next to a partner or a customer because you learn so much more. The informal information is so important to understand how the business and how the market develops and what the needs are of customers and so on and so forth. >> How was the European attendance this year? It must have been down. It's hard to get into US. It's actually easier to go back to Europe. >> Virtually I, don't have the numbers, but I- >> No. Virtual. I'm sure it was huge. Yeah. But physical. >> Physical here, we've got about 300, 300 Europeans. >> Yeah. Okay. Out of, do we know? What are the numbers here? Do we know? Have we heard numbers? >> I know 45 was supposed to be around 45K combined. >> That's hybrid. >> So, yeah. >> It's hard to get into the US. We're still figuring that out. So I'm not surprised, but now you... >> But it's complimentary. Yeah. >> Do you go to 'em all? >> No >> You can't. >> No. That's not possible. I cannot. I actually, I would love... >> But some, yes. >> I would love to be capable of duplicate myself, but- >> You go to the one. >> I'm unique. >> You go to the one in France, obviously. Yeah? >> Yeah. Usually in France. Well... >> Depends if you're home. >> Yeah. You know, that is interesting is, the way we organize, the way we organize in Europe is I really want the local leaders to be the ones managing the countries. I'm there to support. I'm not there to be, you know? Yeah. The big boss is coming, he showing. No. It is not that. Again, if they request me to come, if they want me to pass a message to certain type of customer partners, I'll do that. But I don't want to run the show. It's not the way I manage that. >> Yeah. I get that. You want to respect that as if you show up in France and that's your home country, it's like rat man showing up here. It's like taking over the stage. You'll be like, you know, it's our turn. >> But it's just like, you know, I give you another example. So obviously we have... It's even the headquarters, the EMEA headquarters is in France. Right? But it is the French office. And I don't go there. I try not to be there because it is the place for the French people taking care of the French market. And for the French manager, if I go there, everybody's going to come and ask me questions and ask me to make decisions and things. No, they have to run their business. >> So where do you spend, where and how do you spend your time? >> In airports and in planes. (indistinct) What are you asking? >> Of course. >> Do you have another question? >> Actually, if we have time really quickly on just on that subject of sovereignty, we are here in Nevada just across the border, California. People in California have no problem at all, replicating things here for disaster recovery, because it's in the US. Now, is there sort of a cultural sense that tearing down those borders from a sovereignty perspective within Europe would fundamentally change the business climate and maybe tilt things in favor of the AWS and GCPs of the world instead of local regional business? The joke that I heard recently from someone, I thought it was funny. I don't know if it would offend either Germans or French, but it was that it was that AWS was confused and they were planning on putting a data center in Strasbourg, because they thought it was in Germany and it was- >> A joke. >> But the point is, the point is it's like, it's a gum bear. >> Is it true? >> No. But it was a dumb American joke. This was told by a French person basically saying... >> But this person was certainly not from- >> Yes. Right. >> Tell you, because I would've been a very bad way. >> But the point is this idea that you have these mega hyper clouds coming in and saying, "Okay, boom, we're putting one here and you're going to use us regardless of the country you're in." How does that, you know... Is there a push within the EU to tear those barriers down? Or are those sovereignty walls enjoyed by the majority because of the way that it changes the business climate? Any thoughts from that perspective? >> Oh yeah. Yeah. To me, it's very simple. It is a hybrid thing. That means that these big hyperscalers are there, not going to be used but what they do is they're going to partition themselves and work with these local people. So that their big thing appears as being independent, smaller data centers. That's the only thing, you know. You build a house and then you put walls between the different, between the different rooms. That's the only thing that happens. So it's not at all, no. At all to Azures or Google cloud. No, it's not that. It just means that there is a structure and organization that has to be put in place in order that the data resides in given geographical locations using their infrastructures, their technologies. That make, does it make sense? >> Yeah. Except that it puts them in the position of having to have a physical presence in each place, which is advantageous in one way and maybe less efficient in another. >> Yeah. But there are some big markets. >> Yeah. And they eventually got to get there. Right. I mean... >> Yeah. >> They started it. One patient in the world where they restarted was in ANZ. And that's what they did. You know, what, 5, 6, 7 years ago. They put their data centers over there because they wanted to gain the Australian market and the New Zealand market. >> So build it and they will come. Daniel, thanks so much for coming to the theCUBE. Very interesting conversation. >> Pleasure. >> Appreciate it. >> Thank you very much. >> All right, we're wrapping up. Day two at VeeamON 2022. Keep it right there. Dave and I will be back right after this break. (vibrant music)

>>Good morning live from Las Vegas. It's the Q with AWS reinvent 2021. This is our fourth day of coverage. The third full day of the conference. Lisa Martin here with Dave Nicholson. Dave, we had had a tremendous number of conversations. In fact, we've two live sets over a hundred guests on the program, and I have another web. I've got two Dave's for you for the price of one. Dave trader joins us the field CSO client advisor at Presidio. We're going to be talking about ransomware and security, Dave, welcome to the program. Thank you for having me. So it's looking at your background. You've got a very cool background. You hold numerous cybersecurity certifications, including CIS SP you've received numerous endorsements from the department of Homeland security, the FBI and NSA. And in 2018, you graduated from the FBI's CSO academy in Quantico. Wow. Yeah, it sounds like he's a man with a very special set of skills. I think you're right. I think you're right. One of the things that we have seen the cybersecurity landscape has changed dramatically in the last year and a half 22 months or so. I was reading some stats ransomware and the check happens delivery once every 11 seconds. It's now a matter of when not, if talk to us about some of the things that you're seeing, the threat landscape, changing ransomware as a service what's going on. >>The last part that you mentioned was ransomware as a service is key. The access to be able to launch a tax has become so simplified that the, the, the, uh, the attacker level doesn't have to be sophisticated. Really. You can get down to the 100 level brand new hackers that are just getting into the space. They can go to a help desk and they can purchase ransomware, and they can run this ransomware that has the comes with quality assurance, by the way. And if they didn't run correctly, they've got a help desk support system. That'll help them run this in a, you know, as a criminal enterprise. Um, the access is really what is, what has made this so prevalent, and it really exacerbated the problem to the massive scale that we're seeing today. Yeah. >>And of course, we're only hearing about the big ones, you know, re you know, Conti colonial pipeline. But as I mentioned, an attack occurring every 11 seconds, I also was reading the first half of calendar, 21, that ransomware was up nearly 11 X. So the trajectory it's going the wrong way, it's going up into the right and the way that we don't want it to go, are they becoming more brazen? Is it easier? Ransomware is the surface, but also they're able to be paid in Bitcoin and that's less traceable. >>Yeah. So, um, exponential is not even fair, right? Cause it, that's not even a fair assessment because that up and right, it's just, it's been so pervasive that we just see that continued growth. Uh, you know, there's how, you know, different ways and how we're going to stop that. And what we're, what we're doing from a national perspective is all coming into play and what we're going to do about it. You know? So the, one of the things that I'm seeing, that's kind of new is the taunting aspect. So the taunting aspect is, uh, you know, they've been in your network for a little while, the dwell times extended and they're collecting intelligence, but what they're doing is, you know, they used to let you, after they would present you with the ransomware note, they would let you kind of circle the wagons. And then you would come to a decision point as an organization. >>Is, am I going to pay or am I not well? And they would give you a little bit of time to deliberate. Well, now during your deliberation time, they're actually sending texts to the CEO and the CFO and there's, and they're, they're, they're showcasing their, their, uh, technical prowess and that they've got you, they own you at that point. And they're, they're texting on your personal device. And they're saying, you should go ahead and pay us, or we're going to make this worse. The taunting aspect is even twisting the knife and it's, uh, you know, out of box isn't even from a criminal aspect, I expect that to be out of bounds, no >>Crazy. And of course, you know, some of the things that we've seen, um, uh, the, the white houses, counter ransomware initiative, a coalition of 30 countries aimed to ramp up global efforts to attack that it's like, are you seeing cyber crime with the rise and the proliferation, you think there's gonna be more regulations and organizations that are going to be having to deal with? What do you think? Some of the things that we're going to see on that legal? >>Yeah. So we have to, we have to leverage compliance, and there's a lot of really great frameworks out there today that we are leveraging. And there's, there's good methodology on how to stop this. The issue is it's the adoption and really the, the, the knowledge, the subject matter expertise, and really that consultant side, that's the message that I try and get out to, to, to our customers and our clients. And I'm trying to really get them to understand what that evolution looks like and what, what is needed in each discipline, because there's various disciplines across the board and you almost have to have them all, um, you know, in order to be able to stop ransomware and solve for that ransomware problem. And I do think the regulation is going to be key. I also think that I need some air support from not only the federal government, but our internet service providers and, and we as a free country, we need to be careful of, you know, on, on some of that, some of those fronts. But I, I, I still think that I would appreciate, you know, my ISP doing a little bit of block and tackle for me, you know, and helping me out, even though I want the freedom to do and be able to do whatever I want. I still like them to say, you know, we're gonna block known that because, you know, it would just be nice to have a little bit of support even on that side. So how does >>An ISP prevent me from panning out my password and being fooled in a, in a, in a phishing attack is the, is the question that, is, that, is that still a real issue? >>So I wouldn't put that. I wouldn't put that on the ISP. I would put that more on the end point and some personal responsibility, right. Knowing, and I do, I do stress that a little bit, but relatively early >>Morning sarcasm in my bag. >>Yeah. So I do put that on, but there, but there are tremendous partners that I work with that are able to do that and automate a lot of that for you. And I need to make it simple, but simple as hard. And that's what you know is, especially in cybersecurity, we want to make it simple for it and really be able to remove the threat to the end user and protect the user. But in order to do that, there's a ton of things on a ton of sophistication and innovation that happens in the background. And we really need to be able to showcase how that's done. And, um, I, it's, obviously I'm excited about it, but we need more people that are able to just specialize in this. We need more good guys that are able to come in and help us on this front. >>I also think we need to break down some barriers for on the competition with, you know, market share and the partners we need to, we need to kind of elevate the conversation a little bit and we all need to work together because we're all in the same boat when it comes to how we're being attacked. Um, you know, from a national perspective on a global scale. And I think that if we elevate the conversation, our collective, uh, mindset in that, that, that, that, uh, that, that mind share is going to be able to really help us innovate and, and put a stop to this. >>So then how is Presidio and AWS, how are you helping them until you get to it? Ransomware and mitigation can talk to us about that. How are you going to be helping, especially there's cyber security skills gap that's gone on like five years. >>Sure. Yeah. That skills gap is going to continue to, we're going to continue to see that grow as well. And we're efforting that on many fronts, but I'm really excited about the ransomware mitigation kit that got, uh, unveiled yesterday. Um, I got a call earlier this year from, uh, AWS and, and, uh, we basically, the question was posed to me, you know, what are we going to do about this is from an AWS perspective, what can we do? Um, you know, cause th the cyber adversaries are, uh, are, are relatively unchecked and, and, and their attitude is what are you going to do about it? So AWS posed the question, what are we going to do about it? And what we came up with was, you know, as, as an isolated organization, or as an isolated discipline as with like a managed detection and response or endpoint protection, um, that silo could not by itself accomplish and the solve to eliminate ransomware or to make a dent in eliminate ransomware. >>So what we had to do was combine disciplines, and we reached over to BCDR disaster recovery and, and, and, and our backup teams. And we said, let's put together endpoint protection, MDR, and let's, let's merge the two of these. And let's automate that. So that what happens is, is when we detect the ransomware attack, there's, there's a specific indicators of compromise that happened in the attack, the end point protection, which is CrowdStrike in our case can see that and can notify that, and then can tell the backup and recovery team, Hey, we know that this is a, this is an indicator of compromise. We know that this system is, has been owned. And then there's an inflection point where we can ask the user if they want to manually intervene, or if they want us to automate that and intervene for them. So it really keeps production going full-time and, uh, it doesn't, it takes away the cyber adversaries ability to hold our data hostage. So this is an, it was this one, and I don't use PI verbally, uh, frequently, but this is a monumental, uh, uh, evolution of what, of what we're going to see and how to prevent ransomware. >>Wow. I was reading that, that ransomware is backups, or you talked about backup, the backup backup attacks are on the rise as well. How can organizations, how can they work with Presidio in AWS? You described this as monumental kind of game-changing, how can they work with you guys to, to implement this technology so that we can start dialing down the threats? >>Yeah. So we would love to, we would love to hear from you, right? Give us a, give us a call. Um, but, uh, our teams, you know, with, with CloudEndure and AWS CloudEndure and CrowdStrike and what they've really come up with, and, and you have to have these two things ahead of time. So I sit on our critical incident response team, and, you know, I, I do work with, you know, the, the bureau as often as I can on attribution, but you have to have these ahead of time. So your, your, your, your, uh, critical response plan needs to be in place. And if you have the two things that we, that we've really put a lot of effort into over the last eight months, if you've got CrowdStrike and you've got cloud on, on the backend, we can establish all of those, um, and, and really set this up for you to eliminate that threat. And, and that's what we're excited to showcase this week, and, you know, in the coming months, and we're going to, and we've also got additional things in additional features that we plan to add to that in the, in the coming months, Dave, >>Your thoughts on the partnership between private industry and government entities. Uh, you mentioned that the level of sophistication to engage in this bad behavior doesn't necessarily have to be the, have to rise to the level of state sponsored. Um, but can we do this in the private sector, by ourselves? What are your, what are your sort of philosophical? >>I will give you my, I will give you a statistic on this and it will, it'll be self-explanatory. But, um, 80% of our critical infrastructure in the United States is privately held. So we're unique in that perspective, we aren't like some other countries where they can just mandate the requirement that the government will control critical infrastructure. It's privately held here in the United States. So you almost have to invite the federal government to come in, even though you are a critical infrastructure, they still have to be invited to come help you. And that partnership is key in order to be able to defend yourself, but also to defend the nation. Our power grids are our water sources. I mean, you'll see those are private private companies, but we need that federal help. And I try and evangelize that partnership. I mean, you know, there's always the, um, you know, when you think about working with federal agencies, like the, like the FBI, um, there's a little bit of hesitation and you're not really quite sure. >>I will tell you that those, those men and women are, um, uh, they're amazing. They're amazing to work with they're, they're really good at what they do. And, and you're certainly it's a partnership and they have a whole division set up there's the office of the private sector is designed to have these conversations and help you prepare. And then in the unfortunate instance where you might have an attack there, right. They're trying to figure out who did that to you, you know, and, and you're a victim, you're a victim of a federal crime at that point. And they, they treat you with such care and, you know, they're, uh, they do such a great job. So I think we have to engage them in order to, and we should actually be able to help them with the technology and how, and make it easier for them to do their job, but something I'm also very interested in. >>Talk to me about your interests as the last question, in terms of what's going to go on here, we are wrapping up 2021 entering 2022, which hopefully will be a much better year for on many fronts, including the decrease in ransomware. What are some of the things that you're excited about? There's so much technology, there's so much opportunity and innovation going on with AWS and its partner ecosystem. What excites you, what opportunities do you see as we head into 2020? Yeah. >>So I do see some, I do see some threats that are going to evolve. Um, ransomware is certainly going to be more of the same until we get this out in this new methodology and what we've built until that becomes widely adopted. I think we, you know, we're not going to make a dent in the numbers that we're seeing just yet, but I'm hoping that that will change when, you know, when the industries do start to adopt that. The other thing that I'm seeing is I think operational technology is going to take a hit in 2022 because the bad guys have started to figure out how, um, you know, that, that, that, that operational technology is not as, uh, it's not front and center. And it's not top of mind for a lot of CSOs. So they're, they're targeting that weakness and going after that. So I think we really need to brace for that and, and really, uh, get in front of that. Uh, so that's one of the things that I'm prepping for is really the operational IOT conversation, and then how I can help, uh, organizations and even, even home users, you know, with some of the stuff that you've got, you know, maybe in your own home that could be used again, >>Right? Cause that work from anywhere is going to persist for quite some time. Dave, thank you so much for joining Dave Nicholson and me on the program this morning, talking about what's going on in the threat landscape ransomware, but also this monumental shift and from, from a technology and a partnership perspective that Presidio and AWS are doing to help customers and every industry, private and public sector. We appreciate your insights. Thank you >>For having me. Thanks >>For being here. Very Dave and Dave I'm Lisa you're watching the cube, the global leader in live tech coverage.

(upbeat music) >> Welcome to theCube's continuous coverage of AWS re:Invent 2021. I'm Dave Nicholson, and we are running one of the industry's most important and largest hybrid tech events this year with AWS and its partners with two live sets on the scene. In addition to two remote studios. And we'll have somewhere in the neighborhood of a hundred guests on the program this year at re:Invent. I'm extremely delighted to welcome a very, very special guest. Right now. He served as the director of the NSA under two presidents, and was the first commander of the U.S Cyber Command. He's a Cube alumni, he's founder and co-CEO of IronNet Cybersecurity. General Keith Alexander. Thanks for joining us today General. >> Thanks, David. It's an honor to be here at re:Invent, you know, with AWS. All that they're doing and all they're making possible for us to defend sector states, companies and nations in cyber. So an honor to be here. >> Well, welcome back to theCube. Let's dive right in. I'd like to know how you would describe the current cyber threat landscape that we face. >> Well, I think it's growing. Well, let's start right out. You know, the good news or the bad news, the bad news is getting worse. We're seeing that. If you think about SolarWinds, you think about the Hafnium attacks on Microsoft. You think about this rapid growth in ransomware. We're seeing criminals and nation states engaging in ways that we've never seen in the past. It's more blatant. They're going after more quickly, they're using cyber as an element of national power. Let's break that down just a little bit. Do you go back to two, July. Xi Jinping, talked about breaking heads in bloodshed when he was referring to the United States and Taiwan. And this has gone hot and cold, that's a red line for him. They will do anything to keep Taiwan from breaking away. And this is a huge existential threat to us into the region. And when this comes up, they're going to use cyber to go after it. Perhaps even more important and closer right now is what's going on with Russia in the Donbas region of eastern Ukraine. We saw this in 2014, when Russia took over the Crimea. The way they did it, staging troops. They did that in 2008 against Georgia. And now there are, by some reports over a hundred thousand troops on the border of Eastern Ukraine. Some call it an exercise, but that's exactly what they did in Georgia. That's what they did in the Crimea. And in both those cases, they preceded those attacks, those physical attacks with cyber attacks. If you go to 2017, when Russia hit the Ukrainian government with the NotPetya attack that had global repercussions. Russia was responsible for SolarWinds, they have attacked our infrastructure to find out what our government is doing and they continue going. This is getting worse. You know, it's interesting when you think about, so what do you do about something like that? How do we stop that? And the answer is we've got to work together. You know, Its slam commissioner addressed it. The meeting with the president on August 25th. This is a great statement by the CEO and chairman of Southern Company, Tom Fanning. He said this, "the war is being waged on our nation's critical infrastructure in particular, our energy sector, our telecommunications sector and financial sector." The private sector owns and operates 87% of the critical infrastructure in the United States, making collaboration between industry and the federal government imperative too, for these attacks. SO >> General, I want to dig just a little bit on that point that you make for generations, people have understood that the term is 'kinetic war', right? Not everyone has heard that phrase, but for generations we've understood the concept of someone dropping a bomb on a building as being an attack. You've just mentioned that, that a lot of these attacks are directed towards the private sector. The private sector doesn't have an army to respond to those attacks. Number one, that's our government's responsibility. So the question I have is, how seriously are people taking these kinds of threats when compared to the threat of kinetic war? Because my gosh, you can take down the entire electrical grid now. That's not something you can do with a single bomb. What are your, what are your thoughts on that? >> So you're hitting on a key point, a theoretical and an operational point. If you look back, what's the intent of warfare? It's to get the mass of people to give up. The army protects the mass of people in that fight. In cyber, there's no protection. Our critical infrastructure is exposed to our adversaries. That's the problem that we face. And because it's exposed, we have a tremendous vulnerability. So those who wish us harm, imagine the Colonial Pipeline attack an order of magnitude or two orders of magnitude bigger. The impact on our country would paralyze much of what we do today. We are not ready for that. That's the issue that Tom Fanning and others have brought up. We don't practice between the public sector and the private sector working together to defend this country. We need to do that. That's the issue that we have to really get our hands around. And when we talk about practice, what do we mean? It means we have to let that federal government, the ones that are going to protect us, see what's going on. There is no radar picture. Now, since we're at re:Invent, the cloud, where AWS and others have done, is create an infrastructure that allows us to build that bridge between the public and private sector and scale it. It's amazing what we can now do. We couldn't do that when I was running Cyber Command. And running Cyber Command, we couldn't see threats on the government. And we couldn't see threats on critical infrastructure. We couldn't see threats on the private sector. And so it all went and all the government did was say, after the fact you've been attacked. That's not helpful. >> So >> It's like they dropped a bomb. We didn't know. >> Yeah, so what does IronNet doing to kind of create this radar capability? >> So, well, thanks. That's a great question because there's four things that you really got to do. First. You've got to be able to detect the SolarWinds type attacks, which we did. You've got to have a hunt platform that can see what it is. You've got to be able to use machine learning and AI to really cut down the number of events. And the most important you need to be able to anonymize and share that into the cloud and see where those attacks are going to create that radar picture. So behavioral analytics, then you use signature based as well, but you need those sets of analytics to really see what's going on. Machine learning, AI, a hunt platform, and cloud. And then analytics in the cloud to see what's going on, creates that air traffic control, picture radar, picture for cyber. That's what we're doing. You see, I think that's the important part. And that's why we really value the partnership with AWS. They've been a partner with us for six years, helping us build through that. You can see what we can do in the cloud. We could never do in hardware alone. Just imagine trying to push out equipment and then do that for hundreds of companies. It's not viable. So SaaS, what we are as a SaaS company, you can now do that at scale, and you can push this out and we can create, we can defend this nation in cyber if we work together. And that's the thing, you know, I really, had a great time in the military. One of the things I learned in the military, you need to train how you're going to fight. They're really good at that. We did that in the eighties, and you can see what happened in 1990 in the Gulf war. We need to now do that between the public and private sector. We have to have those training. We need to continuously uplift our capabilities. And that's where the cloud and all these other things make that possible. That's the future of cybersecurity. You know, it's interesting David, our country developed the internet. We're the ones that pioneered that. We ought to be the first to secure. >> Seems to make sense. And when you talk about collective defense in this private public partnership, that needs to happen, you get examples of some folks in private industry and what they're doing, but, but talk a little bit more about, maybe what isn't happening yet. What do we need to do? I don't want you to necessarily get political and start making budgetary suggestions, but unless you want to, but what, but where do you see, where do we really need to push forward from a public perspective in order to make these connections? And then how is that connection actually happen? This isn't someone from the IronNet security service desk, getting on a red phone and calling the White House, how are the actual connections made? >> So it has to be, the connections have to be just like we do radar. You know, when you think about radars across our nation or radar operator doesn't call up one of the towers and say, you've got an aircraft coming at you at such and such a speed. I hope you can distinguish between those two aircraft and make sure they don't bump into each other. They get a picture and they get a way of tracking it. And multiple people can see that radar picture at a speed. And that's how we do air traffic control safety. We need the same thing in cyber, where the government has a picture. The private sector has a picture and they can see what's going on. The private sector's role is I'm going to do everything I can, you know, and this is where the energy sector, I use that quote from Tom Fanning, because what they're saying is, "it's our job to keep the grid up." And they're putting the resources to do it. So they're actually jumping on that in a great way. And what they're saying is "we'll share that with the government", both the DHS and DOD. Now we have to have that same picture created for DHS and DOD. I think one of the things that we're doing is we're pioneering the building of that picture. So that's what we do. We build the picture to bring people together. So think of that is that's the capability. Everybody's going to own a piece of that, and everybody's going to be operating in it. But if you can share that picture, what you can begin to do is say, I've got an attack coming against company A. Company A now sees what it has to do. It can get fellow companies to help them defend, collective defense, knowledge sharing, crowdsourcing. At the same time, the government can see that attack going on and say, "my job is to stop that." If it's DHS, I could see what I have to do. Within the country, DOD can say, "my job is to shoot the archers." How do we go do what we're authorized to do under rules of engagement? So now you have a way of the government and the private sector working together to create that picture. Then we train them and we train them. We should never have had an event like SolarWinds happen in the future. We got to get out in front. And if we do that, think of the downstream consequences, not only can we detect who's doing it, we can hold them accountable and make them pay a price. Right now. It's pretty free. They get in, pap, that didn't work. They get away free. That didn't work, we get away free. Or we broke in, we got, what? 18,000 companies in 30,000 companies. No consequences. In the future there should be consequences. >> And in addition to the idea of consequences, you know, in the tech sector, we have this concept of a co-op petition, where we're often cooperating and competing. The adversaries from, U.S perspective are also great partners, trading partners. So in a sense, it sounds like what you're doing is also kind of adhering to the old adage that, that good fences make for great neighbors. If we all know that our respective infrastructures are secure, we can sort of get on with the honest business of being partners, because you want to make the cost of cyber war too expensive. Is that, is that a fair statement? >> Yes. And I would take that analogy and bend it slightly to the following. Today every company defends itself. So you take 90 companies with 10 people, each doing everything they can to defend themselves. Imagine in the world we trying to build, those 90 companies work together. You have now 900 people working together for the collective defense. If you're in the C-suite or the board of those companies, which would rather have? 900 help new security or 10? This isn't hard. And so what we say is, yes. That neighborhood watch program for cyber has tremendous value. And beyond neighborhood watch, I can also share collaboration because, I might not have the best people in every area of cyber, but in those 900, there will be, and we can share knowledge crowdsource. So it's actually let's work together. I would call it Americans working together to defend America. That's what we need to do. And the states we going to have a similar thing what they're doing, and that's how we'll work this together. >> Yeah. That makes a lot of sense. General Alexander it's been a pleasure. Thanks so much for coming on to theCube as part of our 2021 AWS re:Invent coverage. Are you going to get a chance to spend time during the conference in Las Vegas? So you just flying in, flying out. Any chance? >> Actually yeah. >> It's there, we're still negotiating working that. I've registered, but I just don't know I'm in New York city for two meetings and seeing if I can get to Las Vegas. A lot of friends, you know, Adam Solski >> Yes >> and the entire AWS team. They're amazing. And we really liked this partnership. I'd love to see you there. You're going to be there, David? Absolutely. Yes, absolutely. And I look forward to that, so I hope hopefully we get that chance again. Thank you so much, General Alexander, and also thank you to our title sponsor AMD for sponsoring this year's re:Invent. Keep it right here for more action on theCube, you're leader in hybrid tech event coverage, I'm Dave Nicholson for the Cube. Thanks. (upbeat music)

(upbeat music) >> Thank you and good morning or afternoon, everyone, depending on where you're coming to us from and welcome to today's breakout session, Fast Data, a retail industry business imperative. My name is Brent Biddulph, Global Managing Director of Retail and Super Bids here at Cloudera and today's hosts. Joining me today is our feature speaker Brian Kilcourse, Managing Partner from RSR. We'll be sharing insights and implications from recently completed research across retailers of all sizes in empirical segments. At the end of today's session I'll share a brief overview on what I personally learned from retailers and how Cloudera continues to support retail data analytic requirements, and specifically around streaming data ingest, analytics, automation for customers around the world. There really is the next step up in terms of what's happening with data analytics today. So let's get started. So I thought it'd be helpful to provide some background first on how Cloudera is supporting retail industry leaders specifically how they're leveraging Cloudera for leading practice data analytics use cases, primarily across four key business pillars and these will be very familiar to those in the industry. Personalize interactions of course plays heavily into e-commerce and marketing, whether that's developing customer profiles, understanding the omni-channel journey, moving into the merchandising line of business, focused on localizing sorbet, promotional planning, forecasting, demand forecast accuracy, then into supply chain where inventory visibility is becoming more and more critical today, whether it's around fulfillment or just understanding where your stuff is from a customer perspective. And obviously in and outbound route optimization, right now as retailers are taking control of actual delivery, whether it's to a physical store location or to the consumer. And then finally, which is pretty exciting to me as a former store operator, what's happening with physical brick and mortar right now, especially for traditional retailers. The whole re-imagining of stores right now is on fire in a lot of focus because frankly this is where fulfillment is happening, this is where customers steal 80% of revenue is driven through retail through physical brick and mortar. So right now store operations is getting more focused and I would say it probably is had in decades and a lot of it has to do of course with IoT data and analytics in the new technologies that really help drive benefits for retailers from a brick and mortars standpoint. And then finally, to wrap up before handing off to Brian, as you'll see, all of these lines of businesses are rogue, really experiencing the need for speed, fast data. So we're moving beyond just discovery analytics, things that happened five, six years ago with big data, et cetera and we're really moving into real time capabilities because that's really where the difference makers are, that's where the competitive differentiation is across all of these lines of business and these four key pillars within retail. The dependency on fast data is evident, it's something that we all read in terms of those that are students of the industry if you will, that we're all focused on in terms of bringing value to the individual lines of business but more importantly to the overall enterprise. So without further ado, I really want to have Brian speak here as a third party analyst. He's close in touch with what's going on retail talking to all the solution providers, all the key retailers about what's important, what's on their plate, what are they focusing on right now in terms of fast data and how that could potentially make a difference for them going forward. So Brian off to you. >> Well, thanks, Brent. I appreciate the introduction. And I was thinking as you were talking, what is fast data? Well, fast data is fast data, it's stuff that comes at you very quickly. When I think about the decision cycles in retail, they were time phased and there was a time when we could only make a decision perhaps once a month and then met once a week and then once a day, and then intraday. Fast data is data that's coming at you in something approaching real time and we'll explain why that's important in just a second. But first I want to share with you just a little bit about RSR. We've been in business now for 14 years and what we do is we studied the business use cases that drive the adoption of technology in retail. We come from the retail industry. I was a retail technologist my entire working life and so we started this company. So I have a built-in bias of course, and that is that the difference between the winners in the retail world and in fact in the entire business world and everybody else is how they value the strategic importance of information, and really that's where the battle is being fought today. We'll talk a little bit about that. So anyway, one other thing about RSR Research, our research is free to the entire world. We don't have a paywall that you have to get behind, all you have to do is sign into our website, identify yourself and all of our research, including these two reports that we're showing on the screen now are available to you and we'd love to hear your comments. So when we talk about data, there's a lot of business implications to what we're trying to do with fast data and is being driven by the real world. We saw a lot of evidence of that during the COVID pandemic in 2020, when people had to make many decisions very, very quickly, for example, a simple one, do I redirect my replenishments to store B because store A is impacted by the pandemic, those kinds of things. These two drawings are actually from a book that came out in 1997 and it was a really important book for me personally is by a guy named Steven Hegel and the name of the book was "The Adaptive Enterprise." When you think about your business model and you think about the retail business model, most of those businesses are what you see on the left. First of all, the mission of the business doesn't change much at all, it changes once in a generation or maybe once in a lifetime, but it's established quite early. And then from that point on, it's basically a wash, rinse and repeat cycle. You do the things that you do over and over and over again, year in and year out, season in and season out and the most important pieces of information that you have is the transaction data from the last cycle. So Brent knows this from his experience as a retailer, the baseline for next year's forecast is last year's performance. And this is transactional in nature, it's typically pulled from your ERP or from your best of breed solution set. On the right is where the world is really going, and before we get into the details of this, I'll just use a real example. I'm sure like me, you've watched the path of hurricanes as they go up to the Florida Coast. And one of the things you might've noticed is that there are several different possible paths. These are models and you'll hear a lot about models when you talk to people in the AI world. These are models based on lots and lots of information that they're getting from Noah and from the oceanographic people and all those kinds of folks to understand the likely path of the hurricane. Based on their analysis, the people who watch these things will choose the most likely paths and they will warn communities to lock down and do whatever they need to do. And then they see as the real hurricane progresses, they will see if it's following that path or if it's varying, it's going down a different path and based on that they will adapt to a new model. And that is what I'm talking about here. Not everything is of course is life and death as a hurricane but it's basically the same concept. What's happening is you have your internal data that you've had since this command and control model that we've mentioned on the left and you're taking an external data from the world around you and you're using that to make snap decisions or quick decisions based on what you see, what's observable on the outside. Back to my COVID example, when people were tracking the path of the pandemic through communities, they learned that customers or consumers would favor certain stores to pick up what they needed to get. So they would avoid some stores and they would favor other stores and that would cause smart retailers to redirect the replenishments on very fast cycles to those stores where the consumers are most likely to be. They also did the same thing for employees, they wanted to know where they could get their employees to service these customers, how far away were they, were they in a community that was impacted or were they relatively safe. These are the decisions that were being made in real time based on the information that they were getting from the marketplace around them. So first of all, there's a context for these decisions, there's a purpose and the bounds of the adaptive structure, and then there's a coordination of capabilities in real time and that creates an internal feedback loop, but there's also an external feedback loop. This is more of an ecosystem view and based on those two inputs what's happening internally, where your performance is internally and how your community around you is reacting to what you're providing. You make adjustments as necessary and this is the essence of the adaptive enterprise. Engineers might call this a sense and respond model, and that's where retail is going. But what's essential to that is information and information, not just about the products that you sell or the stores that you sell it in or the employees that you have on the sales floor or the number of market baskets you've completed in the day, but something much, much more. If you will, a twin, a digital twin of the physical assets of your business, all of your physical assets, the people, the products, the customers, the buildings, the rolling stock, everything, everything. And if you can create a digital equivalent of a physical thing, you can then analyze it. And if you can analyze it, you can make decisions much, much more quickly. So this is what's happening with the predict pivot based on what you see and then because it's an intrinsically more complicated model to automate decision-making where it makes sense to do so. That's pretty complicated and I talk about new data and as I said earlier, the old data is all transactional in nature, mostly about sales. Retail has been a wash in sales data for as long as I can remember, they throw most of it away but they do keep enough to create the forecast for the next business cycle. But there's all kinds of new information that they need to be thinking about and a lot of this is from the outside world and a lot of this is non-transactional in nature. So let's just take a look at some of them. Competitive information. Retailers are always interested in what the competitor is up to, what are they promoting? How well are they doing? Where are they? What kind of traffic are they generating? Sudden and significant changes in customer behaviors and sentiment, COVID is a perfect example of something that would cause this, consumers changing their behaviors very quickly. And we have the ability to observe this because in a great majority of cases nowadays, retailers have observed that customers start their shopping journey in the digital space. As a matter of fact, Google recently came out and said that 63% of all sales transactions begin in the digital domain, even if many of them end up in the store. So we have the ability to observe changes in consumer behavior, what are they looking at? When are they looking at it? How long do they spend looking at it? What else are they looking at while they're doing that? What is the outcome of them looking? Market metrics certainly, what's going on in the marketplace around you? A good example of this might be something related to a sporting event. If you've planned based on normal demand and for your store and there's a big sporting event, like a football match or a baseball game, suddenly you're going to see a spike in demand, so understanding what's going on in the market is really important. Location, demographics and psychographics. Demographics have always been important to retailers, but now we're talking about dynamic demographics. What customers or what consumers are in your market in something approaching real time. Psychographics has more to do with their attitudes, what kind of folks are in a particular marketplace, what do they think about, what do they favor, and all those kinds of interesting details. Real time environmental and social incidents, of course, I mentioned hurricanes and so that's fairly self-evident. Disruptive events, sporting events, et cetera, these are all real. And then we get the real time Internet-of-Things, these are RFID sensors, beacons, video, et cetera. There's all kinds of stuff. And this is where it really gets interesting, this is where the supply chain people will start talking about the digital twin to their physical world. If you can't say something you can't manage it and retailers want to be able to manage things in real time. So IoT along with AI analytics and the data that's generated is really, really important for them going forward. Community health, we've been talking a lot about that, the progression of the flu, et cetera, et cetera. Business schedules, commute patterns, school schedules, and weather, these are all external data that are interesting to retailers and can help them to make better operational decisions in something approaching real time. I mentioned the automation of decision-making, this is a chart from Gardner and I'd love to share with you. It's a really good one because it describes very simply what we're talking about and it also describes where the inflection of new technology happens. If you look on the left there's data, we have lots and lots of data, we're getting more data all the time. Retailers for a long time now since certainly since the seventies or eighties have been using data to describe what happened, this is the retrospective analysis that we're all very familiar with, data cubes and those kinds of things. And based on that, the human makes some decisions about what they're going to do going forward. Sometime in the not-too-distant past this data was started to be used to make diagnostic decisions, not only what happened but why did it happen? And we might think of this as, for example, if sales were depressed and for a certain product, was it because we had another product on sale that day, that's a good example of fairly straightforward diagnostics. We then move forward to what we might think of as predictive analytics and this was based on what happened in the past and why it happened in the past. This is what's likely to happen in the future. You might think of this as, for example, halo effect or the cannibalization effect of your category plans if you happen to be a grocer. And based on that, the human will make a decision as to what they need to do next. Then came along AI, and I don't want to oversell AI here. AI is a new way for us to examine lots and lots of data, particularly unstructured data. AI if I could simplify it to the next maximum extent, it essentially is a data tool that allows you to see patterns in data which might be interesting. It's very good at sifting through huge data sets of unstructured data and detecting statistically significant patterns. It gets deeper than that of course, because it uses math instead of rules. So instead of an if then or else statement that we might've used with our structured data, we use the math to detect these patterns in unstructured data and based on those we can make some models. For example, my guy in my (chuckles) just turned 70. My 70 year old man, I'm a white guy, I live in California, I have a certain income and a certain educational level. I'm likely to behave in this way based on a model, that's pretty simplistic but based on that, you can see that when another person who meets my psychographics, my demographics, my age group, my income level and all the rest, they might be expected to make a certain action. And so this is where prescriptive really comes into play. AI makes that possible. And then finally, when you start to think about moving closer to the customer or something approaching a personalized level, a one-to-one level, you suddenly find yourself in the situation of having to make not thousands of decisions but tens of millions of decisions and that's when the automation of decision-making really gets to be pretty important. So this is all interesting stuff, and I don't want to oversell it. It's exciting and it's new, it's just the latest turn of the technology screw and it allows us to use this new data to basically automate decision-making in the business in something approaching real time so that we can be much, much more responsive to real-time conditions in the marketplace. Very exciting. So I hope this is interesting. This is a piece of data from one of our recent pieces of research. This happens to be from a location analytics study we just published last week, and we asked retailers, what are the big challenges? What's been going on in the last 12 months for them, and what's likely to be happening for them in the next few years and it's just fascinating because it speaks to the need for faster decision-making. The challenges in the last 12 months are all related to COVID. First of all, fulfilling growing online demand, this is a very real time issue that we all had to deal with. But the next one was keeping forecasts in sync with changing demand and this is one of those areas where retailers are now finding themselves needing to look at that exogenous or that external data that I mentioned to you. Last year sales were not a good predictor of next year sales, they needed to look at sentiment, they needed to look at the path of the disease, they needed to look at the availability of products, alternate sourcing, global political issues, all of these things get to be pretty important and they affect the forecast. And then finally, managing the movement of the supply through the supply chain so that they could identify bottlenecks. Now, point to one of them which we can all laugh at now because it's kind of funny, it wasn't funny at the time. We ran out of toilet paper (laughs) toilet paper was a big problem. Now there is nothing quite as predictable as toilet paper, it's tied directly to the size of the population and yet we ran out. And the thing we didn't expect when the COVID pandemic hit was that people would panic and when people panic they do funny things. One of the things I do is buy up all the available toilet paper, I'm not quite sure why that happen but it did happen and it drained the supply chain. So retailers needed to be able to see that, they needed to be able to find alternative sources, they needed to be able to do those kinds of things. This gets to the issue of visibility, real-time data, fast data. Tomorrow's challenge is kind of interesting because one of the things that retailers put at the top of their list is improve inventory productivity. The reason that they are interested in this is because they will never spend as much money on anything as they will on inventory and they want the inventory to be targeted to those places where it is most likely to be consumed and not to places where it's least likely to be consumed. So this is trying to solve the issue of getting the right product at the right place at the right time to the right consumer and retailers want to improve this because the dollars are just so big. But in this complex, fast moving world that we live in today is this requires something approaching real-time visibility. They want to be able to monitor the supply chain, the DCs and the warehouses and their picking capacity. We're talking about Echo's, we're talking about Echo's level of decision-making about what's flowing through the supply chain all the way from the manufacturing door to the manufacturer through to consumption. There's two sides of the supply chain and retailers want to look at it. You'll hear retailers and people like me talk about the digital twin, this is where this really becomes important. And again, the digital twin is enabled by IoT and AI analytics. And finally, they need to increase their profitability for online fulfillment. This is a huge issue, for some grocers the volume of online orders went from less than 10% to somewhere north of 40%. And retailers did in 2020 what they needed to do to fulfill those customer orders in the year of the pandemic, that now the expectation that consumers have have been raised significantly. They now expect those features to be available to them all the time and many people really like them. Now retailers need to find out how to do it profitably and one of the first things they need to do is they need to be able to observe the process so that they can find places to optimize. This is out of our recent research and I encourage you to read it. Now when we think about the hard one wisdom that retailers have come up with we think about these things, better visibility has led to better understanding which increases their reaction time which increases their profitability. So what are the opportunities? This is the first place that you'll see something that's very common and in our research, we separate over-performers, who we call retail winners from everybody else, average and under-performers. And we've noticed throughout the life of our company that retail winners don't just do all the same things that others do, they tend to do other things and this shows up in this particular graph. This again is from the same study. So what are the opportunities to address these challenges I mentioned to you in the last slide? First of all, strategic placement of inventory throughout the supply chain to better fulfill customer needs. This is all about being able to observe the supply chain, get the inventory into a position where it can be moved quickly to fast changing demand on the consumer side. A better understanding and reacting to unplanned events that can drive a dramatic change in customer behavior. Again, this is about studying the data, analyzing the data and reacting to the data that comes before the sales transaction. So this is observing the path to purchase, observing things that are happening in the marketplace around the retailer so that they can respond very quickly, a better understanding of the dramatic changes in customer preference and path to purchase as they engage with us. One of the things we all know about consumers now is that they are in control and literally the entire planet is the assortment that's available to them. If they don't like the way they're interacting with you, they will drop you like a hot potato and go to somebody else. And what retailers fear justifiably is the default response to that is to just see if they can find it on Amazon. You don't want this to happen if you're a retailer. So we want to observe how we are interacting with consumers and how well we are meeting their needs. Optimizing omni-channel order fulfillment to improve profitability. We've already mentioned this, retailers did what they needed to do to offer new fulfillment options to consumers. Things like buy online pickup curbside, buy online pickup in-store, buy online pick up at a locker, a direct to consumer, all of those things. Retailers offer those in 2020 because the consumers demand it and needed it. So when retailers are trying to do now is to understand how to do that profitably. And finally, this is important and never goes away is the reduction of waste, shrink within the supply chain. I'm embarrassed to say that when I was a retail executive in the nineties, we were no more certain of consumer demand than anybody else was but we wanted to commit to very high service levels for some of our key categories somewhere approaching 95% and we found the best way to do that was to flood the supply chain with inventory. It sounds irresponsible now, but in those days that was a sure-fire way to make sure that the customer had what she was looking for when she looked for it. You can't do that in today's world, money is too tight and we can't have that inventory sitting around and move to the right places once we discover what the right places. We have to be able to predict, observe, and respond in something much closer to real time. Onto the next slide, the simple message here, again a difference between winners and everybody else. The messages, if you can't see it you can't manage it. And so we asked retailers to identify to what extent an AI enabled supply chain can help their company address some issues. Look at the differences here, they're shocking. Identifying network bottlenecks, this is the toilet paper story I told you about. Over half of retail winners feel that that's very important, only 19% of average and under-performers, no surprise that they're average and under-performers. Visibility into available to sell inventory anywhere within the enterprise, 58% of winners and only 32% of everybody else. And you can go on down the list but you get the just, retail winners understand that they need to be able to see their assets and something approaching real time so that they can make the best decisions possible going forward in something approaching real time. This is the world that we live in today and in order to do that you need to be able to number one, see it and number two, you need to be able to analyze it, and number three, you have to be able to make decisions based on what you saw. Just some closing observations and I hope this was interesting for you. I love talking about this stuff, you can probably tell I'm very passionate about it. But the rapid pace of change in the world today is really underscoring the importance, for example, of location intelligence as a key component of helping businesses to achieve sustainable growth, greater operational effectiveness and resilience, and ultimately your success. So this is really, really critical for retailers to understand and successfully evolving businesses need to accommodate these new consumer shopping behaviors and changes and how products are brought to the market. And in order to do that they need to be able to see people, they need to be able to see their assets, and they need to be able to see their processes in something approaching real time, and then they need to analyze it and based on what they've uncovered, they need to be able to make strategic and operational decision making very quickly. This is the new world we live in, it's a real-time world, it's a sense and respond world and it's the way forward. So Brent, I hope that was interesting for you. I really enjoyed talking about this as I said, we'd love to hear a little bit more. >> Hey, Brian, that was excellent. I always love hearing from RSR because you're so close to what retailers are talking about and the research that your company pulls together. One of the higher level research articles around fast data frankly, is the whole notion of IoT, right? Now many does a lot of work in this space. What I find fascinating based off the recent research is believe it or not, there's $1.2 trillion at stake in retail per year between now and 2025. Now, how's that possible? Well, part of it is because of the Kinsey captures not only traditional retail but also QSRs and entertainment venues, et cetera, that's considered all of retail. But it's a staggering number and it really plays to the effect that real time can have on individual enterprises, in this case we're talking of course about retail. So a staggering number and if you think about it, from streaming video to sensors, to beacons, RFID, robotics, autonomous vehicles retailers are asking today, even pizza delivery and autonomous vehicles. If you think about it, it shouldn't be that shocking, but when they were looking at 12 different industries, retail became like the number three out of 12 and there's a lot of other big industries that will be leveraging IoT in the next four years. So retailers in the past have been traditionally a little stodgy about their spend in data and analytics. I think retailers in general have got the religion that this is what it's going to take to compete in today's world, especially in a global economy and IoT really is the next frontier, which is kind of the definition of fast data. So I just wanted to share just a few examples or exemplars of retailers that are leveraging the Cloudera technology today. So now they pay for advertisement at the end of this, right? So what is Cloudera bringing to market here? So across all retail verticals, if we look at, for example, a well-known global mass virtual retailer, they're leveraging Cloudera data flow which is our solution to move data from point to point in wicked fast space. So it's open source technology that was originally developed by the NSA. So it is best to class movement of data from an ingest standpoint, but we're also able to help the round trip. So we'll pull up sensor data off all the refrigeration units for this particular retailer, they'll hit it up against the product lifecycle table, they'll understand temperature fluctuations of 10, 20 degrees based on fresh food products that are in the store, what adjustments might need to be made because frankly store operators, they'll never know refrigeration, they'll know if a cooler goes down and they'll have to react quickly, but they won't know that 10, 20 degree temperature changes have happened overnight. So this particular customer leverages further data flow to understand temperature fluctuations, the impact on the product life cycle and the roundtrip communication back to the individual department manager, let's say a produce department manager, deli manager, meat manager. Hey, you had a 20 degree drop in temperature, we suggest you lower the price on these products that we know are in that cooler for the next couple of days by 20%. So you don't have to worry about freshness issues and or potential shrink. The grocery with fresh product, if you don't sell it, you smell it, you throw it away, it's cost to the bottom line. So critically important and tremendous ROI opportunity that we're helping to enable there. From a leading global drugstore retailer, so this is more about data processing and we're excited of the recent partnership with the Nvidia. So fast data isn't always at the edge with IoT, it's also about workloads. And in retail, if you are processing your customer profiles or segmentation like intra day, you will never achieve personalization, you will never achieve one-on-one communications with retailers or with customers, and why is that? Because customers in many cases are touching your brand several times a week. So if taking you a week or longer to process your segmentation schemes, you've already lost and you'll never achieve personalization, in fact, you may offend customers by offers you might push out based on what they just bought yesterday you had no idea of it. So that's what we're really excited about, again with the computation speed that Nvidia brings to Cloudera. We're already doing this today, we've already been providing levels of exponential speed and processing data, but when Nvidia brings to the party is course GPUs right, which is another exponential improvement to processing workloads like demand forecast, customer profiles. These things need to happen behind the scenes in the back office much faster than retailers have been doing in the past. That's just the world we all live in today. And then finally, from a proximity marketing standpoint or just from an in-store operations standpoint, retailers are leveraging Cloudera today, not only data flow but also of course our compute and storage platform and ML, et cetera, to understand what's happening in store. It's almost like the metrics that we used to look at in the past in terms of conversion and traffic, all those metrics are now moving into the physical world. If you can leverage computer vision in streaming video, to understand how customers are traversing your store, how much time they're standing in front of the display, how much time they're standing in checkout line, you can now start to understand how to better merchandise the store, where the hotspots are, how to in real time improve your customer service. And from a proximity marketing standpoint, understand how to engage with the customer for right at the moment of truth, right, when they're right there in front of the particular department or category, upward leveraging mobile device. So that's the world of fast data in retail and just kind of a summary in just a few examples of how folks are leveraging Cloudera today. From an overall platform standpoint of course, Cloudera is an enterprise data platform, right? So we're helping to enable the entire data life cycle, so we're not a data warehouse, we're much more than that. So we have solutions to ingest data from the Edge, from IoT, leading practice solutions to bring it in. We also have experiences to help leverage the analytic capabilities of data engineering, data science, analytics and reporting. We're not encroaching upon the legacy solutions that many retailers have today, we're providing a platform that's open source that helps weave all this mess together that existed retail today from legacy systems because no retailer frankly is going to rip and replace a lot of stuff that they have today. Right. And the other thing the Cloudera brings to market is this whole notion of on-prem hybrid cloud and multicloud, right. So our whole culture has been built around open source technology as the company that provides most of the source code to the Apache network around all these open source technologies. We're kind of religious about open source and lack of vendor lock-in, maybe to our fault, but as a company we pull that together from a data platform standpoint so it's not a rip or replace situation. It's like helping to connect legacy systems, data and analytics, weaving that whole story together to be able to solve this whole data life cycle from beginning to end. And then finally, I want to thank everyone for joining today's session, I hope you found it informative. I can't thank Brian Kilcourse enough, like he's my trusted friend in terms of what's going on in the industry. He has much broader reach of course in talking to a lot of our partners in other technology companies out there as well. But I really appreciate everyone joining the session, and Brian, I'm going to kind of leave it open to you to any closing comments that you might have based on what we're talking about today in terms of fast data and retail. >> First of all, thank you, Brent. And this is an exciting time to be in this industry. And I'll just leave it with this. The reason that we are talking about these things is because we can, the technology has advanced remarkably in the last five years. Some of this data has been out there for a lot longer than that and it frankly wasn't even usable. But what we're really talking about is increasing the cycle time for decisions, making them go faster and faster so that we can respond to consumer expectations and delight them in ways that make us a trusted provider of their lifestyle needs. So this is really a good time to be a retailer, a real great time to be servicing the retail technology community and I'm glad to be a part of it and I'm glad to be working with you. So thank you, Brent. >> Yeah, of course, Brian. And one of the exciting things for me too, I've being in the industry as long as I have and being a former retailer is it's really exciting for me to see retailers actually spending money on data and IT for a change, right? (Brian laughs) They've all kind of come to this final pinnacle of this is what it's going to take to compete. You and I talked to a lot of colleagues, even salespeople within Cloudera, like, oh, retail, very stodgy, slow to move. That's not the case anymore. >> No. >> Everyone gets the religion of data and analytics and the value of that. And what's exciting for me to see as all this infusion of immense talent within the industry that we couldn't see years ago, Brian. I mean, retailers are like pulling people from some of the greatest tech companies out there, right? From a data science, data engineering standpoint, application developers. Retail is really getting its legs right now in terms of go to market and the leverage of data and analytics, which to me is very exciting. >> Well, you're right. I mean, I became a CIO around the time that point of sale and data warehouses were starting to happen, data cubes and all those kinds of things. And I never thought I would see a change that dramatic as the industry experience back in those days, 1989, 1990, this changed doors that, but the good news is again, as the technology is capable, we're talking about making technology and information available to retail decision-makers that consumers carry around in their purses and pockets as they're right now today. So the question is, are you going to utilize it to win or are you going to get beaten? That's really what it boils down to. >> Yeah, for sure. Hey, thanks everyone. We'll wrap up, I know we ran a little bit long, but appreciate everyone hanging in here with us. We hope you enjoyed the session. Our contact information is right there on the screen, feel free to reach out to either Brian and I. You can go to cloudera.com, we even have joint sponsored papers with RSR, you can download there as well as other eBooks, other assets that are available if you're interested. So thanks again, everyone for joining and really appreciate you taking the time today.

>>Thank you and good morning or afternoon, everyone, depending on where you're coming to us from and welcome to today's breakout session, fast data, a retail industry business imperative. My name is Brent Bedell, global managing director of retail, consumer bids here at Cloudera and today's hosts joining today. Joining me today is our feature speaker Brian Hill course managing partner from RSR. We'll be sharing insights and implications from recently completed research across retailers of all sizes in vertical segments. At the end of today's session, I'll share a brief overview on what I personally learned from retailers and how Cloudera continues to support retail data analytic requirements, and specifically around streaming data, ingest analytics, automation for customers around the world. There really is the next step up in terms of what's happening with data analytics today. So let's get started. So I thought it'd be helpful to provide some background first on how Clare to Cloudera is supporting and retail industry leaders specifically how they're leveraging Cloudera for leading practice data analytics use cases primarily across four key business pillars. >>And these will be very familiar to, to those in the industry. Personalize interactions of course, plays heavily into e-commerce and marketing, whether that's developing customer profiles, understanding the OB omni-channel journey, moving into the merchandising line of business focused on localized promotional planning, forecasting demand, forecast accuracy, then into supply chain where inventory visibility is becoming more and more critical today, whether it's around fulfillment or just understanding where your stuff is from a customer perspective. And obviously in and outbound route optimization right now, as retailers are taking control of actual delivery, whether it's to a physical store location or to the consumer. And then finally, uh, which is pretty exciting to me as a former store operator, you know, what's happening with physical brick and mortar right now, especially for traditional retailers. Uh, the whole re-imagining of stores right now is on fire in a lot of focus because, you know, frankly, this is where fulfillment is happening. >>Um, this is where customers, you know, still 80% of revenue is driven through retail, through physical brick and mortar. So right now store operations is getting more focused and I would say it probably is had and decades. Uh, and a lot of has to do for us with IOT data and analytics in the new technologies that really help, uh, drive, uh, benefits for retailers from a brick and mortar standpoint. And then, and then finally, um, you know, to wrap up before handing off to Brian, um, as you'll see, you know, all of these, these lines of businesses are raw, really experiencing the need for speed, uh, you know, fast data. So we're, we're moving beyond just discovery analytics. You don't things that happened five, six years ago with big data, et cetera. And we're really moving into real time capabilities because that's really where the difference makers are. >>That's where the competitive differentiation as across all of these, uh, you know, lines of business and these four key pillars within retail, um, the dependency on fast data is, is evident. Um, and it's something that we all read, you know, you know, in terms of those that are students of the industry, if you will, um, you know, that we're all focused on in terms of bringing value to the individual, uh, lines of business, but more importantly to the overall enterprise. So without further ado, I, I really want to, uh, have Brian speak here as a, as a third party analyst. You know, he, he's close in touch with what's going on, retail talking to all the solution providers, all the key retailers about what's important, what's on their plate. What are they focusing on right now in terms of fast data and how that could potentially make a difference for them going forward? So, Brian, uh, off to you, >>Well, thanks, Brent. I appreciate the introduction. And I was thinking, as you were talking, what is fast data? Well, data is fast. It is fast data it's stuff that comes at you very quickly. When I think about the decision cycles in retail, they were, they were, they were time phased and there was a time when we could only make a decision perhaps once a month and then met once a week and then once a day, and then intraday fast data is data that's coming at you and something approaching real time. And we'll explain why that's important in just a second. But first I want to share with you just a little bit about RSR. We've been in business now for 14 years. And what we do is we studied the business use cases that drive the adoption of technology in retail. We come from the retail industry, I was a retail technologist, my entire working life. >>And so we started this company. So I'm, I have a built in bias, of course, and that is that the difference between the winners in the retail world and in fact, in the entire business world and everybody else is how they value the strategic importance of information, and really that's where the battle is being fought today. We'll talk a little bit about that. So anyway, uh, one other thing about RSR research, our research is free to the entire world. Um, we don't, we don't have a paywall. You have to get behind. All you have to do is sign into our website, uh, identify yourself and all of our research, including these two reports that we're showing on the screen now are available to you. And we'd love to hear your comments. So when we talk about data, there's a lot of business implications to what we're trying to do with fast data and as being driven by the real world. >>Uh, we saw a lot of evidence of that during the COVID pandemic in 2020, when people had to make many decisions very, very quickly, for example, a simple one. Uh, do I redirect my replenishments to store B because store a is impacted by the pandemic, those kinds of things. Uh, these two drawings are actually from a book that came out in 1997. It was a really important book for me personally is by a guy named Steven Hegel. And it was the name of the book was the adaptive enterprise. When you think about your business model, um, and you think about the retail business model, most of those businesses are what you see on the left. First of all, the mission of the business doesn't change much at all. It changes once in a generation or maybe once in a lifetime, um, but it it's established quite early. >>And then from that point on it's, uh, basically a wash rinse and repeat cycle. You do the things that you do over and over and over again, year in and year out season in and season out. And the most important piece of information that you have is the transaction data from the last cycle. So a Brent knows this from his experience as a, as a retailer, the baseline for next year's forecast is last year's performance. And this is transactional in nature. It's typically pulled from your ERP or from your best of breed solution set on the right is where the world is really going. And before we get into the details of this, I'll just use a real example. I'm I'm sure like, like me, you've watched the path of hurricanes as they go up to the Florida coast. And one of the things you might've noticed is that there's several different possible paths. >>These are models, and you'll hear a lot about models. When you talk to people in the AI world, these are models based on lots and lots of information that they're getting from Noah and from the oceanographic people and all those kinds of folks to understand the likely path of the hurricane, based on their analysis, the people who watch these things will choose the most likely paths and they will warn communities to lock down and do whatever they need to do. And then they see as the, as the real hurricane progresses, they will see if it's following that path, or if it's varying, it's going down a different path and based on that, they will adapt to a new model. And that is what I'm talking about here now that not everything is of course is life and death as, as a hurricane. But it's basically the same concept what's happening is you have your internal data that you've had since this, a command and control model that we've mentioned on the left, and you're taking an external data from the world around you, and you're using that to make snap decisions or quick decisions based on what you see, what's observable on the outside, back to my COVID example, um, when people were tracking the path of the pandemic through communities, they learn that customers or consumers would favor certain stores to pick up their, what they needed to get. >>So they would avoid some stores and they would favor other stores. And that would cause smart retailers to redirect the replenishments on very fast cycles to those stores where the consumers are most likely to be. They also did the same thing for employees. Uh, they wanted to know where they could get their employees to service these customers. How far away were they, were they in a community that was impacted or were they relatively safe? These are the decisions that were being made in real time based on the information that they were getting from the marketplace around them. So, first of all, there's a context for these decisions. There's a purpose and the bounds of the adaptive structure, and then there's a coordination of capabilities in real time. And that creates an internal feedback loop, but there's also an external feedback loop. This is more of an ecosystem view. >>And based on those two, those two inputs what's happening internally, what your performance is internally and how your community around you is reacting to what you're providing. You make adjustments as necessary. And this is the essence of the adaptive enterprise. Engineers might call this a sense and respond model. Um, and that's where retail is going. But what's essential to that is information and information, not just about the products that you sell or the stores that you sell it in, or the employees that you have on the sales floor or the number of market baskets you've completed in the day, but something much, much more. Um, if you will, a twin, a digital twin of the physical assets of your business, all of your physical assets, the people, the products, the customers, the buildings, the rolling stock, everything, everything. And if you can create a digital equivalent of a physical thing, you can then analyze it. >>And if you can analyze it, you can make decisions much, much more quickly. So this is what's happening with the predict pivot based on what you see, and then, because it's an intrinsically more complicated model to automate, decision-making where it makes sense to do so. That's pretty complicated. And I talk about new data. And as I said earlier, the old data is all transactional in nature. Mostly about sales. Retail has been a wash in sales data for as long as I can remember throw, they throw most of it away, but they do keep enough to create the forecast the next for the next business cycle. But there's all kinds of new information that they need to be thinking about. And a lot of this is from the outside world. And a lot of this is non-transactional nature. So let's just take a look at some of them, competitive information. >>Those are always interested in what the competitor is up to. What are they promoting? How well are they they doing, where are they? What kind of traffic are they generating sudden and stuff, significant changes in customer behaviors and sentiment COVID is a perfect example of something that would cause this consumers changing their behaviors very quickly. And we have the ability to, to observe this because in a great majority of cases, nowadays retailers have observed that customers start their, uh, shopping journey in the digital space. As a matter of fact, Google recently came out and said, 60%, 63% of all, all sales transactions begin in the digital domain. Even if many of them end up in the store. So we have the ability to observe changes in consumer behavior. What are they looking at? When are they looking at it? How long do they spend looking at it? >>What else are they looking at while they're, while they're doing that? What are the, what is the outcome of that market metrics? Certainly what's going on in the marketplace around you? A good idea. Example of this might be something related to a sporting event. If you've planned based on normal demand and for, for your store. And there's a big sporting event, like a football match or a baseball game, suddenly you're going to see a spike in demand. So understanding what's going on in the market is really important. Location, demographics and psychographics, demographics have always been important to retailers, but now we're talking about dynamic demographics, what customers, or what consumers are, are in your market, in something approaching real time, psychographics has more to do with their attitudes. What kind of folks are, are, are in them in a particular marketplace? What do they think about what do they favor? >>And all those kinds of interesting deep tales, real-time environmental and social incidents. Of course, I mentioned hurricanes. And so that's fairly, self-evident disruptive events, sporting events, et cetera. These are all real. And then we get the real time internet of things. These are, these are RFID sensors, beacons, video, et cetera. There's all kinds of stuff. And this is where, yeah, it's interesting. This is where the supply chain people will start talking about the difference, little twin to their physical world. If you can't say something, you can manage it. And retailers want to be able to manage things in real time. So IOT, along with it, the analytics and the data that's generated is really, really important for them going forward, community health. We've been talking a lot about that, the progression of the flu, et cetera, et cetera, uh, business schedules, commute patterns, school schedules, and whether these are all external data that are interesting to retailers and can help them to make better operational in something approaching real time. >>I mentioned the automation of decision making. This is a chart from Gardner, and I'd love to share with you. It's a really good one because it describes very simply what we're talking about. And it also describes where the inflection of new technology happens. If you look on the left there's data, we have lots and lots of data. We're getting more data all the time, retailers for a long time. Now, since certainly since the seventies or eighties have been using data to describe what happened, this is the retrospective analysis that we're all very familiar with, uh, data cubes and those kinds of things. And based on that, the human makes some decisions about what they're going to do going forward. Um, sometime in the not too distant past, this data was started to be used to make diagnostic decisions, not only what happened, but why did it happen? >>And me might think of this as, for example, if sales were depressed for a certain product, was it because we had another product on sale that day, that's a good example of fairly straightforward diagnostics. We then move forward to what we might think of as predictive analytics. And this was based on what happened in the past and why it happened in the past. This is what's likely to happen in the future. You might think of this as, for example, halo effect or, or the cannibalization effect of your category plans. If you're, if you happen to be a grocer and based on that, the human will make a decision as to what they need to do next then came along AI, and I don't want to oversell AI here. AI is a new way for us to examine lots and lots of data, particularly unstructured data AI. >>If I could simplify it to its maximum extent, it essentially is a data tool that allows you to see patterns in data, which might be interesting. It's very good at sifting through huge data sets of unstructured data and detecting statistically significant patterns. It gets deeper than that, of course, because it uses math instead of rules. So instead of an if then, or else a statement that we might've used with our structured data, we use the math to detect these patterns in unstructured data. And based on those, we can make some models. For example, uh, my guy in my, in my, uh, just turned 70 on my 70 year old man, I'm a white guy. I live in California. I have a certain income and a certain educational level. I'm likely to behave in this way based on a model that's pretty simplistic. But based on that, you can see that. >>And when another person who meets my psychographics, my demographics, my age group, my income level and all the rest, um, you, they might, they might be expected to make a certain action. And so this is where prescriptive really comes into play. Um, AI makes that possible. And then finally, when you start to think about moving closer to the customer on something, approaching a personalized level, a one-to-one level, you, you suddenly find yourself in this situation of having to make not thousands of decisions, but tens of millions of decisions. And that's when the automation of decision-making really gets to be pretty important. So this is all interesting stuff, and I don't want to oversell it. It's exciting. And it's new. It's just the latest turn of the technology screw. And it allows us to use this new data to basically automate decision-making in the business, in something approaching real time so that we can be much, much more responsive to real-time conditions in the marketplace. >>Very exciting. So I hope this is interesting. This is a piece of data from one of our recent pieces of research. Uh, this happens to be from a location analytics study. We just published last week and we asked retailers, what are the big challenges what's been going on in the last 12 months for them? And what's likely to be happening for them in the next few years. And it's just fascinating because it speaks to the need for faster decision-making there. The challenges in the last 12 months were all related to COVID. First of all, fulfilling growing online demand. This is a very, very real time issue that we all had to deal with. But the next one was keeping forecasts in sync with changing demand. And this is one of those areas where retailers are now finding themselves, needing to look at that exoticness for that external data that I mentioned to you last year, sales were not a good predictor of next year of sales. >>They needed to look at sentiment. They needed to look at the path of the disease. They needed to look at the availability of products, alternate sourcing, global political issues. All of these things get to be pretty important and they affect the forecast. And then finally managing a supply them the movement of the supply through the supply chain so that they could identify bottlenecks now, point to one of them, which we can all laugh at now because it's kind of funny. It wasn't funny at the time we ran out of toilet paper, toilet paper was a big problem. Now there is nothing quite as predictable as toilet paper, it's tied directly to the size of the population. And yet we ran out and the thing we didn't expect when the COVID pandemic hit was that people would panic. And when people panic, they do funny things. >>One of the things I do is buy up all the available toilet paper. I'm not quite sure why that happened. Um, but it did happen and it drained the supply chain. So retailers needed to be able to see that they needed to be able to find alternative sources. They needed to be able to do those kinds of things. This gets to the issue of visibility, real time data, fast data tomorrow's challenge. It's kind of interesting because one of the things that they've retailers put at the top of their list is improved inventory productivity. Uh, the reason that they are interested in this is because then we'll never spend as much money, anything as they will on inventory. And they want the inventory to be targeted to those places where it is most likely to be consumed and not to places where it's least likely to be consumed. >>So this is trying to solve the issue of getting the right product at the right place at the right time to the right consumer and retailers want to improve this because the dollars are just so big, but in this complex, fast moving world that we live in today, it's this requires something approaching real-time visibility. They want to be able to monitor the supply chain, the DCS and the warehouses. And they're picking capacity. We're talking about each of us, we're talking about each his level. Decision-making about what's flowing through the supply chain all the way from the, from the manufacturing doctor, the manufacturer through to consumption. There's two sides of the supply chain and retailers want to look at it, you'll hear retailers and, and people like me talk about the digital twin. This is where this really becomes important. And again, the digital twin is, is enabled by IOT and AI analytics. >>And finally they need to re to increase their profitability for online fulfillment. Uh, this is a huge issue, uh, for some grocers, the volume of online orders went from less than 10% to somewhere north of 40%. And retailers did in 2020, what they needed to do to fulfill those customer orders in the, in the year of the pandemic, that now the expectation that consumers have have been raised significantly. They now expect those, those features to be available to them all the time. And many people really liked them. Now retailers need to find out how to do it profitably. And one of the first things they need to do is they need to be able to observe the process so that they can find places to optimize. This is out of our recent research and I encourage you to read it. >>And when we think about the hard one wisdoms that retailers have come up with, we think about these things better visibility has led to better understanding, which increases their reaction time, which increases their profitability. So what are the opportunities? This is the first place that you'll see something that's very common. And in our research, we separate over performers, who we call retail winners from everybody else, average and under-performers, and we've noticed throughout the life of our company, that retail winners, don't just do all the same things that others do. They tend to do other things. And this shows up in this particular graph, this again is from the same study. So what are the opportunities to, to address these challenges? I mentioned to you in the last slide, first of all, strategic placement of inventory throughout the supply chain to better fulfill customer needs. This is all about being able to observe the supply chain, get the inventory into a position where it can be moved quickly to fast changing demand. >>And on the consumer side, a better understanding and reacting to unplanned events that can drive a dramatic change in customer behavior. Again, this is about studying the data, analyzing the data and reacting to the data that comes before the sales transaction. So this is observing the path to purchase observing things that are happening in the marketplace around the retailer, so that they can respond very quickly, a better understanding of the dramatic changes in customer preference and path to purchase. As they engage with us. One of the things we, all we all know about consumers now is that they are in control and the literally the entire planet is the assortment that's available to them. If they don't like the way they're interacting with you, they will drop you like a hot potato and go to somebody else. And what retailers fear justifiably is the default response to that is to just see if they can find it on Amazon. >>You don't want this to happen if you're a retailer. So we want to observe how we are interacting with consumers and how well we are meeting their needs, optimizing omni-channel order fulfillment to improve profitability. We've already mentioned this, uh, retailers did what they needed to do to offer new fulfillment options to consumers. Things like buy online pickup curbside, buy online pickup in store, buy online, pick up at a locker, a direct to consumer all of those things. Retailers offer those in 2020 because the consumers demand it and needed it. So when retailers are trying to do now is to understand how to do that profitably. And finally, this is important. It never goes away. Is the reduction of waste shrink within the supply chain? Um, I'm embarrassed to say that when I was a retail executive in the nineties, uh, we were no more certain of consumer demand than anybody else was, but we, we wanted to commit to very high service levels for some of our key county categories somewhere approaching 95%. >>And we found the best way to do that was to flood the supply chain with inventory. Uh, it sounds irresponsible now, but in those days, that was a sure-fire way to make sure that the customer had what she was looking for when she looked for it. You can't do that in today's world. Money is too tight and we can't have that, uh, inventory sitting around and move to the right places. Once we discovered what the right place is, we have to be able to predict, observe and respond in something much closer to your time. One of the next slide, um, the simple message here, again, a difference between winners and everybody else, the messages, if you can't see it, you can't manage it. And so we asked retailers to identify, to what extent an AI enabled supply chain can help their company address some issues. >>Look at the differences here. They're shocking identifying network bottlenecks. This is the toilet paper story I told you about over half of retail winners, uh, feel that that's very important. Only 19% of average and under performers, no surprise that their average and under-performers visibility into available to sell inventory anywhere within the enterprise, 58% of winners and only 32% of everybody else. And you can go on down the list, but you get the just retail winners, understand that they need to be able to see their assets and something approaching real time so that they can make the best decisions possible going forward in something approaching real time. This is the world that we live in today. And in order to do that, you need to be able to number one, see it. And number two, you need to be able to analyze it. And number three, you have to be able to make decisions based on what you saw, just some closing observations on. >>And I hope this was interesting for you. I love talking about this stuff. You can probably tell I'm very passionate about it, but the rapid pace of change in the world today is really underscoring the importance. For example, of location intelligence, as a key component of helping businesses to achieve sustainable growth, greater operational effectiveness and resilience, and ultimately your success. So this is really, really critical for retailers to understand and successfully evolving businesses need to accommodate these new consumer shopping behaviors and changes in how products are brought to the market. So that, and in order to do that, they need to be able to see people. They need to be able to see their assets, and they need to be able to see their processes in something approaching real time, and then they need to analyze it. And based on what they've uncovered, they need to be able to make strategic and operational decision making very quickly. This is the new world we live in. It's a real-time world. It's a, it's a sense and respond world and it's the way forward. So, Brent, I hope that was interesting for you. I really enjoyed talking about this, as I said, we'd love to hear a little bit more. >>Hey, Brian, that was excellent. You know, I always love me love hearing from RSR because you're so close to what retailers are talking about and the research that your company pulls together. Um, you know, one of the higher level research articles around, uh, fast data frankly, is the whole notion of IOT, right? And he does a lot of work in this space. Um, what I find fascinating based off the recent research is believe it or not, there's $1.2 trillion at stake in retail per year, between now and 2025. Now, how is that possible? Well, part of it is because the Kinsey captures not only traditional retail, but also QSRs and entertainment then use et cetera. That's considered all of retail, but it's a staggering number. And it really plays to the effect that real-time can have on individual enterprises. In this case, we're talking of course, about retail. >>So a staggering number. And if you think about it from streaming video to sensors, to beacons, RFID robotics, autonomous vehicles, retailers are testing today, even pizza delivery, you know, autonomous vehicle. Well, if you think about it, it shouldn't be that shocking. Um, but when they were looking at 12 different industries, retail became like the number three out of 12, and there's a lot of other big industries that will be leveraging IOT in the next four years. So, um, so retailers in the past have been traditionally a little stodgy about their spend in data and analytics. Um, I think retailers in general have got the religion that this is what it's going to take to compete in today's world, especially in a global economy. And in IOT really is the next frontier, which is kind of the definition of fast data. Um, so I, I just wanted to share just a few examples or exemplars of, of retailers that are leveraging Cloudera technology today. >>So now, so now the paid for advertisement at the end of this, right? So, so, you know, so what bringing to market here. So, you know, across all retail, uh, verticals, you know, if we look at, you know, for example, a well-known global mass virtual retailer, you know, they're leveraging Cloudera data flow, which is our solution to move data from point to point in wicked fast space. So it's open source technology that was originally developed by the NSA. So, um, it is best to class movement of data from an ingest standpoint, but we're also able to help the roundtrip. So we'll pull the sensor data off all the refrigeration units for this particular retailer. They'll hit it up against the product lifecycle table. They'll understand, you know, temperature fluctuations of 10, 20 degrees based on, you know, fresh food products that are in the store, what adjustments might need to be made because frankly store operators, they'll never know refrigeration don't know if a cooler goes down and they'll have to react quickly, but they won't know that 10, 20 degree temperature changes have happened overnight. >>So this particular customer leverages father a data flow understand temperature, fluctuations the impact on the product life cycle and the round trip communication back to the individual department manager, let's say a produce department manager, deli manager, meat manager, Hey, you had, you know, a 20 degree drop in temperature. We suggest you lower the price on these products that we know are in that cooler, um, for the next couple of days by 20%. So you don't have to worry, tell me about freshness issues and or potential shrink. So, you know, the grocery with fresh product, if you don't sell it, you smell it, you throw it away. It's lost to the bottom line. So, you know, critically important and, you know, tremendous ROI opportunity that we're helping to enable there, uh, from a, a leading global drugstore retailer. So this is more about data processing and, you know, we're excited to, you know, the recent partnership with the Vidia. >>So fast data, isn't always at the edge of IOT. It's also about workloads. And in retail, if you are processing your customer profiles or segmentation like intra day, you will ever achieve personalization. You will never achieve one-on-one communications with readers killers or with customers. And why is that? Because customers in many cases are touching your brand several times a week. So taking you a week or longer to process your segmentation schemes, you've already lost and you'll never achieve personalization in frack. In fact, you may offend customers by offering. You might push out based on what they just bought yesterday. You had no idea of it. So, you know, that's what we're really excited about. Uh, again, with, with the computation speed, then the video brings to, to Cloudera, we're already doing this today already, you know, been providing levels, exponential speed and processing data. But when the video brings to the party is course GPU's right, which is another exponential improvement, uh, to processing workloads like demand forecast, customer profiles. >>These things need to happen behind the scenes in the back office, much faster than retailers have been doing in the past. Um, that's just the world we all live in today. And then finally, um, you know, proximity marketing standpoint, or just from an in-store operation standpoint, you know, retailers are leveraging Cloudera today, not only data flow, but also of course our compute and storage platform and ML, et cetera, uh, to understand what's happening in store. It's almost like the metrics that we used to look at in the past in terms of conversion and traffic, all those metrics are now moving into the physical world. If you can leverage computer vision in streaming video, to understand how customers are traversing your store, how much time they're standing in front of the display, how much time they're standing in checkout line. Um, you can now start to understand how to better merchandise the store, um, where the hotspots are, how to in real time improve your customer service. >>And from a proximity marketing standpoint, understand how to engage with the customer right at the moment of truth, right? When they're right there, um, in front of a particular department or category, you know, of course leveraging mobile devices. So that's the world of fast data in retail and just kind of a summary in just a few examples of how folks are leveraging Cloudera today. Um, you know, from an overall platform standpoint, of course, father as an enterprise data platform, right? So, you know, we're, we're helping to the entire data life cycle. So we're not a data warehouse. Um, we're much more than that. So we have solutions to ingest data from the edge from IOT leading practice solutions to bring it in. We also have experiences to help, you know, leverage the analytic capabilities of, uh, data engineering, data science, um, analytics and reporting. Uh, we're not, uh, you know, we're not, we're not encroaching upon the legacy solutions that many retailers have today. >>We're providing a platform, this open source that helps weave all of this mess together that existed retail today from legacy systems because no retailer, frankly, is going to rip and replace a lot of stuff that they have today. Right. And the other thing that Cloudera brings to market is this whole notion of on-prem hybrid cloud and multi-cloud right. So our whole, our whole culture has been built around open source technology as the company that provides most of the source code to the Apache network around all these open source technologies. Um, we're kind of religious about open source and lack of vendor lock-in, uh, maybe to our fault. Uh, but as a company, we pull that together from a data platform standpoint. So it's not a rip and replace situation. It's like helping to connect legacy systems, data and analytics, um, you know, weaving that whole story together to be able to solve this whole data life cycle from beginning to end. >>And then finally, you know, just, you know, I want to thank everyone for joining today's session. I hope you found it informative. I can't say Brian killed course enough. Um, you know, he's my trusted friend in terms of what's going on in the industry. He has much broader reach of course, uh, in talking to a lot of our partners in, in, in, in other, uh, technology companies out there as well. But I really appreciate everyone joining the session and Brian, I'm going to kind of leave it open to you to, you know, any closing comments that you might have based on, you know, what we're talking about today in terms of fast data and retail. >>First of all, thank you, Brent. Um, and this is an exciting time to be in this industry. Um, and I'll just leave it with this. The reason that we are talking about these things is because we can, the technology has advanced remarkably in the last five years. Some of this data has been out there for a lot longer than that in it, frankly wasn't even usable. Um, but what we're really talking about is increasing the cycle time for decisions, making them go faster and faster so that we can respond to consumer expectations and delight them in ways that that make us a trusted provider of their life, their lifestyle needs. So this is really a good time to be a retailer, a real great time to be servicing the retail technology community. And I'm glad to be a part of it. And I was glad to be working with you. So thank you, Brian. >>Yeah, of course, Brian, and one of the exciting things for me to not being in the industry, as long as I have and being a former retailer is it's really exciting for me to see retailers actually spending money on data and it for a change, right? They've all kind of come to this final pinnacle of this is what it's going to take to compete. Um, you know, you know, and I talked to, you know, a lot of colleagues, even, even salespeople within Cloudera, I like, oh, retail, very stodgy, you know, slow to move. That's not the case anymore. Um, you know, religion is everyone's, everyone gets the religion of data and analytics and the value of that. And what's exciting for me to see as all this infusion of immense talent within the industry years ago, Brian, I mean, you know, retailers are like, you know, pulling people from some of the, you know, the greatest, uh, tech companies out there, right? From a data science data engineering standpoint, application developers, um, retail is really getting this legs right now in terms of, you know, go to market and in the leverage of data and analytics, which to me is very exciting. Well, >>You're right. I mean, I, I became a CIO around the time that, uh, point of sale and data warehouses were starting to happen data cubes and all those kinds of things. And I never thought I would see a change that dramatic, uh, as the industry experience back in those days, 19 89, 19 90, this changed doors that, but the good news is again, as the technology is capable, uh, it's, it's, we're talking about making technology and information available to, to retail decision-makers that consumers carry around in their pocket purses and pockets is there right now today. Um, so the, the, the question is, are you going to utilize it to win or are you going to get beaten? That's really what it boils down to. Yeah, >>For sure. Uh, Hey, thanks everyone. We'll wrap up. I know we ran a little bit long, but, uh, appreciate, uh, everyone, uh, hanging in there with us. We hope you enjoyed the session. The archive contact information is right there on the screen. Feel free to reach out to either Brian and I. You can go to cloudera.com. Uh, we even have, you know, joint sponsored papers with RSR. You can download there as well as eBooks and other assets that are available if you're interested. So thanks again, everyone for joining and really appreciate you taking the time. >>Hello everyone. And thanks for joining us today. My name is Brent Bedell, managing director retail, consumer goods here at Cloudera. Cloudera is very proud to be partnering with companies like three soft to provide data and analytic capabilities for over 200 retailers across the world and understanding why demand forecasting could be considered the heartbeat of retail. And what's at stake is really no mystery to most, to most retailers. And really just a quick level set before handing this over to my good friend, uh, Camille three soft, um, you know, IDC Gartner. Um, many other analysts have kind of summed up an average, uh, here that I thought would be important to share just to level set the importance of demand forecasting or retail. And what's at stake. I mean the combined business value for retailers leveraging AI and IOT. So this is above and beyond. What demand forecasting has been in the past is a $371 billion opportunity. >>And what's critically important to understand about demand forecasting. Is it directly impacts both the top line and the bottom line of retail. So how does it affect the top line retailers that leverage AI and IOT for demand forecasting are seeing average revenue increases of 2% and think of that as addressing the in stock or out of stock issue in retail and retail is become much more complex now, and that is no longer just brick and mortar, of course, but it's fulfillment centers driven by e-commerce. So inventory is now having to be spread over multiple channels. Being able to leverage AI and IOT is driving 2% average revenue increases. Now, if you think about the size of most retailers or the average retailer that on its face is worth millions of dollars of improvement for any individual retailer on top of that is balancing your inventory, getting the right product in the right place and having productive inventory. >>And that is the bottom line. So the average inventory reduction, leveraging AI and IOT as the analyst have found, and frankly, having spent time in this space myself in the past a 15% average inventory reduction is significant for retailers not being overstocked on product in the wrong place at the wrong time. And it touches everything from replenishment to out-of-stocks labor planning and customer engagement for purposes of today's conversation. We're going to focus on inventory and inventory optimization and reducing out-of-stocks. And of course, even small incremental improvements. I mentioned before in demand forecast accuracy have millions of dollars of direct business impact, especially when it comes to inventory optimization. Okay. So without further ado, I would like to now introduce Dr. Camille Volker to share with you what his team has been up to. And some of the amazing things that are driving at top retailers today. So over to you, Camille, >>Uh, I'm happy to be here and I'm happy to speak to you, uh, about, uh, what we, uh, deliver to our customers. But let me first, uh, introduce three soft. We are a 100 person company based in Europe, in Southern Poland. Uh, and we, uh, with 18 years of experience specialized in providing what we call a data driven business approach, uh, to our customers, our roots are in the solutions in the services. We originally started as a software house. And on top of that, we build our solutions. We've been automation that you get the software for biggest enterprises in Poland, further, we understood the meaning of data and, and data management and how it can be translated into business profits. Adding artificial intelligence on top of that, um, makes our solutions portfolio holistic, which enables us to realize very complex projects, which, uh, leverage all of those three pillars of our business. However, in the recent time, we also understood that services is something which only the best and biggest companies can afford at scale. And we believe that the future of retail, uh, demon forecasting is in the product solutions. So that's why we created occupy our AI platform for data driven retail. That also covers this area that we talked about today. >>I'm personally proud to be responsible for our technology partnerships with other on Microsoft. Uh, it's a great pleasure to work with such great companies and to be able to, uh, delivered a solution store customers together based on the common trust and understanding of the business, uh, which cumulates at customer success at the end. So why, why should you analyze data at retail? Why is it so important? Um, it's kind of obvious that there is a lot of potential in the data per se, but also understanding the different areas where it can be used in retail is very important. We believe that thanks to using data, it's basically easier to the right, uh, the good decisions for the business based on the facts and not intuition anymore. Those four areas that we observe in retail, uh, our online data analysis, that's the fastest growing sector, let's say for those, for those data analytics services, um, which is of course based on the econ and, uh, online channels, uh, availability to the customer. >>Pandemic only speeds up this process of engagement of the customers in that channel, of course, but traditional offline, um, let's say brick and mortar shops. Uh, they still play the biggest role for most of the retailers, especially from the FMCG sector. However, it's also very important to remember that there is plenty of business, uh, related questions that meet that need to be answered from the headquarter perspective. So is it actually, um, good idea to open a store in a certain place? Is it a good idea to optimize a stock with Saturday in producer? Is it a good idea to allocate the goods to online channel in specific way, those kinds of questions they are, they need to be answered in retail every day. And with that massive amount of factors coming into that question, it's really not, not that easy to base, only on the intuition and expert knowledge, of course, uh, as Brent mentioned at the beginning, the supply chain and everything who's relates to that is also super important. We observe our customers to seek for the huge improvements in the revenue, just from that one single area as well. Okay. >>So let me present you a case study of one of our solutions, and that was the lever to a leading global grocery retailer. Uh, the project started with the challenge set of challenges that we had to conquer. And of course the most important was how to limit overstocks and out of stocks. Uh, that's like the holy grail in of course, uh, how to do it without flooding the stores with the goods and in the same time, how to avoid empty shelves, um, from the perspective of the customer, it was obvious that we need to provide a very well, um, a very high quality of sales forecast to be able to ask for, uh, what will be the actual sales of the individual product in each store, uh, every day, um, considering huge role of the perishable goods in the specific grocery retailer, it was a huge challenge, uh, to provide a solution that was able to analyze and provide meaningful information about what's there in the sales data and the other factors we analyzed on daily basis at scale, however, uh, our holistic approach implementing AI with data management, uh, background, and these automation solutions all together created a platform that was able to significantly increase, uh, the sales for our customer just by minimizing out of stocks. >>In the same time we managed to not overflow the stock, the shops with the goods, which actually decreased losses significantly, especially on the fresh fruit. >>Having said that this results of course translate into the increase in revenue, which can be calculated in hundreds of millions of dollars per year. So how the solution actually works well in its principle, it's quite simple. We just collect the data. We do it online. We put that in our data lake, based on the cloud, there are technology, we implement our artificial intelligence models on top of it. And then based on the aggregated information, we create the forecast and we do it every day or every night for every single product in every single store. This information is sent to the warehouses and then the automated replenishment based on the forecast is on the way the huge and most important aspect of that is the use of the good tools to do the right job. Uh, having said that you can be sure that there is too many information in this data, and there is actually two-minute forecast created every night that any expert could ever check. >>This means our solution needs to be, uh, very robust. It needs to provide information with high quality and high porosity. There is plenty of different business process, which is on our forecast, which need to be delivered on time for every product in each individual shop observing the success of this project and having the huge market potential in mind, we decided to create our QB, which can be used by many retailers who don't want to create a dedicated software for that. We'll be solving this kind of problem. Occupy is, uh, our software service offering, which is enabling retailers to go data driven path management. >>We create occupant with retailers, for retailers, uh, implementing artificial intelligence, uh, on top of data science models created by our experts, uh, having data, data analysis in place based on data management tools that we use we've written first, um, attitude. The uncertain times of pandemic clearly shows that it's very important to apply correction factors, which are sometimes required because we need to respond quickly to the changes in the sales characteristics. That's why occupy B is open box solution, which means that you basically can implement that in your organization. We have without changing the process internally, it's all about mapping your process into this into the system, not the other way around the fast trends and products, collection possibilities allow the retailers to react to any changes, which are pure in the sales every day. >>Also, it's worth to mention that really it's not only FMCG. And we believe that different use cases, which we observed in fashion health and beauty, common garden pharmacies and electronics, flavors of retail are also very meaningful. They also have one common thread. That's the growing importance of e-commerce. That's why we didn't want to leave that aside of occupant. And we made everything we can to implement a solution, which covers all of the needs. When you think about the factors that affect sales, there is actually huge variety of data and that we can analyze, of course, the transactional data that every dealer possesses like sales data from sale from, from e-commerce channel also, uh, averaging numbers from weeks, months, and years makes sense, but it's also worth to mention that using the right tool that allows you to collect that data from also internal and external sources makes perfect sense for retail. Uh, it's very hard to imagine a competitive retailer that is not analyzing the competitor's activity, uh, changes in weather or information about some seasonal stores, which can be very important during the summer during the holidays, for example. Uh, but on the other hand, um, having that information in one place makes the actual benefit and environment for the customer. >>Okay. Demon forecasting seems to be like the most important and promising use case. We can talk about when I think about retail, but it's also their whole process of replenishment that can cover with different sets of machine learning models. And they done management tools. We believe that analyzing data from different parts of the retail, uh, replenishment process, uh, can be achieved with implementing a data management solution based on caldera products and with adding some AI on top of it, it makes perfect sense to focus on not only demand forecasting, but also further use cases down the line when it comes to the actual benefits from implementing solutions for demand management, we believe it's really important to analyze them holistically. First is of course, out of stocks, memorization, which can be provided by simply better sales focus, but also reducing overstocks by better inventory management can be achieved in, in the same time. Having said that we believe that analyzing data without any specific new equipment required in point of sales is the low hanging fruit that can be easily achieved in almost every industry in almost every regular customer. >>Hey, thanks, Camille, having worked with retailers in this space for a couple of decades, myself, I was really impressed by a couple of things and they might've been understated, frankly. Um, the results of course, I mean, you, you know, as I kind of set up this session, you doubled the numbers on the statistics that the analysts found. So obviously in customers you're working with, um, you know, you're, you're doubling average numbers that the industry is having and, and most notably how the use of AI or occupy has automated so many manual tasks of the past, like tour tuning, item profiles, adding new items, et cetera. Uh, and also how quickly it felt like, and this is my, my core question. Your team can cover, um, or, or provide the solution to, to not only core center store, for example, in grocery, but you're covering fresh products. >>And frankly, there are, there are solutions out on the market today that only focus on center store non-perishable department. So I was really impressed by the coverage that you're able to provide as well. So can you articulate kind of what it takes to get up and running and your overall process to roll out the solution? I feel like based on what you talked about, um, and how you were approaching this in leveraging AI, um, that you're, you're streamlining processes of legacy demand, forecasting solutions that required more manual intervention, um, how quickly can you get people set up and what is the overall process like to get started with soft? >>Yeah, it's usually it takes three to six months, uh, to onboard a new customer to that kind of solution. And frankly it depends on the data that the customer, uh, has. Uh, usually it's different, uh, for smaller, bigger companies, of course. Uh, but we believe that it's very important to start with a good foundation. The platform needs to be there, the platform that is able to, uh, basically analyze or process different types of data, structured, unstructured, internal, external, and so on. But when you have this platform set, it's all about starting ingesting data there. And usually for a smaller companies, it's easier to start with those, let's say, low hanging fruits. So the internal data, which is there, this data has the highest veracity is already easy to start with, to work with them because everyone in the organization understands this data for the bigger companies. It might be important to ingest also kind of more unstructured data, some kind of external data that need to be acquired. So that may, that may influence the length of the process. But we usually start with the customers. We have, uh, workshops. That's very important to understand their business because not every deal is the same. Of course, we believe that the success of our customers comes also due to the fact that we train those models, those AI models individually to the needs of our >>Totally understand and POS data, every retailer has right in, in one way shape or form. And it is the fundamental, uh, data point, whether it's e-comm or the brick and mortar data, uh, every retailer has that data. So that, that totally makes sense. But what you just described was bunts. Um, there are, there are legacy and other solutions out there that this could be a, a year or longer process to roll out to the number of stores, for example, that you're scaling to. So that's highly impressive. And my guess is a lot of the barriers that have been knocked down with your solution are the fact that you're running this in the cloud, um, you know, on, from a compute standpoint on Cloudera from a public cloud stamp point on Microsoft. So there's, there's no, it intervention, if you will, or hurdles in preparation to get the database set up and in all of the work, I would imagine that part of the time-savings to getting started, would that be an accurate description? >>Yeah, absolutely. Uh, in the same time, this actually lowering the business risks, because we simply take data and put that into the data lake, which is in the cloud. We do not interfere with the existing processes, which are processing this data in the combined. So we just use the same data. We just already in the company, we ask some external data if needed, but it's all aside of the current customers infrastructure. So this is also a huge gain, as you said, right? >>And you're meeting customers where they are. Right. So, as I said, foundationally, every retailer POS data, if they want to add weather data or calendar event data or, you know, want incorporate a course online data with offline data. Um, you have a roadmap and the ability to do that. So it is a building block process. So getting started with, for data, uh, as, as with POS online or offline is the foundational component, which obviously you're very good at. Um, and then having that ability to then incorporate other data sets is critically important because that just improves demand, forecast accuracy, right. By being able to pull in those, those other data sources, if you will. So Camille, I just have one final question for you. Um, you know, there, there are plenty of not plenty, but I mean, there's enough demand forecasting solutions out on the market today for retailers. One of the things that really caught my eye, especially being a former retailer and talking with retailers was the fact that you're, you're promoting an open box solution. And that is a key challenge for a lot of retailers that have, have seen black box solutions come and go. Um, and especially in this space where you really need direct input from the, to continue to fine tune and improve forecast accuracy. Could you give just a little bit more of a description or response to your approach to open box versus black box? >>Yeah, of course. So, you know, we've seen in the past the failures of the projects, um, based on the black box approach, uh, and we believe that this is not the way to go, especially with this kind of, uh, let's say, uh, specialized services that we provide in meaning of understanding the customer's business first and then applying the solution, because what stands behind our concept in occupy is the, basically your process in the organization as a retailer, they have been optimized for years already. That's where retailers put their, uh, focus for many years. We don't want to change that. We are not able to optimize it properly. For sure as it combined, we are able to provide you a tool which can then be used for mapping those very well optimized process and not to change them. That's our idea. And the open box means that in every process that you will map in the solution, you can then in real time monitor the execution of those processes and see what is the result of every step. That way we create truly explainable experience for our customers, then okay, then can easily go for the whole process and see how the forecast, uh, was calculated. And what is the reason for a specific number to be there at the end of the day? >>I think that is, um, invaluable. Um, can be, I really think that is a differentiator and what three soft is bringing to market with that. Thanks. Thanks everyone for joining us today, let's stay in touch. I want to make sure to leave, uh, uh, Camille's information here. Uh, so reach out to him directly or feel free at any, any point in time, obviously to reach out to me, um, again, so glad everyone was able to join today, look forward to talking to you soon.

>>From around the globe. It's the queue cover >>Space and cyber security >>Symposium 2020 hosted by Cal poly. >>Hello and welcome to the space and cybersecurity symposium 2020 hosted by Cal poly and the cube I'm chilling for a, your host. We have a great session here. Space, cyber security, the department of defense perspective. We have bond Google hall, director of C four ISR directorate office of the undersecretary of defense for acquisition and sustainment for the DOD and Chris Henson, technical director space and weapons, cybersecurity solutions for the national security agency. Gentlemen, thank you for taking the time for this awesome session. Thank you, John. Thank you. So we're gonna talk about the perspective of the DOD relative to space cybersecurity, a lot, going on congestion, contention, freedom, evolution innovation. So Paul, I'd like to have you start with your opening statement on how you see the space cybersecurity perspective, Don, thanks for the intro. Really appreciate it. First, let me give my thanks to Cal poly for a convening, the space and cybersecurity symposium this year, you know, and despite the pandemic, the organization and the content delivery spreading impressive, I really foot stomping. >>What can possibly be done with a number of these virtual platforms? This has been awesome. Thanks for the opportunity. I also want to recognize my colleague, Chris Nissen from NSA was actually assigned to our staff that LSD, but he brings both policy and technical perspective in this whole area. So I think you'll, you'll find his commentary, uh, and positions on things very refreshing or for today's seminar. Now space cyber security is a pretty interesting terminology for us all. Uh, cyber security means protecting against cyber threats and it's really more than just computers here on earth, right? Uh, space is the newest war fighting domain, and cybersecurity's perhaps even more of a challenge in this domain that and others. Uh, I'm sure it'll turn journal Thompson and major journals Shaw discuss the criticality of this new dorm space force. It's the newest military service in the earlier sessions and they're at the risk of repeating what they already addressed. >>Let me start by talking about what space means to DOD and what we're doing directly from my vantage point as part of the acquisition and sustainment arm of the Pentagon. Uh, what I want to share with you today is how the current space strategy ties into the national defense strategy and supports the department's operational objectives. As the director of CFRI SAR. I have come to understand how the integration of CFRI Sarcic. Billy is a powerful asset to enhance the lethality of the joint war fighter. Secretary Lord, our boss, the sec, the undersecretary for acquisition and sustainment is diligent in her pursuit to adapt and modernize acquisition processes, to influence the strategy and to focus our efforts domain are to make our objectives a reality. I think first and foremost, we are building a more lethal force. This joint force will project low Valley and custom contested environments and across all domains through an operationally integrated and resiliency for ISR infrastructure. >>We are also called debating our alliances, deepening interoperability, which is very important in a future fight and collab, collaboratively planning with those partner with us in the fight most significantly for our work in acquisition and sustainment, we continue to optimize the department for greater performance and affordability through reform of the acquisition process. Now space is our newest war fighting domain. And while it is indeed unique, it shares many common traits with the others land, air and sea all are important to the defense of the U S in conflict. No doubt about this. They will be contested and they must be defended. One domain will not win future conflicts in a joint operation in a future fight in the future conflict. They must all succeed. I see three areas being key to a DOD strategic success in space, one, developing our whole of government approach in close partnership with the private sector and our allies to prioritizing our investments in resiliency, innovation, and adaptive operations, and third responding rapidly and effectively to leverage emerging technologies and seize opportunities to advance your strengths, partnerships and alliances. >>Let me emphasize that space is increasingly congested and tested and demanded as essential delete Valley operational effectiveness and the security of our nation. Now the commercialization of space offers a broad set of investments in satellite technology, potential opportunities to leverage those investments and pathways to develop cost efficient space architecture, where the department and the nation. It's funny, there's a new race, a race for space. If you will, between commercial companies buying for dominance of space. Now the joint staff within DOD is currently building an operational construct to employ and engage as a unified force, coordinated across all domains. We call it the joint, all domain command and control. It is the framework that is under development to allow us to conduct integrated operations in the future. The objective of Jesse too is to provide the war fighter access to the decision making information while providing mission assurance of the information and resilience of the underlying terrestrial air in space networks that support them operationally. >>six to maintain seamless integration, adaptation, and employment of our capability. To sense signal connect, transmit, process control, direct, and deliver lethal capabilities against the enemy. We gain a strategic advantage through the integration of these capabilities across all the domains, by providing balance bowel space, awareness, horse protection, and weapons controlled and deployment capabilities. Now successfully any ratings, the systems and capabilities will provide our war fighters overwhelming superiority on the battlefield environment, challenged by near peer adversaries, as well as non state actors in space. The character of its employment is changing, driven by increasing demands, not just by DOD, but by the commercial sector as well. You know, more and more, uh, we see greater use of small satellite systems to address a myriad of emerging questions, ubiquitous communications, awareness, sensor diversity, and many more. Uh, as I said before, the commercial world is pioneering high rate production of small satellites in our efforts to deploy hundreds, if not thousands of nodes space X, Darlene constellation is one example. >>Another one is Amazon's Kiper, uh, Kuyper just received FCC approval to deploy like over 3000 of these different notes. While a number of these companies continue to grow. Some have struggled. They some pointed as one web, uh, nevertheless, the appetite remains strong and DOD is taking advantage of these advances to support our missions. We are currently exploring how to better integrate the DOD activities involving small satellites under the small satellite coordinating activity, scholarly call it. We want to ensure collaboration and interoperability to maximize efficiency in acquisition and operation. When we started this activity on over a year and a half ago, we documented over 70 plus separate small, small sat programs within DOD. And now we've developed a very vibrant community of interest surrounding a small satellites. Now, part of the work we have identified nine focus areas for further development. These are common areas to all systems and by continuing to expand on these, our plan is they enable a standard of practice that can be applied across all of the domains. >>This includes lawn services, ground processing distribution, and of course, a topic of interest to the symposium space security and Chris we'll, we'll talk more about that being the Houston expert, uh, in this area. Uh, one challenge that we can definitely start working on today is workforce development. Cybersecurity's unique as it straddles STEM and security and policy, the trade craft is different. And unfortunately I've seen estimates recently, so suggesting a workforce gap in the next several years, much like the STEM fields, uh, during the next session, I am a part of a panel with precedent, Armstrong, Cal poly, and Steve Jake's the founder of the national security space association to address workforce development. But for this panel, I'll look forward to having further dialogue surrounding space, opera security with Chris and John. Thank you, John >>Bob, thank you for that whole thing, Steven. Yes. Workforce gaps. We need the new skill space is here. Thank you very much. Chris Henson, technical director of space and weapons, cybersecurity solutions for the national security agency. Your statement, >>Thank you for having me. Uh, I'm one of several technical leaders in space at the national security agency. And I'm currently on a joint duty assignment at the office of under secretary of defense for acquisition and sustainment. I work under mr. GUMA hot in the C four ISR area, but almost 63 years ago on the 4th of October, 1957, Sputnik was the first artificial satellite launched by the Soviet union in space. History was made in each of you can continue to write future space history in your careers. And just like in 1957, the U S isn't alone in space to include our close partnerships and longterm activities with organizations like the Japanese space agency, the European space agency, and, uh, the Canadian space agency, just to name a few. And when we tackle cybersecurity per space, we have to address, address the idea that the communications command and control, uh, and those mission datas will transverse networks owned and operated by a variety of partners, not only.go.mil.com.edu, et cetera. We need to have all the partners address the cyber effects of those systems because the risk excepted by one is shared by all and sharing cyber best practices, lessons learned, uh, data vulnerabilities, threat data, mitigation, mitigation procedures, all our valuable takeaways, uh, in expanding this space community, improving overall conditions for healthy environment. So thank you for having me, and I appreciate the opportunity to speak to you and your audience. And I look forward to the discussion questions. Thank you. >>Thank you, Chris. Thank you, Bob. Okay. I mean open innovation, the internet, you see plenty of examples. The theme here is partners, commercial government. It's going to take a lot of people and tech companies and technologies to make space work. So we asked my first question, Bonnie, we'll start with you is what do you see as the DOD his role in addressing cybersecurity in space? Uh, it's real, uh, it's a new frontier. Um, it's not going away. It's only going to get more innovative, more open, more contested. It seems like a lot to do there. So what's your role in addressing cyber security in space? >>I think our role is to be the leader in developing and only is it the strategy, but the, uh, the implementation plan is to ensure a full of cybersecurity. If you look at the national cyber cyber strategy, I think publishing 2018 calls for like-minded countries, industry academia, and civil society. Once you mentioned John, the support technology development, uh, digital safety policy advocacy, and research you here today, and those listening are fulfilling their strategy. When you, when you develop, enable use cyber hygiene products, as examples of capabilities, you're pushing the goal to fruition. When you know, what's on your network patron network backup, you're in encrypt your network, you're hardening and preventing cyber attacks. And we in government academia in the case of Cal poly civil networks and in commercial companies, we all benefit from doing that cyber security. Uh, and I think Chris will, we'll, we'll definitely back me up on this more than passwords encryption or pharma. It's truly a mindset and a culture of enabling missions to succeed in assured in a resilient fashion. >>Chris, you're taking reaction to, to the cybersecurity challenge involved here, >>That's it, it's starting really at the highest level of governments. We have, uh, you know, the, the recent security policy directive five that just came out just a couple of days ago, recognize all the factors of cybersecurity that need to come into play. And probably the most important outcome of that as mr said, is the leadership role and that leadership, uh, blends out very well into partnership. So partnership with industry partnership with academia partnership, with, uh, other people that are exploring space. And those partnerships lend itself very naturally to sharing cybersecurity issues, topics as we come up with best practices as we come up with mitigation strategies. And as we come up with vulnerabilities and share that information, the, uh, we're not going to go alone in space, just like we're probably not going to go alone in many other industries or areas, uh, that the DOD has to be, uh, involved in many spectrums of deploying to space. >>And that deployment involves as Mr. Guzman said, encryption authentication, knowing what's on the network, knowing the, the fabric of that network. And if nothing else, this, uh, this, uh, internet of things and work from home environment that we've, uh, partaken of these last few months has even explored and expanded that notion even more dramatically as we have people dial in from all over the different, uh, locations, well space will be that natural node that, uh, natural, uh, next network and mesh involvement that we'll have to protect and explore on not just from a terrestrial involvement, but all segments of it. Th the comm segment, the space vehicle and the ground portion, >>No bond. We talked about this in our other segment, um, around with the president of Cal poly, but the operating models of the space force and the DOD and getting space. It's a software defined world, right? So cybersecurity is a real big issue. Cause you have an operating model that's requiring software to power, these low hanging satellites. That's just an extension to the network. It's distributed computing, know what this is. If you understand what technology we do in space, it's no different, it's just a different environment. So it's software defined that just lends itself well to hacking. I mean, if I'm a hacker I'm going, Hey, why not just take out a satellite and crash it down or make the GPS do something different? I mean, it's definitely an attack vector. This is a big deal. It's not just like getting credentials that are cashed on a server. You gotta really protect, >>Right? Because in one hand it space will carry not only, uh, uh, you know, for local national security information. Uh, but the, uh, I feel like at the economic wellbeing, the financial state of allowed a lot of countries and institutions, you know, more and more John lb, they'll be using space assets to, uh, uh, to make, uh, make, make all that happen. Right. So, and if you look at the, you talk, you mentioned the attack vectors in space, you know, it's not just the computers in the ground, but if you look at the whole life cycle for satellite systems in space, you know, that the, the, the tasking that you need to do that the command, the controlling of the vehicle, the data that comes down in the ground, even when you launch the, the birds, the satellites, you know, they only need to be protected because they're all somewhat vulnerable to, uh, to hacking, uh, to cyber attacks. Especially as we grow into commercialization space, it's going to be a lot more people out there playing in this world. It's going to be a lot more companies out there. And, you know, it's hard to track, uh, uh, you know, the, the potential of, of, of foreign influences as an example, and therefore the potential of being vulnerable in terms of the cyber threat. >>Gentlemen, I like you guys said to move on to this leadership role, you mentioned that you want to be a leader. I get it. The DOD is department of defense. That's a new frontier to defend war time zone. You mentioned war time opportunity potentially, but how do you guys assist that's term hat to getting done? Because there's public and private space operations happening, um, there's security challenge. What does being a leader mean? And how does the DOD department of defense assist driving the public and private? Do you lead from a project standpoint, you lead from a funding standpoint? Is it architectural? I mean, you're talking about now a new end to end architecture. It's not just cloud it's on premise. It's in devices, it's offloaded with new AI technology and Nicks and devices. It's IOT, it's all, this is all new, this is all new. What does it mean for the DOD to be a leader and how do you assist others to get involved? And what does that mean? >>Yeah, I think, uh, the one hand, you know, DOD used to lead, uh, in terms of, uh, uh, being the only source of funding for a lot of, uh, highly developmental efforts. Uh, we're seeing a different story in space. Again, I keep going back to the commercialization of space. We're seeing a lot more players, right? So in many ways >>Ally's commercial companies are actually legally leading the R and D uh, of a lot of different technologies. So we want to take, we certainly want to take advantage of that. So from a leadership standpoint, I think we, we, Lucia can come in, you know, by partnering a lot more with, with the commercial companies, uh, in 2022, the DOD released the defense, uh, uh, space strategy as an example that highlights the threats, the challenges and opportunities the United States has faced by, by sending a example of how we, how we, uh, how we counter, uh, the threats that are out there, not just the DOD, but, but the disability and the commercial sector as well. Our current conditions are strong, but we want to use four lines of effort to meet our challenges and capitalize on our desire state space, uh, lines of effort include building a comprehensive military badges space, integrating space into a national joint and combined operations. Like I mentioned before, shaping that strategic environment and cooperating with allies, partners, and industry and other U S governmental agencies, departments, and agencies to advance the cost of space to take full advantage of what space can provide us, uh, in DOD, uh, and the nation. Chris has a domain. Now, what's your take on all that? >>That's because again, it's going to take more people, >>More diverse, potentially more security >>Halls. What's your view on it? >>Well, let's, let's look at how innovation and new technologies can help us in these areas. So, uh, and, and mentioned it a couple of topics that you hit on already. One of the areas that we can improve on is certainly in the, uh, the architecture, uh, where we look at a zero trust architecture, one of the NIST standards that's come about where it talks about the authentication, uh, the need to know a granular approach, this idea of being able to protect, not just data, but the resources and how people can get access to those, whether they're coming in through an identification, authentication Prudential, or, uh, other aspects of, uh, the, the idea of not just anybody should be able to have access to data or anybody should have access once they're on the inside of the network. So that zero trust architecture is, is one approach where we can show some leadership and guidance. >>Another area is in, uh, a topic that you touched on as well was in the software area. So some innovations are coming on very rapidly and strong in this artificial intelligence and machine learning. So if we can take this AI and ML and apply it to our software development areas, they can parse so much information very quickly. And, uh, you know, this vast array of code that's going into system nowadays, and then that frees up our human, uh, explicit talent and developers that can then look at other areas and not focus on minor bawling to Beverly fix a vulnerability. Uh, they, they can really use their unique skills and talents to come up with a better process, a better way, and let the artificial intelligence and machine learning, find those common problems, those, those unknown, hidden lines of code that, uh, get put into a software alarm Prairie, and then pull down over and over again from system to system. So I think between, uh, an architecture leadership role and employee innovation are two areas that we can show, uh, some benefits and process improvement to this whole system. >>That's a great point, Chris, and you think about just the architectural computer architecture, you know, S you know, network attached storage is an advantage software defined there. You could have flash all flash arrays for storage. You could have multiple cores on a device and this new architecture, offloads things, and it's a whole new way to gain efficiencies. I mean, you got Intel, you got Nvidia, you've got armed all the processors all built in. Um, so there's definitely been commercial best practices and benefits to a new kind of architecture that takes advantage of these new things. It's just, just efficiencies. Um, but this brings up the whole supply chain conversation. I want to get your thoughts on this, because there is talk about predatory investments and access and tactics to gain supply chain access to space systems, your thoughts. >>Yeah. It's a serious threat and not just for, uh, the U S uh, space. So supply chain, if you will, is the supply chain. And I says, you know, writ large, I think, uh, I think it's a, it's a, it's a threat that's, that's real, we're we're seeing today. I just saw an example recently, uh, involving, uh, our, I think our launch services were, there was a, uh, a foreign, uh, threat that was those trying to get into a true through with predatory investments. Uh, so, uh, it is something that we need to, uh, be aware of it it's happening, uh, and is continuing to happen. Uh, it's an easy way to gain access, to, uh, do our IP. Uh, and, uh, so it's something that we, uh, are serious about in terms of, uh, awareness and, and countering >>Chris, your thoughts. I mean, we've see, I mean, I'm an open source guy. I was seen it when I grew up in the industry in the eighties, open source became a revolution, but with that, it enabled new tactics for, um, state sponsored attacks on it that became a domain in of itself. Um, that's well-documented and people talk about that all the time in cyber. Now you have open innovation with hardware, software connected systems. This is going to bring supply chain nightmare. How do you track it all? Who's got what software and what device, where the chip come from, who made it, this is the potential is everywhere. How do you see the, these tactics, whether it's a VC firm from another country or this, that, and the other thing startup. >>Yeah. So when we see, when we see coal companies being purchased by foreign investors, and, you know, we can get blocked out of those, whether it's in the food industry, or if it's in a microchip, then that microchip could be used in a cell phone or a satellite or an automobile. So all of our industries that have these companies that are being purchased, or a large born investment influx into those, you know, that could be suspect. And we, we have to be very careful with those, uh, and, and do the tracking of those, especially when those, uh, some of those parts of mechanisms are coming from off shore. And then going again, going back to, uh, the space policy directive five, it calls out for better supply chain, resource management, the tracking, the knowing the pedigree and the, the quantitative of ability of knowing where those software libraries came from, where the parts came from and the tracking and delivery of that from an end to end system. >>And typically when we have a really large vendor, they can, they can do that really well. But when we have a subcontractor to a subcontractor, to a subcontractor, their resources may not be such that they can do that. Try tracking in mitigation for counterfeits or fraudulent materials going into our systems. So it's a very difficult challenge, and we want to ensure as best we can that as we ingest those parts, as we ingest those software libraries and technologies into the system, that, uh, before we employ them, we have to do some robust testing. And I don't want to say that the last line of defense, but that certainly is a mechanism for finding out, do the systems perform as they stated, uh, on a test bench or a flat set, whatever the case may be before we actually deploy it. And then we're relying on the output or the data that comes from that, that system that may have some corrupt or suspect parts in it. >>Great point, this federal grant, >>The problem with space systems is kind of, you know, is once you, once you launch the bird or the sunlight, uh, your access to it is, is diminished significantly, right? Unless you, you go up there and take it down. Uh, so, you know, kind of to Chris's point, we need to be able to test all the different parts of insurer that is performing as, as described there ass, I spent as specified, uh, with, with good knowledge that it's, uh, it's, uh, it's trustworthy. Uh, and, uh, so we that all on the ground before we, we take it up to launch it. >>It's funny. You want agility, you want speed and you want security, and you want reliability and risk management all aggressive, and it's a technical problem. It says it's a business model problem. I'd love to get real quick. Before we jump into some of the more workforce and gap issues on the personnel side, have you guys should just take a minute to explain quickly what's the federal view. If you had to kind of summarize the federal view of the DOD and the roll with it wants to take, so all the people out there on the commercial side or students out there who are, you know, wanting to jump in, what is the current modern federal view of space cybersecurity. >>Chris, why don't you take that on I'll follow up. Okay. Uh, I don't know that I can give you the federal view, but I can certainly give you the department of defense. That cybersecurity is extremely important. And as our vendors and our suppliers, uh, take on a very, very large and important role, one area that we're looking at improving on is a cyber certification maturity model, where we, where we look at the vendors and how they implement an employee cyber hygiene. So that guidance in and of itself shows the emphasis of cyber security that when we want to write a contract or a vendor, uh, for, for a purchase, that's going to go into a space system. We'd like to know from a third party audit capability, can that vendor, uh, protect and defend to some extent the amount that that part or piece or software system is going to have a cyber protection already built into it from that vendor, from the ground floor up before it even gets put into a larger system. >>So that shows a level of the CMMC process that we've thought about and, uh, started to employ, uh, beginning in 2021 and will be further built on in, in the out years. How, how important the DOD takes that. And other parts of the government are looking at this, in fact, other nations are looking at the CMMC model. So I think it shows a concern in very many areas, uh, not just in the department of defense that they're going to adopt an approach like this. Uh, so it shows the, the pluses and the benefits of a cybersecurity model that, uh, all can build on boggy reaction. Yeah, I'll just, uh, I'll just add to that, John, you, you, you, you asked earlier about, you know, how do we, uh, track, uh, commercial entities or, or people in the space and cyber security domains? Uh, I can tell you that, uh, at least my view of it, you know, space and cyber security are new, it's exciting, it's challenging a lot technical challenges there. So I think in >>Terms of attracting the right people, personnel to work those areas, uh, I think it's, it's not only intellectually challenging, uh, but it's important for, for the dependency that NASA States, uh, and it's important for, for, for economic security, uh, writ large for, for us as well. So I think, uh, in terms of a workforce and trying to get people interested in, in those domains, uh, I hope that they see the same thing we do in terms of, of the challenges and the opportunities it presents itself in the future. >>Awesome. I love your talk on intro track there falling. You mentioned, uh, the three key areas of DOD sec success, developing a government whole government approach to partnership with the private sector. I think that's critical and the allies prioritizing the right investments on resilience, innovation, adaptive operations, and responding to rapidly to effectively emerging technology. So you can be fast, all think are all things. I all, all those things are relevant. So given that, I want to get your thoughts on the defense space strategy in 2020, the DOD released dispense defense space, strategy, highlighting threats, and challenges and opportunities. How would you summarize those threats and those challenges and opportunities? What are the, what are those things that you're watching in the defense space area? Right. >>Well, I think, I think I saw, as I said before, of course, as well, you know, uh, or, or seeing that a space will be highly contested, uh, because it's a critical element in our, in our war fighting construct, uh, Dwayne, a future conflict, I think we need to, to win space as well. So when you, when you look at our near peer adversaries, there's a lot of efforts, uh, in trying to, to, to take that advantage away from the United States. So, so the threat is real, uh, and I think it's going to continue to evolve and grow. Uh, and the more we use space, both commercial and government, I think you're going to see a lot more when these threads some AFAs itself, uh, in, in forms of cyber, cyber attacks, or even kinetic attacks in some cases as needed. Uh, so yeah, so with the, the, the threat is need growing, uh, space is congested, as we talked about, it will continually be contested in the future as well. So we need to have, uh, like we do now in, in, in all the other domains, a way to defend it. And that's what we're working on with India, with the, how do we pilot with tech, our assets in space, and how do we make sure that the data information that traverses through space assets are trust 40, um, and, uh, and, and, and free of any, uh, uh, interference >>Chris, exciting time. I'm your, if you're in technology, um, this is crossing many lines here, tech society will war time, defense, new areas, new tech. I mean, it's security, it's intoxicating at many levels, because if you think about it, it's not one thing. It's not one thing anymore. It spans a broader spectrum, these opportunities. >>Yeah. And I, and I think that expansion is, is a natural outgrowth from, as our microprocessors and chips and technology continue to shrink smaller and smaller. You know, we, we think of our, our cell phones and our handheld devices and tablets, and so on that have just continued to, uh, get embedded in our everyday society, our everyday way of life. And that's a natural extension when we start applying those to space systems. When we think of smallsats and cube sets and the technology that's, uh, can be repurposed into, uh, a small vehicle and the cost has come down so dramatically that, you know, we, we can afford to get a rapid experiments, rapid, um, exploitations and, and different approaches in space and learn from those and repeat them very quickly and very rapidly. And that applies itself very well to an agile development process, dev sec ops, and this notion of spins and cycles and refreshing and re uh, addressing priorities very quickly so that when we do put a new technology up, that the technology is very lean and cutting edge, and hasn't been years and years in the making, but it's, uh, relevant and new, and the, uh, the cybersecurity and the vulnerabilities of that have to be addressed because of, and allow that DevSecOps process to take place so that we can look at those vulnerabilities and get that new technology and those new, new experiments and demonstrations in space and get lessons learned from them over and over again. >>Well, that brings us to the next big topic I want to spend the remainder of our time on that is workforce this next generation. If I wasn't so old, I would quit my job and I would join medially. It's so much, it's a fun, it's exciting. And it's important. And this is what I think is a key point is that cybersecurity in and of itself has got a big gap of shortage of workers, nevermind, adding space to it. So this is, uh, the intersection of space and cybersecurity. There is a workforce opportunity for this next generation, a young person to person re-skilling, this is a big deal. Bong, you have thoughts on this. It's not just STEM, it's everything. >>Yeah. It's everything, you know, uh, the opportunities would have in space it's significant and tremendous. And I think, uh, if I were young, again, as you pointed out, John, uh, you know, I'm, I'm, I'm lucky that I'm in this domain in this world and I started years ago. Uh, but it continues to be exciting, uh, lots of, lots of opportunities, you know, and when you, when you look at, uh, some of the commercial space, uh, systems that are being, being put up, uh, if you look at, I mentioned Starlink before, and, and, uh, Amazon's Kuyper constellation. These guys are talking about couple of thousand satellites in space to provide ubiquitous communications for internet globally and that sort of thing. Uh, and they're not the only ones that are out there producing capability. Uh, we're seeing a lot more commercial imagery products being developed by bike, by companies, both within the U S and, and, uh, foreign foreign elements as well. So I think it's an exciting time to be in space. Certainly lots of opportunities, there's technical challenges, uh, galore in terms of, you know, not only the overcoming the physics of space, but being able to operate, uh, flexibly, uh, in, uh, get the most you can out of the capabilities we have, uh, uh, operating up as high as being cool. I mean, everyone looks at launch. >>She gets millions of views on live streams, the on demand, reruns get millions and millions of views. Um, it's, there's a lot of things there. Um, so Chris, what specifically could you share are things that people would work on? Um, jobs skills, what are some, what's the aperture, what's it look like if you zoom out and look at all the opportunities from a scale standpoint, what's out there, >>We'll talk to the aperture, but I want to give a shout out to our space force. And I mean, their, their job is to train and equip, uh, future space and, uh, that, that space talent. And I think that's going to be a huge plus up, uh, to have, uh, uh, a space force that's dedicated to training equipping, uh, the, an acquisition and a deployment model that, uh, will benefit not just the other services, but all of our national defense and our, uh, you know, our, our strategic way of, uh, how, how this company, country, employees space, uh, altogether. So having, having a space for us, I think, as a, is a huge, uh, a huge issue. And then to get to that aperture aspect of, of what you're, what you're asking and, you know, that addresses a larger workforce. Uh, we need so many different talents in, in this area. >>Uh, we can, we can have, we can employ a variety of people, uh, from technical writers to people who write, uh, write in developed software to those who, uh, are bending metal and actually, uh, working in a hardware environment. And, uh, those that do planning and launch operations and all of those spectrums and issues of jobs, or are directly related to a workforce that can contribute to, to space. And then once that data gets to the ground and employed out to a user, whether it's a data or we're looking at, uh, from a sensor recent, uh, recent events on, uh, shipping lanes, those types of things. So space has such a wide and diverse swath that the aperture's really wide open, uh, for a variety of backgrounds. And, and those that, uh, really just want to take an opportunity, take a, take a technical degree or a degree that, uh, can apply itself to a tough problem, uh, because they certainly exist in space. And we can, we can use that mindset of problem solving, whether you come at it from a hacker mindset, an ethical, a white hat approach to testing and vulnerability exploration, or somebody who knows how to actually, um, make, uh, operations, uh, safer, better, uh, through space situation awareness. So there's a, there's a huge swath of opportunity for us >>Bon talk about the, um, the cyber security enabled environment, the use cases that are possible when you have cybersecurity in play with space systems, um, which is in and of itself, a huge range of jobs, codings supply chain. We just talked about a bunch of them. There's still more connected use cases that go beyond that, that, that are enabled by it. If you think about it, and this is what the students at Cal poly and every other college and university community college, you name it, or watching videos on YouTube, anyone with a brain can jump in. If they, if they see the future, it's an all net new space force is driving awareness, but there's a whole slew of these new use cases that I call space enabled by cybersecurity systems. Your thoughts. >>Absolutely. I, you know, I was, uh, had planned on attending the, uh, uh, the cyber challenge that's Cal poly had planned in June, of course, a pandemic, uh, uh, took care of that plan. But, but I was intrigued by, by the approach that the Cal poly was taking with, with, uh, middle school and high school kids of, of, of, of exposing him to a problem set here. You have a, a satellite that came down from space, uh, and, uh, part of the challenge was to do Porensic analysis on the debris, uh, the remaining pieces of the sound like to figure out what happened. Uh, it had a, uh, a cybersecurity connotation. It was hacked. It was attacked by, by cyber threat nation, took it down. And the beauty of having these kids kind of play with, with the remaining parts of the satellite figure out what happened. >>So I was pretty exciting. I was really looking forward to participating in that, but again, the pandemic kind of blew that up, but I, I look forward to future events like that to, to get our young people intrigued and interested in, uh, in this new field of space. Now, you know, Chris was talking earlier about opportunities, the opportunity that you talk about, you know, while I would like to have people come to the government, right. To help us out. It's not, it's not just focused on government, right? There's not lots of opportunities in commercial space. I, if you will, uh, for, for a lot of talent to, uh, uh, to have, uh, to participate in. So the challenge is a man's government and the commercial sector, John, >>I mean, you get the hardcore, you know, I want to work for the DOD. I want to work for NSA. I want to work for the government. You clearly got people who want to have that kind of mission, but for the folks out there, Chris and bong that are like, I'll do I qualify it? It's like the black box of the DOD. It's like a secret thing. You got any clearance, you've got to get all these certifications. And you've got to take all kinds of tests and background checks. And, um, is it like that? And will that continue? Cause some people might say, Hey, can I even get involved? What do I do? So I know there's some private partnerships going on with companies out there in the private sector. So this is now a new, you guys seem to be partnering and going outside the comfort zone of the old kind of tactical things. What are some of those opportunities that people could get involved that they might not know about >>PR for NSA, there's a variety of workforce, uh, initiatives that, uh, uh, for anybody from a high school work study can take advantage of to, uh, those that would like have to have internships. And those that are in a traditional academic environment, there's, uh, several NSA schools across the country that have a academic and cyber acts, uh, sites of excellence that participate in projects that are shepherded and mentored by those at NSA that can get those tough problems that don't have maybe a classified or super sensitive, uh, nature that that can be worked in and in an academia environment. So, so those are two or three examples of how somebody can break into, uh, the, uh, an intelligence organization and the, and the other agencies have those, uh, opportunities as well across the intelligence community and the, the partnership between and collaborative collaboration between private industry and the agencies and the department of defense just continue to grow over and over again. And even myself being able to take care advantage of a joint duty assignment between my home organization and the Pentagon just shows another venue of somebody that's in one organization can partner and leverage with another organization as well. So I'm an example of, of that partnering that's going on today. >>So there's some innovation, bong, non traditional pathways to find talent. What are out there? What are new, what are these new nontraditional ways >>I was going to add to what Chris was, was mentioning John? Yeah. Even within view and under the purview of our chief information officer, back in 2013, the deputy surfed dirty defense signed the, uh, what we call the DOD cyberspace workforce strategy, uh, into effect. And that included a program called the cyber information technology exchange program. It's an exchange program in which a, uh, you know, private sector employee and worked for the DOD in cyber security positions, uh, span across multiple mission critical areas. So this is one opportunity to learn, uh, you know, in inside the DOD what's happening as a private sector person, if you will, uh, going back to what we talked about, you know, kinda, uh, opportunities, uh, within the government for, for somebody who might be interested, uh, you know, you don't have to be super smart, Bork and space. Uh, there's a lot of like, like Chris pointed out, there's a lot of different areas that we need to have people down within people to do, uh, to conduct the mission space. So you don't have to be mathematician mathematician. You don't have to be an engineer to succeed in this business. I think there's plenty of opportunities for, for any types of, of talent, any type of academic disciplines that, that, that, that they're out there. >>And I think, you know, Chris is shout out to the space force is really worth calling out again, because I think to me, that's a big deal. It's a huge deal. It's going to change the face of our nation and society. So super, super important. And that's going to rise the tide. I think it's gonna create, uh, some activation, uh, for a younger generation, certainly, and kind of new opportunities, new problems to solve new threats to take on and, and move it on. So really super conversation space in cybersecurity, the department of defense perspective, Von and Chris, thank you for taking the time. I'd love you guys just to close out. We'll start with you bong. And then Chris summarize for the folks watching, whether it's a student at Cal poly or other university or someone in industry and government, what is the department of defense perspective for space cybersecurity? >>Chris, won't go and take that on. I started, thank you. Uh, cyber security applies to much more than just the launch and download of mission data or human led exploration and the planning, testing, and experiments in the lab prior to launch require that cyber protection, just as much as any other space link, ground segment, trust rail network, or user data, and any of that loss of intellectual property or proprietary data is an extremely valuable and important, and really warrants, cybersecurity safeguards in any economic espionage or data exfiltration or denied access to that data I E ransomware or some other, uh, attack that can cripple any business or government endeavor. Uh, no matter how small or large, if it's left in our economic backbone, uh, clearly depends on space and GPS is more than just a direction finding our banking needs that a T and timing from P and T or whether it says systems that protect our shipping and airline industry of whether they can navigate and go through a particular storm or not, uh, even fighting forest fires picked up by a remote sensor. >>All those space-based assets, uh, require protection from spoofing date, uh, data denial or total asset loss. An example would be if a satellite sensitive optics were intentionally pointed at the sun and damaged, or if a command, uh, to avoid collision with another space vehicle was delayed or disrupted or a ground termination command. As we just saw just a few days ago at T minus three seconds prior to liftoff, if those all don't go as planned, uh, those losses are real and can be catastrophic. So the threat to space is pervasive real and genuine, and your active work across all those platforms is a necessary and appreciated. And your work in this area is critical, uh, going forward going forward. Uh, thank you for this opportunity to speak with you and, uh, talking on this important topic. >>Thank you, Chris Henson, goodbye. >>Closing remarks. Yeah. Likewise, John, uh, again, uh, as, as Chris said, thank you for, for the opportunity to discuss this very important, uh, around space, cyber security, as well as addressing, uh, at the end there, we were talking about workforce development and the need to have, uh, people, uh, in the mix for four features. We discussed with you. We need to start that recruiting early, uh, as we're doing to address, uh, the STEM gap today, we need to apply the same thing for cybersecurity. We, we absolutely need smart, innovative people to protect both Iraq. Anomic wellbeings a nation as well as our national defense. So this is the right conversation to have at this time, John and I, again, thank you and our Cal poly hose for, or, uh, having a symposium and, and having this opportunity to have this dialogue. Thank you, >>Gentlemen. Thank you for your time and great insights. We couldn't be there in person. We're here virtual for the space and cybersecurity symposium, 2020, the Cal poly I'm Jennifer with Silicon angle and the cube, your host. Thank you for watching.

>> Voiceover: From around the globe, it's theCUBE, covering Space and Cybersecurity Symposium 2020 hosted by Cal Poly. >> Hello everyone? Welcome to the Space and Cybersecurity Symposium 2020 hosted by Cal Poly and theCUBE. I'm John Furrier, your host. We have a great session here. Space cybersecurity, the Department of Defense perspective. We have Bong Gumahad, Director of C4ISR, Directorate Office of the Under Secretary of Defense for Acquisition and Sustainment for the DOD. And Chris Henson, Technical Director Space and Weapons, Cybersecurity Solutions for the National Security Agency. Gentlemen, thank you for taking the time for this awesome session. >> Thank you, John. >> Thank you. >> So we're going to talk about the perspective of the DOD relative to space cybersecurity. A lot going on, congestion, contention, freedom, evolution, innovation. So Bong, I'd like to have you start with your opening statement on how you see the space cybersecurity perspective. >> John, thanks for the intro, really appreciate it. First, let me give my thanks to Cal Poly for convening the Space and Cybersecurity Symposium this year. And despite the pandemic, the organization and the content delivery is pretty impressive. I really foot stomping what can possibly be done with a number of these virtual platforms. This has been awesome, thanks for the opportunity. I also want to recognize my colleague, Chris Henson from NSA, who is actually assigned to our staff at the OUSD, but he brings both policy and technical perspective in this whole area. So I think you'll find his commentary and positions on things very refreshing for today's seminar. Now space cybersecurity is a pretty interesting terminology for us all. Cybersecurity means protecting against cyber threats. And it's really more than just computers here on earth. Space is the newest war fighting domain and cybersecurity is perhaps even more of a challenge in this domain than others. I'm sure Lieutenant General Thompson and Major John Shaw discuss the criticality of this new Space Force. It's the newest military service in the earlier sessions and they're at the risk of repeating what they already addressed. Let me start by talking about what space means to DOD and what we're doing directly from my advantage point as part of the Acquisition and Sustainment arm of the Pentagon. Well, what I want to share with you today is how the current space strategy ties into the National Defense strategy and supports the department's operational objectives. As the director of C4ISR, I have come to understand how the integration of C4ISR capability is a powerful asset to enhance the lethality of the joint war fighter. Secretary Lord, our boss, the Under Secretary for Acquisition and Sustainment is diligent in her pursuit to adapt and modernize acquisition processes, to influence the strategy and to focus our efforts to make our objectives a reality. I think first and foremost, we are building a more lethal force. This joint force will project lethality in contested environments and across all domains through an operationally integrated and resiliency 4ISR infrastructure. We are also cultivating our alliances, deepening interoperability, which is very important in a future fight and collaboratively planning with those who partner with us in the fight. Most significantly for our work in acquisition and sustainment, we continue to optimize the department for greater performance and affordability through reform of the acquisition process. Now space is our newest fighting domain. And while it is indeed unique, it shares many common traits with the others, land, air and sea. All are important to the defense of the US. In conflict, no doubt about this, they will be contested and they must be defended. One domain will not win future conflicts and in a joint operation in a future fight and the future conflict they must all succeed. I see three areas being key toward DOD strategic success in space. One, developing our whole of government approach in close partnership with the private sector and our allies. Two, prioritizing our investments in resiliency, innovation and adaptive operations. And third, responding rapidly and effectively to leverage emerging technologies and seize opportunities to advance US strengths, partnerships and alliances. Let me emphasize that space is increasingly congested and tested and demanded as essential to lethality operational effectiveness and the security of our nation. Now the commercialization space offers a broad set of investments in satellite technology, potential opportunities to leverage those investments and pathways to develop cost efficient space architecture, for the department and the nation. It's funny, there's a new race, a race for space, if you will, between commercial companies buying for dominance of space. Now the joint staff within DOD is currently building an operational construct to employ and engage as a unified force coordinated across all domains. We call it the Joint All Domain Command and Control, JADC2. It is the framework that is under development to allow us to conduct integrated operations in the future. The objective of JADC2 is to provide the war fighter access to the decision making information while providing mission assurance of the information and resilience of the underlying terrestrial air in space networks that support them. Operationally, JADC2 seeks to maintain seamless integration, adaptation, and employment of our capability to sense signal, connect, transmit, process control, direct, and deliver lethal capabilities against the enemy. We gain a strategic advantage through the integration of these capabilities across all the domains, by providing balance space awareness, horse protection, and weapons controlled and deployment capabilities. Now successfully any ratings in these systems and capabilities will provide our war fighters overwhelming superiority on the battlefield in an environment challenged by near peer adversaries, as well as non state actors. In space, the character of its employment is changing, driven by increasing demands, not just by DOD, but by the commercial sector as well. You know, more and more we see greater use of small satellite systems to address a myriad of emerging questions, ubiquitous communications, awareness, sensory diversity, and many more. As I said before, the commercial world is pioneering high rate production of small satellites in their efforts to deploy hundreds, if not thousands of nodes. SpaceX Starlink Constellation is one example. Another one is Amazon's Kuiper. Kuiper just received FCC approval to deploy like over 3000 of these different nodes. While a number of these companies continue to grow, some have struggled. Case in point is OneWeb. Nevertheless, the appetite remains strong and DOD is taken advantage of these advances to support our missions. We are currently exploring how to better integrate the DOD activities involving small satellites under the small satellite coordinating activity, scholarly call it. We want to ensure collaboration and interoperability to maximize efficiency in acquisition and operation. When we started this activity on over a year and a half ago, we documented over 70 plus separate small sat programs within DOD. And now we've developed a very vibrant community of interest surrounding our small satellites. Now, part of the work we have identified nine focus areas for further development. These are common areas to all systems and by continuing to expand on these, our plan is to enable a standard of practice that can be applied across all of the domains. This includes lawn services, ground processing distribution, and of course, a topic of interest to the symposium space security and Chris will talk more about that, being that he's the expert in this area. One challenge that we can definitely start working on today is workforce development. Cybersecurity is unique as it straddles STEM and security and policy. The trade craft is different. And unfortunately I've seen estimates recently suggesting a workforce gap in the next several years, much like the STEM fields. During the next session, I am a part of a panel with president Armstrong at Cal Poly, and Steve Jacques, the founder of the National Security Space Association to address workforce development. But for this panel, I'll look forward to having this dialogue surrounding space cybersecurity with Chris and John. Thank you, John. >> Bong, thank you for that opening statement and yes, workforce gaps, we need the new skill space is here. Thank you very much. Chris Henson's Technical Director of Space and Weapons, Cybersecurity Solutions for the National Security Agency. Your opening statement. >> Thank you for having me. I'm one of several technical leaders in space at the National Security Agency. And I'm currently on a joint duty assignment at the office of Under Secretary of Defense for Acquisition and Sustainment. I work under Mr. Gumahad in the C4ISR area. But almost 63 years ago, on the 4th of October, 1957, Sputnik was the first artificial satellite launched by the Soviet Union and space history was made. And each of you can continue to write future space history in your careers. And just like in 1957, the US isn't alone in space to include our close partnerships and longterm activities with organizations like the Japanese Space Agency, the European Space Agency and the Canadian Space Agency, just to name a few. And when we tackle cybersecurity per space, we have to address the idea that the communications command and control and those mission datas will transverse networks owned and operated by a variety of partners, not only .go, .mil, .com, .edu, et cetera. We need to have all the partners address the cyber effects of those systems because the risk accepted by one is shared by all. And sharing cyber best practices, lessons learned, data vulnerabilities, threat data mitigation procedures, all our valuable takeaways in expanding the space community, improving overall conditions for healthy environment. So thank you for having me, and I appreciate the opportunity to speak to you and your audience. And I look forward to the discussion questions, thank you. >> Thank you, Chris, thank you, Bong. Okay, I mean, open innovation, the internet, you see plenty of examples. The theme here is partners, commercial, government. It's going to take a lot of people and tech companies and technologies to make space work. So we asked my first question, Bong, we'll start with you is what do you see as the DOD's role in addressing cybersecurity in space? It's real, it's a new frontier. It's not going away, it's only going to get more innovative, more open, more contested. It seems like a lot to do there. What's your role in addressing cyber security in space? >> I think our role is to be the leader in developing not only is it the strategy, but the implementation plans to ensure a full of cybersecurity. If you look at the National Cyber Strategy, I think published in 2018, calls for like-minded countries, industry academia, and civil society. Once you mentioned John, the support technology development, digital safety policy, advocacy, and research. You here today, and those listening are fulfilling their strategy. When you develop, enable use cyber hygiene products as examples and capabilities, you're pushing the goal to provision. When you know what's on your network, patch network, backup and encrypt your network, you're hardening and preventing cyber attacks. And we in government academia, in the case of Cal Poly, civil networks and in commercial companies, we all benefit from doing that. Cyber security, and I think Chris will definitely back me up on this, more than passwords encryption or firewall. It's truly a mindset and a culture of enabling mission to succeed in assured and in a resilient fashion. >> Chris, you're take and reaction to the cybersecurity challenge involved here. >> It's starting really at the highest level of governments. We have, you know, the recent security policy Directive-5 that just came out just a couple of days ago, recognize all the factors of cybersecurity that need to come into play. And probably the most important outcome of that as Mr. Gumahad said, is the leadership role. And that leadership blends out very well into partnership. So partnership with industry, partnership with academia, partnership with other people that are exploring space. And those partnerships blend itself very naturally to sharing cybersecurity issues, topics, as we come up with best practices, as we come up with mitigation strategies, and as we come up with vulnerabilities and share that information. We're not going to go alone in space, just like we're probably not going to go alone in many other industries or areas. That the DOD has to be involved in many spectrums of deploying to space. And that deployment involves, as Mr. Gumahad said, encryption, authentication, knowing what's on the network, knowing the fabric of that network, and if nothing else, this internet of things and work from home environment that we've partaken of these last few months has even explored and expanded that notion even more dramatically as we have people dial in from all over the different locations. Well, space will be that natural node, that natural next network in measure involvement that we'll have to protect and explore on, not just from a terrestrial involvement, but all segments of it. The calm segment, the space vehicle, and the ground portion. >> You know, Bong, we talked about this in our other segment around with the president of Cal Poly, but the operating models of the Space Force and of the DOD and getting to space. But it's a software defined world, right? So cybersecurity is a real big issue 'cause you have an operating model that's requiring software to power these low hanging satellites. That's just an extension to the network. It's distributed computing, we know what this is. If you understand what technology we do in space, it's no different, it's just a different environment so it's software defined. That just lends itself well to hacking. I mean, if I'm a hacker I'm going, "Hey, why not just take out a satellite and crash it down "or make the GPS do something different?" I mean, it's definitely an attack vector. This is a big deal. It's not just like getting credentials that are cashed on a server, you got to really protect. >> Right, because in one hand it space will carry not only focal national security information, but if you look at the economic wellbeing, the financial state of a lot of countries, institutions, you know, more and more John, they'll be using space assets to make all that happen. So, and if you look at the, you mentioned the attack vectors in space. It's not just the computers in the ground, but if you look at the whole life cycle for satellite systems in space, the tasking that you need to do, the command and controlling of the vehicle, the data that comes down in the ground, even when you launch the birds, the satellites, you know, they all need to be protected because they're all somewhat vulnerable to hacking, to cyber attacks. Especially as we grow into commercialization space, it's going to be a lot more people out there playing in this world. It's going to be a lot more companies out there. And, you know, it's hard to track, the potential of foreign influences as an example, and therefore the potential of being vulnerable in terms of the cyber threat. >> Gentlemen, like you guys said to move on to this leadership role, Bong, you mentioned it. You want to be a leader, I get it, the DOD is Department of Defense, it's a new frontier to defend war time zone, you mentioned war time opportunity potentially. But how do you guys assist that's term hat to getting done? Because there's public and private space operations happening, there's security challenge. What does being a leader mean? And how does the DOD, Department of Defense assist driving the public and private? Do you lead from a project standpoint? Do you lead from a funding standpoint? Is it architectural? I mean, you're talking about now a new end-to-end architecture. It's not just cloud it's on premise, it's in devices, it's offloaded with new AI technology and nix and devices. It's IOT, it's all this and all new. This is all new. What does it mean for the DOD to be a leader and how do you assist others to get involved? And what does that mean? >> Yeah, I think the one hand, you know, DOD used to lead in terms of being the only source of funding for a lot of highly developmental efforts. We're seeing a different story in space. Again, I keep going back to the commercialization of space. We're seeing a lot more players, right? So in many ways allies commercial companies are actually leading the R&D of a lot different technology. So we certainly want to take advantage of that. So from a leadership standpoint, I think leadership can come in, by partnering a lot more with the commercial companies. In 2020, the DOD released the Defense Space Strategy, as an example, that highlights the threats, the challenges and opportunities the United States has faced by setting example of how we counter the threats that are out there, not just the DOD, but the civilian and the commercial sector as well. Our current conditions are strong, but we want to use four lines of effort to meet our challenges and capitalize on our desire to state space. Our lines of effort include building a comprehensive military badges space, integrating space into a national joint and combined operations, like I mentioned before. Shaping that strategic environment and cooperating with allies, partners in industry and other US governmental departments and agencies to advance the cost of space. To take full advantage of what space can provide us in DOD and the nation. >> Chris as a domain now, what's your take on all of this? Because again, it's going to take more people, more diverse, potentially more security hauls. What's your view on this? >> Well, let's look at how innovation and new technologies can help us in these areas. So, and mentioned it a couple of topics that you hit on already. One of the areas that we can improve on is certainly in the architecture. Where we look at a zero trust architecture, one of the NIST standards that's come about. Where it talks about the authentication, the need to know a granular approach, this idea of being able to protect, not just data, but the resources and how people can get access to those, whether they're coming in through an identification, authentication credential, or other aspects of the idea of not just anybody should be able to have access to data or anybody should have access once they're on the inside of the network. So that zero trust architecture is one approach where we can show some leadership and guidance. Another area is in a topic that you touched on as well, was in the software area. So some innovations are coming on very rapidly and strong in this artificial intelligence and machine learning. So if we can take this AI and ML and apply it to our software development areas, they can parse so much information very quickly. And you know, this vast array of software code that's going into system nowadays. And then that frees up our human exquisite talent and developers that can then look at other areas and not focus on minor vulnerability, fix a vulnerability. They can really use their unique skills and talents to come up with a better process, a better way, and let the artificial intelligence and machine learning, find those common problems, those unknown hidden lines of code that get put into a software library and then pull down over and over again from system to system. So I think between an architecture leadership role and employee innovation are two areas that we can show some benefits and process improvement to this whole system. >> That's a great point, Chris, and you think about just the architectural computer architecture network attached storage is an advantage software defined there. You could have flash, all flash arrays for storage. You could have multiple cores on a device. And this new architecture, offloads things, and it's a whole new way to gain efficiencies. I mean, you got Intel, you got Nvidia, you've got armed, all the processors all built in. So there's definitely been commercial best practices and benefits to a new kind of architecture that takes advantage of these new things. It's just efficiencies. But this brings up the whole supply chain conversation. I want to get your thoughts on this because there is talk about predatory investments and access and tactics to gain supply chain access to space systems, your thoughts? >> Yeah, it's a serious threat and not just for the US space supply chain, if you will, is the supply chain you access with large, I think it's a threat that's this real we're seeing today. I just saw an example recently involving, I think our law and services, where there was a foreign threat that was trying to get into a troop through with predatory investments. So it is something that we need to be aware of, it's happening and will continue to happen. It's an easy way to gain access to do our IP. And so it's something that we are serious about in terms of awareness and countering. >> Chris, your thoughts? I mean, I'm an open source guy. We've seen it when I grew up in the industry in the '80s open source became a revolution. But with that, it enabled new tactics for state sponsored attacks and that became a domain in of itself. That's well-documented and people talk about that all the time in cyber. Now you have open innovation with hardware, software connected systems. This is going to bring a supply chain nightmare. How do you track it all? (chuckles) Who's got what software and what device... Where the chip from? Who made it? Just the potential is everywhere. How do you see these tactics? Whether it's a VC firm from another country or this, that, and the other thing, startup, big company-- >> Yeah, so when we see coal companies being purchased by foreign investors, and, you know, we can get blocked out of those, whether it's in the food industry, or if it's in a microchip. Then that microchip could be used in a cell phone or a satellite or an automobile. So all of our are industries that have these companies that are being purchased or a large born investment influx into those, they can be suspect. And we have to be very careful with those and do the tracking of those, especially when those, some of those parts and mechanisms are coming from off shore. And again, going back to the Space Policy Directive-5, it calls out for better supply chain, resource management, the tracking, the knowing the pedigree and the quantitative ability of knowing where those software libraries came from, where the parts came from, and the tracking and delivery of that from an end-to-end system. And typically when we have a really large vendor, they can do that really well. But when we have a subcontractor to a subcontractor, to a subcontractor, their resources may not be such that they can do that tracking in mitigation for counterfeits or fraudulent materials going into our systems. So it's a very difficult challenge, and we want to ensure as best we can that as we ingest those parts, as we ingest those software libraries and technologies into the system, that before we employ them, we have to do some robust testing. And I don't want to say that's the last line of defense, but that certainly is a mechanism for finding out do the systems perform as they stated on a test bench or a flat set, whatever the case may be, before we actually deploy it. And then we're relying on the output or the data that comes from that system that may have some corrupt or suspect parts in it. >> Great point, this federal views-- >> The problem with space systems is kind of, you know, is once you launch the bird or the satellite, your access to it is diminished significantly, right? Unless you go up there and take it down. So, you know, kind of to Chris's point, we need to be able to test all the different parts to ensure that is performing as described there, as specified with good knowledge that it's trustworthy. And so we do that all on the ground before we take it up to launch it. >> It's funny, you want agility, you want speed, and you security, and you want reliability, and risk management. All aggressive, and it's a technical problem, it's a business model problem. Love to get real quick before we jump into some of the more workforce and gap issues on the personnel side, have you guys to just take a minute to explain quickly what's the federal view? If you had to kind of summarize the federal view of the DOD and the role with it wants to take, so all the people out there on the commercial side or students out there who are wanting to jump in, what is the current modern federal view of space cybersecurity? >> Chris, why don't you take that on and I'll follow up. >> Okay, I don't know that I can give you the federal view, but I can certainly give you the Department of Defense that cyber security is extremely important. And as our vendors and our suppliers take on a very, very large and important role, one area that we're looking at improving on is a cyber certification maturity model, where we look at the vendors and how they implement and employee cyber hygiene. So that guidance in and of itself shows the emphasis of cyber security. That when we want to write a contract or a vendor for a purchase that's going to go into a space system, we'd like to know from a third party audit capability, can that vendor protect and defend to some extent the amount that that part or piece or software system is going to have a cyber protection already built into it from that vendor, from the ground floor up, before it even gets put into a larger system. So that shows a level of the CMMC process that we've thought about and started to employ beginning in 2021 and will be further built on in the out years. How important the DOD takes that. And other parts of the government are looking at this. In fact, other nations are looking at the CMMC model. So I think it shows a concern in very many areas, not just in the Department of Defense, that they're going to adopt an approach like this. So it shows the pluses and the benefits of a cybersecurity model that all can build on. >> Bong, your reaction. >> Yeah, I'll just add to that. John, you asked earlier about, you know, how do we track commercial entities or people into the space and cyber security domains? I can tell you that at least my view of it, space and cybersecurity are new. It's exciting, it's challenging, a lot of technical challenges there. So I think in terms of attracting the right people and personnel to work those areas, I think it's not only intellectually challenging, but it's important for the defensing and near States. And it's important for economic security at large for us as well. So I think in terms of a workforce and trying to get people interested in those domains, I hope that they see the same thing we do in terms of the challenges and the opportunities it presents itself in the future. >> Awesome, I loved your talk on intro track there. Bong, you mentioned the three key areas of DOD success, developing a whole government approach to partnership with the private sector. I think that's critical, and the allies. Prioritizing the right investments on resilience, innovation, adaptive operations, and responding to rapidly to effectively emerging technology seem to be fast. I think all those things are relevant. So given that, I want to get your thoughts on the Defense Space Strategy. In 2020, the DOD released dispense Defense Space Strategy, highlighting threats, and challenges and opportunities. How would you summarize those threats and those challenges and opportunities? What are those things that you're watching in the defense space area? >> Right, well, I think as I said before, Chris as well, you know, we're seeing that space will be highly contested because it's a critical element in our war fighting construct. To win our future conflict, I think we need to win space as well. So when you look at our near peer adversaries, there's a lot of efforts in China to take that advantage away from the United States. So the threat is real, and I think it's going to continue to evolve and grow. And the more we use space, for both commercial and government, I think you're going to see a lot more when these threats, some AFAs itself in forms of cyber attacks, or even kinetic attacks in some cases as needed. So, yeah, so the threat is indeed growing, space is congested, as we talked about, it will continually be contested in the future as well. So we need to have, like we do now in all the other domains, a way to defend it. And that's what we're working on within DOD. How do we protect our assets in space, and how do we make sure that the data information that traverses through space assets are trustworthy and free of any interference. >> Chris, exciting time, I'm mean, if you're in technology, this is crossing many lines here, tech, society, war time defense, new areas, new tech. I mean, it's security, it's intoxicating at many levels because if you think about it, it's not one thing. It's not one thing anymore. It spans a broader spectrum, these opportunities. >> Yeah and I think that expansion is a natural outgrowth from, as our microprocessors and chips and technology continue to shrink smaller and smaller. You know, we think of our cell phones and our handheld devices and tablets and so on that have just continued to get embedded in our everyday society, our everyday way of life. And that's a natural extension when we start applying those to space systems, when we think of smallsats and cube sets and the technology that's can be repurposed into a small vehicle, and the cost has come down so dramatically that, you know, we can afford to get rapid experiments, rapid exploitations and different approaches in space and learn from those and repeat them very quickly and very rapidly. And that applies itself very well to an agile development process, DevSecOps, and this notion of spins and cycles and refreshing and re-addressing priorities very quickly so that when we do put a new technology up, that the technology is very lean and cutting edge, and hasn't been years and years in the making, but it's relevant and new. And the cybersecurity and the vulnerabilities of that have to be addressed and allow that DevSecOps process to take place so that we can look at those vulnerabilities and get that new technology and those new experiments and demonstrations in space and get lessons learned from them over and over again. >> Well, that brings us to the next big topic. I want to spend the remainder of our time on, that is workforce, this next generation. If I wasn't so old, I would quit my job and I would join immediately. It's so much fun, it's exciting, and it's important. And this is what I think is a key point is that cybersecurity in and of itself has got a big gap of shortage of workers, nevermind adding space to it. So this is the intersection of space and cybersecurity. There is a workforce opportunity for this next generation, young person to person re-skilling, this is a big deal. Bong, you have thoughts on this? It's not just STEM, it's everything. >> Yeah, it's everything, you know, the opportunities we have in space, it's significant and tremendous. And I think if I were young again, as you pointed out, John, you know, I'm lucky that I'm in this domain in this world and I started years ago, but it continues to be exciting, lots of opportunities, you know. When you look at some of the commercial space systems are being put up, if you look at, I mentioned Starlink before and Amazon's Kuiper Constellation. These guys are talking about couple of thousand satellites in space to provide ubiquitous communications for internet globally, and that sort of thing. And they're not the only ones that are out there producing capability. We're seeing a lot more commercial imagery products being developed by companies, both within the US and foreign elements as well. So I think it's an exciting time to be in space. Certainly lots of opportunities. There's technical challenges galore in terms of not only the overcoming the physics of space, but being able to operate flexibly and get the most you can out of the capabilities we have operating up in space. >> Besides being cool, I mean, everyone looks at launch of space gets millions of views on live streams, the On-Demand reruns get millions and millions of views. There's a lot of things there. So, Chris, what specifically could you share are things that people would work on? Jobs, skills, what's the aperture? What's it look like if you zoom out and look at all the opportunities from a scale standpoint, what's out there? >> I'll talk to the aperture, but I want to give a shout out to our Space Force. And I mean, their job is to train and equip each air space and that space talent. And I think that's going to be a huge plus up to have a Space Force that's dedicated to training, equipping, an acquisition and a deployment model that will benefit not just the other services, but all of our national defense and our strategic way of how this company, country employees space altogether. So having a Space Force, I think, is a huge issue. And then to get to that aperture aspect of what you're asking and that addresses a larger workforce, we need so many different talents in this area. We can employ a variety of people from technical writers, to people who write and develop software to those who bending metal and actually working in a hardware environment. And those that do planning and launch operations and all of those spectrums and issues of jobs, are directly related to a workforce that can contribute to space. And then once that data gets to the ground and employed out to a user, whether it's a weather data, or we're looking at from a sensor, recent events on shipping lanes, those types of things. So space has such a wide and diverse swath that the aperture's really wide open for a variety of backgrounds. And those that really just want to take an opportunity, take a technical degree, or a degree that can apply itself to a tough problem, because they certainly exist in space. And we can use that mindset of problem solving, whether you come at it from a hacker mindset, an ethical, white hat approach to testing and vulnerability exploration. Or somebody who knows how to actually make operations safer, better through space situation awareness. So there's a huge swath of opportunity for us. >> Bong, talk about the cybersecurity enabled environment, the use cases that are possible when you have cybersecurity in play with space systems, which is in and of itself, a huge range of jobs, codings, supply chain, we just talked about a bunch of them. There's still more connected use cases that go beyond that, that are enabled by it, if you think about it. And this is what the students at Cal Poly and every other college and university, community college, you name it, who are watching videos on YouTube. Anyone with a brain can jump in if they see the future. It's all net news. Space Force is driving awareness, but there's a whole slew of these new use cases that I call space enabled by cyber secure systems. Your thoughts? >> Absolutely, I was had planned on attending the Cyber Challenge that's Cal Poly had planned in June. Of course, the pandemic took care of that plan, but I was intrigued by the approach that the Cal Poly was taking with middle school and high school kids of exposing him to a problem set. Here, you have a satellite that came down from space and part of the challenge was to do forensic analysis on the debris, the remaining pieces of the satellite to figure out what happened. It had a cyber cybersecurity connotation. It was hacked, it was attacked by cyber threat nation, took it down. And the beauty of having these kids kind of play with the remaining parts of the satellite, figure out what happened. So it was pretty exciting. I was really looking forward to participating in that, but again, the pandemic kind of blew that up, but I look forward to future events like that, to get our young people intrigued and interested in this new field of space. Now, Chris was talking earlier about opportunities, there're opportunities that you talk about, while I would like to have people come to the government, to help us out, it's not just focused on government. There's lots of opportunities in commercial space, if you will, for a lot of talent to participate in. So the challenge is immense, both government and the commercial sector, John. >> I mean, you get the hardcore, you know, I want to work for the DOD, I want to work for NSA, I want to work for the government. You clearly got people who want to have that kind of mission. But for the folks out there, Chris and Bong that are like, "Do I qualify?" It's like the black box of the DOD, it's like a secret thing, you got to get clearance, you've got to get all these certifications. And you got to take all kinds of tests and background checks. Is it like that, and will that continue? 'Cause some people might say, "Hey, can I even get involved? "What do I do?" So I know there's some private partnerships going on with companies out there in the private sector. So this is now a new, you guys seem to be partnering and going outside the comfort zone of the old kind of tactical things. What are some of those opportunities that people could get involved in that they might not know about? >> For NSA, there's a variety of workforce initiatives that for anybody from a high school work study can take advantage of to those that would like have to have internships. And those that are in a traditional academic environment, there's several NSA schools across the country that have academic and cyber sites of excellence that participate in projects that are shepherded and mentored by those at NSA that can get those tough problems that don't have maybe a classified or super sensitive nature that can be worked in and in an academia environment. So those are two or three examples of how somebody can break into an intelligence organization. And the other agencies have those opportunities as well across the intelligence community. And the partnership between and collaboration between private industry and the agencies and the Department of Defense just continue to grow over and over again. And even myself being able to take advantage of a joint duty assignment between my home organization and the Pentagon, just shows another venue of somebody that's in one organization can partner and leverage with another organization as well. So I'm an example of that partnering that's going on today. >> So there's some innovation. Bong, nontraditional pathways to find talent, what are out there, what are new? What are these new nontraditional ways? >> I was going to add to what Chris was mentioning, John. Even within DOD and under the purview of our chief information officer, back in 2013, the Deputy Secretary Defense signed the, what we call the DOD Cyberspace Workforce Strategy into effect. And that included a program called the Cyber Information Technology Exchange Program. It's an exchange program in which a private sector employee can work for the DOD in cyber security positions span across multiple mission critical areas. So this is one opportunity to learn, inside the DOD what's happening as a private sector person, if you will. Going back to what we talked about, kind of opportunities within the government for somebody who might be interested. You don't have to be super smart, dork in space, there's a lot of, like Chris pointed out, there's a lot of different areas that we need to have people, talented people to conduct the mission in space. So you don't have to be mathematician. You don't have to be an engineer to succeed in this business. I think there's plenty of opportunities for any types of talent, any type of academic disciplines that are out there. >> All right, thank you, and Chris's shout out to the Space Force is really worth calling out again, because I think to me, that's a big deal. It's a huge deal. It's going to change the face of our nation and society. So super, super important. And that's going to rise the tide. I think it's going to create some activation for a younger generation, certainly, and kind of new opportunities, new problems to solve, new threats to take on, and move it on. So really super conversation, space and cybersecurity, the Department of Defense perspective. Bong and Chris, thank you for taking the time. I'd love you guys just to close out. We'll start with you Bong and then Chris. Summarize for the folks watching, whether it's a student at Cal Poly or other university or someone in industry and government, what is the Department of Defense perspective for space cybersecurity? >> Chris, want to go and take that on? >> That's right, thank you. Cybersecurity applies to much more than just the launch and download of mission data or human led exploration. And the planning, testing, and experiments in the lab prior to launch require that cyber protection, just as much as any other space link, ground segment, trust rail network, or user data, and any of that loss of intellectual property or proprietary data is an extremely valuable and important, and really warrants cyber security safeguards. In any economic espionage, your data exfiltration, or denied access to that data, i.e. ransomware or some other attack, that can cripple any business or government endeavor, no matter how small or large, if it's left unprotected. And our economic backbone clearly depends on space. And GPS is more than just a direction finding, banking needs that T and timing from P and T or whether it just systems that protect our shipping and airline industry of whether they can navigate and go through a particular storm or not. Even fighting forest fires picked up by a remote sensor. All those space space assets require protection from spoofing date, data denial, or total asset loss. An example would be if a satellite sensitive optics or intentionally pointed at the sun and damaged, or if a command to avoid collision with another space vehicle was delayed or disrupted or a ground termination command as we just saw just a few days ago at T minus three seconds prior to liftoff, if those all don't go as planned, those losses are real and can be catastrophic. So the threat to space is pervasive, real and genuine, and your active work across all those platforms is necessary and appreciated. And your work in this area is critical going forward. Thank you for this opportunity to speak with you and talking on this important topic. Thank you, Chris Henson. Bong Gumahad, closing remarks? >> Yeah, likewise, John, again, as Chris said, thank you for the opportunity to discuss this very important around space cybersecurity, as well as addressing at the end there, we were talking about workforce development and the need to have people in the mix for future. (indistinct) We discussed, we need to start that recruiting early as we're doing to address the STEM gap today, we need to apply the same thing for cybersecurity. We absolutely need smart and innovative people to protect both our economic wellbeing as a nation, as well as our national defense. So this is the right conversation to have at this time, John. And again, thank you and Cal Poly host for having this symposium and having this opportunity to have this dialogue. Thank you. >> Gentlemen, thank you for your time and great insights. We couldn't be there in person. We're here virtual for the Space and Cybersecurity Symposium 2020, the Cal Poly. I'm John Furrier with SiliconANGLE and theCUBE, your host. Thank you for watching. (soft music)

(upbeat electronic music) >> Narrator: From theCUBE studios in Palo Alto and Boston, connecting with thought leaders all around the world, this is a CUBE conversation. >> Okay, hello everyone. I'm John Furrier with theCUBE. We're here with Meet the Analysts segment Sunday morning. We've got everyone around the world here to discuss a bit of the news around the EU killing the privacy deal, striking it down, among other topics around, you know, data privacy and global commerce. We got great guests here, Ray Wang, CEO of Constellation Research. Bill Mew, founder and CEO of Cyber Crisis Management from the Firm Crisis Team. And JD, CEO of Spearhead Management. JD, I can let you say your name because I really can't pronounce it. How do I (laughs) pronounce it, doctor? >> I wouldn't even try it unless you are Dutch, otherwise it will seriously hurt your throat. (Ray laughing) So, JD works perfect for me. >> Doctor Drooghaag. >> And Sarbjeet Johal, who's obviously an influencer, a cloud awesome native expert. Great, guys. Great to have you on, appreciate it, thanks for comin' on. And Bill, thank you for initiating this, I appreciate all your tweets. >> Happy Sunday. (Bill laughing) >> You guys have been really tweeting up a storm, I want to get everyone together, kind of as an analyst, Meet the Analyst segment. Let's go through with it. The news is the EU and U.S. Privacy Shield for data struck down by the court, that's the BBC headline. Variety of news, different perspectives, you've got an American perspective and you've got an international perspective. Bill, we'll start with you. What does this news mean? I mean, basically half the people in the world probably don't know what the Privacy Shield means, so why is this ruling so important, and why should it be discussed? >> Well, thanks to sharing between Europe and America, it's based on a two-way promise that when data goes from Europe to America, the Americans promise to respect our privacy, and when data goes form America to Europe, the Europeans promise to respect the American privacy. Unfortunately, there are big cultural differences between the two blocks. The Europeans have a massive orientation around privacy as a human right. And in the U.S., there's somewhat more of a prioritization on national security, and therefore for some time there's been a mismatch here, and it could be argued that the Americans haven't been living up to their promise because they've had various different laws, and look how much talk about FISA and the Cloud Act that actually contravene European privacy and are incompatible with the promise Americans have given. That promise, first of all, was in the form of a treaty called Safe Harbor. This went to court and was struck down. It was replaced by Privacy Shield, which was pretty much the same thing really, and that has recently been to the court as well, and that has been struck down. There now is no other means of legally sharing data between Europe and America other than what are being called standard contractual clauses. This isn't a broad treaty between two nations, these are drawn by each individual country. But also in the ruling, they said that standard contractual clauses could not be used by any companies that were subject to mass surveillance. And actually in the U.S., the FISA courts enforce a level of mass surveillance through all of the major IT firms, of all major U.S. telcos, cloud firms, or indeed, social media firms. So, this means that for all of the companies out there and their clients, business should be carrying on as usual apart from if you're one of those major U.S. IT firms, or one of their clients. >> So, why did this come about? Was there like a major incident? Why now, was it in the court, stuck in the courts? Were people bitchin' and moanin' about it? Why did this go down, what's the real issue? >> For those of us who have been following this attentively, things have been getting more and more precarious for a number of years now. We've had a situation where there are different measures being taken in the U.S., that have continued to erode the different protections that there were for Europeans. FISA is an example that I've given, and that is the sort of secret courts and secret warrants that are issued to seize data without anyone's knowledge. There's the Cloud Act, which is a sort of extrajudicial law that means that warrants can be served in America to U.S. organizations, and they have to hand over data wherever that data resides, anywhere in the world. So, data could exist on a European server, if it was under the control of an American company, they'd have to hand that over. So, whilst FISA is in direct conflict with the promises that the Americans made, things like the Cloud Act are not only in controversion with the promise they've made, there's conflicting law here, because if you're a U.S. subsidiary of a big U.S. firm, and you're based in Europe, who do you obey, the European law that says you can't hand it over because of GDPR, or the American laws that says they've got extrajudicial control, and that you've got to hand it over. So, it's made things a complete mess. And to say has this stuff, hasn't really happened? No, there's been a gradual erosion, and this has been going through the courts for a number of years. And many of us have seen it coming, and now it just hit us. >> So, if I get you right in what you're saying, it's basically all this mishmash of different laws, and there's no coherency, and consistency, is that the core issue? >> On the European side you could argue there's quite a lot of consistency, because we uphold people's privacy, in theory. But there have been incidents which we could talk about with that, but in theory, we hold your rights dear, and also the rights of Europeans, so everyone's data should be safe here from the sort of mass surveillance we're seeing. In the U.S., there's more of a direct conflict between everything, including there's been a, in his first week in the White House, Donald Trump signed an executive order saying that the Privacy Act in the U.S., which had been the main protection for people in the U.S., no longer applied to non-U.S. citizens. Which was, if you wanted try and cause a storm, and if you wanted to try and undermine the treaty, there's no better way of doing it than that. >> A lot of ways, Ray, I mean simplify this for me, because I'm a startup, I'm hustlin', or I'm a big company, I don't even know who runs the servers anymore, and I've got data stored in multiple clouds, I got in regions, and Oracle just announced more regions, you got Amazon, a gazillion regions, I could be on-premise. I mean bottom line, what is this about? I mean, and -- >> Bill's right, I mean when Max Schrems, the Austrian. Bill's right, when Max Schrems the Austrian activist actually filed his case against Facebook for where data was being stored, data residency wasn't as popular. And you know, what it means for companies that are in the cloud is that you have to make sure your data's being stored in the region, and following those specific region rules, you can't skirt those rules anymore. And I think the cloud companies know that this has been coming for some time, and that's why there's been announced in a lot of regions, a lot of areas that are actually happening, so I think that's the important part. But going back to Bill's earlier point, which is important, is America is basically the Canary Islands of privacy, right? Privacy is there, but it isn't there in a very, very explicit sense, and I think we've been skirting the rules for quite some time, because a lot of our economy depends on that data, and the marketing of the data. And so we often confuse privacy with consent, and also with value exchange, and I think that's part of the problem of what's going on here. Companies that have been building their business models on free data, free private data, free personally identifiable data information are the ones that are at risk! And I think that's what's going on here. >> It's the classic Facebook issue, you're the product, and the data is your product. Well, I want to get into what this means, 'cause my personal take away, not knowing the specifics, and just following say, cyber security for instance, one of the tenets there is that data sharing is an invaluable, important ethos in the community. Now, everyone has their own privacy, or security data, they don't want to let everyone know about their exploits but, but it's well known in the security world that sharing data with each other, different companies and countries is actually a good thing. So, the question that comes in my mind, is this really about data sharing or data privacy, or both? >> I think it's about both. And actually what the ruling is saying here is, all we're asking from the European side is please stop spying on us and please give us a level of equal protection that you give to your own citizens. Because data comes from America to Europe, whatever that data belongs to, a U.S. citizen or a European citizen, it's given equal protection. It is only if data goes in the other direction, where you have secret courts, secret warrants, seizure of data on this massive scale, and also a level of lack of equivalence that has been imposed. And we're just asking that once you've sorted out a few of those things, we'd say everything's back on the table, away we go again! >> Why don't we merge the EU with the United States? Wouldn't that solve the problem? (Bill laughing) >> We just left Europe! (laughs heartily) >> Actually I always -- >> A hostile takeover of the UK maybe, the 52nd state. (Bill laughing loudly) >> I always pick on Bill, like Bill, you got all screaming loud and clear about all these concerns, but UKs trying to get out of that economic union. It is a union at the end of the day, and I think the problem is the institutional mismatch between the EU and U.S., U.S. is old democracy, bigger country, population wise, bigger economy. Whereas Europe is several countries trying to put together, band together as one entity, and the institutions are new, like you know, they're 15 years old, right? They're maturing. I think that's where the big mismatch is and -- >> Well, Ray, I want to get your thoughts on this, Ray wrote a book, I forget what year it was, this digital disruption, basically it was digital transformation before it was actually a trend. I mean to me it's like, do you do the process first and then figure out where the value extraction is, and this may be a Silicon Valley or an American thing, but go create value, then figure out how to create process or understand regulations. So, if data and entrepreneurship is going to be a new modern era of value, why wouldn't we want to create a rule based system that's open and enabling, and not restrictive? >> So, that's a great point, right? And the innovation culture means you go do it first, and you figure out the rules later, and that's been a very American way of getting things done, and very Silicon Valley in our perspective, not everyone, but I think in general that's kind of the trend. I think the challenge here is that we are trading privacy for security, privacy for convenience, privacy for personalization, right? And on the security level, it's a very different conversation than what it is on the consumer end, you know, personalization side. On the security side I think most Americans are okay with a little bit of "spying," at least on your own side, you know, to keep the country safe. We're not okay with a China level type of spying, which we're not sure exactly what that means or what's enforceable in the courts. We look like China to the Europeans in the way we treat privacy, and I think that's the perspective we need to understand because Europeans are very explicit about how privacy is being protected. And so this really comes back to a point where we actually have to get to a consent model on privacy, as to knowing what data is being shared, you have the right to say no, and when you have the right to say no. And then if you have a value exchange on that data, then it's really like sometimes it's monetary, sometimes it's non-monetary, sometimes there's other areas around consensus where you can actually put that into place. And I think that's what's missing at this point, saying, you know, "Do we pay for your data? Do we explicitly get your consent first before we use it?" And we haven't had that in place, and I think that's where we're headed towards. And you know sometimes we actually say privacy should be a human right, it is in the UN Charter, but we haven't figured out how to enforce it or talk about it in the digital age. And so I think that's the challenge. >> Okay, people, until they lose it, they don't really understand what it means. I mean, look at Americans. I have to say that we're idiots on this front, (Bill chuckling) but you know, the thing is most people don't even understand how much value's getting sucked out of their digital exhaust. Like, our kids, TikTok and whatnot. So I mean, I get that, I think there's some, there's going to be blow back for America for sure. I just worry it's going to increase the cost of doing business, and take away from the innovation for citizen value, the people, because at the end of the day, it's for the people right? I mean, at the end of the day it's like, what's my privacy mean if I lose value? >> Even before we start talking about the value of the data and the innovation that we can do through data use, you have to understand the European perspective here. For the European there's a level of double standards and an erosion of trust. There's double standards in the fact that in California you have new privacy regulations that are slightly different to GDPR, but they're very much GDPR like. And if the boot was on the other foot, to say if we were spying on Californians and looking at their personal data, and contravening CCPA, the Californians would be up in arms! Likewise if we having promised to have a level of equality, had enacted a local rule in Europe that said that when data from America's over here, actually the privacy of Americans counts for nothing, we're only going to prioritize the privacy of Europeans. Again, the Americans would be up in arms! And therefore you can see that there are real double standards here that are a massive issue, and until those addressed, we're not going to trust the Americans. And likewise, the very fact that on a number of occasions Americans have signed up to treaties and promised to protect our data as they did with Safe Harbor, as they did with Privacy Shield, and then have blatantly, blatantly failed to do so means that actually to get back to even a level playing field, where we were, you have a great deal of trust to overcome! And the thing from the perspective of the big IT firms, they've seen this coming for a long time, as Ray was saying, and they sought to try and have a presence in Europe and other things. But the way this ruling has gone is that, I'm sorry, that isn't going to be sufficient! These big IT firms based in the U.S. that have been happy to hand over data, well some of them maybe more happy than others, but they all need to hand over data to the NSA or the CIA. They've been doing this for some time now without actually respecting this data privacy agreement that has existed between the two trading blocks. And now they've been called out, and the position now is that the U.S. is no longer trusted, and neither are any of these large American technology firms. And until the snooping stops and equality is introduced, they can now no longer, even from their European operations, they can no longer use standard contractual clauses to transfer data, which is going to be a massive restriction on their business. And if they had any sense, they'd be lobbying very, very hard right now to the Senate, to the House, to try and persuade U.S. lawmakers actually to stick to some these treaties! To stop introducing really mad laws that ride roughshod over other people's privacy, and have a certain amount of respect. >> Let's let JD weigh in, 'cause he just got in, sorry on the video, I made him back on a host 'cause he dropped off. Just, Bill, real quick, I mean I think it's like when, you know, I go to Europe there's the line for Americans, there's the line for EU. Or EU and everybody else. I mean we might be there, but ultimately this has to be solved. So, JD, I want to let you weigh in, Germany has been at the beginning forefront of privacy, and they've been hardcore, and how's this all playing out in your perspective? >> Well, the first thing that we have to understand is that in Germany, there is a very strong law for regulation. Germans panic as soon as they know regulation, so they need to understand what am I allowed to do, and what am I not allowed to do. And they expect the same from the others. For the record I'm not German, but I live in Germany for some 20 years, so I got a bit of a feeling for them. And that sense of need for regulation has spread very fast throughout the European Union, because most of the European member states of the European Union consider this, that it makes sense, and then we found that Britain had already a very good framework for privacy, so GDPR itself is very largely based on what the United Kingdom already had in place with their privacy act. Moving forward, we try to find agreement and consensus with other countries, especially the United States because that's where most of the tech providers are, only to find out, and that is where it started to go really, really bad, 2014, when the mass production by Edward Snowden came out, to find out it's not data from citizens, it's surveillance programs which include companies. I joined a purchasing conference a few weeks ago where the purchase of a large European multinational, where the purchasing director explicitly stated that usage of U.S. based tech providers for sensitive data is prohibited as a result of them finding out that they have been under surveillance. So, it's not just the citizens, there's mass -- >> There you have it, guys! We did trust you! We did have agreements there that you could have abided by, but you chose not to, you chose to abuse our trust! And you're now in a position where you are no longer trusted, and unless you can lobby your own elected representatives to actually recreate a level playing field, we're not going to continue trusting you. >> So, I think really I -- >> Well I mean that, you know, innovation has to come from somewhere, and you know, has to come from America if that's the case, you guys have to get on board, right? Is that what it -- >> Innovation without trust? >> Is that the perspective? >> I don't think it's a country thing, I mean like, it's not you or them, I think everybody -- >> I'm just bustin' Bill's chops there. >> No, but I think everybody, everybody is looking for what the privacy rules are, and that's important. And you can have that innovation with consent, and I think that's really where we're going to get to. And this is why I keep pushing that issue. I mean, privacy should be a fundamental right, and how you get paid for that privacy is interesting, or how you get compensated for that privacy if you know what the explicit value exchange is. What you're talking about here is the surveillance that's going on by companies, which shouldn't be happening, right? That shouldn't be happening at the company level. At the government level I can understand that that is happening, and I think those are treaties that the governments have to agree upon as to how much they're going to impinge on our personal privacy for the trade off for security, and I don't think they've had those discussions either. Or they decided and didn't tell any of their citizens, and I think that's probably more likely the case. >> I mean, I think what's happening here, Bill, you guys were pointing out, and Ray, you articulated there on the other side, and my kind of colorful joke aside, is that we're living a first generation modern sociology problem. I mean, this is a policy challenge that extends across multiple industries, cyber security, citizen's rights, geopolitical. I mean when would look, and even when we were doing CUBE events overseas in Europe, in North American companies we'd call it abroad, we'd just recycle the American program, and we found there's so much localization value. So, Ray, this is the digital disruption, it's the virtualization of physical for digital worlds, and it's a lot of network theory, which is computer science, a lot of sociology. This is a modern challenge, and I don't think it so much has a silver bullet, it's just that we need smart people working on this. That's my take away! >> I think we can describe the ideal endpoint being somewhere we have meaningful protection alongside the maximization of economic and social value through innovation. So, that should be what we would all agree would be the ideal endpoint. But we need both, we need meaningful protection, and we need the maximization of economic and social value through innovation! >> Can I add another axis? Another axis, security as well. >> Well, I could -- >> I put meaningful protection as becoming both security and privacy. >> Well, I'll speak for the American perspective here, and I won't speak, 'cause I'm not the President of the United States, but I will say as someone who's been from Silicon Valley and the east coast as a technical person, not a political person, our lawmakers are idiots when it comes to tech, just generally. (Ray laughing) They're not really -- (Bill laughing loudly) >> They really don't understand. They really don't understand the tech at all! >> So, the problem is -- >> I'm not claiming ours are a great deal better. (laughs) >> Well, this is why I think this is a modern problem. Like, the young people I talk to are like, "Why do we have this rules?" They're all lawyers that got into these positions of Congress on the American side, and so with the American JEDI Contract you guys have been following very closely is, it's been like the old school Oracle, IBM, and then Amazon is leading with an innovative solution, and Microsoft has come in and re-pivoted. And so what you have is a fight for the digital future of citizenship! And I think what's happening is that we're in a massive societal transition, where the people in charge don't know what the hell they're talkin' about, technically. And they don't know who to tap to solve the problems, or even shape or frame the problems. Now, there's pockets of people that are workin' on it, but to me as someone who looks at this saying, it's a pretty simple solution, no one's ever seen this before. So, there's a metaphor you can draw, but it's a completely different problem space because it's, this is all digital, data's involved. >> We've got a lobbyists out there, and we've got some tech firms spending an enormous amount of lobbying. If those lobbyists aren't trying to steer their representatives in the right direction to come up with law that aren't going to massively undermine trade and data sharing between Europe and America, then they're making a big mistake, because we got here through some really dumb lawmaking in the U.S., I mean, there are none of the laws in Europe that are a problem here. 'Cause GDPR isn't a great difference, a great deal different from some of the laws that we have already in California and elsewhere. >> Bill, Bill. >> The laws that are at issue here -- >> Bill, Bill! You have to like, back up a little bit from that rhetoric that EU is perfect and U.S. is not, that's not true actually. >> I'm not saying we're perfect! >> No, no, you say that all the time. >> But I'm saying there's a massive lack of innovation. Yeah, yeah. >> I don't, I've never said it! >> Arm wrestle! >> Yes, yes. >> When I'm being critical of some of the dumb laws in the U.S, (Sarbjeet laughing) I'm not saying Europe is perfect. What we're trying to say is that in this particular instance, I said there was an equal balance here between meaningful protection and the maximization of economic and social value. On the meaningful protection side, America's got it very wrong in terms of the meaningful protection it provides to civil European data. On the maximization of economic and social value, I think Europe's got it wrong. I think there are a lot of things we could do in Europe to actually have far more innovation. >> Yeah. >> It's a cultural issue. The Germans want rules, that's what they crave for. America's the other way, we don't want rules, I mean, pretty much is a rebel society. And that's kind of the ethos of most tech companies. But I think you know, to me the media, there's two things that go on with this tech business. The company's themselves have to be checked by say, government, and I believe in not a lot of regulation, but enough to check the power of bad actors. Media so called "checking power", both of these major roles, they don't really know what they're talking about, and this is back to the education piece. The people who are in the media so called "checking power" and the government checking power assume that the companies are bad. Right, so yeah, because eight out of ten companies like Amazon, actually try to do good things. If you don't know what good is, you don't really, (laughs) you know, you're in the wrong game. So, I think media and government have a huge education opportunity to look at this because they don't even know what they're measuring. >> I support the level of innovation -- >> I think we're unreeling from the globalization. Like, we are undoing the globalization, and that these are the side effects, these conflicts are a side effect of that. >> Yeah, so all I'm saying is I support the focus on innovation in America, and that has driven an enormous amount of wealth and value. What I'm questioning here is do you really need to spy on us, your allies, in order to help that innovation? And I'm starting to, I mean, do you need mass surveillance of your allies? I mean, I can see you may want to have some surveillance of people who are a threat to you, but wait, guys, we're meant to be on your side, and you haven't been treating our privacy with a great deal of respect! >> You know, Saudi Arabia was our ally. You know, 9/11 happened because of them, their people, right? There is no ally here, and there is no enemy, in a way. We don't know where the rogue actors are sitting, like they don't know, they can be within the walls -- >> It's well understood I think, I agree, sorry. it's well understood that nation states are enabling terrorist groups to take out cyber attacks. That's well known, the source enables it. So, I think there's the privacy versus -- >> I'm not sure it's true in your case that it's Europeans that's doing this though. >> No, no, well you know, they share -- >> I'm a former officer in the Royal Navy, I've stood shoulder to shoulder with my U.S. counterparts. I put my life on the line on NATO exercises in real war zones, and I'm now a disabled ex-serviceman as a result of that. I mean, if I put my line on the line shoulder to shoulder with Americans, why is my privacy not respected? >> Hold on -- >> I feel it's, I was going to say actually that it's not that, like even the U.S., right? Part of the spying internally is we have internal actors that are behaving poorly. >> Yeah. >> Right, we have Marxist organizations posing as, you know, whatever it is, I'll leave it at that. But my point being is we've got a lot of that, every country has that, every country has actors and citizens and people in the system that are destined to try to overthrow the system. And I think that's what that surveillance is about. The question is, we don't have treaties, or we didn't have your explicit agreements. And that's why I'm pushing really hard here, like, they're separating privacy versus security, which is the national security, and privacy versus us as citizens in terms of our data being basically taken over for free, being used for free. >> John: I agree with that. >> That I think we have some agreement on. I just think that our governments haven't really had that conversation about what surveillance means. Maybe someone agreed and said, "Okay, that's fine. You guys can go do that, we won't tell anybody." And that's what it feels like. And I don't think we deliberately are saying, "Hey, we wanted to spy on your citizens." I think someone said, "Hey, there's a benefit here too." Otherwise I don't think the EU would have let this happen for that long unless Max had made that case and started this ball rolling, so, and Edward Snowden and other folks. >> Yeah, and I totally support the need for security. >> I want to enter the -- >> I mean we need to, where there are domestic terrorists, we need to stop them, and we need to have local action in UK to stop it happening here, and in America to stop it happening there. But if we're doing that, there is absolutely no need for the Americans to be spying on us. And there's absolutely no need for the Americans to say that privacy applies to U.S. citizens only, and not to Europeans, these are daft, it's just daft! >> That's a fair point. I'm sure GCHQ and everyone else has this covered, I mean I'm sure they do. (laughs) >> Oh, Bill, I know, I've been involved, I've been involved, and I know for a fact the U.S. and the UK are discussing I know a company called IronNet, which is run by General Keith Alexander, funded by C5 Capital. There's a lot of collaboration, because again, they're tryin' to get their arms around how to frame it. And they all agree that sharing data for the security side is super important, right? And I think IronNet has this thing called Iron Dome, which is essentially like they're saying, hey, we'll just consistency around the rules of shared data, and we can both, everyone can have their own little data. So, I think there's recognition at the highest levels of some smart people on both countries. (laughs) "Hey, let's work together!" The issue I have is just policy, and I think there's a lot of clustering going on. Clustered here around just getting out of their own way. That's my take on that. >> Are we a PG show? Wait, are we a PG show? I just got to remember that. (laughs) (Bill laughing) >> It's the internet, there's no regulation, there's no rules! >> There's no regulation! >> The European rules or is it the American rules? (Ray laughing) >> I would like to jump back quickly to the purpose of the surveillance, and especially when mass surveillance is done under the cover of national security and terror prevention. I worked with five clients in the past decade who all have been targeted under mass surveillance, which was revealed by Edward Snowden, and when they did their own investigation, and partially was confirmed by Edward Snowden in person, they found out that their purchasing department, their engineering department, big parts of their pricing data was targeted in mass surveillance. There's no way that anyone can explain me that that has anything to do with preventing terror attacks, or finding the bad guys. That is economical espionage, you cannot call it in any other way. And that was authorized by the same legislation that authorizes the surveillance for the right purposes. I'm all for fighting terror, and anything that can help us prevent terror from happening, I would be the first person to welcome it. But I do not welcome when that regulation is abused for a lot of other things under the cover of national interest. I understand -- >> Back to the lawmakers again. And again, America's been victim to the Chinese some of the individual properties, well documented, well known in tech circles. >> Yeah, but just 'cause the Chinese have targeted you doesn't give you free right to target us. >> I'm not saying that, but its abuse of power -- >> If the U.S. can sort out a little bit of reform, in the Senate and the House, I think that would go a long way to solving the issues that Europeans have right now, and a long way to sort of reaching a far better place from which we can all innovate and cooperate. >> Here's the challenge that I see. If you want to be instrumenting everything, you need a closed society, because if you have a free country like America and the UK, a democracy, you're open. If you're open, you can't stop everything, right? So, there has to be a trust, to your point, Bill. As to me that I'm just, I just can't get my arms around that idea of complete lockdown and data surveillance because I don't think it's gettable in the United States, like it's a free world, it's like, open. It should be open. But here we've got the grids, and we've got the critical infrastructure that should be protected. So, that's one hand. I just can't get around that, 'cause once you start getting to locking down stuff and measuring everything, that's just a series of walled gardens. >> So, to JD's point on the procurement data and pricing data, I have been involved in some of those kind of operations, and I think it's financial espionage that they're looking at, financial security, trying to figure out a way to track down capital flows and what was purchased. I hope that was it in your client's case, but I think it's trying to figure out where the money flow is going, more so than trying to understand the pricing data from competitive purposes. If it is the latter, where they're stealing the competitive information on pricing, and data's getting back to a competitor, that is definitely a no-no! But if it's really to figure out where the money trail went, which is what I think most of those financial analysts are doing, especially in the CIA, or in the FBI, that's really what that probably would have been. >> Yeah, I don't think that the CIA is selling the data to your competitors, as a company, to Microsoft or to Google, they're not selling it to each other, right? They're not giving it to each other, right? So, I think the one big problem I studied with FISA is that they get the data, but how long they can keep the data and how long they can mine the data. So, they should use that data as exhaust. Means like, they use it and just throw it away. But they don't, they keep mining that data at a later date, and FISA is only good for five years. Like, I learned that every five years we revisit that, and that's what happened this time, that we renewed it for six years this time, not five, for some reason one extra year. So, I think we revisit all these laws -- >> Could be an election cycle. >> Huh? >> Could be an election cycle maybe. (laughs) >> Yes, exactly! So, we revisit all these laws with Congress and Senate here periodically just to make sure that they are up to date, and that they're not infringing on human rights, or citizen's rights, or stuff like that. >> When you say you update to check they're not conflicting with anything, did you not support that it was conflicting with Privacy Shield and some of the promises you made to Europeans? At what point did that fail to become obvious? >> It does, because there's heightened urgency. Every big incident happens, 9/11 caused a lot of new sort of like regulations and laws coming into the picture. And then the last time, that the Russian interference in our election, that created some sort of heightened urgency. Like, "We need to do something guys here, like if some country can topple our elections, right, that's not acceptable." So, yeah -- >> And what was it that your allies did that caused you to spy on us and to downgrade our privacy? >> I'm not expert on the political systems here. I think our allies are, okay, loose on their, okay, I call it village politics. Like, world is like a village. Like it's so only few countries, it's not millions of countries, right? That's how I see it, a city versus a village, and that's how I see the countries, like village politics. Like there are two camps, like there's Russia and China camp, and then there's U.S. camp on the other side. Like, we used to have Russia and U.S., two forces, big guys, and they managed the whole world balance somehow, right? Like some people with one camp, the other with the other, right? That's how they used to work. Now that Russia has gone, hold on, let me finish, let me finish. >> Yeah. >> Russia's gone, there's this void, right? And China's trying to fill the void. Chinese are not like, acting diplomatic enough to fill that void, and there's, it's all like we're on this imbalance, I believe. And then Russia becomes a rogue actor kind of in a way, that's how I see it, and then they are funding all these bad people. You see that all along, like what happened in the Middle East and all that stuff. >> You said there are different camps. We thought we were in your camp! We didn't expect to be spied on by you, or to have our rights downgraded by you. >> No, I understand but -- >> We thought we were on your side! >> But, but you have to guys to trust us also, like in a village. Let me tell you, I come from a village, that's why I use the villager as a hashtag in my twitter also. Like in village, there are usually one or two families which keep the village intact, that's our roles. >> Right. >> Like, I don't know if you have lived in a village or not -- >> Well, Bill, you're making some great statements. Where's the evidence on the surveillance, where can people find more information on this? Can you share? >> I think there's plenty of evidence, and I can send some stuff on, and I'm a little bit shocked given the awareness of the FISA Act, the Cloud Act, the fact that these things are in existence and they're not exactly unknown. And many people have been complaining about them for years. I mean, we've had Safe Harbor overturned, we've had Privacy Shield overturned, and these weren't just on a whim! >> Yeah, what does JD have in his hand? I want to know. >> The Edward Snowden book! (laughs) >> By Edward Snowden, which gives you plenty. But it wasn't enough, and it's something that we have to keep in mind, because we can always claim that whatever Edward Snowden wrote, that he made it up. Every publication by Edward Snowden is an avalanche of technical confirmation. One of the things that he described about the Cisco switches, which Bill prefers to quote every time, which is a proven case, there were bundles of researchers saying, "I told you guys!" Nobody paid attention to those researchers, and Edward Snowden was smart enough to get the mass media representation in there. But there's one thing, a question I have for Sabjeet, because in the two parties strategy, it is interesting that you always take out the European Union as part. And the European Union is a big player, and it will continue to grow. It has a growing amount of trade agreements with a growing amount of countries, and I still hope, and I think think Bill -- >> Well, I think the number of countries is reducing, you've just lost one! >> Only one. (Bill laughing loudly) Actually though, those are four countries under one kingdom, but that's another point. (Bill chortling heartily) >> Guys, final topic, 5G impact, 'cause you mentioned Cisco, couldn't help think about -- >> Let me finish please my question, John. >> Okay, go ahead. How would you the United States respond if the European Union would now legalize to spy on everybody and every company, and every governmental institution within the United States and say, "No, no, it's our privilege, we need that." How would the United States respond? >> You can try that and see economically what happens to you, that's how the village politics work, you have to listen to the mightier than you, and we are economically mightier, that's the fact. Actually it's hard to swallow fact for, even for anybody else. >> If you guys built a great app, I would use it, and surveil all you want. >> Yeah, but so this is going to be driven by the economics. (John laughing) But the -- >> That's exactly what John said. >> This is going to be driven by the economics here. The big U.S. cloud firms are got to find this ruling enormously difficult for them, and they are inevitably going to lobby for a level of reform. And I think a level of a reform is needed. Nobody on your side is actually arguing very vociferously that the Cloud Act and the discrimination against Europeans is actually a particularly good idea. The problem is that once you've done the reform, are we going to believe you when you say, "Oh, it's all good now, we've stopped it!" Because with Crypto AG scandal in Switzerland you weren't exactly honest about what you were doing. With the FISA courts, so I mean FISA secret courts, the secret warrants, how do we know and what proof can we have that you've stopped doing all these bad things? And I think one of the challenges, A, going to be the reform, and then B, got to be able to show that you actually got your act together and you're now clean. And until you can solve those two, many of your big tech companies are going to be at a competitive disadvantage, and they're going to be screaming for this reform. >> Well, I think that, you know, General Mattis said in his book about Trump and the United states, is that you need alliances, and I think your point about trust and executing together, without alliances, it really doesn't work. So, unless there's some sort of real alliance, (laughs) like understanding that there's going to be some teamwork here, (Bill laughing) I don't think it's going to go anywhere. So, otherwise it'll continue to be siloed and network based, right? So to the village point, if TikTok can become a massively successful app, and they're surveilling, so and then we have to decide that we're going to put up with that, I mean, that's not my decision, but that's what's goin' on here. It's like, what is TikTok, is it good or bad? Amazon sent out an email, and they've retracted it, that's because it went public. I guarantee you that they're talkin' about that at Amazon, like, "Why would we want infiltration by the Chinese?" And I'm speculating, I have no data, I'm just saying, you know. They email those out, then they pull it back, "Oh, we didn't mean to send that." Really, hmm? (laughs) You know, so this kind of -- >> But the TRA Balin's good, you always want to get TRA Balin out there. >> Yeah, exactly. There's some spying going on! So, this is the reality. >> So, John, you were talking about 5G, and I think you know, the role of 5G, you know, the battle between Cisco and Huawei, you just have to look at it this way, would you rather have the U.S. spy on you, or would you rather have China? And that's really your binary choice at this moment. And you know both is happening, and so the question is which one is better. Like, the one that you're in alliance with? The one that you're not in alliance with, the one that wants to bury you, and decimate your country, and steal all your secrets and then commercialize 'em? Or the one kind of does it, but doesn't really do it explicitly? So, you've got to choose. (laughs) >> It's supposed to be -- >> Or you can say no, we're going to create our own standard for 5G and kick both out, that's an option. >> It's probably not as straightforward a question as, or an answer to that question as you say, because if we were to fast-forward 50 years, I would argue that China is going to be the largest trading nation in the world. I believe that China is going to have the upper hand on many of these technologies, and therefore why would we not want to use some of their innovation, some of their technology, why would we not actually be more orientated around trading with them than we might be with the U.S.? I think the U.S. is throwing its weight around at this moment in time, but if we were to fast-forward I think looking in the longterm, if I had to put my money on Huawei or some of its competitors, I think given its level of investments in research and whatever, I think the better longterm bet is Huawei. >> No, no, actually you guys need to pick a camp. It's a village again. You have to pick a camp, you can't be with both guys. >> Global village. >> Oh, right, so we have to go with the guys that have been spying on us? >> How do you know the Chinese haven't been spying on you? (Ray and John laughing loudly) >> I think I'm very happy, you find a backdoor in the Huawei equipment and you show it to us, we'll take them to task on it. But don't start bullying us into making decisions based on what-ifs. >> I don't think I'm, I'm not qualified to represent the U.S., but what we would want to say is that if you look at the dynamics of what's going on, China, we've been studying that as well in terms of the geopolitical aspects of what happens in technology, they have to do what they're doing right now. Because in 20 years our population dynamics go like this, right? You've got the one child policy, and they won't have the ability to go out and fight for those same resources where they are, so what they're doing makes sense from a country perspective and country policy. But I think they're going to look like Japan in 20 years, right? Because the xenophobia, the lack of immigration, the lack of inside stuff coming in, an aging population. I mean, those are all factors that slow down your economy in the long run. And the lack of bringing new people in for ideas, I mean that's part of it, they're a closed system. And so I think the longterm dynamics of every closed system is that they tend to fail versus open systems. So, I'm not sure, they may have better technology along the way. But I think a lot of us are probably in the camp now thinking that we're not going to aid and abet them, in that sense to get there. >> You're competing a country with a company, I didn't say that China had necessarily everything rosy in its future, it'll be a bigger economy, and it'll be a bigger trading partner, but it's got its problems, the one child policy and the repercussions of that. But that is not one of the things, Huawei, I think Huawei's a massively unlimited company that has got a massive lead, certainly in 5G technology, and may continue to maintain a lead into 6G and beyond. >> Oh yeah, yeah, Huawei's done a great job on the 5G side, and I don't disagree with that. And they're ahead in many aspects compared to the U.S., and they're already working on the 6G technologies as well, and the roll outs have been further ahead. So, that's definitely -- >> And they've got a great backer too, the financer, the country China. Okay guys, (Ray laughing) let's wrap up the segment. Thanks for everyone's time. Final thoughts, just each of you on this core issue of the news that we discussed and the impact that was the conversation. What's the core issue? What should people think about? What's your solution? What's your opinion of how this plays out? Just final statements. We'll start with Bill, Ray, Sarbjeet and JD. >> All I'm going to ask you is stop spying on us, treat us equally, treat us like the allies that we are, and then I think we've got to a bright future together! >> John: Ray? >> I would say that Bill's right in that aspect in terms of how security agreements work, I think that we've needed to be more explicit about those. I can't represent the U.S. government, but I think the larger issue is really how do we view privacy, and how we do trade offs between security and convenience, and you know, what's required for personalization, and companies that are built on data. So, the sooner we get to those kind of rules, an understanding of what's possible, what's a consensus between different countries and companies, I think the better off we will all be a society. >> Yeah, I believe the most important kind of independence is the economic independence. Like, economically sound parties dictate the terms, that's what U.S. is doing. And the smaller countries have to live with it or pick the other bigger player, number two in this case is China. John said earlier, I think, also what JD said is the fine balance between national security and the privacy. You can't have, you have to strike that balance, because the rogue actors are sitting in your country, and across the boundaries of the countries, right? So, it's not that FISA is being fought by Europeans only. Our internal people are fighting that too, like how when you are mining our data, like what are you using it for? Like, I get concerned too, when you can use that data against me, that you have some data against me, right? So, I think it's the fine balance between security and privacy, we have to strike that. Awesome. JD? I'll include a little fake check, fact check, at the moment China is the largest economy, the European Union is the second largest economy, followed directly by the USA, it's a very small difference, and I recommend that these two big parties behind the largest economy start to collaborate and start to do that eye to eye, because if you want to balance the economical and manufacturing power of China, you cannot do that as being number two and number three. You have to join up forces, and that starts with sticking with the treaties that you signed, and that has not happened in the past, almost four years. So, let's go back to the table, let's work on rules where from both sides the rights and the privileges are properly reflected, and then do the most important thing, stick to them! >> Yep, I think that's awesome. I think I would say that these young kids in high school and college, they need to come up and solve the problems, this is going to be a new generational shift where the geopolitical landscape will change radically, you mentioned the top three there. And new alliances, new kinds of re-imagination has to be there, and from America's standpoint I'll just say that I'd like to see lawmakers have, instead of a LinkedIn handle, a GitHub handle. You know, when they all go out on campaign talk about what code they've written. So, I think having a technical background or some sort of knowledge of computer science and how the internet works with sociology and societal impact will be critical for our citizenships to advance. So, you know rather a lawyer, right so? (laughs) Maybe get some law involved in that, I mean the critical lawyers, but today most people are lawyers in American politics, but show me a GitHub handle of that congressman, that senator, I'd be impressed. So, that's what we need. >> Thanks, good night! >> Ray, you want to say something? >> I wanted to say something, because I thought the U.S. economy was 21 trillion, the EU is sittin' at about 16, and China was sitting about 14, but okay, I don't know. >> You need to do math man. >> Hey, we went over our 30 minutes time, we can do an hour with you guys, so you're still good. (laughs) >> Can't take anymore. >> No go on, get in there, go at it when you've got something to say. >> I don't think it's immaterial the exact size of the economy, I think that we're better off collaborating on even and fair terms, we are -- >> We're all better off collaborating. >> Yeah. >> Gentlemen -- >> But the collaboration has to be on equal and fair terms, you know. (laughs) >> How do you define fair, good point. Fair and balanced, you know, we've got the new -- >> We did define fair, we struck a treaty! We absolutely defined it, absolutely! >> Yeah. >> And then one side didn't stick to it. >> We will leave it right there, and we'll follow up (Bill laughing) in a later conversation. Gentlemen, you guys are good. Thank you. (relaxing electronic music)