>>Hey everyone, and welcome back to Las Vegas. Viva Las Vegas, baby. This is the Cube live at AWS Reinvent 2022 with tens of thousands of people. Lisa Martin here with Dave Valante. Dave, we've had some great conversations. This is day one of four days of wall to wall coverage on the cube. We've been talking data. Every company is a data company. Data protection, data resiliency, absolutely table stakes for organizations to, >>And I think ecosystem is the other big theme. And that really came to life last year. You know, we came out of the pandemic and it was like, wow, we are entering a new era. People no longer was the ecosystem worried about it, AWS competing with them. They were more worried about innovating and building on top of AWS and building their own value. And that's really, I think, the theme of the 2020s within the ecosystem. >>And we're gonna be talking about building on top of aws. Two guests join us, two alumni join us. Stephen Manley is here, the CTO of Druva. Welcome back. Jason crat as well is here. CIO and CTO of Summit Carbon Solutions. Guys, great to have you back on the program. >>Thank you. >>Let's start with you giving the audience an understanding of the company. What do you guys do? What do you deliver value for customers? All that good >>Stuff. Yeah, no, for sure. So Summit Carbon is the world's largest carbon capture and sequestration company capturing close to 15 million tons of carbon every year. So it doesn't go into the atmosphere. >>Wow, fantastic. Steven, the, the risk landscape today is crazy, right? There's, there's been massive changes. We've talked about this many times. What are some of the things, you know, ransomware is a, is, I know as you say, this is a, it's not a, if it's gonna happen, it's when it's how frequent, it's what's gonna be the damage. What are some of the challenges and concerns that you're hearing from customers out there today? >>Yeah, you know, it really comes down to three things. And, and everybody is, is terrified of ransomware and justifiably so. So, so the first thing that comes up is, how do I keep up? Because I have so much data in so many places, and the threats are evolving so quickly. I don't have enough money, I don't have enough people, I don't have enough skilled resources to be able to keep up. The second thing, and this ties in with what Dave said, is, is ecosystem. You know, it used to be that your, your backup was siloed, right? They'd sit in the basement and, and you wouldn't see, see them. But now they're saying, I've gotta work with my security team. So rather than hoping the security team stays away from me, how do I integrate with them? How do I tie together? And then the third one, which is on everybody's mind, is when that attack happens, and like you said, it's win and, and the bell rings and they come to me and they say, all right, it's time for you to recover. It's time for, for all this investment we've put in. Am I gonna be ready? Am I going to be able to execute? Because a ransom or recovery is so different than any other recovery they've ever done. So it's those three things that really are top of mind for >>How, so what is the, what are the key differences, if you could summarize? I mean, I >>Know it's so, so the first one is you can't trust the environment you're restoring into. Even with a disaster, it would finish and you'd say, okay, I'm gonna get my data center set up again and I'm gonna get things working. You know, when I try to recover, I don't know if everything's clean yet. I'm trying to recover while I'm still going through incident response. So that's one big difference. A second big difference is I'm not sure if the thing I'm recovering is good, I've gotta scan it. I've gotta make sure what's inside it is, is, is alright. And then the third thing is what we're seeing is the targets are usually not necessarily the crown jewels because those tend to be more protected. And so they're running into this, I need to recover a massive amount of what we might call tier two, tier three apps that I wasn't ready for because I've always been prepared for that tier one disaster. And so, so those three things they go, it's stuff I'm not prepared or covering. It's a flow. I'm not used to having to check things and I'm not sure where I'm gonna recover too when the, when the time comes. >>Yeah, just go ahead. Yeah, that's right. I mean, I think for me, the biggest concern is the blind spots of where did I actually back it up or not. You know, what did I get it? Cuz you, we always protect our e r p, we always protect these sort of classes of tiers of systems, but then it's like, oh, that user's email box didn't get it. Oh, that, you know, that one drive didn't get it. You know, or, or, or whatever it is. You know, the infrastructure behind it all. I forgot to back that up. That to me the blind spots are the scariest part of a ransomware attack. >>And, and if you think about it, some of the most high profile attacks, you know, on the, on the colonial pipeline, they didn't go after the core assets. They went after billing. That's right. But billing brought everything down so they're smart enough to say, right, I'm not gonna take the, the castle head on. Is there is they're that. Exactly. >>And so how do you, I get, I mean you can air gap and do things like that in terms of protecting the, the, the data, the corrupt data. How do you protect the corrupt environment? Like that's, that's a really challenging issue. Is >>It? I don't know. I mean, I'll, I'll you can go second here. I think that what's interesting to me about is that's what cloud's for. You can build as many environments as you want. You only pay for what you use, right? And so you have an opportunity to just reconstruct it. That's why things, everything is code matters. That's why having a cloud partner like Druva matters. So you can just go restore wherever you need to in a totally clean environment. >>So the answer is you gotta do it in the cloud. Yeah. What if it's on prem? >>So if it's on prem, what we see people do is, and, and, and this is where testing and, and where cloud can still be an asset, is you can look and say a lot of those assets I'm running in the data center, I could still recover in the cloud. And so you can go through DR testing and you can start to define what's in your on-prem so that you could make it, you know, so you can make it cloud recoverable. Now, a lot of the people that do that then say, well actually why am I even running this on prem anymore in the first place? I should just move this to the cloud now. But, but, but there are people in that interim step. But, but, but it's really important because you, you're gonna need a clean environment to play in. And it's so hard to have a clean environment set up in a data center cuz it basically means I'm not touching this, I'm just paying for something to sit idle. Whereas cloud, I can spin that up, right? Get a, a cloud foundation suite and, and just again, infrastructures code, spin things up, test it, spin it down. It doesn't cost me money on a daily basis. >>Jason, talk a little bit about how you are using Druva. Why Druva and give us a kind of a landscape of your IT environment with Druva. >>Yeah. You know, so when we first started, you know, we did have a competitor solution and, and, and it was only backing up, you know, we were a startup. It was only backing up our email. And so as you pointed out, the ecosystem really matters because we grew out of email pretty quick as a startup. And we had to have real use cases to protect and the legacy product just wouldn't support us. And so our whole direction, or my direction to my team is back it up wherever it is, you know, go get it. And so we needed somebody in the field, literally in the middle of Nebraska or Iowa to have their laptop backed up. We needed our infrastructure, our data center backed up and we needed our, our SaaS solutions backed up. We needed it all. And so we needed a partner like Druva to help us go get it wherever it's at. >>Talk about the value in, with Druva being cloud native. >>Yeah. To us it's a big deal, right? There's all sorts of products you could go by to go just do endpoint laptop protection or just do SAS backups. For us, the value is in learning one tool and mastering it and then taking it to wherever the data is. To me, we see a lot of value for that because we can have one team focus on one product, get good at it, and drive the value. >>That consolidation theme is big right now, you know, the economic headwinds and so forth. What was the catalyst for you? Was it, is that something you started, you know, years ago? Just it's good practice to do that? What's, >>Well, no, I mean luckily I'm in a very good position as a startup to do define it, you know, but I've been in those legacy organizations where we've got a lot of tech debt and then how do you consolidate your portfolio so that you can gain more value, right? Cause you only get one budget a year, right? And so I'm lucky in, in the learnings I've had in other enterprises to deal with this head on right now as we grow, don't add tech debt, put it in right. Today. >>Talk to us a little bit about the SaaS applications that you're backing up. You know, we, we talk a lot with customers, the shared, the shared responsibility model that a lot of customers aren't aware of. Where are you using that competing solution to protect SaaS applications before driven and talk about Yeah. The, the value in that going, the data protection is our responsibility and not the SA vendor. >>No, absolutely. I mean, and it is funny to go to, you know, it's like Office 365 applications and go to our, our CFO and a leadership and be like, no, we really gotta back it up to a third party. And they're like, but why? >>It's >>In the cloud, right? And so there's a lot of instruction I have to provide to my peers and, and, and my users to help them understand why these things matter. And, and, and it works out really well because we can show value really quick when anything happens. And now we get, I mean, even in SharePoint, people will come to us to restore things when they're fully empowered to do it. But my team's faster. And so we can just get it done for them. And so it's an extra from me, it's an extra SLA or never service level I can provide to my internal customers that, that gives them more faith and trust in my organization. >>How, how are the SEC op teams and the data protection teams, the backup teams, how are they coming together? Is is, is data protection backup just morphing into security? Is it more of an adjacency? What's that dynamic like? >>So I'd say right now, and, and I'll be curious to hear Jason's organization, but certainly what we see broadly is, you know, the, the teams are starting to work together, but I wouldn't say they're merging, right? Because, you know, you think of it in a couple of ways. The first is you've got a production environment and that needs to be secured. And then you've got a protection environment. And that protection environment also has to be secured. So the first conversation for a lot of backup teams is, alright, I need to actually work with the security team to make sure that, that my, my my backup environment, it's air gapped, it's encrypted, it's secured. Then I think the, the then I think you start to see people come together, especially as they go through, say, tabletop exercises for ransomware recovery, where it's, alright, where, where can the backup team add value here? >>Because certainly recovery, that's the basics. But as there log information you can provide, are there detection pieces that you can offer? So, so I think, you know, you start to see a partnership, but, but the reality is, you know, the, the two are still separate, right? Because, you know, my job as a a protection resiliency company is I wanna make sure that when you need your data, it's gonna be there for you. And I certainly want to, to to follow best secure practices and I wanna offer value to the security team, but there's a whole lot of the security ecosystem that I want to plug into. I'm not trying to replace them again. I want to be part of that broader ecosystem. >>So how, how do you guys approach it? Yeah, >>That's interesting. Yeah. So in my organization, we, we are one team and, and not to be too cheesy or you know, whatever, but as Amazon would say, security is job one. And so we treat it as if this is it. And so we never push something into production until we are ready. And ready to us means it's got a security package on it, it's backed up, the users have tested it, we are ready to go. It's not that we're ready just be to provide the service or the thing. It's that we are actually ready to productionize this. And so it's ready for production data and that slows us down in some cases. But that's where DevOps and this idea of just merging everything together into a central, how do we get this done together, has worked out really well for us. So, >>So it's really the DevOps team's responsibility. It's not a separate data protection function. >>Nope. Nope. We have specialists of course, right? Yeah, yeah. Because you need the extra level, the CISSPs and those people Yeah, yeah. To really know what they're doing, but they're just part of the team. Yeah. >>Talk about some of the business outcomes that you're achieving with Druva so far. >>Yeah. The business outcomes for me are, you know, I meet my SLAs that's promising. I can communicate that I feel more secure in the cloud and, and all of my workloads because I can restore it. And, and that to me helps everybody in my organization sleep well, sleep better. We are, we transport a lot of the carbon in a pipeline like Colonial. And so to us, we are, we are potential victims of, of a pipe, a non pipeline group, right? Attacking us, but it's carbon, you know, we're trying to get it outta atmosphere. And so by protecting it, no matter where it is, as long as we've got internet access, we can back it up. That provides tons of value to my team because we have hundreds of people in the field working for us every day who collect data and generate it. >>What would you say to a customer who's maybe on the fence looking at different technologies, why dva? >>You know, I think, you know, do the research in my mind, it'll win if you just do the research, right? I mean, there might be vendors that'll buy you nice dinners or whatever, and those are, those are nice things, but the, the reality is you have to protect your data no matter where it is. If it's in a SaaS application, if it's in a cloud provider, if it's infrastructure, wherever it is, you need it. And if you just go look at the facts, there it is, right? And so I, I'd say be objective. Look at the facts, it'll prove itself. >>Look at the data. There you go. Steven Druva recently announced a data resiliency guarantee with a big whopping financial sum. Talk to us a little bit about that, the value in it for your customers and for prospects, >>Right? So, so basically there's, there's really two parts to this guarantee. The first is, you know, across five different SLAs, and I'll talk about those, you know, if we violate those, the customers can get a payout of up to 10 million, right? So again, putting, putting our money where our mouth is in a pretty large amount. But, but for me, the exciting part, and this is, this is where Jason went, is it's about the SLAs, right? You know, one of Drew's goals is to say, look, we do the job for you, we do the service for you so you can offer that service to your company. And so the SLAs aren't just about ransomware, some of them certainly are, you know, that, that you're going to be able to recover your data in the event of a ransomware attack, that your data won't get exfiltrated as part of a ransomware attack. >>But also things like backup success rates, because as much as recovery matters a lot more than backup, you do need a backup if you're gonna be able to get that recovery done. There's also an SLA to say that, you know, if 10 years down the road you need to recover your data, it's still recoverable, right? So, so that kind of durability piece. And then of course the availability of the service because what's the point of a service if it's not there for you when you need it? And so, so having that breadth of coverage, I think really reflects who Druva is, which is we're doing this job for you, right? We want to make this this service available so you can focus on offering other value inside your business. And >>The insurance underwriters, if they threw holy water on >>That, they, they, they were okay with it. The legal people blessed it, you know, it, you know, the CEO signed off on it, the board of directors. So, you know, it, and it, it's all there in print, it's all there on the web. If you wanna look, you know, make sure, one of the things we wanted to be very clear on is that this isn't just a marketing gimmick that we're, we're putting, that we're putting substance behind it because a lot of these were already in our contracts anyway, because as a SAS vendor, you're signing up for service level agreements anyway. >>Yeah. But most of the service level agreements and SaaS vendors are crap. They're like, you know, hey, you know, if something bad happens, you know, we'll, we'll give you a credit, >>Right? >>For, you know, for when you were down. I mean, it's not, you never get into business impact. I mean, even aws, sorry, I mean, it's true. We're a customer. I read define print, I know what I'm signing up for. But, so that's, >>We read it a lot and we will not, we don't really care about the credits at all. We care about is it their force? Is it a partner? We trust, we fight that every day in our SLAs with our vendors >>In the end, right? I mean this, we are the last line of defense. We are the thing that keeps the business up and running. So if your business, you know, can't get to his data and can't operate, me coming to you and saying, Dave, I've got some credits for you after you, you know, after you declare bankruptcy, it'll be great. Yeah, that's not a win. >>It's no value, >>Not helpful. The goal's gotta be, your business is up and running cuz that's when we're both successful. So, so, so, you know, we view this as we're in it together, right? We wanna make sure your business succeeds. Again, it's not about slight of hand, it's not about, you know, just, just putting fine print in the contract. It's about standing up and delivering. Because if you can't do that, why are we here? Right? The number one thing we hear from our customers is Dr. Just works. And that's the thing I think I'm most proud of is Druva just works. >>So, speaking of Juva, just working, if there's a billboard in Santa Clara near the new offices about Druva, what's, what's the bumper sticker? What's the tagline? >>I, I, I think, I think that's it. I think Druva just works. Keeps your data safe. Simple as that. Safe and secure. Druva works to keep your data safe and secure. >>Saved me. >>Yeah. >>Truva just works. Guys, thanks so much for joining. David, me on the program. Great to have you back on the cube. Thank you. Talking about how you're working together, what Druva is doing to really putting, its its best foot forward. We appreciate your insights and your time. Thank >>You. Thanks guys. It's great to see you guys. Likewise >>The show for our guests and Dave Ante. I'm Lisa Martin, you're watching the Cube, the leader in enterprise and emerging tech coverage.

>>AWS public sector summit here in person in Washington, D. C. For two days live. Finally a real event. I'm john for your host of the cube. Got a great guest Howard Levinson from data bricks, regional vice president and general manager of the federal team for data bricks. Uh Super unicorn. Is it a decade corn yet? It's uh, not yet public but welcome to the cube. >>I don't know what the next stage after unicorn is, but we're growing rapidly. >>Thank you. Our audience knows David bricks extremely well. Always been on the cube many times. Even back, we were covering them back when big data was big data. Now it's all data everything. So we watched your success. Congratulations. Thank you. Um, so there's no, you know, not a big bridge for us across to see you here at AWS public sector summit. Tell us what's going on inside the data bricks amazon relationship. >>Yeah. It's been a great relationship. You know, when the company got started some number of years ago we got a contract with the government to deliver the data brooks capability and they're classified cloud in amazon's classified cloud. So that was the start of a great federal relationship today. Virtually all of our businesses in AWS and we run in every single AWS environment from commercial cloud to Govcloud to secret top secret environments and we've got customers doing great things and experiencing great results from data bricks and amazon. >>The federal government's the classic, I call migration opportunity. Right? Because I mean, let's face it before the pandemic even five years ago, even 10 years ago. Glacier moving speed slow, slow and they had to get modernized with the pandemic forced really to do it. But you guys have already cleared the runway with your value problems. You've got lake house now you guys are really optimized for the cloud. >>Okay, hardcore. Yeah. We are, we only run in the cloud and we take advantage of every single go fast feature that amazon gives us. But you know john it's The Office of Management and Budget. Did a study a couple of years ago. I think there were 28,000 federal data centers, 28,000 federal data centers. Think about that for a minute and just think about like let's say in each one of those data centers you've got a handful of operational data stores of databases. The federal government is trying to take all of that data and make sense out of it. The first step to making sense out of it is bringing it all together, normalizing it. Fed aerating it and that's exactly what we do. And that's been a real win for our federal clients and it's been a real exciting opportunity to watch people succeed in that >>endeavour. We have another guest on. And she said those data center huggers tree huggers data center huggers, majority of term people won't let go. Yeah. So but they're slowly dying away and moving on to the cloud. So migrations huge. How are you guys migrating with your customers? Give us an example of how it's working. What are some of the use cases? >>So before I do that I want to tell you a quick story. I've I had the luxury of working with the Air Force Chief data officer Ailene vedrine and she is commonly quoted as saying just remember as as airmen it's not your data it's the Air Force's data. So people were data center huggers now their data huggers but all of that data belongs to the government at the end of the day. So how do we help in that? Well think about all this data sitting in all these operational data stores they're getting it's getting updated all the time. But you want to be able to Federated this data together and make some sense out of it. So for like an organization like uh us citizenship and immigration services they had I think 28 different data sources and they want to be able to pull that data basically in real time and bring it into a data lake. Well that means doing a change data capture off of those operational data stores transforming that data and normalizing it so that you can then enjoy it. And we've done that I think they're now up to 70 data sources that are continually ingested into their data lake. And from there they support thousands of users doing analysis and reports for the whole visa processing system for the United States, the whole naturalization environment And their efficiency has gone up I think by their metrics by 24 x. >>Yeah. I mean Sandy carter was just on the cube earlier. She's the Vice president partner ecosystem here at public sector. And I was coming to her that federal game has changed, it used to be hard to get into you know everybody and you navigate the trip wires and all the subtle hints and and the people who are friends and it was like cloak and dagger and so people were locked in on certain things databases and data because now has to be freely available. I know one of the things that you guys are passionate about and this is kind of hard core architectural thing is that you need horizontally scalable data to really make a I work right. Machine learning works when you have data. How far along are these guys in their thinking when you have a customer because we're seeing progress? How far along are we? >>Yeah, we still have a long way to go in the federal government. I mean, I tell everybody, I think the federal government's probably four or five years behind what data bricks top uh clients are doing. But there are clearly people in the federal government that have really ramped it up and are on a par were even exceeding some of the commercial clients, U. S. C. I. S CBP FBI or some of the clients that we work with that are pretty far ahead and I'll say I mentioned a lot about the operational data stores but there's all kinds of data that's coming in at U S. C. I. S. They do these naturalization interviews, those are captured in real text. So now you want to do natural language processing against them, make sure these interviews are of the highest quality control, We want to be able to predict which people are going to show up for interviews based on their geospatial location and the day of the week and other factors the weather perhaps. So they're using all of these data types uh imagery text and structure data all in the Lake House concept to make predictions about how they should run their >>business. So that's a really good point. I was talking with keith brooks earlier directive is development, go to market strategy for AWS public sector. He's been there from the beginning this the 10th year of Govcloud. Right, so we're kind of riffing but the jpl Nasa Jpl, they did production workloads out of the gate. Yeah. Full mission. So now fast forward today. Cloud Native really is available. So like how do you see the the agencies in the government handling Okay. Re platform and I get that but now to do the reef acting where you guys have the Lake House new things can happen with cloud Native technologies, what's the what's the what's the cross over point for that point. >>Yeah, I think our Lake House architecture is really a big breakthrough architecture. It used to be, people would take all of this data, they put it in a Hadoop data lake, they'd end up with a data swamp with really not good control or good data quality. And uh then they would take the data from the data swamp where the data lake and they curate it and go through an E. T. L. Process and put a second copy into their data warehouse. So now you have two copies of the data to governance models. Maybe two versions of the data. A lot to manage. A lot to control with our Lake House architecture. You can put all of that data in the data lake it with our delta format. It comes in a curated way. Uh there's a catalogue associated with the data. So you know what you've got. And now you can literally build an ephemeral data warehouse directly on top of that data and it exists only for the period of time that uh people need it. And so it's cloud Native. It's elastically scalable. It terminates when nobody's using it. We run the whole center for Medicaid Medicare services. The whole Medicaid repository for the United States runs in an ephemeral data warehouse built on Amazon S three. >>You know, that is a huge call out, I want to just unpack that for a second. What you just said to me puts the exclamation point on cloud value because it's not your grandfather's data warehouse, it's like okay we do data warehouse capability but we're using higher level cloud services, whether it's governance stuff for a I to actually make it work at scale for those environments. I mean that that to me is re factoring that's not re platform Ng. Just re platform that's re platform Ng in the cloud and then re factoring capability for on uh new >>advantages. It's really true. And now you know at CMS, they have one copy of the data so they do all of their reporting, they've got a lot of congressional reports that they need to do. But now they're leveraging that same data, not making a copy of it for uh the center for program integrity for fraud. And we know how many billions of dollars worth of fraud exist in the Medicaid system. And now we're applying artificial intelligence and machine learning on entity analytics to really get to the root of those problems. It's a game >>changer. And this is where the efficiency comes in at scale. Because you start to see, I mean we always talk on the cube about like how software is changed the old days you put on the shelf shelf where they called it. Uh that's our generation. And now you got the cloud, you didn't know if something is hot or not until the inventory is like we didn't sell through in the cloud. If you're not performing, you suck basically. So it's not working, >>it's an instant Mhm. >>Report card. So now when you go to the cloud, you think the data lake and uh the lake house what you guys do uh and others like snowflake and were optimized in the cloud, you can't deny it. And then when you compare it to like, okay, so I'm saving you millions and millions if you're just on one thing, never mind the top line opportunities. >>So so john you know, years ago people didn't believe the cloud was going to be what it is. Like pretty much today, the clouds inevitable. It's everywhere. I'm gonna make you another prediction. Um And you can say you heard it here first, the data warehouse is going away. The Lake house is clearly going to replace it. There's no need anymore for two separate copies, there's no need for a proprietary uh storage copy of your data and people want to be able to apply more than sequel to the data. Uh Data warehouses, just restrict. What about an ocean house? >>Yeah. Lake is kind of small. When you think about this lake, Michigan is pretty big now, I think it's I >>think it's going to go bigger than that. I think we're talking about Sky Computer, we've been a cloud computing, we're going to uh and we're going to do that because people aren't gonna put all of their data in one place, they're going to have, it spread across different amazon regions or or or amazon availability zones and you're going to want to share data and you know, we just introduced this delta sharing capability. I don't know if you're familiar with it but it allows you to share data without a sharing server directly from picking up basically the amazon, you RLS and sharing them with different organizations. So you're sharing in place. The data actually isn't moving. You've got great governance and great granularity of the data that you choose to share and data sharing is going to be the next uh >>next break. You know, I really loved the Lake House were fairly sing gateway. I totally see that. So I totally would align with that and say I bet with you on that one. The Sky net Skynet, the Sky computing. >>See you're taking it away man, >>I know Skynet got anything that was computing in the Sky is Skynet that's terminated So but that's real. I mean I think that's a concept where it's like, you know what services and functions does for servers, you don't have a data, >>you've got to be able to connect data, nobody lives in an island. You've got to be able to connect data and more data. We all know more data produces better results. So how do you get more data? You connect to more data sources, >>Howard great to have you on talk about the relationship real quick as we end up here with amazon, What are you guys doing together? How's the partnership? >>Yeah, I mean the partnership with amazon is amazing. We have, we work uh, I think probably 95% of our federal business is running in amazon's cloud today. As I mentioned, john we run across uh, AWS commercial AWS GovCloud secret environment. See to us and you know, we have better integration with amazon services than I'll say some of the amazon services if people want to integrate with glue or kinesis or Sagemaker, a red shift, we have complete integration with all of those and that's really, it's not just a partnership at the sales level. It's a partnership and integration at the engineering level. >>Well, I think I'm really impressed with you guys as a company. I think you're an example of the kind of business model that people might have been afraid of which is being in the cloud, you can have a moat, you have competitive advantage, you can build intellectual property >>and, and john don't forget, it's all based on open source, open data, like almost everything that we've done. We've made available to people, we get 30 million downloads of the data bricks technology just for people that want to use it for free. So no vendor lock in. I think that's really important to most of our federal clients into everybody. >>I've always said competitive advantage scale and choice. Right. That's a data bricks. Howard? Thanks for coming on the key, appreciate it. Thanks again. Alright. Cube coverage here in Washington from face to face physical event were on the ground. Of course, we're also streaming a digital for the hybrid event. This is the cubes coverage of a W. S. Public sector Summit will be right back after this short break.

(bright upbeat music) >> Hey, welcome to theCUBE's coverage of Pure Accelerate 2021. I'm Lisa Martin, please stay welcoming back one of our alumni Murli Thirumale is here, the VP & GM of the Cloud Native Business Unit at Pure Storage, Murli, welcome back. >> Lisa, it's great to be back at theCUBE, looking forward to discussion. >> Likewise, so it's been about six months or so since the Portworx acquisition by Pure Storage, give us a lay of the land, what's been going on? What are some of the successes, early wins, and some of the lessons that you've learned? >> Yeah, this is my third time being in Cloud, being a serial entrepreneur. So I've seen this movie before, and I have to say that this is really a lot of good anticipation followed by actually a lot of good stuff that has happened since, so it's been really a great ride so far. And when, let me start with the beginning, what the fundamental goal of the acquisition were, right? The couple of major goals, and then I can talk about how that integration is going. Really, I think from our viewpoint, from the Portworx viewpoint, the goal of the acquisition, from our view, was really to help turbocharge in our growth, we had really a very, very good product that was well accepted and established at customers, doing well as far as industry acceptance was concerned. And frankly, we had some great reference customers and some great installs expanding pretty well. Our issue was really how fast can we turbocharge that growth because as everybody knows, for a startup, the expensive part of an expansion is really on the go-to-market and sales side. And frankly, the timing for this was critical for us because the market had moved from the Kubernetes' market, has moved from sort of the innovator stage to the early majority stage. So from the Pure side, I think this made a lot of sense for them, because they have been looking for how they can expand their subscription models, how they can move to add more value from the array based business that there really have been a wonderful disruptor and to add more value up the stack, and that was the premise of the acquisition. One of the things that I paid a lot of attention to, as anybody does in acquisitions, is not just the strategy but really to understand if there was a culture fit between the teams, because a lot of the times acquisitions don't work because of the poor culture fit. So now let me kind of fast forward little bit and say, "Hey, what we know looking back in about six to eight months into it, how has it turning out so far?" And things have been just absolutely wonderful. Let me actually start with the culture fit, because that often is ignored and is one of the most important parts, right? The resonance in the culture between the two companies is just off the charts, right? It actually starts with what I would call a dramatic kind of customer first orientation, it's something we always had at Portworx. I always used to tell our customers with a startup you end up kind of, you buy the product, but you get the team, right? That's what happens with early stage startups, but Pure is sort of the same way, they are very focused on customer. So the customer focus is a very very useful thing that pulls us together. The second thing that's been really heartwarming to see has been really the focus on product excellence. Pure made it's dramatic entry into the market using Flash, and being the best Flash-based solution, and now they've expanded into many, many different areas. And Portworx also had a focus on product excellence, and so that has kind of moved the needle forward for both of us. And then I think the third thing is really a focus on the team winning, and not just an individual, right? And look, in these COVID times, this has been a tough year for everybody, I think it's, to some extent, even as we onboard new people, it's the culture of the team, the ability to bring new people onboard, and buy the culture, and make progress, all of that is really a function of how well the team is, 'we' is greater than 'me' type of a model, and I think that both these three values of customer first, high focus on product excellence, and the value in the team, including the resellers and the customers as part of the team, has really been the cornerstone, I think, of our success in the integration. >> That's outstanding because, like you said, this is not your first rodeo launching, coming out of stealth and launching and getting acquired, but doing so during one of the most challenging times in the last 100 years in our history while aligning cultures, I think that says a lot about the leadership on the Portworx side and the Pure side. >> I have to say, right? This is one of those amazing things, many people now that having been acquired can say this, really, most of the diligence, the transactions, all of that were done over Zoom, right? So, and then of course, everything since then is we're still in Zoom paradise. And so I think it really is a testament to the modern tools and stuff that we have that enable that. Now, let me talk a little bit about the content of what has happened, right? So strategically, I think the three areas that I think we've had huge synergy and seeing the benefits are first and foremost on the product side. A little later, I'd like to talk a little bit about some of the announcements we're making, but essentially, Pure had this outstanding core storage infrastructure product, well-known in the industry, very much Flash-oriented, part of the whole all Flash era now. And Portworx really came in with the idea of driving Kubernetes and Cloud Native workloads, which are really the majority of modern workloads. And what we found since then is that the integration of having really a more complete stack, which is really centered around what used to be an IT infrastructure of purchase, and what is in fact, for Kubernetes, a more DevOps oriented purchase. And that kind of a combination of being able to provide that combo in one package is something that we've been working very hard on in the last six months. And I'll mention some of the announcements, but we have a number of integrations with FlashArray and FlashBlade and other Pure products that we're able to highlight. So product integration for sure has been an area of some focus, but against a lot of progress. The second one is really customer synergy. I kind of described to our team when we got acquired, I said it's, for us, it's, being acquired by Pure is like strapping a rocket ship to ourselves as a small company, because we now have access to a huge customer footprint. Pure has over 8,000 customers, hugely amazingly high, almost unbelievable NPS score with customers, one of the best in the IT industry. And I think we are finding that with the deployment of containers becoming more ubiquitous, right? 80, 90% of customers in the enterprise are adopting Kubernetes and Containers. And therefore these 8,000 customers are a big huge target, they got a big target sign for both of us to be able to leverage. And so we've had a number of things that we're doing to address and use the Pure sales team to get access to them. The Pure channel of course is also part of that, Pure is 100% channel organization, which is great. So I think the synergy on the customer side with being able to have a solution that works for infrastructure and for DevOps has been a big area. In this day and age, Kubernetes is an area, for many of your listeners who are very, very familiar with Kubernetes, customers struggle, not just with day zero, but day one, day two, day three, right? It's how do you put it in production. And support, and integrating, and the use of Kubernetes and containers, putting that stack together is a big area. So support is a big area of pain for customers, and it's an area that, again, for a Portworx viewpoint, now we've expanded our footprint with a great support organization that we can bring to bear 24 by seven around the globe. Portworx is running on a lot of mission critical applications in big industries like finance and retail, and these types of things, really, support is a big area. And then the last thing I will just say is the use cases are usually synergistic, right? And we'll talk a little bit more about use cases as we go along here, but really there's legacy apps, right? In an interesting way, there's 80% of, IT spending is still on legacy apps, if you will, in that stack. However, 80% of all the new applications are being deployed on this modern app stack, right? >> Right. >> With all these open-source type of products and technologies. And most of that stack, most of the modern app stack is containerized. The 80, 85% of those applications really are where customers have chosen containers and Kubernetes as the as the mechanism to deliver those apps. And therefore Pure products like FlashBlade were very, very focused with fast recovery for these kind of modern apps, which are the stack of AI, and personalization, and all the modern digital apps. And I think those things can align well with the Portworx offering. So really around the areas of culture, customers, product synergy, support, and finally use cases, are all kind of been areas of huge progress for us. >> It also seems to me that the Portworx acquisition gives Pure a foray, a new buying center with respect to DevOps, talk to me a little bit about that as an opportunity for Pure. >> Yeah, the modern world is one where the enterprise itself has segmented into whole lot of new areas of spending and infrastructure ownership, right? And in the old days it used to be the network, storage, compute, and apps, sort of the old model of the world. And of course the app model has moved on, and then certainly there's a lot of different ways, web apps, the three tier apps, and the web apps, and so on. But the infrastructure world has morphed really into a bunch of other sub-segments, and some of it is still traditional hardware, but then even that is being cloudified, right? Because a lot of companies like Pure have taken their hardware array offerings and are offering that as a cloud-like offering where you can purchase it as a service, and in fact, Pure is offering a set of solutions called Evergreen that allow you to not even, you're just under subscription, you get your hardware refresh bundled in, very, very innovative. So you have now new buying centers coming in, in addition to the old traditional IT, there is sort of this whole, what used to be in the old ways called middleware, now has kind of morphed into this DevSecOps set of folks, right? Which is DevOps it's ITOps, and even security is a big part of that, the CISO Organization has that kind of segment. And so these buying centers often have new budgets, right? It turns out that, for example, to contrast, the Portworx budget really comes from entirely different budget, right? Our top two budget sources are usually CIO initiatives, they're not from the traditional storage budget, it comes from things like move to cloud or business transformation. And those set of folks, that set of customers, is really born in a different era, so to speak. You know, Lisa, they come, and I come from the old world, so I would say that I'm kind of more of an oldie, hopefully a Goldie, but an oldie. These folks are born in the post-DevOps, post-cloud, post-open-source world, right? They are used to brand new tools, get-ops, the way that everything's run on the cloud, it's on demand. So what we bring to Pure is really the ability to take their initiatives, which were around infrastructure, and cloudifying infrastructure to now adding two layers on top of that, right? So what Portworx adds to Pure is the access to the new automation layer of middleware. Kubernetes is nothing but really an automation of model for containers and for infrastructure now. And then the third layer is on top of us, is what I would call SaaS, the SaaSified layer, and as a service layer. And so we bring the opportunity to get those SaaS-like budgets, the DevOps budgets, and the DevOps and the SaaS kind of buyers, and together the business has very different models to it. In addition to not just a different technologies, the buying behavior is different, it's based on a consumption model, it's a subscription business. So it really is a change for new budgets, new buyers, and new financial models, which is a subscription model, which as you know, is valued much more highly by Wall Street nowadays compared to say some of the older hardware models. >> Well, Murli, when we talk about storage, we talk about data or the modern data experience. The more and more data that's being produced, the more value potentially there is for organizations, I think we saw, we learned several lessons in the last year, and one of them is that being able to glean insights from data in real-time or near real-time is, for many businesses, no longer a nice to have, it's really table stakes, it was for survival of getting through COVID, it is now in terms of identification of new business models, but it elevates the data conversation up to the C-suite, the board going, "Is our data protected? Is it secure? Can we access it?" And, "How do we deliver a modern data experience to our customers and to our internal employees?" So with that modern data experience, and maybe the elevation about conversation lengths, talk to me about some of the things that you're announcing at Accelerate with respect to Portworx. >> Yeah, so there are two sets of announcements. To be honest actually, this is a pretty exciting time for us, we're in theCUBE Cone time and the Accelerate time. And so let me kind of draw a circle around both those sets of announcements, if you will, right? So let's start perhaps with just the sets of things that we are announcing at Accelerate, right? This is kind of the first things that are coming up right now. And I'll tell you, there are some very, very exciting things that we're doing. So the majority of the announcements are centered around a release that we have called 2.8, so Portworx says, "We've been in the market now for well over five years with the product that really has been well deployed in very large global 2K enterprises." So the three or four major announcements, one of them is what I was talking about earlier, the integration of true Kubernetes applications running on Pure Storage. So we have a Cloud Native, a Native implementation of Portworx running on FlashArray and FlashBlade, where essentially when users now provision a container volume to Portworx, the storage volumes are magically created on FlashArray and FlashBlade, right? It's the idea of, without having to interface, so a DevOps engineer can deploy storage as code by provisioning volumes using Kubernetes without having to go issue a trouble ticket or a service ticket for a PureArray. And Portworx essentially access a layer between Kubernetes and the PureArray, and we allow configuration of volumes on the storage volumes of the PureArray directly. So essentially now on FlashArray, these volumes now receive the full suite of Portworx Storage Management features, including Kubernetes DR, backup, security, auto scaling, and migration. So that is a first version of this integration, right? The second one, it's, I am, is a personal favorite of mine, it's very, very exciting, right? When we came into Pure, we discovered that Pure already had this software solution called Pure as a service, it was essentially a Pure1 service that allowed for continuous call home, and log and diagnostic information, really an awesome window for customers to be able to see what their array utilization is like, complete observability, end-to-end on capacity, what's coming up, and allowed for proactive addressing of outages, or issues, or being able to kind of see it before it happen. The good news now is Portworx is integrated with Pure1, and so now customers have a unified observability stack for their Kubernetes applications using Portworx and FlashArray and FlashBlade in the Pure1 portal. So we are in the Pure1 portal now really providing end-to-end troubleshooting of issues and deployment, so very, very exciting, something that I think is a major step forward, right? >> Absolutely, well that single pane of glass is critical for management, so many companies waste a lot of time and resources managing disparate disconnected systems. And again, the last year has taught us so many businesses, there wasn't time, because there's going to be somebody right behind you that's going to be faster and more nimble, and has that single pane of glass unified view to be able to make better decisions. Last question, really, before we wrap here. >> Yeah. >> I can hear your momentum, I can feel your momentum through Zoom here. Talk to me about what's next, 'cause I know that when the acquisition happened about, we said six months or so ago, you said, "This is a small step in the Portworx journey." So what's ahead? >> Lisa, great question. I can state 10 things, but let me kind of step up a little bit at the 10,000 foot level, right? In one sense, I think no company gets to declare victory in this ongoing battle and we're just getting started. But if I had to kind of say, "What are some of the major teams that we have been part of and have been able to make happen in addition to take advantage of?" Pure obviously took advantage of the Flash wave, and they moved to all Flash, that's been a major disruptor with Pure being the lead. For Portworx, it has been really the move to containers and data management in an automated form, right? Kubernetes has become sort of not just a container orchestrator looking North, but looking southbound, is orchestrating infrastructure, we are in the throws of that revolution. But if you think about it, the other thing that's happening is all of this is in the service of, if you're a CIO, you're in the service of lines of businesses asking for a way to run their applications in a multicloud way, run their applications faster. And that is really the, as a service revolution, and it feels a little silly to almost talk about it as a service in that it's this late in the Cloud era, but the reality is that's just beginning, right? As a service revolution dramatically changed the IaaS business, the infrastructure business. But if you look at it, data services as a, data as a service is something that is what our customers are doing, so our customers are taking Pure hardware, Portworx software, and then they are building them into a platform as a service, things like databases as a service. And what we are doing, you will see some announcements from us in the second half of this year, terribly exciting, I just can't wait for it, where we're going to be actually moving forward to allow our customers to more quickly get to data services at the push of a button, so to speak, right? So- >> Excellent. >> The idea of database as a service to offer messaging as a service, search as a service, streaming as a service, and then finally some ML kind of AI as a service, these five categories of data services are what you should be expecting to see from Portworx and Pure going forward in the next half. >> Big potential there to really kick the door wide open on the total adjustable market. Well, Murli, it's been great to have you on the program, I can't wait to have you on next 'cause I know that there's so much more, like I said, I can feel your momentum through our virtual experience here. Thank you so much for joining us and giving us the lay of the land of what's been happening with the Portworx acquisition and all of the momentum and excitement that is about to come, we appreciate your time. >> Thank you, Lisa. Cheers to a great reduced COVID second half of the year. >> Oh, cheers to that. >> Yeah cheers, thanks. >> From Murli Thirumale, I'm Lisa Martin, you're watching theCUBE's coverage of Pure Accelerate. (bright upbeat music)

[Music] from the cube studios in palo alto in boston bringing you data-driven insights from the cube and etr this is breaking analysis with dave vellante top security pros indicate that the solar winds hack on top of the pandemic have further heightened a change in how they think about security not only musciso secure an increasingly distributed workforce and network infrastructure but they now must be wary of software code coming from reputable vendors including the very patches designed to protect them against cyber attacks hello everyone and welcome to this week's wikibon cube insights powered by etr in this breaking analysis we'll summarize cso sentiments from a recent etr venn session and provide our quarterly update of the cyber security sector now in an upcoming episode we'll be inviting eric bradley of etr to provide deeper analysis and insights on these trends but we wanted to give you a preliminary preview of what's happening in the sector as we start off 2021. now the solar winds attack was like nothing we've ever seen before it's been covered quite widely in the press but in case you don't know the details solarwinds is a company that provides software to monitor many aspects of largely on-prem infrastructure including things like network performance log files configuration data storage servers and the like now as with all software companies solarwinds sends out regular updates and patches hackers were able to infiltrate the update and trojanize the software meaning when customers installed the updates the malware just went along for the ride now the reason this is so insidious is that often hackers they're going to target installations that haven't installed patches or updates and identified vulnerabilities in the infrastructure that haven't been addressed doors that are open that haven't been closed if you will now here the very code designed to protect against the breach actually facilitated that breach now according to experts this was quite a sophisticated attack that most believe was perpetrated by the russian hacker group cozy bear an advanced persistent threat or apt as classified by the u.s government now it's suspected that somehow they fished their way into a github repo and stole username and password access to allow them to penetrate the supply chain of software that's delivered over the internet but public information on this attack it's still spotty people are still learning now what is known is that the attackers have been lurking since march of last year and they exfiltrated lots of information from the u.s government and many other high-profile companies now here's what the csos and the etr van had to say about it let me just read some of the quotes the impact of this breach is profound it really turned a lot of heads and conventions about cyber security i don't think this threat has been exaggerated in the media we're now in a situation where we have to monitor the monitors this attack didn't have any signatures of a previous attack so you got down to the code level 80 to 90 of that code is being downloaded from the internet it's bringing devops security processes and making us rethink how to reinvent security and i'll add my business friend val berkovici said to me on twitter last year that he thinks the government hack is going to have permanent implications on how organizations approach cyber security it seems these cisos agree now the one question is what can be done about this and when you talk to security pros they'll definitely tell you they're rethinking security practices but look there's only so much you can do here's a tag cloud summarizing some of what we hear in the cube community and in the venn from etr practitioners you hear a lot about xero trust many csos are really leaning into identity access management and pam and mandates around two-factor authentication we've talked a lot about firms like octa sale point cyber arc software and microsoft is coming up more and more in this conversation especially as octa is seen as setting a price umbrella there's definitely some frustration amongst csos about octa's pricing strategies and auth 0 which does authentication as a service that's hitting our radar as well now of course endpoint security is something we've talked a lot about as the work from home trend hit during the pandemic it's become much much more important and you can see in the growth of crowdstrike and as you see in a moment we're getting some traction with vmware and carbon black in the survey data and of course titanium is another company that we've talked about csos look they're not just going to rip out what they have so companies like cisco especially with umbrella and duo they come up in the conversation as does palo alto networks we've said many times palo alto is seen as a thought leader csos like them they also like fortinet especially those that may be more cost cost conscious we see that a lot in mid-market and so on with analytics micro-segmentation cloud security with z-scaler and even rpa to automate certain tasks uipath has come up in the conversation more and more in a security context so you look at this tag cloud and there's no one answer as is often the case case with cyber security lots of tools lots of disciplines and a very capable adversary who has learned to as they say live off the land using your own infrastructure and tooling against you now the common narrative is that security is a top priority with cios and csos and budgets are going to be up so let's take a look at that well kind of here's a chart that shows the net scores or spending momentum for various sectors of the etr tech taxonomy and we've highlighted the information security segment yes it's up relative to the october survey but it really doesn't stand out i mean everything's up as we've reported coming off a down year in tech spending minus four percent last year and we're forecasting a plus six to seven percent increase this year really depending on on the pace of their recovery but the point is cyber is one of many budget organizations and organizations they're simply not going to open up a blank check to the cso now part of the reason is they're heavily invested in cyber this graphic shows several sectors in context and we've highlighted security in the red box the vertical axis that shows spending velocity and the horizontal axis is market share or presence in the data set and you can see the security it's got a big presence it's pervasive of course but it lags some of the top sectors in terms of spending velocity because look organizations they've got lots of priorities and as you'll see in a moment this space like most mature markets has some companies with off the charts spending patterns and others that lag so let's dig into that a little bit here you see that same xy graphic and we've plotted a number of security players so there's a couple of points here that we want to make first microsoft as usual is off the charts to the right and amazingly has a net score of 48 percent so highly elevated octa continues to lead this pack in net score as it has the last several surveys it's got a net score of 61.5 percent up from last quarter survey octa crowdstrike cyberark fortinet proof point and splunk are all up nicely from last quarter's survey we also really want to highlight carbon black the company's net score last quarter was 23.9 percent with 134 mentions in this quarter its net score shot up to nearly 38 so a very meaningful and noticeable move for vmware's 2.1 billion dollar acquisition that it made in the summer of 2019. so a number of companies that have momentum which stems from a rebound in tech spending but also a shift in security spend that we've highlighted and you can see a couple of legacy security firms that are also there in the chart losing momentum we've highlighted fireeye and rsa okay so now let's dig deeper into the data and the vendor performance here's a view of the data that we first showed you in 2019 it shows the net score and the shared n which identifies the number of mentions within the sector and it's an indicator of presence in the marketplace the leftmost chart is sorted by netscore and the right-hand chart is sorted by shared n so to make this chart you had to have at least an n of 50 in the survey again you can see octa sale and sale point lead in net score and microsoft has the biggest presence in the right hand side along with cisco and palo alto and something we started two years ago was if a vendor shows up in the top 10 for both net score and shared n we anointed them with four stars so these are the four star companies microsoft palo alto octa and crowdstrike which crouch by the way it fell off but it's back on and i think that was probably a survey anomaly because based on the company's financials there has been no loss of momentum for crowdstrike and we give two stars to those companies that make the top 20 in both categories so cisco because of umbrella and duo splunk proofpoint fortinet z z-scaler cyborg and carbon black vmware carbon black is new to the two-star list due to its rapid rise in net score that we just talked about now just a quick aside on carbon black at vmworld 2019 pat gelsinger told john furrier and me that he felt like he got a great deal picking up carbon black for 2.1 billion dollars now his logic was in part based on the valuation of crowdstrike at the time which is of course carbon black competitor crowdstrike as you can see on this chart had a valuation that was at nine times higher than that of carbon black and you can see from the trailing 12-month revenue that crowdstrike was a significantly larger company by more than 100 million dollars in revenue so the real story though was the company's growth crowdstrike at the time was growing much much faster than carbon black at more than a hundred percent compared to carbon blacks 22 roughly now in vmware's recent earnings call they said that carbon black had good bookings performance so who knows exactly what that means but if it were more than 22 my guess is that vmware vmware would have been more effusive in its commentary so let's assume that since the acquisition carbon black growth has been flattish you know maybe down maybe up but probably flat so vmware they're figuring out how to integrate the company and we think that as it does that it's going to use its channel of distribution and global presence to really drive carbon black sales now nonetheless we would still peg carbon black's valuation of having increased pretty substantially since the time of the acquisition perhaps in the three to five billion range we don't know for sure so but a nice pickup in our view for vmware and it'll likely grow from here based on the etr data then that's very encouraging for carbon black now let's look at how the valuations in this sector have changed since before covid here's an updated view of our valuation matrix since just before the pandemic hit in the u.s as you can see the s p is up 16 from that time frame the nas composite up 43 percent wow now look at the others only splunk really hasn't seen a huge uptick in valuation but the others have either risen noticeably like proof point cyber arc sail point they bounced up like palo alto or fortinet or exploded like crowd chat octa and z scalar you combine all these and you're talking about 114 billion dollar increase in market cap for these so one would think carbon black as a vmware asset has done pretty well along with these names and we would expect that the tech spending rebound this year combined with the heightened concerns over the solar winds hack and the tectonic shifts from the accelerated work from home and digital business transformations will continue to bode well for many of these names for quite some time all right let's wrap it up with some of the things we're watching in this space as we exit the pandemic and experience a new digital reality cyber threats have never been greater look each january if you look back on the prior year you'd be able to say the same thing for the last couple of decades and the reality is the budgets and spending on cyber they're asymmetric to the economic risks we just don't spend enough and probably can't spend enough to solve this problem csos they have to balance their legacy legacy install base security infrastructure with the shift to zero trust accelerated endpoint new access management challenges the ever expanding cloud and dot dot dot lack of talent remains the single biggest challenge for organizations which are stretch thin making investments in automation a trend that is not going to abate anytime soon in cyber all the cliches apply there is no silver bullet there is no rest for the weary the adversary they are well funded and extremely capable and they only have to succeed once to create a business disaster for an organization that has to succeed every day 24 hours a day so expect more of the same with no end in sight in terms of complexity fragmentation and whack-a-mole approaches to fighting cyber crime i hate to say this but it just means the fundamentals for the sector just keep getting better and better sorry okay that's it for this week remember all these episodes are available as podcasts wherever you listen so please subscribe i publish weekly on wikibon.com and siliconangle.com and don't forget to check out etr.plus for all the survey data and the analytics i appreciate the comments on my linkedin post you can dm me at [Music] you

>> Narrator: From the CUBE Studios in Palo Alto, in Boston. Connecting with thought leaders all around the world, this is a CUBE Conversation. >> Hi, everybody. Welcome to the special Cube Conversation. With COVID-19 hitting, organizations really had to focus on business resiliency, and we've got two great guests here to talk about that topic. Bob Bender's the chief technology officer at Founders Federal Credit Union. And he's joined by Jim Shook, who is the director of cybersecurity and compliance practice at Dell Technologies. Gentlemen, thanks for coming on the CUBE, great to see you. >> Thanks, Dave, great to see you, thank you. So, Bob, let's start with you, give us a little bit of background on Founders and your role. >> Founders Federal Credit Union is a financial institution that has about 225,000 members, serving them in 30 different locations, located in the Carolinas. I serve as chief technology officer bringing in the latest technology and cyber resilient direction for the company. >> Great. And Jim, talk about your role. Is this a new role that was precipitated by COVID or was this something that Dell has had for a while? Certainly relevant. >> It's actually been around for a while, Dave. The organization invested in this space going back about five years, I founded the cyber security and compliance practice. So really, my role is most of the time in the field with our customers, helping them to understand and solve their issues around the cyber resilience and cyber recovery field that we're talking about. But I also, to do that properly, spend a lot of time with organizations that are interested in that space. So it could be with an advisory partner, could be the FBI, might be a regulator, a particular group like Sheltered Harbor that we've worked with frequently. So it's just really, as you point out, taken off first with ransomware a couple of years ago, and then with the recent challenges from work from home in COVID. So we're really helping out a lot of our customers right now. >> Bob, I've talked privately to a number of CIOs and CSOs and many have said to me that when COVID hit that their business continuance was really much too (voice cuts out) Now, you guys actually started your journey way back in 2017. I wonder if you could take us back a few years and what were the trends that you were seeing that precipitated you to go on this journey? >> Well, I think we actually saw the malware, the horizon there. And I'll take you back a little further 'cause I just love that story is, when we looked at the relationship of Dell EMC, we talked to the 1% of the 1%, who is protecting their environment, their data capital, the new critical asset in our environment. And Dell EMC was the top of the line every time. When we looked at the environment and what it required, to put our assets under protection, again, we turned to Dell EMC and said, where do we need to go here? You look at this Mecklenburg County, you look at the city of Atlanta, you look at Boeing and I hate to use the examples, but some very large companies, some really experienced companies were susceptible to this malware attacks that we just knew ourself it was going to change us. So the horizon was moving fast and we had to as well. >> Well, you were in a highly regulated industry as well. How did that factor into the move? Well, you're exactly right. We had on our budget, our capital budget horizon, to do an air gap solution. We were looking at that. So the regulatory requirements were requiring that, the auditors were in every day talking about that. And we just kept framing that in what we were going to do in that environment. We wanted to make sure as we did this purpose built data bunker, that we looked at everything, talk to the experts, whether that was federal state regulation. You mentioned Sheltered Harbor, there's GDPR. All these things are changing how are we going to be able to sustain a forward look as we stand this environment up. And we also stood up a cyber security operations center. So we felt very confident in our Runbooks, in our incident response, that you would think that we would be ready to execute. I'll share with you that we reached out every which way and a friend called me and was actually in a live ransomware event and asked if I wanted to come on to their site to help them through that incident. We had some expertise on our staff that they did not possess at that time. So going into that environment, spending 30 hours of the last 72 hours of an attack we came back changed. We came back changed and went to our board and our executives and said, "We thought we knew what we were doing." But when you see the need to change from one to 10 servers recovery to 300 in 72 hours, we just realized that we had to change our plan. We turned to the investment we had already made and what we had looked at for some time, and said, "Dell EMC, we're ready to look at that "PowerProtect Cyber Recovery solution. "How can you stand this up very quickly?" >> So, Jim, Bob was saying that he looked at the 1% of the 1%, so these guys are early adopters, but anything you can add to that discussion in terms of what you saw precipitate the activity, let's go pre-COVID, certainly ransomware was part of that. Was that the big catalyst that you saw? >> It really was. So when we started the practice, it was following up on the Sony Pictures attack, which only hit Sony in that. But it was unique in that it was trying to destroy an organization as opposed to just steal their data. So we had financial industry really leading the way, the regulators in the financial industry saying, "Gosh, these attacks could happen here "and they would be devastating." So they led the way. And as our practice continued, 2016 became the year of ransomware and became more prevalent, with the attackers getting more sophisticated and being able to monetize their efforts more completely with things like cryptocurrencies. And so as we come around and start talking to Bob, he still was well ahead of the game. People were talking about these issues, starting to grow concerned, but didn't really understand what to do. And Dave, I know we'll get to this a little bit later, but even today, there's quite a bit of disconnect, many times between the business, understanding the risks of the business and then the technology, which really is the business now, but making those pieces fit together and understanding where you need to improve to secure against these risks is a difficult process. >> Well, I think I'd love to come back to Bob and try to understand how you pitch this to the board, if you will, how you made the business case. To Jim's point, the adversaries are highly capable. It's a lucrative business. I always talk to my kids about ROI numerator and denominator. If you can raise the denominator, that's going to lower the value. And that's the business that you're in is making it less attractive for the bad guys. But how did you present this to the board? Was it a board level discussion? >> It was, exactly. We brought Dell EMC PowerProtect Cyber Recovery solution to them and said, not only you're experiencing and seeing in the news daily, these attacks in our regions, but we have actually gone out into an environment and watch that attack play out. Not only that is when we stepped away, and we ran through some tabletops with them and we stepped away. And we said, "Are you okay? "Do you know how it got in? "Are you prepared to protect now and detect that again?" Within 30 days, they were hit again by the same ransomware attacks and hackers. So I hate to say this, but I probably fast forwarded on the business case and in the environment, the horizon around me, players, they made my case for me. So I really appreciated that top down approach. The board invested, the executive invested, they understood what was at risk. They understood that you don't have weeks to recover in the financial institution. You're dealing with hundreds of thousand transactions per second so it made my case. We had studied, we had talked to the experts. We knew what we wanted. We went to Dell EMC and said, "I have six months and here's my spend." And that's from equipment hitting our CoLOS and our data centers, standing it up, standing up the Runbooks and it's fully executed. And I wanted an environment that was not only holistic. We built it out to cover all of our data and that I could stand up the data center within that environment. I didn't need another backup solution. I needed a cyber recovery environment, a lifestyle change, if you would say. It's got to be different than your BCP/DR. While it inherits some of those relationships, we fund it with employees separately. We treated the incident response separately, and it is really benefited. And I think we've really grown. And we continue to stress that to educate ourselves not only at the board level, but a bottom up approach as well with the employees. 'cause they're a part of that human firewall as well. >> I think you've seen this where a lot of organizations, they do a checkbox on backup or as I was saying before, DR. But then in this world of digital, when a problem hits, it's like, "Oh-oh, we're not ready." So I wonder Jim, if we can get into this solution that Bob has been talking about the Dell EMC PowerProtect Cyber Recovery solution, there's a mouthful there. You got the power branding going on. What is that all about? Talk to us about the tech that's behind this. >> It's something that we've developed over time and really added to in our capability. So at its core, PowerProtect Cyber Recovery is going to protect your most critical data and applications so that if there is a cyber attack, a ransomware or destructive attack, they're safe from that attack. And you can take that data and recover the most important components of the business. And to do that, we do a number of things, Dave. The solution itself takes care of all these things. But number one is we isolate the data so that you can't get there from here. If you're a bad actor, even an insider, you can't get to the data because of how we've architected. And so we'll use that to update the critical applications and data. Then we'll lock that data down. People will use terms like immutability or retention lock. So we'll lock it down in that isolated environment, and then we'll analyze it. So it's one thing to be able to protect the data with the solution, it's another, to be able to say that what I have here in my data vault, in my air gapped isolated environment is clean. It's good data. And if there was an attack, I can use that to recover. And then of course over time, we've built out all the capabilities. We've made it easier to deploy, easier to manage. We have very sophisticated services for organizations that need them. And then we can do a much lighter touch for organizations that have a lot of their built in capabilities. At its core, it's a recover capability so that if there was an attack that was unfortunately successful, you don't lose your business. You're not at the mercy of the criminals to pay the ransom. You have this data and you can recover it. >> So Bob, talk to us about your objectives going into this. It's more than a project. It really is a transformation of your resiliency infrastructure, I'll call it. What were your objectives going in? A lot of companies are reacting, and it's like, you don't have time to really think. So what are the objectives? How long did it take? Paint a picture of the project and what it looked like, some of the high level milestones that you were able to achieve. >> Well, I think several times Dell EMC was able to talk us off the edge, where it really got complicated. The Foundation Services is just one of your more difficult conversations, one of the top three, definitely, patch management, notification, and how you're going to rehydrate that data, keeping that window very small to reduce that risk almost completely as you move. I think other area this apply is that we really wanted to understand our data. And I think we're on a road to achieving that. It was important that if we were going to put it into the vault, it had a purpose. And if we weren't going to put it in a vault, let's see why would we choose to do that? Why would we have this data? Why would we have this laying around? Because that's a story of our members, 225 stories. So their ability to move into financial security, that story is now ours to protect. Not only do we want to serve you in the services and the industry and make sure you achieve what you're trying to, but now we have that story about you that we have to protect just as passionately. And we had that. I think that was two of the biggest things. I think the third is that we wanted to make sure we could be successful moving forward. And I'll share with you that in the history of the credit union, we achieved one of the biggest projects here, in the last two years. That umbrella of the Cyber Recovery solution protection was immediate. We plugged in a significant project of our data capital and it's automatically covered. So I take that out of the vendor of responsibility, which is very difficult to validate, to hold accountable sometimes. And it comes back under our control into this purpose built data security and cyber resilient, business strategy. That's a business strategy for us is to maintain that presence. So everything new, we feel that we're sized, there's not going to be a rip and replace, a huge architectural change because we did have this as an objective at the very beginning. >> Tim, when you go into a project like this, what do you tell customers in terms of things that they really should be focused on to have a successful outcome? >> I'm going to say first that not everybody has a Bob Bender. So we have a lot of these conversations where we have to really start from the beginning and work through it with our customers. If you approach this the right way, it's really about the business. So what are the key processes for your business? It can be different from a bank than from a hospital than from a school point. So what are the key things that you do? And then what's the tech that supports that and underlies those processes? That's what we want to get into the vault. So we'll have those conversations early on. I think we have to help a lot of organizations through the risks too. So understand the risk landscape, why doing one or two little things aren't really going to protect you from the full spectrum of attackers. And then the third piece really is, where do we start? How do we get moving on this process? How do we get victory so that the board can understand and the business can understand, and we can continue to progress along the way? So it's always a bit of a journey, but getting that first step and getting some understanding there on the threat landscape, along with why we're doing this is very important. >> So, Bob, what about any speed bumps that you encountered? What were some of those? No project is ever perfect. What'd you run into? How'd you deal with it? >> Well, I would say the Foundation Services were major part of our time. So it really helped for Dell EMC to come and explain to us and look at that perimeter and how our data is brought into that and size that for us and make sure it's sustainable. So that is definitely, could be a speed bump that we had to overcome. But today, because of those lifts, those efforts invested the Runbooks, the increase in new products, new data as our business organically grows is a non-event. It's very plug and play and that's what we wanted from the start. Again, you go back to that conversation at 1% of the 1%, it's saying, who protects you? We followed that. We stayed with the partner we trusted, the horizon holistically has come back and paid for itself again and again. So speed bumps, we're just enjoying that we were early adapters. I don't want to throw anybody out there, but you look about two weeks ago, there was a major announcement about an attack that was successful. They got them with ransomware and the company paid the ransom. But it wasn't for the ransomware, it was for the data they stole so that they would delete it. That's again, why we wanted this environment is we needed time to react in the case that these malwares are growing much faster than we're capable of understanding how they're attacking. Now it's one, two punch, where's it going to be? Where is it going to end? We're not going to likely be patient zero, but we're also not going to have to be up at night worrying that there's a new strain out there. We have a little time now that we have this secure environment that we know has that air gap solution that was built with the regulatory consideration, with the legal considerations, with the data capital, with the review of malware and such. You can go back in time and say, "Scan to see if I have a problem. So again, the partnership is while we focus on our business, they're focusing on the strategy for the future. And that's what we need. We can't be in both places at once. >> How long did the project take from the point of which you agreed, signed the contract to where you felt like you were getting value out of the solution? >> Six months. >> Really? >> We were adamant. I'd put it off for a year and a half, that's two budget cycles basically is what it felt. And then I had to come back and ask for that money back because we felt so passionate that our data, our critical data didn't need to be at that risk any longer. So it was a very tight timeline. And again, product on prem within six months. And it was a lot of things going on there. So I just wasn't idle during that time. I was having a conversation with Dell EMC about our relationship and our contracts. Let's build that cyber resilience into the contract. Now we've got this, PowerProtect Cyber Recovery environment, let's build it here where you also agree to bring on extra hardware or product if I need that. Let's talk about me being on a technology advisory panel So I can tell you where the pricing of the regulations are going, so you can start to build that in. Let's talk about the executive board reporting of your products and how that can enable us. We're not just talking about cyber and protecting your data. We're talking about back then 60% of your keep the lights on IT person will spend with auditors, talking about how we were failing. This product helped us get ahead of that to now where we're data analytic. We're just analysts that can come back to the business table and say, "We can stand that up very quickly." Not only because of the hardware and the platform solution we have, but it is now covered with a cyber resilience of the the cyber security recovery platform. >> I want to ask you about analytics. Do you feel as though you've been able to go from what is generally viewed as a reactive mode into something that is more anticipatory or proactive using analytics? >> Well, I definitely do. We pull analytics daily and sometimes hourly to make sure we're achieving our KPIs. And looking at the KRIs, we do risk assessments from the industry to make sure if our controls layer of defenses are there, that they will still work what we stood up three years ago. So I definitely think we've gone from an ad hoc rip and replace approach to transformation into a more of a threat hunting type of approach. So our cyber security operation center, for us, is very advanced and is always looking for opportunities not only to improve, to do self-assessments, but we're very active. We're monetizing that with a CUSO arm of the credit union to go out and help others where we're successful, others that may not have that staff. It's very rewarding for us. And I hate to say it sometimes it's at their expense of being in-evolved in the event of a ransomware attack or a malware event. We learned so much the gaps we have, that we could take this back, create Runbooks and make the industry stronger against these types of attacks. >> Well, so Jim, you said earlier, not every company has a Bob Bender. How common is it that you're able to see customers go from that reactive mode into one that is proactive? Is that rare or is it increasingly common? It can't be a 100%, but what are you seeing as trends? >> It's more common now. You think of, again, back to Bob, that's three plus years ago, and he's been a tireless supporter and tireless worker in his industry and in his community, in the cyber area. And efforts like those of Bob's have helped so many other organizations I think, understand the risks and take further action. I think too, Bob talks about some of the challenges with getting started in that three year timeframe, PowerProtect Cyber Recovery has become more productized, our practice is more mature. We have more people, more help. We're still doing things out there that nobody else is touching. And so we've made it easier for organizations that have an interest in this area, to deploy and deploy quickly and to get quick value from their projects. So I think between that some of the ease of use, and then also there's more understanding, I think, of what the bad actors can do and those threats. This isn't about somebody maybe having an outage for a couple of hours. This is about the very existence of a business being threatened. That if you're attacked, you might not come back from it. And there've been some significant example that you might lose hundreds of millions of dollars. So as that awareness has grown, more and more people have come on board and been able to leverage learnings from people like Bob who started much earlier. >> Well, I can see the CFO saying, "Okay, I get it. "I have no choice where we're going to be attacked. "We know that, I got to buy the insurance. You got me." But I can see the CFO saying, "Is there any way we can "get additional value out of this? "Can we use it to improve our processes and cut our costs? "Can we monetize this in some way?" Bob, what's the reality there? Are you able to find other sources of value beyond just an insurance policy? >> Definitely, Dave you're exactly right. We're able to go out there and take these Runbooks and really start to educate what cyber resilience means and what air gap means, what are you required to do, and then what is your responsibility to do it. When you take these exercises that are offered and you go through them, and then you change that perspective and go through a live event with other folks that see that after 60 hours of folks being up straight, it really changes your view to understand that there's no finish line here. We're always going to be trying to improve the product and why not pick somebody that you're comfortable with and you trust. And I think that's the biggest win we have from this is that was a Dell EMC partnership with us. It is very comfortable fit. We moved from backup and recovery into cyber resilience and cybersecurity as a business strategy with that partner, with our partner Dell, and it hasn't failed us. It's a very comforting. We're talking about quality of life for the employee. You hear that, keep the lights on. And they've really turned into professionals to really understand what security means differently today and what that quality of data is. Reports, aren't just reports, they're data capital. The new currency today of the value we bring. So how are we going to use that? How are we going to monetize that? It's changing. And then I hate to jump ahead, but we had our perimeters at 1% of our workforce remote and all of a sudden COVID-19 takes on a different challenge. We thought we were doing really good and next, we had to move 50% of our employees out in five days. And because of that Dell EMC, holistic approach, we were protected every step of the way. We didn't lose any time saying, we bought the wrong control, the wrong hardware, the wrong software. It was a very comfortable approach. The Runbooks held us, our security posture stayed solid. It's been a very rewarding. >> Well, Bob, that was my next question, actually is because you've started the journey. >> Sorry. >> No, no, it's okay. Because you started the journey early, were you able to respond to COVID in a more fast sell manner? it sounds like you just went right in. But there's nuance there, because you've got now 50% or more of the workforce working at home, you got endpoint security to worry about. You got identity access management, and it sounds like you were, "No problem. "We've got this covered." Am I getting that right? >> You're exactly right, Dave. We test our endpoints daily. We make sure that we understand what residue of data is where. And when we saw that employee shift to a safe environment, our most consideration at that time, we felt very comfortable that the controls we had in place, again, Dell and their business partners who we are going to hold true and be solid. And we test those metrics daily. I get reports back telling me, what's missing in patch management, what's missing in a backup. I'll go back to keeping BCP and cyber security separate. In the vault, we take approach of recovery and systems daily. And now that goes from maybe a 2% testing rate almost to 100% annually. So again, to your point, COVID was a real setback. We just executed the same Runbooks we had been maturing all along. So it was very comfortable for employees and it was very comfortable for our IT structure. We did not feel any service delays or outages because of that. In a day, when you have to produce that data, secure that data, every minute of every day of every year, it's very comforting to know it's going to happen. You don't push that button and nothing happens. It's executed as planned. >> Jim, did you see a huge spike in demand for your services as a result of COVID and how did you handle it? You guys got a zillion customers, how did you respond and make sure that you were taking care of everybody? >> We really did see a big spike, Dave. I think there were a couple of things going on. As Bob points out, the security posture changes very quickly when you're sending people to work from home or people remotely, you've expanded or obliterated your parameter, you're not ready for it. And so security becomes even more important and more top of mind. So with PowerProtect Cyber Recovery, we can go in and we can protect those most critical applications. So organizations are really looking at their full security posture. What can we do better to detect and protect against these threats? And that's really important. For us, we're focusing on what happens when those fail? And with that extension and people going home, and then the threat actors getting even more active, the possibilities of those failures become more possible and the risks are just in front of everybody. So I think it was a combination of all of those things. Many, many customers came to us very quickly and said, "Tell us more about what you're doing here. "How does it fit into our infrastructure? "What does it protect us against? "How quickly can we deploy?" And so there has been a huge uptake in interest. And we're fortunate in that, as you pointed out early on, Dave, we invested early here. I'm five years into the practice. We've got a lot of people, very mature, very sophisticated in this area, a lot of passion among our team. And we can go take care of all those customers. >> Bob, if you had a mulligan, thinking about this project, what would you do differently if you had a chance to do it over? >> I think I would start earlier. I think that was probably the biggest thing I regret in that realizing you need to understand that you may not have the time you think you do. And luckily, we came to our senses, we executed and I got to say it was with common sense, comfortable products that we already understood. We didn't have to learn a whole new game plan. I don't worry about that. I don't worry about the sizing of the product 'cause we did it, I feel correctly going in and it fits us as we move forward. And we're growing at an increased rate that we may not expect. It's plug and play. Again, I would just say, stay involved, get involved, know that what we know today about malware and these attacks are only going to get more complicated. And that's where I need to spend my time, my group become experts there. Why I really cherish the Dell EMC relationship is from the very beginning, they've always been very passionate on delivering products that recover and protect and now are cyber resilient. I don't have to challenge that, you pay for what you get for. And I just got to say, I don't think there's much other than I would have started earlier. So start today, don't put it off. >> So you said earlier though, you're never done, you never are, in this industry. So what's your roadmap look like? Where do you want to go from here with this capability? >> I definitely want to keep educating my staff, keep training them, keep working with Dell. Again, I tell you they're such forward thinking as a company. They saved me that investment. So if you're looking at part of the investment, it's got to be, are you with a partner that's forward thinking? So we definitely want to mature this, challenge it, keep challenging, keep working with Dell and their products to deliver more. Again, we go to the federal and state regulatory requirements. You go to the Sheltered Harbor, the ACET testing from the NCUA regulators, just software asset management. You can keep on going down the line. This product, I hate to say it, it's like the iPhone. You think about how many products the iPhone has now made not relevant. I don't even own a flashlight, I don't think. This is what the Dell product line brings to me is that I can trust they're going to keep me relevant so I can stay at the business table and design products that help our members today. >> Jim, how about from Dell's perspective, the roadmap, without giving away any confidential information, where do you want to take this? We talk about air gaps. I remember watching that documentary Zero Days and hearing them say, "We got through an air gap. "No problem." So analytics obviously plays a role in this machine intelligence, machine learning, AI. Where does Dell want to take this capability? Where do you see that going? >> We've got some things in mind and then we're always going to listen to our customers and see where the regulations are going to. And thus far, we've been ahead of those with the help of people like Bob. I think where we have a huge advantage, Dave is with PowerProtect Cyber Recovery. It's a product. So we've got people who are dedicated to this full time. We have a maturity in the organization, in the field to deliver it and to service it. And having something as a product like that really enables us to have roadmaps and support and things that customers need to really make this effective for them. So as we look out on the product, and thanks for your reminder, I don't want to risk saying anything here I'm going to get in trouble for. We look at things in three paths. One is we want to increase the ability for our customers to consume the product. So they want it in different forms. They might want it in appliances, in the Cloud, virtual, all of those things are things that we've developed and continue to develop. They want more capabilities. So they want the product to do more things. They want it to be more secure, and keeping up. As you mentioned, machine learning with the analytics is a big key for us. Even more mundane things like operational information makes it easier to keep the vault secure and understand what's going on there without having to get into it all the time. So those are really valuable. And then our third point, really, we can't do everything. And so we have great partners, whether they're doing delivery, offering cyber recovery as a service or providing secure capabilities, like our relationship with Unisys. They have a stealth product that is a zero knowledge, zero trust product that helps us to secure some of the connections to the vault. We'll keep iterating on all of those things and being innovative in this space, working with the regulators, doing things. Bob's mentioned a couple of times, Sheltered Harbor. We've been working with them for two years to have our product endorsed to their specification. Something that nobody else is even touching. So we'll continue along all those paths, but really following our customer's lead in addition to maybe going some places that they haven't thought about before. >> It's great guys. I have to fear that when you talk to SecOps pros, you ask them what their biggest challenge is, and they'll say lack of talent, lack of skills. And so this is a great example, Jim, you're mentioning it, you've productized this. This is a great example of a technology company translating, IT labor costs into R&D. And removing those so customers can spend time running their business. Bob and Jim, thanks so much for coming on the CUBE. Great story. Really appreciate your time. >> Thank you, Dave. >> Thank you, Dave. >> Thanks, Bob. >> All right. And thank you everybody for watching. This is Dave Vellante for the CUBE. We'll see you next time. (instrumental music)

>> Announcer: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is theCUBE conversation. >> Hi, everyone. Welcome to theCUBE Studios here in Palo Alto, California. I'm John Furrier, host of theCUBE. We're here for coverage of AWS Public Sector Summit. This is theCUBE Virtual with our quarantine crew going out and covering the latest posts of the Virtual Summit where our next guest is Matthew Cornelius, Executive Director for the Alliance for Digital Innovation. Matthew, thanks for joining me today for part of AWS virtual Public Sector Summit. >> That's great, thanks, John. Appreciate you having me. >> I know that John Wood and I have been talking about this organization and some of the ambition and the relevance of it. So I think it's a super important story. I want to get your thoughts on this in an unpack kind of the mission but for starters, tell us what is the Alliance for Digital Innovation? When were you formed? What's the mission? What do you do? >> Sure. Yeah, so ADI was formed about two years ago, to create a new advocacy group that could focus explicitly on getting cloud forward, commercial, highly innovative companies into the public sector. So the government technology space has traditionally been dominated by a lot of legacy vendors, folks that are very happy with vendor lock-in, folks that have an outdated business model that would not suffice in the commercial sector. So why does it have to be that way for government and ADI started with about eight members has since grown. We're approaching two dozen now. So we've had a lot of growth and I think a lot of the response that you've seen in the public sector, especially to the COVID crisis, and the response and relief efforts have made this organization and our mission more relevant now than ever. There's no way that you can go back to the previous way of doing business, so adopting all these commercials technologies, changing your business model, changing your operating model, and really use an emerging technology to deliver all these missions services is critical. >> You know, one of the things that I've been reporting on for many, many years is this idea of modernization. Certainly on the commercial side with cloud, it's been really important and Amazon has done extremely well, from a business standpoint. We all know that where that's going. The issue that's happening now is the modernization is kicking in. So the government has started to move down this track, we've seen the procurement start to get more modernized. Move from buying manuals to actually having the modern stuff and in comes COVID-19. You couldn't have accelerated, you couldn't have pulled the future forward fast enough to an already struggling federal government, in my opinion, and I've talked to many people in DC and the young crowd saying, "Hey, old government get modern", and then this comes. It's almost like throwing the rock on your back and you're sinking. This is a problem. What's your take on this? Because you're trying to solve a problem with modernizing, but now you got COVID-19 coming in, it compounds the complexity and the challenge. What's your chosen reaction to that? >> Yeah, so it there's a multifaceted response to this. So part of it is what I like to say is the government's done more in the past four months than it's done in the past 14 years when it comes to modernization and adopting commercial capabilities. I think with individual agencies, you've seen those those agencies, I will name a couple like the Small Business Administration, the General Services Administration, where I used to work, folks that were already heavily invested in cloud, heavily invested in modern digital tools and modern digital processes, they were able to weather this storm and to deal especially in SPS case, with a dramatic increase in their mission. I mean, running the paycheck Protection Program is something unlike an organization that size has ever seen. And from a technology standpoint, they have a lot of good stories that are worth telling and I think it's because they were so cloud forward. I think one of the other interesting points that as really come to light over the past four months is so many of the issues around modernization were cultural. Now, of course, there are some that are legal, there's acquisition, there's the way agencies are appropriated and financed and the way they can spend their money, but by and large, all of these agencies had to move to maximum telework, they had to get rid of all of these outdated on premise processes, these paper based processes that they had. And although surely there were some bumps in the road, and that was not easy, especially for these folks working around the clock to keep their agencies operational to make sure citizens are getting the services, they need, especially during this crisis, I think there's a lot of great success stories that you see there and because of this, no one even if they're allowed to go back into the office or when they're allowed to go back in the office, people are going to understand how much more productive they are, how much more technologically capable they are. And that's not just CIO officers that's people on programs in the front lines delivering services that mission response. We've really seen it powerful word over the last four months. >> You know, Matthew, I've been very vocal given that I'm kind of the old guy, get off my lawn kind of commentary. (Matthew laughs) I've seen that the waves and I remember coming in when I was in my late 20s and 30s old school enterprises, the commercial business wouldn't do business with startups, you had to be approved or you were in entrenched vendors supporting those things and then in comes the web, in comes the 90s, and then the web came there's more agile, you had startups that were more open and working with commercial vendors. It seems like we're seeing that movie play out in public sector where you have the entrenched incumbents, they got the town wired, who knows what's going on. It's been called the Beltway bandits for years and Tris and Curson and I talk about that all the time, but now the government can be agile, and startups need to be product to these new solutions, like whether it's video conferencing or virtual events, things like we do. New solutions are coming that need to come in, it's hard. Can you share how a company whether it's a startup or a new solution can come in and work with the government? Because the perception is, it's impossible. >> Yeah, and part of why ADI exist is to break that down. One to recruit more members to join us to really help drive commercial innovation in the government. And we have some very large companies like AWS and others that do an awful lot of work with the government. And we have a lot of smaller startups that are interested in dipping their toe in there. And so we try to help them demystify how it is that you go about working with the government. I think there have been again, some good success stories on this one. I think that there are lots of places like the Department of Defense, a lot of the folks in the intelligence community, some other agencies, they have authorities, they have partnership programs that make it easier for folks to adopt commercial innovation. They have unique authorities like other transaction authorities or commercial solutions offerings that really lowers the barrier for new technologies to be piloted and potentially scaled inside government. But that's not the case across lots of agencies, and that's why we advocate broadly for getting the acquisition process to move at the speed of technology. If there are good authorities that work in some agencies, let's get into everybody, let's have everybody try it because the people in the agencies, the acquisition professionals, the technical professionals, they have to be committed to working with industry, so the industry is committed to working with them. And as a former federal employee, myself, I worked at the Office of Management and Budget and the General Service Administration, I always was upset at the fact that the government is very good at speaking to industry, but not very good at working with industry and listening, and so we see a lot more of that now and I think part of that is a response to COVID, but it's also the recognition that you can't do things the way you used to do it, the traditional butts in seats contracting business model where everybody in between a federal employee and that outsourced service provider. You don't need all those people there, you can do it yourself and be just as effective and get all the real outcomes you're looking for with commercial innovation. >> It sounds like ADI your priorities is to make things go fast and be modernized. So I have to ask you, the question that's on my mind, probably on everyone's mind is, what are the key conversations or messages you provide to the agencies, heads or members of Congress to get them excited about this, to take action to support what you're doing? Because let's face it, most of these guys up on the Hill are girls now, most of them have a law backgrounds, they don't have a tech background. So that's a complaint that I've heard in the hallways in DC is, the guy making all the decisions doesn't know jack about tech. >> No, it's it's a great point. When we advocate up on the Hill there's a law that I don't think a lot of folks pay in awful lot of attention to. Everybody likes the nice new things that are coming from Capitol Hill but there's a great piece of legislation from 1994 for the Federal Acquisition Streamlining Act. We actually did some tremendous original research at ADI, about a year ago and released an interesting report that got a lot of uptick here. And most people don't even understand that the law requires you to do market research and see if there's a commercial product or service that meets your need before you go down building any sort of specific requirements or building out some sort of long procurement process. And so a lot of what we're doing is educating folks, not just on what the law says, but on why these can lead to better outcomes for agencies. I mean, I truly believe that most of the folks in government whether they're technical folks or not want to do the best thing, but if you're a company trying to do business with the government, you have to go through what is often a five or six or sometimes 10 person human supply chain. There's someone in government who wants your solution because it addresses a particular problem, and between them, and you the company, there's all sorts of additional bureaucratic overlays and folks that are not technical, that have other incentives and other priorities that don't always lead to the most optable procurement outcome. So there's an educational component, there's a cultural component. We need more champions inside government. We need not just better technology that's wanting to work with the government but we also need smarter, better people inside that understand the technology and can get to it the way they need to get to it so that they can deliver mission. >> As someone like me who's in the technology business, who loves entrepreneurship, loves business, loves the impact of technology, I'm not a public servant, and I'm not at that up to speed on all the government kind of inside baseball, so I kind of look at it a little bit differently. I've always been a big proponent of public private partnerships that's been kicked around in the past. It's kind of like digital transformation, kind of cliche, but there's been some pockets of success there, but look at the future. The role of influence and the commercial impact just China, for instance, just riffing the other day with someone around China doesn't actually go through government channels for how they deal with the United States. There's a little commercial, they have intellectual property issues going on, people saying they're stealing, they're investing in the United States. So there's a commercial influence. So as the government has to look at these commercial influences, they then have to modernize their workforce, their workloads, their applications, their workplaces. The work is not just workloads, it's workplace, workforce. So if you had your way, how would you like to see the landscape of the federal technology piece of this look like in five years? Because there's now new influence vectors coming in that are outside the channels of federal purview. >> No, it's a great question, and I appreciate you bringing up the other complexities around nation state actors in China and everything else. Obviously, supply chain security and being able to deal with legitimate security threat is critical when you're inside government. I mean, your first sort of purpose is to do no harm and to make sure that you're keeping citizen data, whether it's classified or unclassified secure. We think at ADI that there's a great balance to be heard there and part of that is if you're working with American companies, and you're adopting the best and most agile and most innovative commercial technology that America has to offer, that's going to make our industry more competitive and position it better in the commercial market and it's also going to make government agencies more effective. They're going to be able to meet their mission faster, they're going to be able to lower costs, they're going to be able to shift what are going to be tighter and tighter budgets over the next four or five or 10 years to other areas because they're not wasting so much money on these old systems and this old business processes, this old way of doing business. So you that is one of the balances that we have to take from an advocacy standpoint. We have to understand that supply chain security, cybersecurity are real issues, but security can also be an enabler to innovation and not an impediment and if a lot of the commercial capabilities that are coming out now and a lot of these companies like the ones ADI represents, want to do business with the government, and their commercial products can inherently be more secure than a lot of these old bespoke systems or old business practices. That's good for not just federal agencies, that's good for citizens and that's good for our national defense and our economy. >> You know, I look at our landscape and being an American born here, looking at other emerging countries, certainly China's one example of becoming very world digital native, even other areas where 5G and then telecom has made great internet access, you're seeing digital native countries, so as we modernize, and our lawmakers have more tech savvy and things become digital native, the commercial enabling piece is a huge thing, having that enabling technology, because it creates wealth and jobs and other things so you got three things, digital native country, enabling technologies to promote good and wealth and engine of economic value, and then societal impact. What's your take on those three kind of pillars? Because we're kind of as a country coming into this world order and look at the younger generation, they're all screaming for it, we're digital native, and all kinds of arbitrage there, fake news, misinformation, then you got enabling technology with the cloud, and then you get societal benefits, future of elections and everything else. So what's your thoughts? 'Cause it sounds like you're thinking about these things in your Digital Innovation Alliance. >> Yeah, absolutely. The one thing I will say and as someone that was a former federal employee, the one thing we need more of whether you're on the executive branch or in Congress, we need more people that like you said, are digital natives that understand technology that also want to be inside government either running programs or dealing with policy issues. We need as many good new ideas and folks with real, legitimate, necessary and current skills in there. Because if you don't understand the technology, you don't understand, like you said the societal impacts, you don't understand the business impacts of government decision making and the government can drive markets. I mean, especially in the middle of Coronavirus, we're spending trillions of dollars to keep folks afloat and we're using technology primarily as a way to make that happen. So the first thing I would say is, we need, we continue, need to continue, sorry, we need to continue to recruit and retain and train the best and the brightest to go into government service because it is a joy and a privilege to serve government and we've got to have better smarter technical people in there or we're going to keep getting these same outcomes, like you've mentioned over the past 30 plus years. >> I think we're in a JFK moment where John F. Kennedy said, "Ask not what your country can do for you, "what you can do for your country". Moment in the modern era and that was the 60s, that we saw the revolution of that happen there, we're kind of having a digital version of that now where it's an opportunity for people to get involved, younger generations and make change rather than arguing about it. So I feel fairly strongly about this so I think this is an opportunity. Your reaction to that? >> No, that's a fantastic point. I hadn't really thought about the JFK resemblance. From an industry standpoint, I think that is what is happening with these emerging technology companies and even some of the large companies. They understand that this is their way to contribute to the country whose R&D dollars and these public private partnerships helped a lot of these folks to grow and become the companies they are now. At least started them down that road. And so for us at the Alliance for Digital Innovation and the companies that are a part of us that is sort of purposeful to who we are. We do what we do and we want the government to build stronger relationships and to use this technology, because it does serve mission. I mean, we exclusively focus on the public sector. Focus of these companies and it's tremendously valuable when you see a federal agency who spent five or 10 years and hundreds of millions of dollars and still not solving a problem and then they can pick up the commercial off the shelf technology from a company that we represent, and can solve that problem for $5 million and do it in six months. I mean, that's truly rewarding and whether you're inside government or out, we should all celebrate that and we should find ways to make that the norm and not the exception. >> And take all that hate and violence and challenge it towards voting and getting involved. I'm a big proponent of that. Matthew, thank you so much for taking the time. I'll give you the last word. Take a minute to put a plug in for the Alliance for Digital Innovation. Who are the charter members, who's involved? I know John Wood from Telos is a charter member. Who's involved, how did it all start? >> Yeah. >> Give it taste of the culture and who's involved. >> Yeah, thanks, John. So, yeah, like you mentioned, we have tremendous members, AWS is obviously a great partner. We have a lot of big companies that are involved, Google Cloud, Salesforce, Palantir, Palo Alto Networks. We also have great midsize and small companies. You think of Telos, you think of SAP NS2 and Iron Net, you think of Saildrone. We've got companies that whose technology product and service offerings run the range for government needs. We all come together because we understand that the government can and should and must do better to buy and leverage commercial technology to meet mission outcomes. So that is what we focus on. And, frankly, we have seen tremendous growth since COVID started. I mean, we are 24 members now we were at 18, just four months ago, but I like to say that ADI is an organization whose mission is more important and more resonant now, not just in the technology, parts of government, but at the secretary level at the Chief Acquisition Officer level, in Congress. We are folks that are trying to paint the future, we're doing a positive vision for change for what government can and should be. And for all of those other technology companies that want to be a part of that, that understand that the government can do better, and that has ideas for making it work better and for getting commercial innovation into government faster, to solve mission outcomes and to increase that trust between citizens and government, we want you. So if folks are interested in joining you got people that are watching out there, you can go to alliance4digitalinnovation.org. We're always accepting interested applicants and we look forward to continuing this message, showing some real outcomes and helping the government for the next year, five years, 10 years, really mature and modernize faster and more effectively than it has before. >> Great mission, love what you're doing. I think the future democracy depends on these new models to be explored, candidly and out in the open, and it's a great mission, we support that. Thanks for taking the time, Matthew. Appreciate it. >> Thanks, John. Have a great Public Sector Summit. >> Okay, this is theCUBE coverage of AWS Public Sector Virtual Summit. I'm John Furrier here in theCUBE Virtual. Thanks for watching and stay tuned for more coverage. (gentle music)

>> From New York City, it's theCube covering New Relic Feature Stack 2019. Brought to you by New Relic. >> Stu: Hi, I'm Stu Miniman and this is theCube's first year of coverage at the seventh year of New Relic's Futurestack 2019 here in New York City and happy to welcome back to the program two Cube alumni. So, Todd Osborne is the GVP of Alliances and Channel with New Relic and Dave McCann is the Vice President of Migration Services, Marketplace and Control Services with AWS. Gentlemen, thanks so much for joining us. >> Dave: Great seeing you again, Stu. >> Todd: Thanks for having us. >> Allright, um, Todd, let's start with you uh, you know, quite a bit of a relationship with, between New Relic and AWS. I know we've had Lou on our program at the AWS shows a couple of times. So, set us up with the, the partnership and how it's been evolving. >> Todd: Yeah, it's been a, uh an unbelievable partnership, um, for many, many years we've worked together starting with technology integrations, we've got dozens of them that, that natively monitor a bunch of different AWS services but the most exciting thing of late ah, really came to life middle of last year when we started working with, uh, a bunch of different folks at AWS. Our, basically, our biggest thing that we need help with is migrations. We know we have this massive opportunity, uh, to, for more and more applications more and more workloads to move to the cloud. There's lots of different ways in which customers, partners and Amazon needed help in doing that. They brought us several different challenges related to that and we responded by, ah, at Reinvent Launch last year, launching what we call the Cloud Adoption Solution. That really was how, um, a process that linked up with the Amazon Migration Acceleration Program and used New Relic as the platform to help with migrations from beginning to end. So, starting with the planning, uh, phase of the process, getting the information you need to have a successful migration and design a successful migration, troubleshooting that may, of anything tat may occur during the migration and then post migration, really helping to optimize the performance and cost of how that migration, uh, or that post migration, ah, optimization and run phase. So, it started with that. It's really evolved. What's been really amazing, just since we launced last November December at Reinvent, the whole, we've seen a massive shift already, just the last nine months, where it's not about just simple lift and shift anymore, almost all customers that are migrating now, are also thinking about modernizing their software stack, running on containers, using kubernetes, running micro services, which is New Relic's sweet spot, really, at the application space. So, as we've evolved, starting with migration, evolving into modernization, it's been an amazing partnership working with AWS. >> Stu: So, Dave, migration services, obviously something we hear a lot about from AWS. Every time I go on one of these shows, it's one of the key steps that gets thrown out. Uh, you have a very broad ecosystem, the marketplace, uh, you know is, is the closest I call to the kind of the enterprise app store, uh, of today. Tell us what's, you know, special and, really, you know the effort that goes together between AWS and New Relic here. >> Dave: So, I think, from a migration point of view, um, you know we've spent a lot of time in AWS designing a migration methodology. Our professional services team, let by Tom Weatherby is really delivering a playbook directly to our customers on how to migrate. And, also, we've certified over fifty consultant partners who are certified to do the migration. But all the migrations hinge on a customer knowing what they have and whether they want to migrate it. And, so, to necessarily know what you have, you have to go through application discovery. So, if you've got a larger server fleet, you've got four or five thousand instances, you have a thousand apps, you've actually got to discover and analyze what you have. And, clearly New Relic's tool is widely installed. So they actually have the visibility to a lot of the installed apps. So, last year, at the end of last year, we bought a Canadian company called TSO Logic. And TSO Logic is a business case tool from building the business case on whether to move an application running on PRIM. What would it look like on The Cloud? So, we need to have that data in the tool. And, so, New Relic's been a great partner, integrating New Relic into TSO Logic, so we cal actually take the instrument in visibility that New Relic brings to the table and pop it right into the tool. And, so, the New Relic, TSO tool integration is a great new mechanism that we have. And we just acquired TSO in Q1 of 2019. So that we're now giving the TSO tool to all of our solution architects and all of our consulting partners and New Relic feeds the data right into the TSO tool. So that's a huge, um, uh, mechanism for accelerating migration. >> Okay, uh, can, can you speak to, you know, how, are you, who and what customers and how are you targeting them, uh, for, for this solution? >> So, first of all, customer are moving to AWS. You know, thousand of enterprises are moving applications. I think you have to assume that most enterprises are moving to The Cloud. And the question is, "At what speed?" So, as our sales teams engage with the customer, the sales team have a notion to discuss migration we run migration methodology. And so, as we engage with the teams, the solution architect brings TSO to the tool, to the discussion. And that's happening all around the world. And we've trained our solution architects on TSO. And as we've done that, the second thing we've done is, you know, New Relic engineered engine marketplace over two years ago. But we've launched a new capability called Private Offers. And Private Offers is where the customer, while they're planning the migration, may also need to license more New Relic and New New Relic. And, so, how do we make licensing really easy? And, so, New Relic worked with us on, the, what we call the Private Offers Workflow. And that Private Offer Workflow allows a New Relic sales executive to generate the quote right in the marketplace portal. And you, an AWS customer, and you receive that private quotation right in your AWS account. So not only are we business casing on TSO, but New Relic is quoting through marketplace. So that's happening into lots of large customers. >> Stu: Yeah, uh, you know, what if you talk about the adoption of Cloud we need to make it simpler for customers to move those. And the financial piece has always been one of the promises of Cloud, but things like this Private Offer, it sounds like it helps accelerate, uh, that simplicity, and, and you know, reduces any, you know, perceived barriers there are between some of the software vendors and what you're offering. >> Dave: Well, it flows the New Relic software supply right through marketplace and more and more large companies are using marketplace for software supply. And, so, New Relic's in there. It means that our sales teams are working together So, we talked this morning at the conference with the VP of Cloud architecture who was in the conversation. And so, Chris has been working with the AWS team and with the New Relic team and we're joined at the hip as they expand their use of New Relic. And they announced this morning that they've now moved over thirty percent of all of the Cox application onto the AWS Cloud. And New Relic's been the center of that visibility. >> Stu: All right, so, Todd, a lot of announcements at the show, especially uh, you know, the capital p platform as Lou talked about in the keynote this morning. Well, you know, AWS is one of the largest platforms out there today. Help us understand how these fit together, both platforms as well as just, just the announcements in general as to how they work with AWS. >> Yeah, what every single thing we announced today had some sort of AWS tie to it. So, I mean first of all with New Relic, one, being a platform, it's open, connected, and, um, and, and programmable. And, so, the open part of that means that not only can we just inject data with New Relic agents, now we, we now are an observability platform that will take date from all kinds of sources, so think of what that opens up in working with AWS and AWS's other partners and getting data from a bunch of different sources, to then make the observability even better. We announce a log in solution. We're already connected with AWS, uh, cloud watch logs and, and, uh, working on some other new feature solutions in the log in space. And then from a programmability perspective, um, we can now take what we have, we can write all kinds of applications on top of the New Relic platform. And some of the initial couple of, of the dozen application that have already been opensource, one is a cost optimization play which looks at Amazon data, uh, both utilization performance data, some other sources of data that New Relic has, and then pulls in the Amazon cost data, can actually look at, in the New Relic platform, as a free opensource application, how do I optimize my cost in the AWS environment? And the second one, which we didn't talk about too much this morning but it's out there, but we can take some of VienMore data and some of the on PRIM data that we have visibility to today and help design that landing zone to help migrations do better, So, it's just two really quick examples of how we can take data from all these different sources and program it, write new applications on top of it, create an awesome customer use case and work with Amazon and, uh, help migrations and optimization along the way. >> Stu: All right, Dave, I'm wondering if you have any customer examples that might highlight some of the joint work that's being worked on between New Relic and AWS. >> Dave: Also, You Know, obviously I've just made some Cox We stood on stage this morning with the press where Cox has said that they've now got nine thousand work loads under New Relic visibility. And so that nine thousand work loads is across hundreds of development teams and, I think, Cox is just an illustration of many customers that we have in common. Um, you know, we're, AWS has got thousands of enterprises, so does New Relic. I think you've said you have over one hundred thousand five hundred enterprises using you. So, some large number. So there's a high overlap in many customers at this conference. And as we sat in the room this morning, um, I would say more than half the room held up their hands when I said, "Who in this room is using AWS?" Half of the audience here are AWS customers and New Relic customers. >> Todd: If I could maybe just add on the Cox story a little bit, because I've been very involved with that one. The beauty of the partnership we have there was multiple, on multiple phases. First, Cox has been a customer of ours for a number of years. Both on PRIM and in the cloud as they have accelerated their cloud, we've helped a lot with that. What was great about that partnership was that our field teams got together and, and actually really sat down and, and mapped out the migration, multiple migration scenarios. We had data on a bunch of on PRIM stuff that was valuable to AWS. AWS was the standard on a couple of divisions on cloud that we weren't monitoring all the applications there. So the teams really worked really well together and then at the end of the day, we came together and said, um, there's a bunch of benefits for the customer, for AWS and us, if the, if uh, if a transaction, the last transaction we did there, went though the marketplace, which was a significant transaction that we did with, ah, on the marketplace. So it was just such a win, win, win that tied together the, uh, all the aspects of the strategic nature-natureship, nature of our partnership. >> Stu: All right, so, you know, it's clear you're teams have been working close tother, iterating and adding a lot of the last kind of year, year or two or so. Give us a little bit look forward. What more should we expect of, a, from, from this partnership? >> Dave: So the area I think I would talk about next, that I think all customers are paying attention to, is spam management. So, you migrate your application to the cloud, you establish a could operating modem, um, we license out software through marketplace, you're now running it, at last week we have another product that I run called Service Catalog. And last week what we launched in Service Catalog was a new ability, and Service Catalog is a library of templates, so those templates are launched as Jason Templates using something called cloud formation and we've versioned the templates and what we launched last week was an integration between Service Catalog and another tool our customers have called AWS Budgets. So now what you actually want to do is you want to grant the team access to a resource and on the tag of the template, you actually want to give that resource template a budget. So that is actually under an API, so there's an AWS Budget API, there's a Service Catalog API, Lou's team today announced a whole raft of New Relic tools. But one of the things that they announced was the ability to essentially build these new widgets, using a React widget, and pull data from other sources. So that's the area some of the customers are looking at as far as taking your spam widget and connecting it into both AWS Budgets and Service Catalog. I don't know if you want to give us your thoughts on that. >> Todd: I, I already talked a little bit about it but it's, it's, it's where we can go. Like the future if almost, almost, uh, infinity right now. What we can go do together. We are trying to align to several of the programs Dave mentioned around Service Catalog, Migration Hub, focus on a couple different use cases of what, um, ever migration has a bunch of nuances and every optimization story has a bunch of nuances. But how can we create the right application, which are a starting point, opensource, put, put the repository up on get up and then allow customers and partners to go and fork that, do what they want to match, kind of of standard use case and maybe eighty percent of the way there. But then it needs a little but of tweak, a little bit of customization basesd on whatever that customer's situation is. We've enabled the entire, uh, community of millions apps that are going to migrate to the AWS cloud over the next couple of years. We've enabled that with what we've launched today. So, the, uh, the future is, is infinity and beyond. >> Stu: All right, well, Todd and Dave, thank you so much for the update. We look forward to seeing what gets announced at AWS Reinvent, which, of course, it'll be our seventh year of having theCube there. Big presence, uh, please reach out if you want to talk to us ahead of time. And check out theCube.net, of course, where you can see, uh, where we will be, including, of course, AWS Reinvent, uh, in December, uh, in Las Vegas. So, This is theCube at Future Stack 2019. I'm Stu Miniman. Thanks for watching theCube.

>> live from New York. It's the Q covering AWS Global Summit 2019 brought to you by Amazon Web service is >> Welcome back to New York City. This is a W s summit and I'm stew Minutemen. My co host is Corey Quinn. We've talked to Amazon executives. We've talked to some customers. We've also talked to some of the partners and part of the partner ecosystem is course these startups aws very robust ecosystem that they've been building out. And one of the pieces were real excited to dig into in the surveillance space habit of revering program for first time. Ken Robinson, the CEO and founder of Goto Software who is the maker of cloud pegboard, take so much for joining us >> having to be here so exciting. >> Alright, So, Cloud pegboard, you had us hooked when we talked about you know, serverless you know, the the information overload that we all feel in the United with world. Cory's got a full time job helping with that and other things related to it s oh, bring us a little bit about, you know, pegboard in your background. >> Yeah, I want to help you out. So my background is I ran a major cloud transformation to Amazon. My past job, which I left in January and really solve problems, information overload, was slowing people down, people making sub optimal choices. They're spending a lot of time trying to keep up. Sometimes we have to be fact because they didn't have the right information the right time. And I realized we need to solve this. And it wasn't just in our organization. Every Amazon practitioner across the planet really needs help to keep up. When I talked with people, these conferences, it that's like the main comment, like, I can't consume it >> all. How you keep up can it is staggering. Actually, I stopped asking about two years ago how you keep up because I talked to some amazingly smart, well connected people and they're like, No, no, it's impossible. But I want you to comment on something I used to be. When you talking about, I need to start this. I should have started a year ago, but I didn't, so I should start now and now it feels like, Well, if I could, I actually should wait a couple of months or six months or even a year but I absolutely get started. So I guess I might as well start now because things change at such a pace. I mean, that that, you know. Oh, wait. If I could just wait a little bit longer Gonna be Maurin better and cheaper and faster s O. You know what you're taking kind of pace of change in the industry. >> Well, you know, one thing is, I think you just have to keep agile and buy into the fact you're going to have to throw away things like don't get so buried filled with what you can do today as best you can. But be ready to re factor and get rid of it. >> Oh! Oh, my God. I had the i t organization and the whole our quarters. Everything in i t is additive. Nothing ever dies. But I do agree with you. We have been for more than a decade. You know why our analyst team and talking, You have to get rid of stuff that needs to be able to do that. You know, sunk costs is something you're familiar with. Economics is you know, I need to understand that that even have been doing it for a while. We need to be able to cut that. But way have these attachments to the things we've been doing and how we've been doing it. No change isn't necessarily easy, >> right? Well, there's a reason some of the attacks is because there's a lot of investment to build up in the first place. And when you put so much sweat into it, then I don't want to undo it. When it gets easier to build, it's easier to throw away. So I was just giving this talk earlier and saying I religiously stick with infrastructure is code because if you do that, it's just so easy to make incremental changes. And again, Serverless makes everything so much easier if we don't get married to something. If it's changing like one window function, yeah, it's just kind of a bench of a big deal. So if you invest a little bit lessons easier by making use of special, the high level managed service is then it's easier to the pivot from one thing to another. One needs to. >> Yeah, something I found is I play with this stuff myself in a very similar space, with less comprehensiveness and far more sarcasm, I suspect than your service does, is that when you're building everything out of composited Lambda Functions tied together in a micro service's style. Re factoring one of those micro service is usually doesn't take more than a day or two as opposed to, Oh, just rebuild the entire monolith from scratch, which it feels like everyone tries to do. At some point, it almost enforces good behavior. It makes it easier to evolve as I've been your experience it differently. >> Absolutely. So this two things it helps. It's easy to re factor and throw things out because it's small and it's again, you're not married to it as much, but also easy to incrementally add on. So I have this whole tier of these micro service. Is that a captain? All this data that we're pulling in from multiple sources, whether it's Amazon's Web site or terror, for more get up any source I confined that has data that I want to organize help with my users. So we get Henry finding new data sources, leaks new data sources, essentially a new lambda function. It's independent, and if I change it, we actually had one recently I found a better data source. I just threw up the old one and plugged in the new one. And it really was less than a day to write the new function and a brilliant into production. So, yeah, >> can you know, one of the answers I've had for a long time is you know, I need to rely on, you know, my consultants and my suppliers because, you know, you don't even understand some of these architectural things that are going on. And things are changing so fast. So you know, how much can software solve this for us? And you know that the tools itself, I have to imagine there's still a lot of people involved. >> Yeah. There's always gonna be a lot of people involved. And there is no free lunch that, you know, every architect or developer of the Amazon. You still need to get yourself trained, get the certifications, read the white papers, keep up to date with all the changes. And we really do is we're running inside again. That's my past. Life is an enterprise. You really want to build internal excellence. Certainly we can use outside help when you need it. Augmentation. and blasts my people everywhere. But you definitely wanna have some internal expertise. And people are committed to growing and continuing going to New York summit, going to reinvent talking to people and always constantly learning It's going to take human effort to help, uh, filter down and find out. Where is the trend that I really need to start thinking about? Hopefully people. It is a tool helps people be much more efficient and focus in much easier. But nothing will replace engineers, which is a good thing, >> right? And for those who are outside of the, I guess very small fraternity we have apparently built. Now there are two of us who track this stuff for a living. It's it is far more complex than most people would accept. Why don't you just sign up for the R. S s feed? Well, for starters, there's over a dozen official aws R s s feed, and they're not all inclusive. You have to look at poor request getting merchant there a p I updates. You see it in cloud formation and terra form from time to time. And I am certainly not comprehensive. In fact, when I built my newsletter. Originally my thought was that someone was gonna point out something like Cloud Backboard and say, Well, idiot, use this instead. And then I shut it down and admit defeat, and that was the plan. Instead, a bunch of people signed up, and now I want people to read it for the joke's not because it's the only half sensible way to figure out what happened last week. No, I'm a huge fan of the problem you're solving in the way you've got about doing it. That said, when we talk about service architectures, you mentioned spinning up Lambda functions and tying it back into other things. But as they mention Nicky, no today server. This goes beyond just functions as a service. There's a lot more to it than that. What else is your architecture >> includes everything. Serverless exclusively. So >> So they're poking on. So you're collecting every service thing they offer and then some just a get style points there, regardless. >> Well, so you know, one of the half several strategic principles and one of them is to rely solely on serve Ellis because I just can't afford a small start up to be building out Mon function requirements that are building the business. So S O. S to be hosting dynamodb cloudfront ap Gateway. Then we use will all these features Not only do I use all serverless, but we're also using for disaster recovery designed so that we're using some additional features within these, so it's easier fail over. So cloudfront, for example, has Arjun fail over a relatively new feature and it's really amazing, right? I can go to my S three and I have the benefits of estimates service hosting. But now, in a failure cloudfront relative my alternate region continue our operating same thing with dynamodb using global table replication only >> and continuous backup, which they released. I'm not kidding. Three days after I really needed it. It's that seems like that's always the case where they have these features and they come in right after you need to read if you build a crappy version of it and it's one of those. But I love about things at a relatively small scale like this is the economics are ridiculous. It's well, watch out for continuous backups that could be expensive, and I wound up checking it, and it wound up being something like two cents a month. Yeah, I work real hard to bring enough in to cover the back up. Yeah, I >> had someone come up to me after one of the talks and asking like he's not in Amazon. He's thinking the moving there. It's like how much you I have something a little bit similar to what you're doing, and how much will it cost? How much like Budget and I say, To be honest, I've got some credits, Levin warning, but I can't spend them. I can't. I want to accelerate by spending money. I can't do it, especially with dynamodb. Used to be that you would provisions something, a lot of eye ops and that would rack up really fast. Now I'm using the on demand, and it's just not costing anything. So that's what again. This Burn was talking about not paying for idle time, >> and some of the monitoring tools in the surveillance space air still approaching it from an economic first perspective, which for anything that isn't already scaled out, is ludicrous. It has, like warnings, going arrows going up or down on my spend on my land is every month, and it's 22 cents. It's I appreciate where you're going with this, but maybe that's not the driving concern right now. So I >> had a funny experience where I turned on Macy so we could get some good inspection on the anomaly buckets. And on the first of the month, I got a notice saying, Hey, you exceeded the free tier. I was in a bit of a panic has been more than once. I'm sad to say that I've let things run longer than they should and paid the price, and I owe something has run amok. Well, it turns out, just because of the metadata scans, it does kind of use a lot of access is. But then still was under a buck for the whole month by the time outs and done because I came in to begin the month with a bunch of scanning. Yeah, it's just a big fan of service. I did this thing. >> Yeah, I was just Kennedy. Speaking of survival is an Amazon event Bridge was announced this morning. Really building that event ecosystem around Lambda. Curious what impact that will have on you will cloud pegboard be able to go outside of AWS to kind of understand some of these sacks applications. >> I have to learn more about it. I was not in on a preview or anything, so I don't know exactly get. But But yes, we will rip apart meeting with other providers anywhere. There's an information source that can help developers hone in better and kind of get everything in the right place at the right time on. So, yes, things like that will help, especially if it can work through. I don't want to be opening up sqs cues way worried about the I am the cross account. That could be complicated, so I'll be interested to learn. And I don't know yet if that will help in those sorts of integrations, especially on the office. Can't authentication and authorization aspects of it? >> Yeah, there's a lot of promise in the idea of being able to give the minimum viable, required a p. I call for something third party. It seems like there they'll integrate into something like that. Well, here's how I am works and then we have to worry about access controls and oh yeah, there's no direct i p address the white list. And on and on and on. It's challenging to forcibly upgrade third parties. Unless you're effectively a giant, world spanning company, you can demand that they do it. So this it really feels like we're meeting third parties in some ways where they are. >> Yeah, I think so. And I think this is looking forward to them because I want to both consume maybe eyes. But also all my data is available via AP I So today it's a bit of a traditional. No, he and rest would have been the face, but if I could export that in other ways, that would be very interesting as well. >> I think it's too easy to get stuck in the economic story of times. I know it's weird is a cloud economist to be saying that, But when it comes to server list, the value is less about cost control, and saving money on it is you don't have to worry about entire subsets of problems capacity planning your effectively when it comes to things like Lambda Dynamodb and the rest. The constraint on scaling is going to be your budget. I promise. No matter who these budgets are, go for me. This is what they run amazon dot com on. I don't think I'm gonna do more business than that. Unless I really miss configure something. Challenge accepted. >> Yeah. Yeah. So I totally agree that scaling is the value, but it's also this more right. The scaling is absolutely one. And then, in addition to fragility, because survivalist means service. But now the term is getting confused, right? It means so many things. So I was saving serverless managed service is to help Seo. I'm talking about more than compute, but it also means is I'm getting a very high level function. So I'm getting so for David, we're using Comprehend. That's an awful lot of stuff going on under there that I don't have to worry about. I mean, I literally have an intern in a couple of days, completed a task to do some entity extraction of such a Amazon service stains out of unstructured data. She was able to do it. She just finished a freshman year, right? I was able to do this with minimal training because it's survivalist shouldn't worry about scalability. What she needed to know is that oh, I can use this function. I could read maybe I documentation, and I could just use it for me. Another big function behind step, but also no maintenance low, maybe a more accurate term. But essentially, it's no maintenance, especially for a small start up. I used to have businesses way back when pre Internet I ran an aviation weather service in my life was the bane of my existence because it had to be. At 24 7 I had satellite dishes that would get snowed on. I was an idiot. Did this in New England. They have to shovel him off at four in the morning. I don't like waking up in the middle of the night to serve my computers. They should serve me. And in the service of the fact that there's no maintenance stuff, just runs. You think about the times. How many times have you had a serve in the past when you just thought you should reboot it every week? Because maybe >> because tradition, >> tradition and maybe there's a leak somewhere, Melinda function reboots. Every invocation. It just never happens that I have run out of resource is something that I'm just a love affair. >> All right, so So Ken. It's obvious how you feel about server list, but as a start up, just give us a final thoughts on what it's like to be a startup that is on with and, you know, using AWS. >> Well, for me, it's fantastic. It allows me to focus on the problem, to solve immediately and by using high in the stack like you're saying surveillance capabilities. I'm not worried about the infrastructure. I read a little bit of confirmation. I deploy it, and I'm always working on business logic and functionality, and I'm not worrying about well, its scale. Do I have to maintain it, I think, really focus on the problems to solve, and that's where they've been very helpful to make. So now we have something where I can scale. I'm hoping I'm not there yet, but every Amazon practitioner should want to use cloud pegboard. I think it helps with a general problem, so I need to be able to scale to millions. Firstly, I don't know what the doctor is going to be, but I have confidence because I'm using all these service capabilities. S3 will do it. Amazon Gateway in Lambda will do it, so I don't worry about it. So for a start up, to not have to worry about that is it's really pretty powerful. >> And by the time you wind up in a cost prohibitive situation, we're okay. Running some baseline level load that something that isn't server Lis begins to make significant economic sense. At that point, your traffic volumes definitional hier so high that by that point there's a team of people who will be able to focus on that. You don't need to bring those people into get off the ground in >> the same way, right? It's that fast start, and we gotta learn. There's so much to learn here with any start up. But you know, in mind as well to really get some of the user experience, get the feedback. It's We have a lot of good ideas, and I think what we have now is helpful. I have a long term road map with a lot of great ideas, but it's gonna take a lot of user feedback to say, Is this working and the service lets you tried things quickly. I could get in front of people, get that learning cycle going and iterated fast as possible. So that will be really important. All right, >> Ken Robbins really help you appreciate you educating our audience. Climb aboard. Wish you best of luck with >> it. I appreciate being here. >> All right. For Cory Quinn. I'm still minimum, and we'll be back with more coverage here from eight of US Summit in New York City. Thanks. Always for watching the cue.

>> Male: Live from Las Vegas. It's theCUBE covering Veritas Vision 2017. Brought to you by Veritas. (upbeat music) >> Welcome to Las Vegas, everybody. This is the Cube and we are here covering Veritas Vision 2017. It's the hashtag Vtas, V-T-A-S Vision, and this is Day one of two days of coverage here. I'm with Stu Miniman. My name is Dave Vellante. Jane Allen and Jay Cline are here from PwC. Jane is a partner and principal and Jay is a partner. Folks, welcome to the Cube, good to see you. >> Thank you. >> Thank you. >> Thanks for having us. >> So PwC leading global consultancy, I would say one of the top three, four, easily. Top 2. Maybe even top 1. >> Jane: Yes. >> I mean, you guys are gold standard for global. You solve problems that most people can't even begin to touch, except for a handful of companies. Jane, let's start with you. What's hot these days in your world? >> So I lead a practice, an information governance practice here at PwC, founded in a lot of folks with technology, legal support, regulatory backgrounds. And it pertains to all companies these days, right? How do you manage your data, to manage all the risks and reap the benefits of it. Certainly a hot topic and certainly with your privacy regulations on board, cyber risk, and just again all the benefits of data that companies are trying to take advantage of. It's been a growing consultancy practice and something that's very relevant to companies of all industries. >> Jay, we've heard a lot today about GDPR. I know it's something that you've been knee-deep in. What do people need to know about GDPR? >> I think GDPR boils down to one proposition, being able to prove that you have control over people's data. I think that summarizes the 72 different requirements of GDPR. >> Yeah, so GDPR, for those of you who don't know, General Data Protection Regulation, came out of the EU. One person on theCUBE called it a socialist agenda. (Jane laughs) But it's serious business, and if you can't ... I mean, actually, Jay, summarize, you know, what people should know about the exposure. I mean, essentially you have to be able to identify personal information and be able to delete that personal information on request, right, for any European Union citizen? >> Resident or citizen. >> Right, okay. >> That's right. >> So if somebody walks into Joe's pizza shop and says I want to sign up a bingo card to get, you know, mailings and your emailings, technically speaking, that person, if they wanted to do business in the EU, is responsible, is that right? >> You've got to know 360 degree view of all the personal data that you have of your employees, your consumers, your customers. You've got to be able to produce evidence on demand that you have this level of control. And whenever somebody comes in and asks for access to their data, to correct it, to export it, to their email, or to erase it, you've got to know whether you can deny that request or do you have to fulfill it, and you usually only have 30 days to fulfill it. >> So is this one of the hotter topics going on in your world these days? And what percent of your clients are actually prepared? >> I'll let Jay comment on how many are prepared, but you know, I think most companies, frankly, are trying to figure out how to be compliant and what is it they actually need to do. But it is a hot topic. I think even before GDPR, the landscape was already complex, right? People are trying to respond to litigation investigations, retention requirements from regulations, cyber risk, how do we manage it? And it's all about, what data do we have, where is it, and what are we doing with it, and how are we controlling it? And those questions are already there. GDPR highlights it. And with a May 2018 deadline, I mean, it's really putting the spotlight on this topic. >> Oh, yeah, that's one little, the fact that we forgot to mention, the clock is ticking. We're down under a year. So how about customer readiness? >> I think when we cross the one-year milestone in May, a lot of boards got exercised. The phone started ringing off the hooks, because they realized, we only have one more budget cycle to get this done. And so now I think, they're realizing that because GDPR hits the tech stack, and the IT budgets had already been planned for, the release cycles had already been put in place, they're now starting to ask, well, we can't get everything done by next May. What are the most important high-risk things that we do need to get done? And there's going to be more spillover work after May, I think. >> I think this highlights something that was already present in terms of the need for cross-functional senior leadership to pay attention to this, right? This isn't just a legal or privacy topic. It isn't just an IT topic. This really hits across organization and these folks need to work together. >> Jane, could you help us kind of uplevel a little bit. If I look at information governance, you mentioned it's super complex. You know, every company I talked to, they're deploying more and more sass. In the keynote this morning, Veritas said most of their customers have at least three clouds. We find, you know, absolutely it's, the strategy, especially if I start, oh, well, just different groups start using things, then how do I govern it? Do I even worry about security and backup and everything like that? How does this fit in the overall picture for most customers? >> Well, I guess that's what's interesting, right? There's no one right way of doing this right. And so it depends on your business, your industry, your customer base, your geographic location and outreach, and the data landscape. And you have to make smart decisions of what works within your corporate business culture even, of what is it that we need to keep and how we need to keep it and enable, you know, our engineers, our users, our customers, to leverage data, but also manage our risks. And there's just not one way to look at it. But again it goes down to really knowing what control you have, what you have, and where is it, right? But that's what's interesting, is for every company to figure out how is the best way for them to tackle it. >> So who's driving the information governance bus these days? I mean, with Sarbanes-Oxley it was the CFO. With the federal rules of civil procedure, it was kind of the general council. Who's really sort of in charge today? >> Well, I mean, depending on who owns it in an organization, looks a little different, usually legal and/or privacy, and oftentimes they are within the same group. >> Dave: So a chief privacy officer? >> Yeah. >> General counsel obviously involved, IT? >> Sometimes the compliance office again, depending how that's structured, but generally in that legal compliance privacy realm. >> Right. Okay, and when I think about some of those previous, you know, generations, Sox in particular, but also I guess FRO, CP. There was an effort within the company, because the ROI was just like, oh, we got to do this. It was like, okay, what does it cost to not comply, you know. >> Jane: Yeah. >> They would try to thread that needle. But there was always a faction that said, hey, we can... And consultancies were part of this. We can actually get value out of this. It's an opportunity to clean up your data, maybe to get rid of stuff, maybe you can reclaim some wasted space or, you know, et cetera, et cetera. Is that the way it is today with GDPR? And maybe we could unpack that a little bit. >> Yeah. One of the first steps that you have to take for GDPR, is to discover where all of your European personal data is, so data discovery effort. And in doing that, we've had a number of clients that for the first time, they've really put together a view of how they make money using data. And they're finding data, their chief marketing officer is finding data they didn't know they had. And so now they're able to monetize that data if they can use it responsibly within the privacy regulations of GDPR. So marketing is oftentimes funding, helping IT and Legal fund their GDPR efforts. >> And I think one of the other benefits is, if you have to go through this exercise to be compliant, but then you get additional insights in your data and you know where to invest more for those additional business opportunities, then at least hopefully you're reaping, again, more ROI off the effort. >> Well, I know the clock's ticking and there's a sort of virtual gun to organization's heads, but getting into that whole value notion, monetization, most organizations that we talked to, they don't really have an understanding of how data fuels monetization. Not necessarily monetizing the data, but how it contributes to monetization. What do you see in the customer base? >> This is the biggest area I think where GDPR is going to morph after May of 2018. I think the companies that can protect their exposure to this regulation, by going through the same processes to find out where their data is, they are positioned to monetize that data, to take advantage of new market opportunities, in Europe in particular. >> Okay. By the way, we should mention that this actually, the law is in effect, it's just the penalties aren't being-- >> Jay: Right. >> invoked at this point in time, right? >> Jay: That's right. >> So the recital is one-year grace period? And a lot of people are thinking, well, maybe we'll get another year of grace period. It's going to be really interesting to see how that goes down. And presumably the EU's going to go after the big pockets, right? I mean, those are the guys who have to be most concerned about this. But what about that midsize company? For your midsize clients, what are you advising them, that may not have the budgets of the big guys? >> We've been advising our clients that there are actually three ways that you can get hit by GDPR. The one that everybody's talking about is the famous 4% fine on your global revenues. That's what the regulators would impose on you if they discovered that you had an egregious violation of privacy. But there's another way that people aren't talking about that's going to be live on May 25th of 2018. And that's a new litigation risk for B2C. Anybody in the B2C space, even if you're midsize, if you violate the rights of a class of people, they can sue you on May 25th. And you can bet there are going to be law firms that are going to take advantage of this new situation. >> Dave: So they can sue you as individuals? >> As a class of individuals. There's also for people in the B2B space, we're seeing right away the contracting risk. And RFPs, they're saying as a condition to bid for this work, you've got to be able to sign that you are GDPR compliant. So you'll be locked out of the European market if you're B2B and you're not ready on May 2018. >> So we were talking off-camera. I was sort of struggling with trying to understand the direct fit with technology, Jay, and I thought you had a good answer. So what's technology's role in all of this? I mean, technology, can it help us get out of this problem? >> There's two parts where technology's very important. First is just discovering where your data is. That takes a lot of technology tools based on your tech stack, to be able to have an ongoing real-time data map. But the other one, the harder part, is responding to these individual rights requests, to ask for where their data is, to correct it, to delete it, to have that 360 view of individuals throughout your information environment. I think that takes IT to a new level. It hits all parts of the tech stack. >> All right. Because an individual can essentially say, I need to know what you know about me, right, that's part of it? >> Well, exactly. And a lot these companies that collect customer data and structured systems, they weren't really built for this type of exercise, to go through and search for something and actually dispose of it. And so companies are having to think very tactically. Okay, can I do this across all my different systems? And then certainly an unstructured data stores, again, what's there and how do we figure that out? >> So in the keynote this morning, we heard about GDPR. It looked like there was... I called it the doomsday clock, what was up on the wall. Can you bring back, how is Veritas doing? How are they helping customers with information governance and GDPR? >> Well, I think one of the really exciting things they demoed and talked about there is some of the data scanning or data profiling information, whether it be the classification or reporting out in terms of what is in this unstructured stores. Again, in order for companies to figure out what it is that they need to do process and technology wise is, what do we have out there again? And they're giving and enabling customers with some of their tools to be able to get some insights there, which I think is really transformative. I think people have been talking about these things from either a legal discovery standpoint, certainly a cyber risk. And I think this is just really adding on. So again, these tools help enable all of them, but certainly for GDPR. >> You have to get this first step right, the data discovery and classification, because if you scope GDPR too big, your compliance costs are through the roof. But if you scope it too small, your exposure's too big. So having a good discovery and classification approach, is critical to the success of your GDPR program. >> Has the industry solved the classification problem? I mean, for years, you really struggled to classify data. You could classify, you know, maybe data in an email archive, but data became so distributed by its very nature. Has that problem been solved? >> I would say no, but I've certainly seen a huge uptick in companies that actually finally just biting the bullet and getting themselves organized. But again, at least doing it because, hey, we need to figure it out for GDPR and privacy, we need to figure it out for cyber security controls, we need to figure it out for e-discovery, and just regular records management and how long we need to keep things. And so I think they recognize, wait, this satisfies a lot of different needs. But I don't know that there's an easy solution to it either. >> And the best practice organizations have automated that presumably, 'cause otherwise it's not going to scale, right? >> In the long-term that's what they're seeking, right, but you need to get the structure right, so you need to have file plans and organization of the information that makes sense to your employees and the way you do work, and then hopefully tie that back, knowing the data life cycle, to be able to classify things based on role, based on access, based on data type. So there's a lot of upfront work, but ultimately that's the-- >> So that's a taxonomical exercise, is that right? >> It is. That's a fancy word. >> Okay. But that's a heavy lift. And then it changes. >> It is, it is. But I think. Again, there's multiple benefits to that. >> Sure. >> And then going forward, you've got things in order for all those reasons. You can leverage the power of the technology, and then your functional groups and what work they do. People know what work they do, how long it generally it needs to be kept. And if you kind of can marry those two things from the business, the technology side, you can get set up and lauch. >> And then you can automate the policies around data retention. >> Exactly. >> What's your relationship specifically with Veritas? >> Well, you know, they're a client of ours, but we're also a client of theirs. >> Dave: Okay. >> I guess we're friends on a number of different angels and whatnot. But our practice tends to... Or we are technology agnostic in general, but we definitely want to stay on top of the different leaders in the industry. So that when we go to our clients, we can recommend, hey, these these are the top two or three that we believe could help you based on your situation, based on your data landscape, and be able to advise in that regard. So Veritas, between the backup tools, their e-discovery, and certainly some of the things they're doing on, you know, information governance and GDPR, is certainly one of the key providers that our clients should consider. >> So, I have sort of set up this discussion with a little background on PwC, clearly one of the leading consultancies out there. I would point to global, footprint, your deep industry expertise, you understand technology, you've been around, you know, you've got deep relationships. So other than those, what's the big difference, you know? Why PwC? And you can repeat some of those if you want. Probably be more articulate than I was. >> I think one thing that's different is what we call the end-to-end approach, where there might be other companies that have some of the qualities that you've talked about. But with GDPRs, it hits across five to ten different budgets in an enterprise. And we'll take a company through a transformational journey across all of them. We have auditors, and we have lawyers, and technologists, forensic scientists. GDPR really hits across all the functions of the enterprise. Because of our scale, we can hit all of these. Whereas other providers will take different slices of that. >> I would also add, PwC looks at our clients as forever clients. We're not looking for a one transaction and see you later. I mean, we look at them in terms of we want to be a firm that supports and partners them, whether it be on the consulting side, audit, tax, whatnot. And so we look at that that way in terms of trying to support them. And maybe that's just one point solution, maybe it's broader. But we'll bring the right experts to the table that fits for that client. And so we always want to think about it that way. While we might have ways and approaches that we leverage, hey, if they've got a specific need or a specific specialty, we'll bring the right expert to the firm. >> So that leads me to like my last question, which is, so it sounds like GDPR, and in chain of the context of that answer, is not just a tactical sort of pain relief project. Is it part of more strategic digital transformations? Are you able to make that connection? Or are people just in too much of a rush to fix the pain? >> No. Jay and I were talking about this earlier today. I mean, I'll use the example of some of the cloud transformation that companies are going through, right, if they haven't already, and thinking about their data and how they operate differently. And wait a minute, we don't need to forklift all of our data over. Let's think about it. And oh, by the way, let's make sure we're compliant with GDPR, right? So there's a number of different ways that you can kind of pull in different pieces that are helpful to clients. I think there were a number of different aspects to that, that we were talking about. So it's certainly something front and center, but it's not a one time, let's check the box and move on exercise either. >> Awesome. All right. We got to go. Thanks very much for coming the Cube. >> Thank you. >> Thanks. >> It's good to meet you guys. All right, keep it right there, everybody. We'll be back with our next guests. This is theCUBE. We're live from Veritas Vision 2017 in Las Vegas. We'll be right back. (techno music)