(upbeat music) >> Hello, everyone, welcome to theCUBE. I'm John Furrier, the host of theCUBE in Palo Alto, California. Also it's SiliconANGLE News. Got two great guests here to talk about AI, the impact of the future of the internet, the applications, the people. Amr Awadallah, the founder and CEO, Ed Alban is the CEO of Vectara, a new startup that emerged out of the original Cloudera, I would say, 'cause Amr's known, famous for the Cloudera founding, which was really the beginning of the big data movement. And now as AI goes mainstream, there's so much to talk about, so much to go on. And plus the new company is one of the, now what I call the wave, this next big wave, I call it the fifth wave in the industry. You know, you had PCs, you had the internet, you had mobile. This generative AI thing is real. And you're starting to see startups come out in droves. Amr obviously was founder of Cloudera, Big Data, and now Vectara. And Ed Albanese, you guys have a new company. Welcome to the show. >> Thank you. It's great to be here. >> So great to see you. Now the story is theCUBE started in the Cloudera office. Thanks to you, and your friendly entrepreneurship views that you have. We got to know each other over the years. But Cloudera had Hadoop, which was the beginning of what I call the big data wave, which then became what we now call data lakes, data oceans, and data infrastructure that's developed from that. It's almost interesting to look back 12 plus years, and see that what AI is doing now, right now, is opening up the eyes to the mainstream, and the application's almost mind blowing. You know, Sati Natel called it the Mosaic Moment, didn't say Netscape, he built Netscape (laughing) but called it the Mosaic Moment. You're seeing companies in startups, kind of the alpha geeks running here, because this is the new frontier, and there's real meat on the bone, in terms of like things to do. Why? Why is this happening now? What's is the confluence of the forces happening, that are making this happen? >> Yeah, I mean if you go back to the Cloudera days, with big data, and so on, that was more about data processing. Like how can we process data, so we can extract numbers from it, and do reporting, and maybe take some actions, like this is a fraud transaction, or this is not. And in the meanwhile, many of the researchers working in the neural network, and deep neural network space, were trying to focus on data understanding, like how can I understand the data, and learn from it, so I can take actual actions, based on the data directly, just like a human does. And we were only good at doing that at the level of somebody who was five years old, or seven years old, all the way until about 2013. And starting in 2013, which is only 10 years ago, a number of key innovations started taking place, and each one added on. It was no major innovation that just took place. It was a couple of really incremental ones, but they added on top of each other, in a very exponentially additive way, that led to, by the end of 2019, we now have models, deep neural network models, that can read and understand human text just like we do. Right? And they can reason about it, and argue with you, and explain it to you. And I think that's what is unlocking this whole new wave of innovation that we're seeing right now. So data understanding would be the essence of it. >> So it's not a Big Bang kind of theory, it's been evolving over time, and I think that the tipping point has been the advancements and other things. I mean look at cloud computing, and look how fast it just crept up on AWS. I mean AWS you back three, five years ago, I was talking to Swami yesterday, and their big news about AI, expanding the Hugging Face's relationship with AWS. And just three, five years ago, there wasn't a model training models out there. But as compute comes out, and you got more horsepower,, these large language models, these foundational models, they're flexible, they're not monolithic silos, they're interacting. There's a whole new, almost fusion of data happening. Do you see that? I mean is that part of this? >> Of course, of course. I mean this wave is building on all the previous waves. We wouldn't be at this point if we did not have hardware that can scale, in a very efficient way. We wouldn't be at this point, if we don't have data that we're collecting about everything we do, that we're able to process in this way. So this, this movement, this motion, this phase we're in, absolutely builds on the shoulders of all the previous phases. For some of the observers from the outside, when they see chatGPT for the first time, for them was like, "Oh my god, this just happened overnight." Like it didn't happen overnight. (laughing) GPT itself, like GPT3, which is what chatGPT is based on, was released a year ahead of chatGPT, and many of us were seeing the power it can provide, and what it can do. I don't know if Ed agrees with that. >> Yeah, Ed? >> I do. Although I would acknowledge that the possibilities now, because of what we've hit from a maturity standpoint, have just opened up in an incredible way, that just wasn't tenable even three years ago. And that's what makes it, it's true that it developed incrementally, in the same way that, you know, the possibilities of a mobile handheld device, you know, in 2006 were there, but when the iPhone came out, the possibilities just exploded. And that's the moment we're in. >> Well, I've had many conversations over the past couple months around this area with chatGPT. John Markoff told me the other day, that he calls it, "The five dollar toy," because it's not that big of a deal, in context to what AI's doing behind the scenes, and all the work that's done on ethics, that's happened over the years, but it has woken up the mainstream, so everyone immediately jumps to ethics. "Does it work? "It's not factual," And everyone who's inside the industry is like, "This is amazing." 'Cause you have two schools of thought there. One's like, people that think this is now the beginning of next gen, this is now we're here, this ain't your grandfather's chatbot, okay?" With NLP, it's got reasoning, it's got other things. >> I'm in that camp for sure. >> Yeah. Well I mean, everyone who knows what's going on is in that camp. And as the naysayers start to get through this, and they go, "Wow, it's not just plagiarizing homework, "it's helping me be better. "Like it could rewrite my memo, "bring the lead to the top." It's so the format of the user interface is interesting, but it's still a data-driven app. >> Absolutely. >> So where does it go from here? 'Cause I'm not even calling this the first ending. This is like pregame, in my opinion. What do you guys see this going, in terms of scratching the surface to what happens next? >> I mean, I'll start with, I just don't see how an application is going to look the same in the next three years. Who's going to want to input data manually, in a form field? Who is going to want, or expect, to have to put in some text in a search box, and then read through 15 different possibilities, and try to figure out which one of them actually most closely resembles the question they asked? You know, I don't see that happening. Who's going to start with an absolute blank sheet of paper, and expect no help? That is not how an application will work in the next three years, and it's going to fundamentally change how people interact and spend time with opening any element on their mobile phone, or on their computer, to get something done. >> Yes. I agree with that. Like every single application, over the next five years, will be rewritten, to fit within this model. So imagine an HR application, I don't want to name companies, but imagine an HR application, and you go into application and you clicking on buttons, because you want to take two weeks of vacation, and menus, and clicking here and there, reasons and managers, versus just telling the system, "I'm taking two weeks of vacation, going to Las Vegas," book it, done. >> Yeah. >> And the system just does it for you. If you weren't completing in your input, in your description, for what you want, then the system asks you back, "Did you mean this? "Did you mean that? "Were you trying to also do this as well?" >> Yeah. >> "What was the reason?" And that will fit it for you, and just do it for you. So I think the user interface that we have with apps, is going to change to be very similar to the user interface that we have with each other. And that's why all these apps will need to evolve. >> I know we don't have a lot of time, 'cause you guys are very busy, but I want to definitely have multiple segments with you guys, on this topic, because there's so much to talk about. There's a lot of parallels going on here. I was talking again with Swami who runs all the AI database at AWS, and I asked him, I go, "This feels a lot like the original AWS. "You don't have to provision a data center." A lot of this heavy lifting on the back end, is these large language models, with these foundational models. So the bottleneck in the past, was the energy, and cost to actually do it. Now you're seeing it being stood up faster. So there's definitely going to be a tsunami of apps. I would see that clearly. What is it? We don't know yet. But also people who are going to leverage the fact that I can get started building value. So I see a startup boom coming, and I see an application tsunami of refactoring things. >> Yes. >> So the replatforming is already kind of happening. >> Yes, >> OpenAI, chatGPT, whatever. So that's going to be a developer environment. I mean if Amazon turns this into an API, or a Microsoft, what you guys are doing. >> We're turning it into API as well. That's part of what we're doing as well, yes. >> This is why this is exciting. Amr, you've lived the big data dream, and and we used to talk, if you didn't have a big data problem, if you weren't full of data, you weren't really getting it. Now people have all the data, and they got to stand this up. >> Yeah. >> So the analogy is again, the mobile, I like the mobile movement, and using mobile as an analogy, most companies were not building for a mobile environment, right? They were just building for the web, and legacy way of doing apps. And as soon as the user expectations shifted, that my expectation now, I need to be able to do my job on this small screen, on the mobile device with a touchscreen. Everybody had to invest in re-architecting, and re-implementing every single app, to fit within that model, and that model of interaction. And we are seeing the exact same thing happen now. And one of the core things we're focused on at Vectara, is how to simplify that for organizations, because a lot of them are overwhelmed by large language models, and ML. >> They don't have the staff. >> Yeah, yeah, yeah. They're understaffed, they don't have the skills. >> But they got developers, they've got DevOps, right? >> Yes. >> So they have the DevSecOps going on. >> Exactly, yes. >> So our goal is to simplify it enough for them that they can start leveraging this technology effectively, within their applications. >> Ed, you're the COO of the company, obviously a startup. You guys are growing. You got great backup, and good team. You've also done a lot of business development, and technical business development in this area. If you look at the landscape right now, and I agree the apps are coming, every company I talk to, that has that jet chatGPT of, you know, epiphany, "Oh my God, look how cool this is. "Like magic." Like okay, it's code, settle down. >> Mm hmm. >> But everyone I talk to is using it in a very horizontal way. I talk to a very senior person, very tech alpha geek, very senior person in the industry, technically. they're using it for log data, they're using it for configuration of routers. And in other areas, they're using it for, every vertical has a use case. So this is horizontally scalable from a use case standpoint. When you hear horizontally scalable, first thing I chose in my mind is cloud, right? >> Mm hmm. >> So cloud, and scalability that way. And the data is very specialized. So now you have this vertical specialization, horizontally scalable, everyone will be refactoring. What do you see, and what are you seeing from customers, that you talk to, and prospects? >> Yeah, I mean put yourself in the shoes of an application developer, who is actually trying to make their application a bit more like magic. And to have that soon-to-be, honestly, expected experience. They've got to think about things like performance, and how efficiently that they can actually execute a query, or a question. They've got to think about cost. Generative isn't cheap, like the inference of it. And so you've got to be thoughtful about how and when you take advantage of it, you can't use it as a, you know, everything looks like a nail, and I've got a hammer, and I'm going to hit everything with it, because that will be wasteful. Developers also need to think about how they're going to take advantage of, but not lose their own data. So there has to be some controls around what they feed into the large language model, if anything. Like, should they fine tune a large language model with their own data? Can they keep it logically separated, but still take advantage of the powers of a large language model? And they've also got to take advantage, and be aware of the fact that when data is generated, that it is a different class of data. It might not fully be their own. >> Yeah. >> And it may not even be fully verified. And so when the logical cycle starts, of someone making a request, the relationship between that request, and the output, those things have to be stored safely, logically, and identified as such. >> Yeah. >> And taken advantage of in an ongoing fashion. So these are mega problems, each one of them independently, that, you know, you can think of it as middleware companies need to take advantage of, and think about, to help the next wave of application development be logical, sensible, and effective. It's not just calling some raw API on the cloud, like openAI, and then just, you know, you get your answer and you're done, because that is a very brute force approach. >> Well also I will point, first of all, I agree with your statement about the apps experience, that's going to be expected, form filling. Great point. The interesting about chatGPT. >> Sorry, it's not just form filling, it's any action you would like to take. >> Yeah. >> Instead of clicking, and dragging, and dropping, and doing it on a menu, or on a touch screen, you just say it, and it's and it happens perfectly. >> Yeah. It's a different interface. And that's why I love that UIUX experiences, that's the people falling out of their chair moment with chatGPT, right? But a lot of the things with chatGPT, if you feed it right, it works great. If you feed it wrong and it goes off the rails, it goes off the rails big. >> Yes, yes. >> So the the Bing catastrophes. >> Yeah. >> And that's an example of garbage in, garbage out, classic old school kind of comp-side phrase that we all use. >> Yep. >> Yes. >> This is about data in injection, right? It reminds me the old SQL days, if you had to, if you can sling some SQL, you were a magician, you know, to get the right answer, it's pretty much there. So you got to feed the AI. >> You do, Some people call this, the early word to describe this as prompt engineering. You know, old school, you know, search, or, you know, engagement with data would be, I'm going to, I have a question or I have a query. New school is, I have, I have to issue it a prompt, because I'm trying to get, you know, an action or a reaction, from the system. And the active engineering, there are a lot of different ways you could do it, all the way from, you know, raw, just I'm going to send you whatever I'm thinking. >> Yeah. >> And you get the unintended outcomes, to more constrained, where I'm going to just use my own data, and I'm going to constrain the initial inputs, the data I already know that's first party, and I trust, to, you know, hyper constrain, where the application is actually, it's looking for certain elements to respond to. >> It's interesting Amr, this is why I love this, because one we are in the media, we're recording this video now, we'll stream it. But we got all your linguistics, we're talking. >> Yes. >> This is data. >> Yep. >> So the data quality becomes now the new intellectual property, because, if you have that prompt source data, it makes data or content, in our case, the original content, intellectual property. >> Absolutely. >> Because that's the value. And that's where you see chatGPT fall down, is because they're trying to scroll the web, and people think it's search. It's not necessarily search, it's giving you something that you wanted. It is a lot of that, I remember in Cloudera, you said, "Ask the right questions." Remember that phrase you guys had, that slogan? >> Mm hmm. And that's prompt engineering. So that's exactly, that's the reinvention of "Ask the right question," is prompt engineering is, if you don't give these models the question in the right way, and very few people know how to frame it in the right way with the right context, then you will get garbage out. Right? That is the garbage in, garbage out. But if you specify the question correctly, and you provide with it the metadata that constrain what that question is going to be acted upon or answered upon, then you'll get much better answers. And that's exactly what we solved Vectara. >> Okay. So before we get into the last couple minutes we have left, I want to make sure we get a plug in for the opportunity, and the profile of Vectara, your new company. Can you guys both share with me what you think the current situation is? So for the folks who are now having those moments of, "Ah, AI's bullshit," or, "It's not real, it's a lot of stuff," from, "Oh my god, this is magic," to, "Okay, this is the future." >> Yes. >> What would you say to that person, if you're at a cocktail party, or in the elevator say, "Calm down, this is the first inning." How do you explain the dynamics going on right now, to someone who's either in the industry, but not in the ropes? How would you explain like, what this wave's about? How would you describe it, and how would you prepare them for how to change their life around this? >> Yeah, so I'll go first and then I'll let Ed go. Efficiency, efficiency is the description. So we figured that a way to be a lot more efficient, a way where you can write a lot more emails, create way more content, create way more presentations. Developers can develop 10 times faster than they normally would. And that is very similar to what happened during the Industrial Revolution. I always like to look at examples from the past, to read what will happen now, and what will happen in the future. So during the Industrial Revolution, it was about efficiency with our hands, right? So I had to make a piece of cloth, like this piece of cloth for this shirt I'm wearing. Our ancestors, they had to spend month taking the cotton, making it into threads, taking the threads, making them into pieces of cloth, and then cutting it. And now a machine makes it just like that, right? And the ancestors now turned from the people that do the thing, to manage the machines that do the thing. And I think the same thing is going to happen now, is our efficiency will be multiplied extremely, as human beings, and we'll be able to do a lot more. And many of us will be able to do things they couldn't do before. So another great example I always like to use is the example of Google Maps, and GPS. Very few of us knew how to drive a car from one location to another, and read a map, and get there correctly. But once that efficiency of an AI, by the way, behind these things is very, very complex AI, that figures out how to do that for us. All of us now became amazing navigators that can go from any point to any point. So that's kind of how I look at the future. >> And that's a great real example of impact. Ed, your take on how you would talk to a friend, or colleague, or anyone who asks like, "How do I make sense of the current situation? "Is it real? "What's in it for me, and what do I do?" I mean every company's rethinking their business right now, around this. What would you say to them? >> You know, I usually like to show, rather than describe. And so, you know, the other day I just got access, I've been using an application for a long time, called Notion, and it's super popular. There's like 30 or 40 million users. And the new version of Notion came out, which has AI embedded within it. And it's AI that allows you primarily to create. So if you could break down the world of AI into find and create, for a minute, just kind of logically separate those two things, find is certainly going to be massively impacted in our experiences as consumers on, you know, Google and Bing, and I can't believe I just said the word Bing in the same sentence as Google, but that's what's happening now (all laughing), because it's a good example of change. >> Yes. >> But also inside the business. But on the crate side, you know, Notion is a wiki product, where you try to, you know, note down things that you are thinking about, or you want to share and memorialize. But sometimes you do need help to get it down fast. And just in the first day of using this new product, like my experience has really fundamentally changed. And I think that anybody who would, you know, anybody say for example, that is using an existing app, I would show them, open up the app. Now imagine the possibility of getting a starting point right off the bat, in five seconds of, instead of having to whole cloth draft this thing, imagine getting a starting point then you can modify and edit, or just dispose of and retry again. And that's the potential for me. I can't imagine a scenario where, in a few years from now, I'm going to be satisfied if I don't have a little bit of help, in the same way that I don't manually spell check every email that I send. I automatically spell check it. I love when I'm getting type ahead support inside of Google, or anything. Doesn't mean I always take it, or when texting. >> That's efficiency too. I mean the cloud was about developers getting stuff up quick. >> Exactly. >> All that heavy lifting is there for you, so you don't have to do it. >> Right? >> And you get to the value faster. >> Exactly. I mean, if history taught us one thing, it's, you have to always embrace efficiency, and if you don't fast enough, you will fall behind. Again, looking at the industrial revolution, the companies that embraced the industrial revolution, they became the leaders in the world, and the ones who did not, they all like. >> Well the AI thing that we got to watch out for, is watching how it goes off the rails. If it doesn't have the right prompt engineering, or data architecture, infrastructure. >> Yes. >> It's a big part. So this comes back down to your startup, real quick, I know we got a couple minutes left. Talk about the company, the motivation, and we'll do a deeper dive on on the company. But what's the motivation? What are you targeting for the market, business model? The tech, let's go. >> Actually, I would like Ed to go first. Go ahead. >> Sure, I mean, we're a developer-first, API-first platform. So the product is oriented around allowing developers who may not be superstars, in being able to either leverage, or choose, or select their own large language models for appropriate use cases. But they that want to be able to instantly add the power of large language models into their application set. We started with search, because we think it's going to be one of the first places that people try to take advantage of large language models, to help find information within an application context. And we've built our own large language models, focused on making it very efficient, and elegant, to find information more quickly. So what a developer can do is, within minutes, go up, register for an account, and get access to a set of APIs, that allow them to send data, to be converted into a format that's easy to understand for large language models, vectors. And then secondarily, they can issue queries, ask questions. And they can ask them very, the questions that can be asked, are very natural language questions. So we're talking about long form sentences, you know, drill down types of questions, and they can get answers that either come back in depending upon the form factor of the user interface, in list form, or summarized form, where summarized equals the opportunity to kind of see a condensed, singular answer. >> All right. I have a. >> Oh okay, go ahead, you go. >> I was just going to say, I'm going to be a customer for you, because I want, my dream was to have a hologram of theCUBE host, me and Dave, and have questions be generated in the metaverse. So you know. (all laughing) >> There'll be no longer any guests here. They'll all be talking to you guys. >> Give a couple bullets, I'll spit out 10 good questions. Publish a story. This brings the automation, I'm sorry to interrupt you. >> No, no. No, no, I was just going to follow on on the same. So another way to look at exactly what Ed described is, we want to offer you chatGPT for your own data, right? So imagine taking all of the recordings of all of the interviews you have done, and having all of the content of that being ingested by a system, where you can now have a conversation with your own data and say, "Oh, last time when I met Amr, "which video games did we talk about? "Which movie or book did we use as an analogy "for how we should be embracing data science, "and big data, which is moneyball," I know you use moneyball all the time. And you start having that conversation. So, now the data doesn't become a passive asset that you just have in your organization. No. It's an active participant that's sitting with you, on the table, helping you make decisions. >> One of my favorite things to do with customers, is to go to their site or application, and show them me using it. So for example, one of the customers I talked to was one of the biggest property management companies in the world, that lets people go and rent homes, and houses, and things like that. And you know, I went and I showed them me searching through reviews, looking for information, and trying different words, and trying to find out like, you know, is this place quiet? Is it comfortable? And then I put all the same data into our platform, and I showed them the world of difference you can have when you start asking that question wholeheartedly, and getting real information that doesn't have anything to do with the words you asked, but is really focused on the meaning. You know, when I asked like, "Is it quiet?" You know, answers would come back like, "The wind whispered through the trees peacefully," and you know, it's like nothing to do with quiet in the literal word sense, but in the meaning sense, everything to do with it. And that that was magical even for them, to see that. >> Well you guys are the front end of this big wave. Congratulations on the startup, Amr. I know you guys got great pedigree in big data, and you've got a great team, and congratulations. Vectara is the name of the company, check 'em out. Again, the startup boom is coming. This will be one of the major waves, generative AI is here. I think we'll look back, and it will be pointed out as a major inflection point in the industry. >> Absolutely. >> There's not a lot of hype behind that. People are are seeing it, experts are. So it's going to be fun, thanks for watching. >> Thanks John. (soft music)

>>From the Cube Studios in Palo Alto in Boston, bringing you data-driven insights from the cube and E T R. This is breaking analysis with Dave Valante. >>Making technology predictions in 2022 was tricky business, especially if you were projecting the performance of markets or identifying I P O prospects and making binary forecast on data AI and the macro spending climate and other related topics in enterprise tech 2022, of course was characterized by a seesaw economy where central banks were restructuring their balance sheets. The war on Ukraine fueled inflation supply chains were a mess. And the unintended consequences of of forced march to digital and the acceleration still being sorted out. Hello and welcome to this week's weekly on Cube Insights powered by E T R. In this breaking analysis, we continue our annual tradition of transparently grading last year's enterprise tech predictions. And you may or may not agree with our self grading system, but look, we're gonna give you the data and you can draw your own conclusions and tell you what, tell us what you think. >>All right, let's get right to it. So our first prediction was tech spending increases by 8% in 2022. And as we exited 2021 CIOs, they were optimistic about their digital transformation plans. You know, they rushed to make changes to their business and were eager to sharpen their focus and continue to iterate on their digital business models and plug the holes that they, the, in the learnings that they had. And so we predicted that 8% rise in enterprise tech spending, which looked pretty good until Ukraine and the Fed decided that, you know, had to rush and make up for lost time. We kind of nailed the momentum in the energy sector, but we can't give ourselves too much credit for that layup. And as of October, Gartner had it spending growing at just over 5%. I think it was 5.1%. So we're gonna take a C plus on this one and, and move on. >>Our next prediction was basically kind of a slow ground ball. The second base, if I have to be honest, but we felt it was important to highlight that security would remain front and center as the number one priority for organizations in 2022. As is our tradition, you know, we try to up the degree of difficulty by specifically identifying companies that are gonna benefit from these trends. So we highlighted some possible I P O candidates, which of course didn't pan out. S NQ was on our radar. The company had just had to do another raise and they recently took a valuation hit and it was a down round. They raised 196 million. So good chunk of cash, but, but not the i p O that we had predicted Aqua Securities focus on containers and cloud native. That was a trendy call and we thought maybe an M SS P or multiple managed security service providers like Arctic Wolf would I p o, but no way that was happening in the crummy market. >>Nonetheless, we think these types of companies, they're still faring well as the talent shortage in security remains really acute, particularly in the sort of mid-size and small businesses that often don't have a sock Lacework laid off 20% of its workforce in 2022. And CO C e o Dave Hatfield left the company. So that I p o didn't, didn't happen. It was probably too early for Lacework. Anyway, meanwhile you got Netscope, which we've cited as strong in the E T R data as particularly in the emerging technology survey. And then, you know, I lumia holding its own, you know, we never liked that 7 billion price tag that Okta paid for auth zero, but we loved the TAM expansion strategy to target developers beyond sort of Okta's enterprise strength. But we gotta take some points off of the failure thus far of, of Okta to really nail the integration and the go to market model with azero and build, you know, bring that into the, the, the core Okta. >>So the focus on endpoint security that was a winner in 2022 is CrowdStrike led that charge with others holding their own, not the least of which was Palo Alto Networks as it continued to expand beyond its core network security and firewall business, you know, through acquisition. So overall we're gonna give ourselves an A minus for this relatively easy call, but again, we had some specifics associated with it to make it a little tougher. And of course we're watching ve very closely this this coming year in 2023. The vendor consolidation trend. You know, according to a recent Palo Alto network survey with 1300 SecOps pros on average organizations have more than 30 tools to manage security tools. So this is a logical way to optimize cost consolidating vendors and consolidating redundant vendors. The E T R data shows that's clearly a trend that's on the upswing. >>Now moving on, a big theme of 2020 and 2021 of course was remote work and hybrid work and new ways to work and return to work. So we predicted in 2022 that hybrid work models would become the dominant protocol, which clearly is the case. We predicted that about 33% of the workforce would come back to the office in 2022 in September. The E T R data showed that figure was at 29%, but organizations expected that 32% would be in the office, you know, pretty much full-time by year end. That hasn't quite happened, but we were pretty close with the projection, so we're gonna take an A minus on this one. Now, supply chain disruption was another big theme that we felt would carry through 2022. And sure that sounds like another easy one, but as is our tradition, again we try to put some binary metrics around our predictions to put some meat in the bone, so to speak, and and allow us than you to say, okay, did it come true or not? >>So we had some data that we presented last year and supply chain issues impacting hardware spend. We said at the time, you can see this on the left hand side of this chart, the PC laptop demand would remain above pre covid levels, which would reverse a decade of year on year declines, which I think started in around 2011, 2012. Now, while demand is down this year pretty substantially relative to 2021, I D C has worldwide unit shipments for PCs at just over 300 million for 22. If you go back to 2019 and you're looking at around let's say 260 million units shipped globally, you know, roughly, so, you know, pretty good call there. Definitely much higher than pre covid levels. But so what you might be asking why the B, well, we projected that 30% of customers would replace security appliances with cloud-based services and that more than a third would replace their internal data center server and storage hardware with cloud services like 30 and 40% respectively. >>And we don't have explicit survey data on exactly these metrics, but anecdotally we see this happening in earnest. And we do have some data that we're showing here on cloud adoption from ET R'S October survey where the midpoint of workloads running in the cloud is around 34% and forecast, as you can see, to grow steadily over the next three years. So this, well look, this is not, we understand it's not a one-to-one correlation with our prediction, but it's a pretty good bet that we were right, but we gotta take some points off, we think for the lack of unequivocal proof. Cause again, we always strive to make our predictions in ways that can be measured as accurate or not. Is it binary? Did it happen, did it not? Kind of like an O K R and you know, we strive to provide data as proof and in this case it's a bit fuzzy. >>We have to admit that although we're pretty comfortable that the prediction was accurate. And look, when you make an hard forecast, sometimes you gotta pay the price. All right, next, we said in 2022 that the big four cloud players would generate 167 billion in IS and PaaS revenue combining for 38% market growth. And our current forecasts are shown here with a comparison to our January, 2022 figures. So coming into this year now where we are today, so currently we expect 162 billion in total revenue and a 33% growth rate. Still very healthy, but not on our mark. So we think a w s is gonna miss our predictions by about a billion dollars, not, you know, not bad for an 80 billion company. So they're not gonna hit that expectation though of getting really close to a hundred billion run rate. We thought they'd exit the year, you know, closer to, you know, 25 billion a quarter and we don't think they're gonna get there. >>Look, we pretty much nailed Azure even though our prediction W was was correct about g Google Cloud platform surpassing Alibaba, Alibaba, we way overestimated the performance of both of those companies. So we're gonna give ourselves a C plus here and we think, yeah, you might think it's a little bit harsh, we could argue for a B minus to the professor, but the misses on GCP and Alibaba we think warrant a a self penalty on this one. All right, let's move on to our prediction about Supercloud. We said it becomes a thing in 2022 and we think by many accounts it has, despite the naysayers, we're seeing clear evidence that the concept of a layer of value add that sits above and across clouds is taking shape. And on this slide we showed just some of the pickup in the industry. I mean one of the most interesting is CloudFlare, the biggest supercloud antagonist. >>Charles Fitzgerald even predicted that no vendor would ever use the term in their marketing. And that would be proof if that happened that Supercloud was a thing and he said it would never happen. Well CloudFlare has, and they launched their version of Supercloud at their developer week. Chris Miller of the register put out a Supercloud block diagram, something else that Charles Fitzgerald was, it was was pushing us for, which is rightly so, it was a good call on his part. And Chris Miller actually came up with one that's pretty good at David Linthicum also has produced a a a A block diagram, kind of similar, David uses the term metacloud and he uses the term supercloud kind of interchangeably to describe that trend. And so we we're aligned on that front. Brian Gracely has covered the concept on the popular cloud podcast. Berkeley launched the Sky computing initiative. >>You read through that white paper and many of the concepts highlighted in the Supercloud 3.0 community developed definition align with that. Walmart launched a platform with many of the supercloud salient attributes. So did Goldman Sachs, so did Capital One, so did nasdaq. So you know, sorry you can hate the term, but very clearly the evidence is gathering for the super cloud storm. We're gonna take an a plus on this one. Sorry, haters. Alright, let's talk about data mesh in our 21 predictions posts. We said that in the 2020s, 75% of large organizations are gonna re-architect their big data platforms. So kind of a decade long prediction. We don't like to do that always, but sometimes it's warranted. And because it was a longer term prediction, we, at the time in, in coming into 22 when we were evaluating our 21 predictions, we took a grade of incomplete because the sort of decade long or majority of the decade better part of the decade prediction. >>So last year, earlier this year, we said our number seven prediction was data mesh gains momentum in 22. But it's largely confined and narrow data problems with limited scope as you can see here with some of the key bullets. So there's a lot of discussion in the data community about data mesh and while there are an increasing number of examples, JP Morgan Chase, Intuit, H S P C, HelloFresh, and others that are completely rearchitecting parts of their data platform completely rearchitecting entire data platforms is non-trivial. There are organizational challenges, there're data, data ownership, debates, technical considerations, and in particular two of the four fundamental data mesh principles that the, the need for a self-service infrastructure and federated computational governance are challenging. Look, democratizing data and facilitating data sharing creates conflicts with regulatory requirements around data privacy. As such many organizations are being really selective with their data mesh implementations and hence our prediction of narrowing the scope of data mesh initiatives. >>I think that was right on J P M C is a good example of this, where you got a single group within a, within a division narrowly implementing the data mesh architecture. They're using a w s, they're using data lakes, they're using Amazon Glue, creating a catalog and a variety of other techniques to meet their objectives. They kind of automating data quality and it was pretty well thought out and interesting approach and I think it's gonna be made easier by some of the announcements that Amazon made at the recent, you know, reinvent, particularly trying to eliminate ET t l, better connections between Aurora and Redshift and, and, and better data sharing the data clean room. So a lot of that is gonna help. Of course, snowflake has been on this for a while now. Many other companies are facing, you know, limitations as we said here and this slide with their Hadoop data platforms. They need to do new, some new thinking around that to scale. HelloFresh is a really good example of this. Look, the bottom line is that organizations want to get more value from data and having a centralized, highly specialized teams that own the data problem, it's been a barrier and a blocker to success. The data mesh starts with organizational considerations as described in great detail by Ash Nair of Warner Brothers. So take a listen to this clip. >>Yeah, so when people think of Warner Brothers, you always think of like the movie studio, but we're more than that, right? I mean, you think of H B O, you think of t n t, you think of C N N. We have 30 plus brands in our portfolio and each have their own needs. So the, the idea of a data mesh really helps us because what we can do is we can federate access across the company so that, you know, CNN can work at their own pace. You know, when there's election season, they can ingest their own data and they don't have to, you know, bump up against, as an example, HBO if Game of Thrones is going on. >>So it's often the case that data mesh is in the eyes of the implementer. And while a company's implementation may not strictly adhere to Jamma Dani's vision of data mesh, and that's okay, the goal is to use data more effectively. And despite Gartner's attempts to deposition data mesh in favor of the somewhat confusing or frankly far more confusing data fabric concept that they stole from NetApp data mesh is taking hold in organizations globally today. So we're gonna take a B on this one. The prediction is shaping up the way we envision, but as we previously reported, it's gonna take some time. The better part of a decade in our view, new standards have to emerge to make this vision become reality and they'll come in the form of both open and de facto approaches. Okay, our eighth prediction last year focused on the face off between Snowflake and Databricks. >>And we realized this popular topic, and maybe one that's getting a little overplayed, but these are two companies that initially, you know, looked like they were shaping up as partners and they, by the way, they are still partnering in the field. But you go back a couple years ago, the idea of using an AW w s infrastructure, Databricks machine intelligence and applying that on top of Snowflake as a facile data warehouse, still very viable. But both of these companies, they have much larger ambitions. They got big total available markets to chase and large valuations that they have to justify. So what's happening is, as we've previously reported, each of these companies is moving toward the other firm's core domain and they're building out an ecosystem that'll be critical for their future. So as part of that effort, we said each is gonna become aggressive investors and maybe start doing some m and a and they have in various companies. >>And on this chart that we produced last year, we studied some of the companies that were targets and we've added some recent investments of both Snowflake and Databricks. As you can see, they've both, for example, invested in elation snowflake's, put money into Lacework, the Secur security firm, ThoughtSpot, which is trying to democratize data with ai. Collibra is a governance platform and you can see Databricks investments in data transformation with D B T labs, Matillion doing simplified business intelligence hunters. So that's, you know, they're security investment and so forth. So other than our thought that we'd see Databricks I p o last year, this prediction been pretty spot on. So we'll give ourselves an A on that one. Now observability has been a hot topic and we've been covering it for a while with our friends at E T R, particularly Eric Bradley. Our number nine prediction last year was basically that if you're not cloud native and observability, you are gonna be in big trouble. >>So everything guys gotta go cloud native. And that's clearly been the case. Splunk, the big player in the space has been transitioning to the cloud, hasn't always been pretty, as we reported, Datadog real momentum, the elk stack, that's open source model. You got new entrants that we've cited before, like observe, honeycomb, chaos search and others that we've, we've reported on, they're all born in the cloud. So we're gonna take another a on this one, admittedly, yeah, it's a re reasonably easy call, but you gotta have a few of those in the mix. Okay, our last prediction, our number 10 was around events. Something the cube knows a little bit about. We said that a new category of events would emerge as hybrid and that for the most part is happened. So that's gonna be the mainstay is what we said. That pure play virtual events are gonna give way to hi hybrid. >>And the narrative is that virtual only events are, you know, they're good for quick hits, but lousy replacements for in-person events. And you know that said, organizations of all shapes and sizes, they learn how to create better virtual content and support remote audiences during the pandemic. So when we set at pure play is gonna give way to hybrid, we said we, we i we implied or specific or specified that the physical event that v i p experience is going defined. That overall experience and those v i p events would create a little fomo, fear of, of missing out in a virtual component would overlay that serves an audience 10 x the size of the physical. We saw that really two really good examples. Red Hat Summit in Boston, small event, couple thousand people served tens of thousands, you know, online. Second was Google Cloud next v i p event in, in New York City. >>Everything else was, was, was, was virtual. You know, even examples of our prediction of metaverse like immersion have popped up and, and and, and you know, other companies are doing roadshow as we predicted like a lot of companies are doing it. You're seeing that as a major trend where organizations are going with their sales teams out into the regions and doing a little belly to belly action as opposed to the big giant event. That's a definitely a, a trend that we're seeing. So in reviewing this prediction, the grade we gave ourselves is, you know, maybe a bit unfair, it should be, you could argue for a higher grade, but the, but the organization still haven't figured it out. They have hybrid experiences but they generally do a really poor job of leveraging the afterglow and of event of an event. It still tends to be one and done, let's move on to the next event or the next city. >>Let the sales team pick up the pieces if they were paying attention. So because of that, we're only taking a B plus on this one. Okay, so that's the review of last year's predictions. You know, overall if you average out our grade on the 10 predictions that come out to a b plus, I dunno why we can't seem to get that elusive a, but we're gonna keep trying our friends at E T R and we are starting to look at the data for 2023 from the surveys and all the work that we've done on the cube and our, our analysis and we're gonna put together our predictions. We've had literally hundreds of inbounds from PR pros pitching us. We've got this huge thick folder that we've started to review with our yellow highlighter. And our plan is to review it this month, take a look at all the data, get some ideas from the inbounds and then the e t R of January surveys in the field. >>It's probably got a little over a thousand responses right now. You know, they'll get up to, you know, 1400 or so. And once we've digested all that, we're gonna go back and publish our predictions for 2023 sometime in January. So stay tuned for that. All right, we're gonna leave it there for today. You wanna thank Alex Myerson who's on production and he manages the podcast, Ken Schiffman as well out of our, our Boston studio. I gotta really heartfelt thank you to Kristen Martin and Cheryl Knight and their team. They helped get the word out on social and in our newsletters. Rob Ho is our editor in chief over at Silicon Angle who does some great editing for us. Thank you all. Remember all these podcasts are available or all these episodes are available is podcasts. Wherever you listen, just all you do Search Breaking analysis podcast, really getting some great traction there. Appreciate you guys subscribing. I published each week on wikibon.com, silicon angle.com or you can email me directly at david dot valante silicon angle.com or dm me Dante, or you can comment on my LinkedIn post. And please check out ETR AI for the very best survey data in the enterprise tech business. Some awesome stuff in there. This is Dante for the Cube Insights powered by etr. Thanks for watching and we'll see you next time on breaking analysis.

>> Presenter: theCUBE presents Ignite '22, brought to you by Palo Alto Networks. >> Hey guys and girls. Welcome back to theCube's live coverage at Palo Alto Ignite '22. We're live at the MGM Grand Hotel in beautiful Las Vegas. Lisa Martin here with Dave Vellante. This is day one of our coverage. We've been talking with execs from Palo Alto, Partners, but one of our most exciting things is talking with Founders day. We get to do that next. >> The thing is, it's like I wrote this weekend in my breaking analysis. Understanding the problem in cybersecurity is really easy, but figuring out how to fix it ain't so much. >> It definitely isn't. >> So I'm excited to have Nir here. >> Very excited. Nir Zuk joins us, the founder and CTO of Palo Alto Networks. Welcome, Nir. Great to have you on the program. >> Thank you. >> So Palo Alto Networks, you founded it back in 2005. It's hard to believe that's been 18 years, almost. You did something different, which I want to get into. But tell us, what was it back then? Why did you found this company? >> I thought the world needed another cybersecurity company. I thought it's because there were so many cybersecurity vendors in the world, and just didn't make any sense. This industry has evolved in a very weird way, where every time there was a new challenge, rather than existing vendors dealing with a challenge, you had new vendors dealing with it, and I thought I could put a stop to it, and I think I did. >> You did something differently back in 2005, looking at where you are now, the leader, what was different in your mind back then? >> Yeah. When you found a new company, you have really two good options. There's also a bad option, but we'll skip that. You can either disrupt an existing market, or you can create a new market. So first, I decided to disrupt an existing market, go into an existing market first, network security, then cyber security, and change it. Change the way it works. And like I said, the challenges that every problem had a new vendor, and nobody just stepped back and said, "I think I can solve it with the platform." Meaning, I think I can spend some time not solving a specific problem, but building a platform that then can be used to solve many different problems. And that's what I've done, and that's what Palo Alto Networks has done, and that's where we are today. >> So you look back, you call it now, I think you call it a next gen firewall, but nothing in 2005, can it be next gen? Do you know the Silicon Valley Show? Do you know the show Silicon Valley? >> Oh! Yeah. >> Yeah, of course. >> You got to have a box. But it was a different kind of box- >> Actually. >> Explain that. >> Actually, it's exactly the same thing. You got to have a box. So I actually wanted to call it a necessary evil. Marketing wouldn't go for that. >> No. >> And the reason I wanted to call it a necessary evil, because one of the things that we've done in order to platform our cyber security, again, first network security now, also cloud security, and security operations, is to turn it into a SaaS delivered industry. Today every cyber security professional knows that, when they buy cyber security, they buy usually a SaaS delivered service. Back then, people thought I was crazy to think that customers are going to send their data to their vendor in order to process, and they wanted everything on premise and so on, but I said, "No, customers are going to send information to us for processing, because we have much more processing power than they have." And we needed something in the infrastructure to send us the information. So that's why I wanted to call it the necessary evil. We ended up calling it next generation firewall, which was probably a better term. >> Well, even Veritas. Remember Veritas? They had the no hardware agenda. Even they have a box. So it is like you say, you got to have it. >> It's necessary. >> Okay. You did this, you started this on your own cloud, kind of like Salesforce, ServiceNow. >> Correct. >> Similar now- >> Build your own data centers. >> Build your own data center. Okay, I call it a cloud, but no. >> No, it's the same. There's no cloud, it's just someone else's computer. >> According to Larry Ellison, he was actually probably right about that. But over time, you've had this closer partnership with the public clouds. >> Correct. >> What does that bring you and your customers, and how hard was that to navigate? >> It wasn't that hard for us, because we didn't have that many services. Usually it's harder. Of course, we didn't do a lift and shift, which is their own thing to do with the cloud. We rebuild things for the cloud, and the benefits, of course, are time to market, scale, agility, and in some cases also, cost. >> Yeah, some cases. >> In some cases. >> So you have a sort of a hybrid model today. You still run your own data centers, do you not? >> Very few. >> Really? >> There are very, very few things that we have to do on hardware, like simulating malware and things that cannot be done in a virtual machine, which is pretty much the only option you have in the cloud. They provide bare metal, but doesn't serve our needs. I think that we don't view cloud, and your viewers should not be viewing cloud, as a place where they're going to save money. It's a place where they're going to make money. >> I like that. >> You make much more money, because you're more agile. >> And that's why this conversation is all about, your cost of goods sold they're going to be so high, you're going to have to come back to your own data centers. That's not on your mind right now. What's on your mind is advancing the unit, right? >> Look, my own data center would limit me in scale, would limit my agility. If you want to build something new, you don't have all the PaaS services, the platform as a service, services like database, and AI, and so on. I have to build them myself. It takes time. So yeah, it's going to be cheaper, but I'm not going to be delivering the same thing. So my revenues will be much lower. >> Less top line. What can humans do better than machines? You were talking about your keynote... I'm just going to chat a little bit. You were talking about your keynote. Basically, if you guys didn't see the keynote, that AI is going to run every soc within five years, that was a great prediction that you made. >> Correct. >> And they're going to do things that you can't do today, and then in the future, they're going to do things that you can't... Better than you can do. >> And you just have to be comfortable with that. >> So what do you think humans can do today and in the future better than machines? >> Look, humans can always do better than machines. The human mind can do things that machines cannot do. We are conscious, I don't think machines will be conscious. And you can do things... My point was not that machines can do things that humans cannot do. They can just do it better. The things that humans do today, machines can do better, once machines do that, humans will be free to do things that they don't do today, that machines cannot do. >> Like what? >> Like finding the most difficult, most covert attacks, dealing with the most difficult incidents, things that machines just can't do. Just that today, humans are consumed by finding attacks that machines can find, by dealing with incidents that machines can deal with. It's a waste of time. We leave it to the machines and go and focus on the most difficult problems, and then have the machines learn from you, so that next time or a hundred or a thousand times from now, they can do it themselves, and you focus on the even more difficult. >> Yeah, just like after 9/11, they said that we lack the creativity. That's what humans have, that machines don't, at least today. >> Machines don't. Yeah, look, every airplane has two pilots, even though airplanes have been flying themselves for 30 years now, why do you have two pilots, to do the things that machines cannot do? Like land on the Hudson, right? You always need humans to do the things that machines cannot do. But to leave the things that machines can do to the machines, they'll do it better. >> And autonomous vehicles need breaks. (indistinct) >> In your customer conversations, are customers really grappling with that, are they going, "Yeah, you're right?" >> It depends. It's hard for customers to let go of old habits. First, the habit of buying a hundred different solutions from a hundred different vendors, and you know what? Why would I trust one vendor to do everything, put all my eggs in the same basket? They have all kind of slogans as to why not to do that, even though it's been proven again and again that, doing everything in one system with one brain, versus a hundred systems with a hundred brains, work much better. So that's one thing. The second thing is, we always have the same issue that we've had, I think, since the industrial revolution, of what machines are going to take away my job. No, they're just going to make your job better. So I think that some of our customers are also grappling with that, like, "What do I do if the machines take over?" And of course, like we've said, the machines aren't taking over. They're going to do the benign work, you're going to do the interesting work. You should embrace it. >> When I think about your history as a technology pro, from Check Point, a couple of startups, one of the things that always frustrated you, is when when a larger company bought you out, you ended up getting sucked into the bureaucratic vortex. How do you avoid that at Palo Alto Networks? >> So first, you mean when we acquire company? >> Yes. >> The first thing is that, when we acquire companies, we always acquire for integration. Meaning, we don't just buy something and then leave it on the side, and try to sell it here and there. We integrate it into the core of our products. So that's very important, so that the technology lives, thrives and continues to grow as part of our bigger platform. And I think that the second thing that is very important, from past experience what we've learned, is to put the people that we acquire in key positions. Meaning, you don't buy a company and then put the leader of that company five levels below the CEO. You always put them in very senior positions. Almost always, we have the leaders of the companies that we acquire, be two levels below the CEO, so very senior in the company, so they can influence and make changes. >> So two questions related to that. One is, as you grow your team, can you be both integrated? And second part of the question, can you be both integrated and best of breed? Second part of the question is, do you even have to be? >> So I'll answer it in the third way, which is, I don't think you can be best of breed without being integrated in cybersecurity. And the reason is, again, this split brain that I've mentioned twice. When you have different products do a part of cybersecurity and they don't talk to each other, and they don't share a single brain, you always compromise. You start looking for things the wrong way. I can be a little bit technical here, but please. Take the example of, traditionally you would buy an IDS/IPS, separately from your filtering, separately from DNS security. One of the most important things we do in network security is to find combining control connections. Combining control connections where the adversaries controlling something behind your firewall and is now going around your network, is usually the key heel of the attack. That's why attacks like ransomware, that don't have a commanding control connection, are so difficult to deal with, by the way. So commanding control connections are a key seal of the attacks, and there are three different technologies that deal with it. Neural filtering for neural based commanding control, DNS security for DNS based commanding control, and IDS/IPS for general commanding control. If those are three different products, they'll be doing the wrong things. The oral filter will try to find things that it's not really good at, that the IPS really need to find, and the DN... It doesn't work. It works much better when it's one product doing everything. So I think the choice is not between best of breed and integrated. I think the only choice is integrated, because that's the only way to be best of breed. >> And behind that technology is some kind of realtime data store, I'll call it data lake, database. >> Yeah. >> Whatever. >> It's all driven by the same data. All the URLs, all the domain graph. Everything goes to one big data lake. We collect about... I think we collect about, a few petabytes per day. I don't write the exact number of data. It's all going to the same data lake, and all the intelligence is driven by that. >> So you mentioned in a cheeky comment about, why you founded the company, there weren't enough cybersecurity companies. >> Yeah. >> Clearly the term expansion strategy that Palo Alto Networks has done has been very successful. You've been, as you talked about, very focused on integration, not just from the technology perspective, but from the people perspective as well. >> Correct. >> So why are there still so many cybersecurity companies, and what are you thinking Palo Alto Networks can do to change that? >> So first, I think that there are a lot of cybersecurity companies out there, because there's a lot of money going into cybersecurity. If you look at the number of companies that have been really successful, it's a very small percentage of those cybersecurity companies. And also look, we're not going to be responsible for all the innovation in cybersecurity. We need other people to innovate. It's also... Look, always the question is, "Do you buy something or do you build it yourself?" Now we think we're the smartest people in the world. Of course, we can build everything, but it's not always true that we can build everything. Know that we're the smartest people in the world, for sure. You see, when you are a startup, you live and die by the thing that you build. Meaning if it's good, it works. If it's not good, you die. You run out of money, you shut down, and you just lost four years of your life to this, at least. >> At least. >> When you're a large company, yeah, I can go and find a hundred engineers and hire them. And especially nowadays, it becomes easier, as it became easier, and give them money, and have them go and build the same thing that the startup is building, but they're part of a bigger company, and they'll have more coffee breaks, and they'll be less incentive to go and do that, because the company will survive with or without them. So that's why startups can do things much better, sometimes than larger companies. We can do things better than startups, when it comes to being data driven because we have the data, and nobody can compete against the amount of data that we have. So we have a good combination of finding the right startups that have already built something, already proven that it works with some customers, and of course, building a lot of things internally that we cannot do outside. >> I heard you say in one of the, I dunno, dozens of videos I've listened to you talked to. The industry doesn't need or doesn't want another IoT stovepipe. Okay, I agree. So you got on-prem, AWS, Azure, Google, maybe Alibaba, IoT is going to be all over the place. So can you build, I call it the security super cloud, in other words, a consistent experience with the same policies and edicts across all my estates, irrespective of physical location? Is that technically feasible? Is it what you are trying to do? >> Certainly, what we're trying to do with Prisma Cloud, with our cloud security product, it works across all the clouds that you mentioned, and Oracle as well. It's almost entirely possible. >> Almost. >> Almost. Well, the things that... What you do is you normalize the language that the different cloud scale providers use, into one language. This cloud calls it a S3, and so, AWS calls it S3, and (indistinct) calls it GCS, and so on. So you normalize their terminology, and then build policy using a common terminology that your customers have to get used to. Of course, there are things that are different between the different cloud providers that cannot be normalized, and there, it has to be cloud specific. >> In that instance. So is that, in part, your strategy, is to actually build that? >> Of course. >> And does that necessitate running on all the major clouds? >> Of course. It's not just part of our strategy, it's a major part of our strategy. >> Compulsory. >> Look, as a standalone vendor that is not a cloud provider, we have two advantages. The first one is we're security product, security focused. So we can do much better than them when it comes to security. If you are a AWS, GCP, Azure, and so on, you're not going to put your best people on security, you're going to put them on the core business that you have. So we can do much better. Hey, that's interesting. >> Well, that's not how they talk. >> I don't care how they talk. >> Now that's interesting. >> When something is 4% of your business, you're not going to put it... You're not going to put your best people there. It's just, why would you? You put your best people on 96%. >> That's not driving their revenue. >> Look, it's simple. It's not what we- >> With all due respect. With all due respect. >> So I think we do security much better than them, and they become the good enough, and we become the premium. But certainly, the second thing that give us an advantage and the right to be a standalone security provider, is that we're multicloud, private cloud and all the major cloud providers. >> But they also have a different role. I mean, your role is not the security, the Nitro card or the Graviton chip, or is it? >> They are responsible for securing up to the operating system. We secure everything. >> They do a pretty good job of that. >> No, they do, certainly they have to. If they get bridged at that level, it's not just that one customer is going to suffer, the entire customer base. They have to spend a lot of time and money on it, and frankly, that's where they put their best security people. Securing the infrastructure, not building some cloud security feature. >> Absolutely. >> So Palo Alto Networks is, as we wrap here, on track to nearly double its revenues to nearly seven billion in FY '23, just compared to 2020, you were quoted in the press by saying, "We will be the first $100 billion cyber company." What is next for Palo Alto to achieve that? >> Yeah, so it was Nikesh, our CEO and chairman, that was quoted saying that, "We will double to a hundred billion." I don't think he gave it a timeframe, but what it takes is to double the sales, right? We're at 50 billion market cap right now, so we need to double sales. But in reality, you mentioned that we're growing the turn by doing more and more cybersecurity functions, and taking away pieces. Still, we have a relatively small, even though we're the largest cybersecurity vendor in the world, we have a very low market share that shows you how fragmented the market is. I would also like to point out something that is less known. Part of what we do with AI, is really take the part of the cybersecurity industry, which are service oriented, and that's about 50% of the cybersecurity industry services, and turn it into products. I mean, not all of it. But a good portion of what's provided today by people, and tens of billions of dollars are spent on that, can be done with products. And being one of the very, very few vendors that do that, I think we have a huge opportunity at turning those tens of billions of dollars in human services to AI. >> It's always been a good business taking human labor and translating into R and D, vendor R and D. >> Especially- >> It never fails if you do it well. >> Especially in difficult times, difficult economical times like we are probably experiencing right now around the world. We, not we, but we the world. >> Right, right. Well, congratulations. Coming up on the 18th anniversary. Tremendous amount of success. >> Thank you. >> Great vision, clear vision, STEM expansion strategy, really well underway. We are definitely going to continue to keep our eyes. >> Big company, a hundred billion, that's market capital, so that's a big company. You said you didn't want to work for a big company unless you founded it, is that... >> Unless it acts like a small company. >> There's the caveat. We'll keep our eye on that. >> Thank you very much. >> It's such a pleasure having you on. >> Thank you. >> Same here, thank you. >> All right, for our guests and for Dave Vellante, I'm Lisa Martin. You're watching theCUBE, the leader in live emerging and enterprise tech coverage. (upbeat music)

>>Hey everyone. Welcome back to Miami, Miami Beach. Specifically, not a bad location to have a conference. Lisa Martin here with the Cube live at IFS Unleashed. We're gonna be having a great conversation next about Ization moments of Service Rules. Royces here, as is the C of IFS for aerospace and defense. Scott Camani. Nick Ward joins us as well, the VP of Digital Systems at Roll Royce. Guys, excited to have you on the program and welcome back. >>Thank you very much. Nice to be back. It's >>Been three years since the last IFS show. I love How's Scott? I was talking with Darren Roots earlier today and I said, Well, didn't it used to be IFS world? And he said, Yes. And I said, I love the name. I would love to, to unpack that with your cheek marketing officer because it, there's a lot of, of, of power behind Unleash. A lot of companies do such and such world or accelerate, but we're talking about unleashing the power of the technology to help customers deliver those moments of service. Yes. Love it. So Scott, start us off here. Talk about ization. That's a relatively new term to me. Sure. Help me understand what it means, because IFS is a pioneer in this sense. >>We are. So one of the things that IFS is always trying to do is to try to find a way to help our customers to realize a moment of service. And that moment of service is really when they found the ability to delight their customers. And when we look at the way in which we're trying to drive those business outcomes for our customers, ization seems to be at the core of it. So whether it's the ability for a company to use a product, a service, or an outcome, they're driving ization in a way where they're shaping their business. They're orchestrating their customers and their people and their assets behind a val value chain that helps them to provide a delightful experience for their customers. And with IFS being focused on Lifecycle asset management, we no longer have customers that have to choose from best of suite or best of breed. They can actually have both with ifs. And that's something we're really excited to provide to our customers and more excited for our customers to realize that value with their customers, their partners. Along the way. >>You, you mentioned customer delight and it's a term that we, we all use it, right? But there's so much power and, and capabilities and metrics behind that phrase, customer delight, which will unpack Nick bringing you into the conversation. Talk to us a little bit about what your role is at Rolls Royce. My first thought when I saw you was, oh, the fancy cars, but we're talking about aerospace and the fence, so give us a little bit of a history. >>Okay. So yes, we don't make cars is the first point. So we are, we are power, we do power as a service. So we are most well known, I guess for large aircraft airliners. You know, if you've, if you've flown here to Miami, there's probably a 50 50 chance you've flown on a Rod Roy powered aircraft. Our market segment is what we call wide bodied aircraft where you go on, there's two aisles. So the larger section of the market, and we, we provide power, so we provide the engines, but more importantly, we've been a ization company, a service company for at least two decades. We, we have a, a service relationship we call total care. And the whole idea of total care is, yes, I have my engine, it's on my aircraft, but I take care of it. I make sure it's available to fly when you need to fly it. And all of the things that have to come together to make that happen, it's a service company. >>Service company. Talk to me a little bit about, and I wanna get got your perspective as well, but the relationship that Roll Royce and IFS have this is a little bit unique. >>Well, I can start, but I I think Nick's gonna be better served to tell us about that as our customer. Nick and I actually started this journey about four years ago, and what we did was, is we were working closely with our perspective customer Rolls-Royce identified what they were looking for as a desired business outcome. And then we found a way through the technology and the software that we provide to all of our enterprise customers globally to find a solution that actually helped to provide a, an outcome not only to Rolls-Royce, but also to our collective downstream customers, commercial operators around the globe. So that's where we started the journey and we're continuing our discussions around other solutions, but that's how we started and it's been an incredible partnership. We're so happy and proud to have Nick as a customer and a advocate of all things ifs and I'll let him kind of continue from his point of view how he sees the partnership in the relationship. >>No, thank you Scott. I think we've, we've always, we've valued the kind of relationship that we have because I think IFS has always got Rolls Royce in terms of strategic direction. What do we try to do? I said, we're a service company. You know, we, we are, we have to have a service relationship with our, our customers, our airlines. To have a service relationship, you have to be able to connect to your service customer. And ifs is a big part of how we connect for data. That's how do we understand what the airline is doing with the engines, but it's also how we return data back into the airline. So we are, we're get a very close integrated relation between us, our airlines, through a bridge that, that ifs create through the maintenance product. Got it. So it works really well. >>I I think I'd make one other point. One of the things that we've always focused on is quantifiable business value. The only way a partnership like this could possibly work is if we have a desired business outcome, but if we're providing value, So the value work that we did in conjunction with Rolls Royce and really identifying that helped to support the business case that allowed this partnership to really begin and flourish. So I I, I'd be remiss if I didn't mention that business value element that's really core to everything we do and all the, the conversations that Nick and I have. >>Well, it's all about outcomes. Absolutely. It's all about outcomes. It >>Is, it has to be about, it's about moments of service, right? That's why we're here, right? So perhaps a moment of service for Robs Royce is every time you're a passenger, you're going through the terminal. You expect your aircraft to be there, ready, waiting for you to get on and depart on time. And our moment of service is every aircraft takes off on time, every time we live. When we die by the quality of that statement, how well we live up to that statement, I think I checked this morning, there's something alike, 600 aircraft in the sky right now with Rolls Royce power carrying passengers. All of those passengers have relied on that moment. Service happening regularly like clockwork. Every single time you don't get any forgiveness for a delay, you get very little forgiveness for a cancellation that has to happen. And then so many things have to come together for that to happen. >>Those 600 aircraft, that's maybe 200,000 people right now in the sky, Wow. Those 200,000 people are trying to connect, They're trying to connect with friends, they're trying to connect with loved ones, family, colleagues, whatever the purpose is of that trip. It's really important to them. And we just have to make sure that that happens for us. We've had something like a million flights so far this year, 300 million people relying on that moment of so is happening. So I really resonate with, with the language that Scott users about the importance of sort of that focal point on when does it all come together? It comes together when as a passenger, I get on the plane and it goes and I get no issues. >>Right. Well people don't tolerate fragmented experiences anymore. No, no. I think one of the things that was in short supply during the pandemic was patience and tolerance. Sure. Not sure how much of that's gonna come back, right? But those integrated connected experiences, as you described so eloquently, Nick, those are table stakes for the customers, but also the brands behind them because of customers are unhappy, the churn rates go way up. And you see that reflected in obviously the success of the business and what you guys are doing together is seems to be quite powerful. Now then when you were on the cube with us three years ago in Boston at IFS back then you first introduced the intelligent engine and the Blue Data thread. Let's talk about the intelligent engine. Just give our audience a refresher of what that actually entails. >>So perhaps if we just step one one step back for that, just to understand how this fits in. So Roro is a service organization. We talked about that. What that means is we take a lot of the, the risk and the uncertainty away from our airline customers on the availability, the costs and maintenance effort associated with having a, having a chat engine. These are incredibly complicated and complex and sophisticated pieces of equipment. The most expensive, most sophisticated pieces of an aircraft. Managing that is, is difficult. And every airline does not want to have to focus on that. They wanna focus on being able to get the passenger on the air after, fly it, look after the airframe. So our role in that is to take that risk away, is to manage those engines, look after their health, look after their life, make sure they're available to fly whenever they need to fly. >>So for us to understand that, we then have to have data, we have to understand the state of every engine, where it is, the health of the engine, the life of that engine, what do we need to do next to that engine? And we can't do that unless we have data and that data flows into a digital platform. The intelligent engine, which is our cloud based ai, big data, all of the iot, all of the big buzzwords are there, right? So the data flows into that, that lets us run the models. It lets us understand, I can see something maybe it's a, it's a small issue, but if I leave it alone, it become a bigger issue. And maybe that will cause disruption further down the line. So we need to understand that we need to preempt it. So preemptive predictive maintenance is a, is a big part of the intelligent engine, but it's more than just that. >>It's also, we can understand how that engine is being flown. We can understand is it having a really intense flight? Is it having a more benign, gentle flight? Wow. That change time after the flight, typically after the flight. But what that means is we can then understand, actually we can keep that engine on the wing longer then you might otherwise have to do, If you have no data, you have to be conservative, safety rules, everything. Sure. So data allows you to say, actually I'm being overly conservative in this space. I can get more flying bios, flying hours from my product by extending the interval between maintenance and the intelligent engine has a large part to play in us justifying that we're able to do that. And then the final part that it does is eventually the engine is gonna have to come off from maintenance. >>These things fly 5 million miles between overhauls. You imagine you try to do that in your family car. It's, it doesn't happen. It's incredibly sophisticated thing can fly 5 million miles and then we take it off for a major overhaul. But there are thousands of these engines in the fleet. We have to understand which engine is going to come off when for what reason, and prepare our maintenance network to then receive the engine and deal with it and get it back to the customer. So the intelligent engine has a massive part to play in understanding the maintenance demand that the flying fleet is then creating. >>Wow, that's fascinating. And so you talked about that three years ago. What's next for that? I imagine there's only more evolution that's gonna happen. >>It keeps growing. It keeps growing. It's driven by the data. The more data we have, the more that we can do with that. I think as well that, you know, one of the big places that we've we've gone is you can do as much predictive analytics as you, like, there's a lot of people we'll talk about doing predictive analytics, but if you don't do the hard yards of turning predictive analytics into outcome Yeah. Then what did you get? You, you got a bit of smart advice. So we, we take that maintenance demand, we then have to understand how that drives the orchestration and the management of all the parts, the people, the work scope definition, the allocating an engine into a maintenance slot, exactly when it's gonna go. And what are we gonna do to, how do we control and manage our inventory to make sure that engine is gonna go through. >>How do we then actually execute the work inside our, our our overall shops? How do we get that engine back and and integrate our logistics process. So the intelligent engine is, if you like, the shiny front end of a process, it's all the buzzwords, but actually the hard yards behind the scene is just as if not more important to get right. And again, this is why I really like the moment of service concept. Because without that, the moment of service doesn't happen. The engine's not there, the part wasn't there. The field service maintenance guy wasn't there to go fix it. >>And brands are affected >>An, an aircraft on the ground earns no revenue for anybody. No. It's, it's a cost. It's it's a big sink of cost. It >>Is, it is. Absolutely. >>And you're helping aircraft only earn engines only earn when they fly. Yeah, >>Yeah. Absolutely. And what a fascinating, the intelligent engine. Scott, talk a little bit about, we talking about power, we can't not talk about sustainability. Yes, I understand that IFS has a new inaugural awards program that Rolls Roys was a recipient of the Change for Good sustainability awards. Congratulations. Thank you very much. And to Scott, talk to me a little bit about the Change for Good program sustainability program. What types of organizations across the industries of expertise are you looking for and why does Rules ROY really highlight what a winner embodies? >>So since Darren has joined IFS as the ceo, he's had a lot of intentional areas that we focused on. And sustainability has been one that's at the top of the list. IFS has a US ambassador Lewis Pew, who's our Chief Sustainability officer, and he helps us to provide worldwide coverage of the efforts around sustainability. So it's not just about ifss ability to become a more sustainable organization, but it's the solutions that IFS is putting together in the five verticals that we focus on that can help those organizations achieve a level of sustainability for their, for their downstream customers, their partners, and for their enterprises themselves. So when we look at, you know, the social ability for us to be more conscientious about leaving the world a better place or trying to do our best to leave the world not as bad as we came into it, sustainability is a real focus for us. And, you know, the way in which we can support an organization like Rolls Royce and Nickel obviously share those areas of focus from Rolls Royce. It's a perfect fit. And congratulations again for the award. Thank you. We're, we're, we're so excited to, to have shared that with you. We have some other customers that have achieved it across different categories, but it's an area of current and continuous focus for ifs. >>Nick, talk to us, take us out here as our last question is the, the focus on sustainability at Rolls Royce. Talk to us a little bit about that and what some of the major efforts are that you've got underway. >>I think, you know, very similar as, as, as Scott taught there, the focus within Rolls Royce as a strategic group level is really high aviation particularly, I mean we're a, we're an engineering company. We're a power company. Power inherently consumes natural resources. It tends to generate climate affecting outcomes. But at the same time, we are an innovative organization and if anybody's gonna help solve climate challenges, it's gonna be organizations like Rolls Royce who are able to bring different technologies into the market. So we have a responsibility to manage and, and optimize the behavior of our, our existing product suite. But we also have a, a vested interest in trying to move aviation on into the next, the next phase. We talk about sustainable aviation. Aviation has to earn the right to exist. People have choices. We've come out of covid, people are used to doing zoom and not flying. >>People are used to doing things when they don't necessarily get on an aircraft and do something. The aviation business always has to earn the right from the public to exist. And increasingly people will make choices about how they fly when they fly, how far they fly based on the sustainability footprint. So it's really important to us to help both our customers operate the aircraft in as sustainable and climate friendly way as we can. It's really important to find those, those balance points between the cost of an operation and it's the impact of an operation. If you go all over and say, I am going to be net, well, not even net to, but zero carbon by almost inference, that means I'm not gonna operate. You have to operate to get to an outcome. But how do I do that? Why I manage my cost, I manage the, the profitability, the organization doing it, right? >>So it has to be financially sustainable, it has to be sustainable for the people operating within it. It has to be sustainable for the planet, right? So we do that in lots of different ways in small places and, and in big places. So small things we do is we help the operator understand if you change your flight profile, you'll generate fewer emissions. You may avoid controls if you flying a different way, maybe you create trails, you'll lose, you'll lose less fuel while you're doing that. So it's cost effective for you. There was always a balance point there between the wear and tear on the engine versus the, the, the environmental impact. And you find that optimum place. One of the first things we started doing with, with Scott is we have a, a way that we life our engine components. And one of the very simple outcomes of that is using that data, the blue data for connection to the customer. >>If we can see, effectively see inside the engine about how well it's wearing and we can extend those maintenance intervals as we talked about, what that eventually does is it reduces the need to take the engine off, ship it around the world. Probably on a great big 7, 4 7 or maybe year or two ago on an Anson off four big engines flying a long distance trek, shipping our engine to an overhaul facility. We're avoiding something like 200 of those shop visit overhauls a year. So every year that's 200 flights there and back again, which don't happen, right? Collectively that's around about 15,000 automobile equivalent emissions just don't happen. So simple things we can do just starts to have accumulative effect, >>Right? Simple things that you're doing that, that have a huge impact. We could talk for so much longer on stability, I'm sure we're out of time, but I can see why Roll Royce was, was the winner of the Inocular award. Congratulations. Well deserved. Well >>Deserved. I well >>Deserved. So interesting to hear about the intelligent engine. So you're gonna have to come back. Hopefully we'll be here next year and we can hear more of the evolution. Cuz I have a feeling there's never a dual moment in what you're doing. >>It's never a dull moment. There's never an end point. >>No. >>Okay, >>Going Scott, Nick, thank you so much for joining me on the program today. Thank you, Lisa. It's great to have you talk through what's going on at ifx and the partnership with Rolls Royce. We >>Appreciate, and again, Nick, Nick, thank you for your continued support in the partnership. >>I thank you, Scott. We appreciate it. Likewise, thank >>You. Kudos all around. All right, for my guests, I'm Lisa Martin, you're watching a Cube live from Miami. We're at IFS unleashed. We'll be back shortly after a break with our next guests. So stick around.

the cyber security landscape has changed dramatically over the past 24 to 36 months rapid cloud migration has created a new layer of security defense sure but that doesn't mean csos can relax in many respects it further complicates or at least changes the ciso's scope of responsibilities in particular the threat surface has expanded and that creates more seams and cisos have to make sure their teams pick up where the hyperscaler clouds leave off application developers have become a critical execution point for cyber assurance shift left is the kind of new buzz phrase for devs but organizations still have to shield right meaning the operational teams must continue to partner with secops to make sure infrastructure is resilient so it's no wonder that in etr's latest survey of nearly 1500 cios and it buyers that business technology executives cite security as their number one priority well ahead of other critical technology initiatives including collaboration software cloud computing and analytics rounding out the top four but budgets are under pressure and csos have to prioritize it's not like they have an open checkbook they have to contend with other key initiatives like those just mentioned to secure the funding and what about zero trust can you go out and buy xero trust or is it a framework a mindset in a series of best practices applied to create a security consciousness throughout the organization can you implement zero trust in other words if a machine or human is not explicitly allowed access then access is denied can you implement that policy without constricting organizational agility the question is what's the most practical way to apply that premise and what role does infrastructure play as the enforcer how does automation play in the equation the fact is that today's approach to cyber resilient type resilience can't be an either or it has to be an and conversation meaning you have to ensure data protection while at the same time advancing the mission of the organization with as little friction as possible and don't even talk to me about the edge that's really going to keep you up at night hello and welcome to the special cube presentation a blueprint for trusted infrastructure made possible by dell technologies in this program we explore the critical role that trusted infrastructure plays in cyber security strategies how organizations should think about the infrastructure side of the cyber security equation and how dell specifically approaches securing infrastructure for your business we'll dig into what it means to transform and evolve toward a modern security infrastructure that's both trusted and agile first up are pete gear and steve kenniston they're both senior cyber security consultants at dell technologies and they're going to talk about the company's philosophy and approach to trusted infrastructure and then we're going to speak to paris arcadi who's a senior consultant for storage at dell technologies to understand where and how storage plays in this trusted infrastructure world and then finally rob emsley who heads product marketing for data protection and cyber security he's going to take a deeper dive with rob into data protection and explain how it has become a critical component of a comprehensive cyber security strategy okay let's get started pete gear steve kenniston welcome to the cube thanks for coming into the marlboro studios today great to be here dave thanks dave good to see you great to see you guys pete start by talking about the security landscape you heard my little rap up front what are you seeing i thought you wrapped it up really well and you touched on all the key points right technology is ubiquitous today it's everywhere it's no longer confined to a monolithic data center it lives at the edge it lives in front of us it lives in our pockets and smartphones along with that is data and as you said organizations are managing sometimes 10 to 20 times the amount of data that they were just five years ago and along with that cyber crime has become a very profitable enterprise in fact it's been more than 10 years since uh the nsa chief actually called cyber crime the biggest transfer of wealth in history that was 10 years ago and we've seen nothing but accelerating cyber crime and really sophistication of how those attacks are perpetrated and so the new security landscape is really more of an evolution we're finally seeing security catch up with all of the technology adoption all the build out the work from home and work from anywhere that we've seen over the last couple of years we're finally seeing organizations and really it goes beyond the i t directors it's a board level discussion today security's become a board level discussion yeah i think that's true as well it's like it used to be the security was okay the secops team you're responsible for security now you've got the developers are involved the business lines are involved it's part of onboarding for most companies you know steve this concept of zero trust it was kind of a buzzword before the pandemic and i feel like i've often said it's now become a mandate but it's it's it's still fuzzy to a lot of people how do you guys think about zero trust what does it mean to you how does it fit yeah i thought again i thought your opening was fantastic in in this whole lead into to what is zero trust it had been a buzzword for a long time and now ever since the federal government came out with their implementation or or desire to drive zero trust a lot more people are taking a lot more seriously because i don't think they've seen the government do this but ultimately let's see ultimately it's just like you said right if if you don't have trust to those particular devices uh applications or data you can't get at it the question is and and you phrase it perfectly can you implement that as well as allow the business to be as agile as it needs to be in order to be competitive because we're seeing with your whole notion around devops and the ability to kind of build make deploy build make deploy right they still need that functionality but it also needs to be trusted it needs to be secure and things can't get away from you yeah so it's interesting we attended every uh reinforce since 2019 and the narrative there is hey everything in this in the cloud is great you know and this narrative around oh security is a big problem is you know doesn't help the industry the fact is that the big hyperscalers they're not strapped for talent but csos are they don't have the the capabilities to really apply all these best practices they're they're playing whack-a-mole so they look to companies like yours to take their r your r d and bake it into security products and solutions so what are the critical aspects of the so-called dell trusted infrastructure that we should be thinking about yeah well dell trusted infrastructure for us is a way for us to describe uh the the work that we do through design development and even delivery of our it system so dell trusted infrastructure includes our storage it includes our servers our networking our data protection our hyper converged everything that infrastructure always has been it's just that today customers consume that infrastructure at the edge as a service in a multi-cloud environment i mean i view the cloud as really a way for organizations to become more agile and to become more flexible and also to control costs i don't think organizations move to the cloud or move to a multi-cloud environment to enhance security so i don't see cloud computing as a panacea for security i see it as another attack surface and another uh aspect in front that organizations and and security organizations and departments have to manage it's part of their infrastructure today whether it's in their data center in a cloud or at the edge i mean i think it's a huge point because a lot of people think oh data's in the cloud i'm good it's like steve we've talked about oh why do i have to back up my data it's in the cloud well you might have to recover it someday so i don't know if you have anything to add to that or any additional thoughts on it no i mean i think i think like what pete was saying when it comes to when it comes to all these new vectors for attack surfaces you know people did choose the cloud in order to be more agile more flexible and all that did was open up to the csos who need to pay attention to now okay where can i possibly be attacked i need to be thinking about is that secure and part of the part of that is dell now also understands and thinks about as we're building solutions is it is it a trusted development life cycle so we have our own trusted development life cycle how many times in the past did you used to hear about vendors saying you got to patch your software because of this we think about what changes to our software and what implementations and what enhancements we deliver can actually cause from a security perspective and make sure we don't give up or or have security become a whole just in order to implement a feature we got to think about those things yeah and as pete alluded to our secure supply chain so all the way through knowing what you're going to get when you actually receive it is going to be secure and not be tampered with becomes vitally important and pete and i were talking earlier when you have tens of thousands of devices that need to be delivered whether it be storage or laptops or pcs or or whatever it is you want to be you want to know that that that those devices are can be trusted okay guys maybe pete you could talk about the how dell thinks about it's its framework and its philosophy of cyber security and then specifically what dell's advantages are relative to the competition yeah definitely dave thank you so we've talked a lot about dell as a technology provider but one thing dell also is is a partner in this larger ecosystem we realize that security whether it's a zero trust paradigm or any other kind of security environment is an ecosystem uh with a lot of different vendors so we look at three areas one is protecting data in systems we know that it starts with and ends with data that helps organizations combat threats across their entire infrastructure and what it means is dell's embedding security features consistently across our portfolios of storage servers networking the second is enhancing cyber resiliency over the last decade a lot of the funding and spending has been in protecting or trying to prevent cyber threats not necessarily in responding to and recovering from threats right we call that resiliency organizations need to build resiliency across their organization so not only can they withstand a threat but they can respond recover and continue with their operations and the third is overcoming security complexity security is hard it's more difficult because of the things we've talked about about distributed data distributed technology and and attack surfaces everywhere and so we're enabling organizations to scale confidently to continue their business but know that all all the i.t decisions that they're making um have these intrinsic security features and are built and delivered in a consistent security so those are kind of the three pillars maybe we could end on what you guys see as the key differentiators that people should know about that that dell brings to the table maybe each of you could take take a shot at that yeah i think first of all from from a holistic portfolio perspective right the uh secure supply chain and the secure development life cycle permeate through everything dell does when building things so we build things with security in mind all the way from as pete mentioned from from creation to delivery we want to make sure you have that that secure device or or asset that permeates everything from servers networking storage data protection through hyper converge through everything that to me is really a key asset because that means you can you understand when you receive something it's a trusted piece of your infrastructure i think the other core component to think about and pete mentioned as dell being a partner for making sure you can deliver these things is that even though those are that's part of our framework these pillars are our framework of how we want to deliver security it's also important to understand that we are partners and that you don't need to rip and replace but as you start to put in new components you can be you can be assured that the components that you're replacing as you're evolving as you're growing as you're moving to the cloud as you're moving to a more on-prem type services or whatever that your environment is secure i think those are two key things got it okay pete bring us home yeah i think one of one of the big advantages of dell is our scope and our scale right we're a large technology vendor that's been around for decades and we develop and sell almost every piece of technology we also know that organizations are might make different decisions and so we have a large services organization with a lot of experienced services people that can help customers along their security journey depending on whatever type of infrastructure or solutions that they're looking at the other thing we do is make it very easy to consume our technology whether that's traditional on-premise in a multi-cloud environment uh or as a service and so the best of breed technology can be consumed in any variety of fashion and know that you're getting that consistent secure infrastructure that dell provides well and dell's forgot the probably top supply chain not only in the tech business but probably any business and so you can actually take take your dog food and then and allow other billionaire champagne sorry allow other people to you know share share best practices with your with your customers all right guys thanks so much for coming thank you appreciate it okay keep it right there after this short break we'll be back to drill into the storage domain you're watching a blueprint for trusted infrastructure on the cube the leader in enterprise and emerging tech coverage be right back concern over cyber attacks is now the norm for organizations of all sizes the impact of these attacks can be operationally crippling expensive and have long-term ramifications organizations have accepted the reality of not if but when from boardrooms to i.t departments and are now moving to increase their cyber security preparedness they know that security transformation is foundational to digital transformation and while no one can do it alone dell technologies can help you fortify with modern security modern security is built on three pillars protect your data and systems by modernizing your security approach with intrinsic features and hardware and processes from a provider with a holistic presence across the entire it ecosystem enhance your cyber resiliency by understanding your current level of resiliency for defending your data and preparing for business continuity and availability in the face of attacks overcome security complexity by simplifying and automating your security operations to enable scale insights and extend resources through service partnerships from advanced capabilities that intelligently scale a holistic presence throughout it and decades as a leading global technology provider we'll stop at nothing to help keep you secure okay we're back digging into trusted infrastructure with paris sarcadi he's a senior consultant for product marketing and storage at dell technologies parasaur welcome to the cube good to see you great to be with you dave yeah coming from hyderabad awesome so i really appreciate you uh coming on the program let's start with talking about your point of view on what cyber security resilience means to to dell generally but storage specifically yeah so for something like storage you know we are talking about the data layer name and if you look at cyber security it's all about securing your data applications and infrastructure it has been a very mature field at the network and application layers and there are a lot of great technologies right from you know enabling zero trust advanced authentications uh identity management systems and so on and and in fact you know with the advent of you know the the use of artificial intelligence and machine learning really these detection tools for cyber securities have really evolved in the network and the application spaces so for storage what it means is how can you bring them to the data layer right how can you bring you know the principles of zero trust to the data layer uh how can you leverage artificial intelligence and machine learning to look at you know access patterns and make intelligent decisions about maybe an indicator of a compromise and identify them ahead of time just like you know how it's happening and other ways of applications and when it comes to cyber resilience it's it's basically a strategy which assumes that a threat is imminent and it's a good assumption with the severity of the frequency of the attacks that are happening and the question is how do we fortify the infrastructure in the switch infrastructure to withstand those attacks and have a plan a response plan where we can recover the data and make sure the business continuity is not affected so that's uh really cyber security and cyber resiliency and storage layer and of course there are technologies like you know network isolation immutability and all these principles need to be applied at the storage level as well let me have a follow up on that if i may the intelligence that you talked about that ai and machine learning is that do you do you build that into the infrastructure or is that sort of a separate software module that that points at various you know infrastructure components how does that work both dave right at the data storage level um we have come with various data characteristics depending on the nature of data we developed a lot of signals to see what could be a good indicator of a compromise um and there are also additional applications like cloud iq is the best example which is like an infrastructure wide health monitoring system for dell infrastructure and now we have elevated that to include cyber security as well so these signals are being gathered at cloud iq level and other applications as well so that we can make those decisions about compromise and we can either cascade that intelligence and alert stream upstream for uh security teams um so that they can take actions in platforms like sign systems xtr systems and so on but when it comes to which layer the intelligence is it has to be at every layer where it makes sense where we have the information to make a decision and being closest to the data we have we are basically monitoring you know the various parallels data access who is accessing um are they crossing across any geo fencing uh is there any mass deletion that is happening or a mass encryption that is happening and we are able to uh detect uh those uh patterns and flag them as indicators of compromise and in allowing automated response manual control and so on for it teams yeah thank you for that explanation so at dell technologies world we were there in may it was one of the first you know live shows that that we did in the spring certainly one of the largest and i interviewed shannon champion and a huge takeaway from the storage side was the degree to which you guys emphasized security uh within the operating systems i mean really i mean powermax more than half i think of the features were security related but also the rest of the portfolio so can you talk about the the security aspects of the dell storage portfolio specifically yeah yeah so when it comes to data security and broadly data availability right in the context of cyber resiliency dell storage this you know these elements have been at the core of our um a core strength for the portfolio and the source of differentiation for the storage portfolio you know with almost decades of collective experience of building highly resilient architectures for mission critical data something like power max system which is the most secure storage platform for high-end enterprises and now with the increased focus on cyber security we are extending those core technologies of high availability and adding modern detection systems modern data isolation techniques to offer a comprehensive solution to the customer so that they don't have to piece together multiple things to ensure data security or data resiliency but a well-designed and well-architected solution by design is delivered to them to ensure cyber protection at the data layer got it um you know we were talking earlier to steve kenniston and pete gear about this notion of dell trusted infrastructure how does storage fit into that as a component of that sort of overall you know theme yeah and you know and let me say this if you could adjust because a lot of people might be skeptical that i can actually have security and at the same time not constrict my organizational agility that's old you know not an ore it's an end how do you actually do that if you could address both of those that would be great definitely so for dell trusted infrastructure cyber resiliency is a key component of that and just as i mentioned you know uh air gap isolation it really started with you know power protect cyber recovery you know that was the solution more than three years ago we launched and that was first in the industry which paved way to you know kind of data isolation being a core element of data management and uh for data infrastructure and since then we have implemented these technologies within different storage platforms as well so that customers have the flexibility depending on their data landscape they can approach they can do the right data isolation architecture right either natively from the storage platform or consolidate things into the backup platform and isolate from there and and the other key thing we focus in trusted infrastructure dell infra dell trusted infrastructure is you know the goal of simplifying security for the customers so one good example here is uh you know being able to respond to these cyber threats or indicators of compromise is one thing but an i.t security team may not be looking at the dashboard of the storage systems constantly right storage administration admins may be looking at it so how can we build this intelligence and provide this upstream platforms so that they have a single pane of glass to understand security landscape across applications across networks firewalls as well as storage infrastructure and in compute infrastructure so that's one of the key ways where how we are helping simplify the um kind of the ability to uh respond ability to detect and respond these threads uh in real time for security teams and you mentioned you know about zero trust and how it's a balance of you know not uh kind of restricting users or put heavy burden on you know multi-factor authentication and so on and this really starts with you know what we're doing is provide all the tools you know when it comes to advanced authentication uh supporting external identity management systems multi-factor authentication encryption all these things are intrinsically built into these platforms now the question is the customers are actually one of the key steps is to identify uh what are the most critical parts of their business or what are the applications uh that the most critical business operations depend on and similarly identify uh mission critical data where part of your response plan where it cannot be compromised where you need to have a way to recover once you do this identification then the level of security can be really determined uh by uh by the security teams by the infrastructure teams and you know another you know intelligence that gives a lot of flexibility uh for for even developers to do this is today we have apis um that so you can not only track these alerts at the data infrastructure level but you can use our apis to take concrete actions like blocking a certain user or increasing the level of authentication based on the threat level that has been perceived at the application layer or at the network layer so there is a lot of flexibility that is built into this by design so that depending on the criticality of the data criticality of the application number of users affected these decisions have to be made from time to time and it's as you mentioned it's it's a balance right and sometimes you know if if an organization had a recent attack you know the level of awareness is very high against cyber attacks so for a time you know these these settings may be a bit difficult to deal with but then it's a decision that has to be made by security teams as well got it so you're surfacing what may be hidden kpis that are being buried inside for instance the storage system through apis upstream into a dashboard so that somebody could you know dig into the storage tunnel extract that data and then somehow you know populate that dashboard you're saying you're automating that that that workflow that's a great example and you may have others but is that the correct understanding absolutely and it's a two-way integration let's say a detector an attack has been detected at a completely different layer right in the application layer or at a firewall we can respond to those as well so it's a two-way integration we can cascade things up as well as respond to threats that have been detected elsewhere um uh through the api that's great all right hey api for power skill is the best example for that uh excellent so thank you appreciate that give us the last word put a bow on this and and bring this segment home please absolutely so a dell storage portfolio um using advanced data isolation um with air gap having machine learning based algorithms to detect uh indicators of compromise and having rigor mechanisms with granular snapshots being able to recover data and restore applications to maintain business continuity is what we deliver to customers uh and these are areas where a lot of innovation is happening a lot of product focus as well as you know if you look at the professional services all the way from engineering to professional services the way we build these systems the way we we configure and architect these systems um cyber security and protection is a key focus uh for all these activities and dell.com securities is where you can learn a lot about these initiatives that's great thank you you know at the recent uh reinforce uh event in in boston we heard a lot uh from aws about you know detent and response and devops and machine learning and some really cool stuff we heard a little bit about ransomware but i'm glad you brought up air gaps because we heard virtually nothing in the keynotes about air gaps that's an example of where you know this the cso has to pick up from where the cloud leaves off but that was in front and so number one and number two we didn't hear a ton about how the cloud is making the life of the cso simpler and that's really my takeaway is is in part anyway your job and companies like dell so paris i really appreciate the insights thank you for coming on thecube thank you very much dave it's always great to be in these uh conversations all right keep it right there we'll be right back with rob emsley to talk about data protection strategies and what's in the dell portfolio you're watching thecube data is the currency of the global economy it has value to your organization and cyber criminals in the age of ransomware attacks companies need secure and resilient it infrastructure to safeguard their data from aggressive cyber attacks [Music] as part of the dell technologies infrastructure portfolio powerstor and powermax combine storage innovation with advanced security that adheres to stringent government regulations and corporate compliance requirements security starts with multi-factor authentication enabling only authorized admins to access your system using assigned roles tamper-proof audit logs track system usage and changes so it admins can identify suspicious activity and act with snapshot policies you can quickly automate the protection and recovery process for your data powermax secure snapshots cannot be deleted by any user prior to the retention time expiration dell technologies also make sure your data at rest stays safe with power store and powermax data encryption protects your flash drive media from unauthorized access if it's removed from the data center while adhering to stringent fips 140-2 security requirements cloud iq brings together predictive analytics anomaly detection and machine learning with proactive policy-based security assessments monitoring and alerting the result intelligent insights that help you maintain the security health status of your storage environment and if a security breach does occur power protect cyber recovery isolates critical data identifies suspicious activity and accelerates data recovery using the automated data copy feature unchangeable data is duplicated in a secure digital vault then an operational air gap isolates the vault from the production and backup environments [Music] architected with security in mind dell emc power store and powermax provides storage innovation so your data is always available and always secure wherever and whenever you need it [Music] welcome back to a blueprint for trusted infrastructure we're here with rob emsley who's the director of product marketing for data protection and cyber security rob good to see a new role yeah good to be back dave good to see you yeah it's been a while since we chatted last and you know one of the changes in in my world is that i've expanded my responsibilities beyond data protection marketing to also focus on uh cyber security marketing specifically for our infrastructure solutions group so certainly that's you know something that really has driven us to you know to come and have this conversation with you today so data protection obviously has become an increasingly important component of the cyber security space i i don't think necessarily of you know traditional backup and recovery as security it's to me it's an adjacency i know some companies have said oh yeah now we're a security company they're kind of chasing the valuation for sure bubble um dell's interesting because you you have you know data protection in the form of backup and recovery and data management but you also have security you know direct security capability so you're sort of bringing those two worlds together and it sounds like your responsibility is to to connect those those dots is that right absolutely yeah i mean i think that uh the reality is is that security is a a multi-layer discipline um i think the the days of thinking that it's one uh or another um technology that you can use or process that you can use to make your organization secure uh are long gone i mean certainly um you actually correct if you think about the backup and recovery space i mean people have been doing that for years you know certainly backup and recovery is all about the recovery it's all about getting yourself back up and running when bad things happen and one of the realities unfortunately today is that one of the worst things that can happen is cyber attacks you know ransomware malware are all things that are top of mind for all organizations today and that's why you see a lot of technology and a lot of innovation going into the backup and recovery space because if you have a copy a good copy of your data then that is really the the first place you go to recover from a cyber attack and that's why it's so important the reality is is that unfortunately the cyber criminals keep on getting smarter i don't know how it happens but one of the things that is happening is that the days of them just going after your production data are no longer the only challenge that you have they go after your your backup data as well so over the last half a decade dell technologies with its backup and recovery portfolio has introduced the concept of isolated cyber recovery vaults and that is really the you know we've had many conversations about that over the years um and that's really a big tenant of what we do in the data protection portfolio so this idea of of cyber security resilience that definition is evolving what does it mean to you yeah i think the the analyst team over at gartner they wrote a very insightful paper called you will be hacked embrace the breach and the whole basis of this analysis is so much money has been spent on prevention is that what's out of balance is the amount of budget that companies have spent on cyber resilience and cyber resilience is based upon the premise that you will be hacked you have to embrace that fact and be ready and prepared to bring yourself back into business you know and that's really where cyber resiliency is very very different than cyber security and prevention you know and i think that balance of get your security disciplines well-funded get your defenses as good as you can get them but make sure that if the inevitable happens and you find yourself compromised that you have a great recovery plan and certainly a great recovery plan is really the basis of any good solid data protection backup and recovery uh philosophy so if i had to do a swot analysis we don't have to do the wot but let's focus on the s um what would you say are dell's strengths in this you know cyber security space as it relates to data protection um one is we've been doing it a long time you know we talk a lot about dell's data protection being proven and modern you know certainly the experience that we've had over literally three decades of providing enterprise scale data protection solutions to our customers has really allowed us to have a lot of insight into what works and what doesn't as i mentioned to you one of the unique differentiators of our solution is the cyber recovery vaulting solution that we introduced a little over five years ago five six years parapatek cyber recovery is something which has become a unique capability for customers to adopt uh on top of their investment in dell technologies data protection you know the the unique elements of our solution already threefold and it's we call them the three eyes it's isolation it's immutability and it's intelligence and the the isolation part is really so important because you need to reduce the attack surface of your good known copies of data you know you need to put it in a location that the bad actors can't get to it and that really is the the the the essence of a cyber recovery vault interestingly enough you're starting to see the market throw out that word um you know from many other places but really it comes down to having a real discipline that you don't allow the security of your cyber recovery vault to be compromised insofar as allowing it to be controlled from outside of the vault you know allowing it to be controlled by your backup application our cyber recovery vaulting technology is independent of the backup infrastructure it uses it but it controls its own security and that is so so important it's like having a vault that the only way to open it is from the inside you know and think about that if you think about you know volts in banks or volts in your home normally you have a keypad on the outside think of our cyber recovery vault as having its security controlled from inside of the vault so nobody can get in nothing can get in unless it's already in and if it's already in then it's trusted exactly yeah exactly yeah so isolation is the key and then you mentioned immutability is the second piece yeah so immutability is is also something which has been around for a long time people talk about uh backup immunoability or immutable backup copies so immutability is just the the the additional um technology that allows the data that's inside of the vault to be unchangeable you know but again that immutability you know your mileage varies you know when you look across the uh the different offers that are out there in the market especially in the backup industry you make a very valid point earlier that the backup vendors in the market seems to be security washing their marketing messages i mean everybody is leaning into the ever-present danger of cyber security not a bad thing but the reality is is that you have to have the technology to back it up you know quite literally yeah no pun intended and then actually pun intended now what about the intelligence piece of it uh that's that's ai ml where does that fit for sure so the intelligence piece is delivered by um a solution called cybersense and cybersense for us is what really gives you the confidence that what you have in your cyber recovery vault is a good clean copy of data so it's looking at the backup copies that get driven into the cyber vault and it's looking for anomalies so it's not looking for signatures of malware you know that's what your antivirus software does that's what your endpoint protection software does that's on the prevention side of the equation but what we're looking for is we're looking to ensure that the data that you need when all hell breaks loose is good and that when you get a request to restore and recover your business you go right let's go and do it and you don't have any concern that what you have in the vault has been compromised so cyber sense is really a unique analytic solution in the market based upon the fact that it isn't looking at cursory indicators of of um of of of malware infection or or ransomware introduction it's doing full content analytics you know looking at you know has the data um in any way changed has it suddenly become encrypted has it suddenly become different to how it was in the previous scan so that anomaly detection is very very different it's looking for um you know like different characteristics that really are an indicator that something is going on and of course if it sees it you immediately get flagged but the good news is is that you always have in the vault the previous copy of good known data which now becomes your restore point so we're talking to rob emsley about how data protection fits into what dell calls dti dell trusted infrastructure and and i want to come back rob to this notion of and not or because i think a lot of people are skeptical like how can i have great security and not introduce friction into my organization is that an automation play how does dell tackle that problem i mean i think a lot of it is across our infrastructure is is security has to be built in i mean intrinsic security within our servers within our storage devices uh within our elements of our backup infrastructure i mean security multi-factor authentication you know elements that make the overall infrastructure secure you know we have capabilities that you know allow us to identify whether or not configurations have changed you know we'll probably be talking about that a little bit more to you later in the segment but the the essence is is um security is not a bolt-on it has to be part of the overall infrastructure and that's so true um certainly in the data protection space give us the the bottom line on on how you see dell's key differentiators maybe you could talk about dell of course always talks about its portfolio but but why should customers you know lead in to dell in in this whole cyber resilience space um you know staying on the data protection space as i mentioned the the the work we've been doing um to introduce this cyber resiliency solution for data protection is in our opinion as good as it gets you know the you know you've spoken to a number of our of our best customers whether it be bob bender from founders federal or more recently at delton allergies world you spoke to tony bryson from the town of gilbert and these are customers that we've had for many years that have implemented cyber recovery vaults and at the end of the day they can now sleep at night you know that's really the the peace of mind that they have is that the insurance that a data protection from dell cyber recovery vault a parapatex cyber recovery solution gives them you know really allows them to you know just have the assurance that they don't have to pay a ransom if they have a an insider threat issue and you know all the way down to data deletion is they know that what's in the cyber recovery vault is good and ready for them to recover from great well rob congratulations on the new scope of responsibility i like how you know your organization is expanding as the threat surface is expanding as we said data protection becoming an adjacency to security not security in and of itself a key component of a comprehensive security strategy rob emsley thank you for coming back in the cube good to see you again you too dave thanks all right in a moment i'll be back to wrap up a blueprint for trusted infrastructure you're watching the cube every day it seems there's a new headline about the devastating financial impacts or trust that's lost due to ransomware or other sophisticated cyber attacks but with our help dell technologies customers are taking action by becoming more cyber resilient and deterring attacks so they can greet students daily with a smile they're ensuring that a range of essential government services remain available 24 7 to citizens wherever they're needed from swiftly dispatching public safety personnel or sending an inspector to sign off on a homeowner's dream to protecting restoring and sustaining our precious natural resources for future generations with ever-changing cyber attacks targeting organizations in every industry our cyber resiliency solutions are right on the money providing the security and controls you need we help customers protect and isolate critical data from ransomware and other cyber threats delivering the highest data integrity to keep your doors open and ensuring that hospitals and healthcare providers have access to the data they need so patients get life-saving treatment without fail if a cyber incident does occur our intelligence analytics and responsive team are in a class by themselves helping you reliably recover your data and applications so you can quickly get your organization back up and running with dell technologies behind you you can stay ahead of cybercrime safeguarding your business and your customers vital information learn more about how dell technology's cyber resiliency solutions can provide true peace of mind for you the adversary is highly capable motivated and well equipped and is not standing still your job is to partner with technology vendors and increase the cost of the bad guys getting to your data so that their roi is reduced and they go elsewhere the growing issues around cyber security will continue to drive forward thinking in cyber resilience we heard today that it is actually possible to achieve infrastructure security while at the same time minimizing friction to enable organizations to move quickly in their digital transformations a xero trust framework must include vendor r d and innovation that builds security designs it into infrastructure products and services from the start not as a bolt-on but as a fundamental ingredient of the cloud hybrid cloud private cloud to edge operational model the bottom line is if you can't trust your infrastructure your security posture is weakened remember this program is available on demand in its entirety at thecube.net and the individual interviews are also available and you can go to dell security solutions landing page for for more information go to dell.com security solutions that's dell.com security solutions this is dave vellante thecube thanks for watching a blueprint for trusted infrastructure made possible by dell we'll see you next time

(upbeat music) >> Welcome back everyone to Supercloud22, I'm John Furrier, host of theCUBE here in Palo Alto. For this next ecosystem's segment we have Muddu Sudhakar, who is the co-founder and CEO of Aisera, a friend of theCUBE, Cube alumni, serial entrepreneur, multiple exits, been on multiple times with great commentary. Muddu, thank you for coming on, and supporting our- >> Also thank you for having me, John. >> Yeah, thank you. Great handshake there, I love to do it. One, I wanted you here because, two reasons, one is, congratulations on your new funding. >> Thank you. >> For $90 million, Series D funding. >> Series D funding. >> So, huge validation in this market. >> It is. >> You have been experienced software so, it's a real testament to your team. But also, you're kind of in the Supercloud vortex. This new wave that Supercloud is part of is, I call it the pretext to what's coming with multi-clouds. It is the next level. >> I see. >> Structural change and we have been reporting on it, Dave and I, and we are being challenged. So, we decided to open it up. >> Very good, I would love it. >> And have a conversation rather than waiting eight months to prove that we are right. Which, we are right, but that is a long story. >> You're always right. (both laughs) >> What do you think of Supercloud, that's going on? What is the big trend? Because its public cloud is great, so there is no conflict there. >> Right. >> It's got great business, it's integrated, IaaS, to SaaS, PaaS, all in the beginning, or the middle. All that is called good. Now you have on-premise high rate cloud. >> Right. >> Edge is right around the corner. Exploding in new capabilities. So, complexity is still here. >> That's right, I think, you nailed it. We talk about hybrid cloud, and multi cloud. Supercloud is kind of elevates the message even better. Because you still have to leave for some of our clouds, public clouds. There will be some of our clouds, still running on the Edge. That's where, the Edge cloud comes in. Some will still be on-prem. So, the Supercloud as a concept is beyond hybrid and multi cloud. To me, I will run some of our cloud on Amazon. Some could be on Aisera, some could be running only on Edge, right? >> Mm hm >> And we still have, what we call remote executors. Some leaders of service now. You have, what we call the mid-server, is what I think it was called. Where you put in a small code and run it. >> Yeah. >> So, I think all those things will be running on-prem environment and VMware cloud, et cetera. >> And if you look back at, I think it has been five years now, maybe four or five years since Andy Jassy at reInvent announced Outposts. Think that was the moment in time that Dave and I took this pause back and said "Okay, that's Amazon." who listens to their customers. Acknowledging Hybrid. >> Right. >> Then we saw the rise of Snowflakes, the Databricks, specialty clouds. You start to see people who are building on top of AWS. But at MongoDB, it is a database, now they are a full blown, large scale data platform. These companies took advantage of the public cloud to build, as Jerry Chen calls it, "Castles in the cloud." >> Right. >> That seems to be happening in all areas. What do you think about that? >> Right, so what is driving the cloud? To me, we talk about machine learning in AI, right? Versus clouded options. We used to call it lift and shift. The outposts and lift and shift. Initially this was to get the data into the cloud. I think if you see, the vendor that I like the most, is, I'm not picking any favorite but, Microsoft Azure, they're thinking like your Supercloud, right? Amazon is other things, but Azure is a lot more because they run on-prem. They are also on Azure CloudFront, Amazon CloudFront. So I think, Azure and Amazon are doing a lot more in the area of Supercloud. What is really helping is the machine learning environment, needs Superclouds. Because I will be running some on the Edge, some compute, some will be running on the public cloud, some could be running on my data center. So, I think the Supercloud is really suited for AI and automation really well. >> Yeah, it is a good point about Microsoft, too. And I think Microsoft's existing install base saved Azure. >> Okay. >> They brought Office 365, Sequel Server, cause their customers weren't leaving Microsoft. They had the productivity thing nailed down as well as the ability to catch up >> That's right. >> To AWS. So, natural extension to on-premise with Microsoft. >> I think... >> Tell us- >> Your Supercloud is what Microsoft did. Right? Azure. If you think of, like, they had an Office 365, their SharePoint, their Dynamics, taking all of those properties, running on the Azure. And still giving the migration path into a data center. Is Supercloud. So, the early days Supercloud came from Azure. >> Well, that's a good point, we will certainly debate that. I will also say that Snowflake built on AWS. >> That's right. >> Okay, and became a super powerhouse with the data business. As did Databricks. >> That's right. >> Then went to Azure >> That's right. >> So, you're seeing kind of the Playbook. >> Right. >> Go fast on Cloud Native, the native cloud. Get that fly wheel going, then get going, somewhere else. >> It is, and to that point I think you and me are talking, right? If you are to start at one cloud and go to another cloud, the amount of work as a vendor for us to use for implement. Today, like we use all three clouds, including the Gov Cloud. It's a lot of work. So, what will happen, the next toolkit we use? Even services like Elastic. People will not, the word commoditize, is not the word, but people will create an abstraction layer, even for S3. >> Explain that, explain that in detail. So, elastic? What do you mean by that? >> Yeah, so what that means is today, Elasticsearch, if you do an Elasticsearch on Amazon, if I go to Azure, I don't want enter another Elasticsearch layer. Ideally I want us to write an abstracted search layer. So, that when I move my services into a different cloud I don't want to re-compute and re-calculate everything. That's a lot of work. Particularly once you have a production customer, if I were to shift the workloads, even to the point of infrastructure, take S3, if I read infrastructure to S3 and tomorrow I go to Azure. Azure will have its own objects store. I don't want to re-validate that. So what will happen is digital component, Kubernetes is already there, we want storage, we want network layer, we want VPM services, elastic as well as all fundamental stuff, including MongoDB, should be abstracted to run. On the Superclouds. >> Okay, well that is a little bit of a unicorn fantasy. But let's break that down. >> Sure. >> Do you think that's possible? >> It is. Because I think, if I am on MongoDB, I should be able to give a horizontal layer to MongoDB that is optimized for all three of them. I don't want MongoDB. >> First of all, everyone will buy that. >> Sure. >> I'm skeptical that that's possible. Given where we are at right now. So, you're saying that a vendor will provide an abstraction layer. >> No, I'm saying that either MongoDB, itself will do it, or a third party layer will come as a service which will abstract all this layer so that we will write to an AP layer. >> So what do you guys doing? How do you handle multiple clouds? You guys are taking that burden on, because it makes sense, you should build the abstraction layer. Not rely on a third party vendor right? >> We are doing it because there is no third party available offer it. But if you offer a third party tomorrow, I will use that as a Supercloud service. >> If they're 100% reliable? >> That's right. That's exactly it. >> They have to do the work. >> They have to do the work because if today I am doing it because no one else is offering it- >> Okay so what people might not know is that you are an angel investor as well as an entrepreneur been very successful, so you're rich, you have a lot of money. If I were a startup and I said, Muddu, I want to build this abstraction layer. What would be funding advice that you would give me as an entrepreneur? As a company to do that? >> I would do it like an Apigee that Google acquired, you should create an Apigee-like layer, for infrastructure upfront services, I think that is a very good option. >> And you think that is viable? >> It is very much viable. >> Would that be part of Supercloud architecture, in your opinion? >> It is. Right? And that will abstract all the clouds to some level. Like it is like Kubernetes abstract, so that if I am running on Kubernetes I can transfer to any cloud. >> Yeah >> But that should go from computer into other infrastructures. >> It's seems to me, Muddu, and I want to get your thoughts about this whole Supercloud defacto standard opportunity. It feels like we are waiting for a moment where there is some sort of defacto unification, whether it is in the distraction layer, or a standards body. There is no W3C here going on. I mean, W3C was for web consortium, for world wide web. The Supercloud seems to be having the same impact the web had. Transformative, disruptive, re-factoring business operations. Is there a standardized body or an opportunity for a defacto? Like Kubernetes was a great example of a unification around something for orchestration. Is there a better version in the Supercloud model where we need a standard? >> Yes and no. The reason is because by the time you come to standard, take time to look what happened. First, we started with VMs, then became Docker and Containers then we came to Kubernetes. So it goes through a journey. I think the next few years will be stood on SuperCloud let's make customers happy, let's make enough services going, and then the standards will come. Standards will be almost 2-3 years later. So I don't think standards should happen right now. Right now, all we need is, we need enough start ups to create the super layer abstraction, with the goal in mind of AI automation. The reason, AI is because AI needs to be able to run that. Automated because running a work flow is, I can either run a workflow in the cloud services, I can run it on on-prem, I can run it on database, so you have two good applications, take AI and automation with Supercloud and make enough enough noise on that make enough applications, then the standards will come. >> On this project we have been with SuperCloud these past day we have heard a lot of people talking. The themes that developers are okay, they are doing great. Open source is booming. >> Yes >> Cloud Native's got major traction. Developers are going fast and they love it, shifting left, all these great things. They're putting a lot of data, DevOps and the security teams, they're the ones who are leveling up. We are hearing a lot of conversations around how they can be faster. What is your view on this as relative to that Supercloud nirvana getting there? How are DevOps and security teams leveling up to devs? >> A couple of things. I think that in the world of DevSecOps and security ops. The reason security is important, right? Given what is going on, but you don't need to do security the manual way. I think that whole new operation that you and me talked about, AI ops should happen. Where the AI ops is for service operation, for performance, for incident or for security. Nobody thinks of AI security. So, the DevOps people should think more world of AI ops, so that I can predict, prevent things before they happen. Then the security will be much better. So AI ops with Supercloud will probably be that nirvana. But that is what should happen. >> In the AI side of things, what you guys are doing, what are you learning, on scale, relative to data? Is there, you said machine learning needs data, it needs scale operation. What's your view on the automation piece of all this? >> I think to me, the data is the single, underrated, unsung kind of hero in the whole machine learning. Everyone talks about AI and machine learning algorithms. Algorithms are as important, but even more important is data. Lack of data I can't do algorithms. So my advice to customers is don't lose your data. That is why I see, Frank, my old boss, setting everything up into the data cloud, in Snowflake. Data is so important, store the data, analyze the data. Data is the new AI. You and me talk so many times- >> Yeah >> It's underrated, people are not anticipating how important it is. But the data is coming from logs, events, whether there is knowledge documents, any data in any form. I think keep the data, analyze the data, data patterns, and then things like SuperCloud can really take advantage of that. >> So, in the Supercloud equation one of the things that has come up is that the native clouds do great. Their IaaS to SaaS is interactions that solve a lot of problems. There is integration that is good. >> Right. >> Now when you go off cloud, you get regions, get latency issues- >> Right >> You have more complexity. So what's the trade off in the Supercloud journey, if you had to guess? And just thinking out loud here, what would be some of the architectural trade offs of how you do it, what's the sequence? What's the order of operations to get Superclouding going? >> Yeah, very good questions here. I think once you start going from the public cloud, the clouds there scale to lets say, even a regional data center onto an Edge, latency will kick in. The lack of computer function will kick in. So there I think everything should become asynchronous, right? You will run the application in a limited environment. You should anticipate for small memories, small compute, long latencies, but still following should happen. So some operations should become the old-school following, like, it's like the email. I send an email, it's an asynchronous thing, I made a sponsor, I think most of message passing should go back to the old-school architectures They should become asynchronous where thing can rely. I think, as long as algorithms can take that into Edge, I think that Superclouds can really bridge between the public cloud to the edge. >> Muddu, thanks for coming, we really appreciate your insights here. You've always been a great friend, great commentator. If you weren't the CEO and a famous angel investor, we would certainly love to have you as a theCUBE analyst, here on theCUBE. >> I am always available for you. (John laughs) >> When you retire, you can come back. Final point, we've got time left. We'll give you a chance to talk about the company. I'm really intrigued by the success of your ninety million dollar financing realm because we are in a climate where people aren't getting those kinds of investments. It's usually down-rounds. >> Okay >> 409 adjustments, people are struggling. You got an up-round and you got a big number. Why the success? What is going on with the company? Why are you guys getting such great validation? Goldman Sachs, Thoma Bravo, Zoom, these are big names, these are the next gen winners. >> It is. >> Why are they picking you? Why are they investing in you? >> I think it is not one thing, it is many things. First all, I think it is a four-year journey for us where we are right now. So, the company started late 2017. It is getting the right customers, partners, employees, team members. So it is a lot hard work went in. So a lot of thanks to the Aisera community for where we are. Why customers and where we are? Look, fundamentally there is a problem to solve. Like, what Aisera is trying to solve is can we automate customer service? Whether internal employees, external customer support. Do it for IT, HR, sales, marketing, all the way to ops. Like you talk about DevSecOps, I don't want thousands of tune ups for ops. If I can make that job better, >> Yeah >> I want to, any job I want to automate. I call it, elevate the human, right? >> Yeah. >> And that's the reason- >> 'Cause you're saying people have to learn specialty tools, and there are consequences to that. >> Right, and to me, people should focus on more important tasks and use AI as a tool to automate those things right? It's like thinking of offering Apple City as Alexa as a service, that is how we are trying to offer customer service, like, right? And if it can do that consistently, and reduce costs, cost is a big reason why customers like us a lot, we have eliminated the cost in this down economy, I will amplify our message even more, right? I am going to take a bite out of their expense. Whether it is tool expense, it's on resources. Second, is user productivity And finally, experience. People want experience. >> Final question, folks out there, first of all, what do you think about Supercloud? And if someone asks you what is this Supercloud thing? How would you answer? >> Supercloud, is, to me, beyond multi cloud and hybrid cloud. It is to bridge applications that are build in Supercloud can run on all clouds seamlessly. You don't need to compile them, re-clear them. Supercloud is one place to build, develop, and deploy. >> Great, Muddu. Thank you for coming on. Supercloud22 here breaking it down with the ecosystem commentary, we have a lot of people coming to the small group of experts in our network, bringing you in open conversation around the future of cloud computing and applications globally. And again, it is all about the next generation cloud. This is theCUBE, thanks for watching. (upbeat music)

(upbeat music) >> Hi, everybody. We're wrapping up day two of AWS Re:Inforce 2022. This is theCUBE, my name is Dave Vellante. And one of the folks that we featured, one of the companies that we featured in the AWS startup showcase season two, episode four, was Illumio. And of course their here at the security theme event. PJ Kerner is CTO and Co-Founder of Illumio. Great to see you, welcome back to theCUBE. >> Thanks for having me. >> I always like to ask co-founders, people with co-founder in their titles, like go back to why you started the company. Let's go back to 2013. Why'd you start the company? >> Absolutely. Because back in 2013, one of the things that we sort of saw as technology trends, and it was mostly AWS was, there were really three things. One was dynamic workloads. People were putting workloads into production faster and faster. You talk about auto scale groups and now you talk about containers. Like things were getting faster and faster in terms of compute. Second thing was applications were getting more connected, right? The Netflix architecture is one define that kind of extreme example of hyper connectivity, but applications were, we'd call it the API economy or whatever, they were getting more connected. And the third problem back in 2013 was the problems around lateral movement. And at that point it was more around nation state actors and APTs that were in those environments for a lot of those customers. So those three trends were kind of, what do we need to do in security differently? And that's how Illumio started. >> So, okay, you say nation state that's obviously changed in the ROI of for hackers has become pretty good. And I guess your job is to reduce the ROI, but so what's the relationship PJ between the API economy, you talked about in that lateral movement? Are they kind of go hand in hand? >> They do. I think one thing that we have as a mission is, and I think it's really important to understand is to prevent breaches from becoming cyber disasters, right? And I use this metaphor around kind the submarine. And if you think about how submarines are built, submarines are built with water tight compartments inside the submarine. So when there is a physical breach, right, what happens? Like you get a torpedo or whatever, and it comes through the hall, you close off that compartment, there are redundant systems in place, but you close off that compartment, that one small thing you've lost, but the whole ship hasn't gone down and you sort of have survived. That's physical kind of resiliency and those same kind of techniques in terms of segmentation, compartmentalization inside your environments, is what makes good cyber resiliency. So prevent it from becoming a disaster. >> So you bring that micro segmentation analogy, the submarine analogy with micro segmentation to logical security, correct? >> Absolutely, yes. >> So that was your idea in 2013. Now we fast forward to 2022. It's no longer just nation states, things like ransomware are top of mind. I mean, everybody's like worried about what happened with solar winds and Log4j and on and on and on. So what's the mindset of the CISO today? >> I think you said it right. So ransomware, because if you think about the CIA triangle, confidentiality, integrity, availability, what does ransomware really does? It really attacks the availability problem, right? If you lock up all your laptops and can't actually do business anymore, you have an availability problem, right. They might not have stole your data, but they locked it up, but you can't do business, maybe you restore from backups. So that availability problem has made it more visible to CEOs and board level, like people. And so they've been talking about ransomware as a problem. And so that has given the CISO either more dollars, more authority to sort of attack that problem. And lateral movement is the primary way that ransomware gets around and becomes a disaster, as opposed to just locking up one machine when you lock up your entire environment, and thus some of the fear around colonial pipeline came in, that's when the disaster comes into play and you want to be avoiding that. >> Describe in more detail what you mean by lateral movement. I think it's implied, but you enter into a point and then instead of going, you're saying necessarily directly for the asset that you're going after, you're traversing the network, you're traversing other assets. Maybe you could describe that. >> Yeah, I mean, so often what happens is there's an initial point of breach. Like someone has a password or somebody clicked on a phishing link or something, and you have compromise into that environment, right? And then you might be compromised into a low level place that doesn't have a lot of data or is not worthwhile. Then you have to get from that place to data that is actually valuable, and that's where lateral movement comes into place. But also, I mean, you bring up a good point is like lateral movement prevention tools. Like, one way we've done some research around if you like, segmentation is, imagine putting up a maze inside your data center or cloud, right. So that, like how the attacker has to get from that initial breach to the crown jewels takes a lot longer when you have, a segmented environment, as opposed to, if you have a very flat network, it is just go from there to go find that asset. >> Hence, you just increase the denominator in the ROI equation and that just lowers the value for the hacker. They go elsewhere. >> It is an economic, you're right, it's all about economics. It's a time to target is what some our research like. So if you're a quick time to target, you're much easier to sort of get that value for the hacker. If it's a long time, they're going to get frustrated, they're going to stop and might not be economically viable. It's like the, you only have to run faster than the-- >> The two people with the bear chasing you, right. (laughs) Let's talk about zero trust. So it's a topic that prior to the pandemic, I think a lot of people thought it was a buzzword. I have said actually, it's become a mandate. Having said that others, I mean, AWS in particular kind of rolled their eyes and said, ah, we've always been zero trust. They were sort of forced into the discussion. What's your point of view on zero trust? Is it a buzzword? Does it have meaning, what is that meaning to Illumio? >> Well, for me there's actually two, there's two really important concepts. I mean, zero trust is a security philosophy. And so one is the idea of least privilege. And that's not a new idea. So when AWS says they've done it, they have embraced these privileges, a lot of good systems that have been built from scratch do, but not everybody has least privilege kind of controls everywhere. Secondly, least privilege is not about a one time thing. It is about a continuously monitoring. If you sort of take, people leave the company, applications get shut down. Like you need to shut down that access to actually continuously achieve that kind of least privilege stance. The other part that I think is really important that has come more recently is the assume breach mentality, right? And assume breach is something where you assume the attacker is, they've already clicked on, like stop trying to prevent. Well, I mean, you always still should probably prevent the people from clicking on the bad links, but from a security practitioner point of view, assume this has already happened, right. They're already inside. And then what do you have to do? Like back to what I was saying about setting up that maze ahead of time, right. To increase that time to target, that's something you have to do if you kind of assume breach and don't think, oh, a harder shell on my submarine is going to be the way I'm going to survive, right. So that mentality is, I will say is new and really important part of a zero trust philosophy. >> Yeah, so this is interesting because I mean, you kind of the old days, I don't know, decade plus ago, failure meant you get fired, breach meant you get fired. So we want to talk about it. And then of course that mentality had to change 'cause everybody's getting breached and this idea of least privilege. So in other words, if someone's not explicitly or a machine is not explicitly authorized to access an asset, they are not allowed, it's denied. So it's like Frank Slootman would say, if there's doubt, there's no doubt. And so is that right? >> It is. I mean, and if you think about it back to the disaster versus the breach, imagine they did get into an application. I mean, lamps stacks will have vulnerabilities from now to the end of time and people will get in. But what if you got in through a low value asset, 'cause these are some of the stories, you got in through a low value asset and you were sort of contained and you had access to that low value data. Let's say you even locked it up or you stole it all. Like it's not that important to the customer. That's different than when you pivot from that low value asset now into high value assets where it becomes much more catastrophic for those customers. So that kind of prevention, it is important. >> What do you make of this... Couple things, we've heard a lot about encrypt everything. It seems like these days again, in the old days, you'd love to encrypt everything, but there was always a performance hit, but we're hearing encrypt everything, John asked me the day John Furrier is like, okay, we're hearing about encrypting data at rest. What about data in motion? Now you hear about confidential computing and nitro and they're actually encrypting data in the flow. What do you make of that whole confidential computing down at the semiconductor level that they're actually doing things like enclaves and the arm architecture, how much of the problem does that address? How much does it still leave open? >> That's a hard question to answer-- >> But you're a CTO. So that's why I can ask you these questions. >> But I think it's the age old adage of defense in depth. I mean, I do think equivalent to what we're kind of doing from the networking point of view to do network segmentation. This is another layer of that compartmentalization and we'll sort of provide similar containment of breach. And that's really what we're looking for now, rather than prevention of the breach and rather than just detection of the breach, containment of that breach. >> Well, so it's actually similar philosophy brought to the wider network. >> Absolutely. And it needs to be brought at all levels. I think that's the, no one level is going to solve the problem. It's across all those levels is where you have to. >> What are the organizational implications of, it feels like the cloud is now becoming... I don't want to say the first layer of defense because it is if you're all in the cloud, but it's not, if you're a hybrid, but it's still, it's becoming increasingly a more important layer of defense. And then I feel like the CISO and the development team is like the next layer maybe audit is the third layer of defense. How are you seeing organizations sort of respond to that? The organizational roles changing, the CISO role changing. >> Well there's two good questions in there. So one is, there's one interesting thing that we are seeing about people. Like a lot of our customers are hybrid in their environment. They have a cloud, they have an on-prem environment and these two things need to work together. And in that case, I mean, the massive compute that you can be doing in the AWS actually increases the attack surface on that hybrid environment. So there's some challenges there and yes, you're absolutely right. The cloud brings some new tools to play, to sort of decrease that. But it's an interesting place we see where there's a attack surface that occurs between different infrastructure types, between AWS and on-prem of our environment. Now, the second part of your question was really around how the developers play into this. And I'm a big proponent of, I mean, security is kind of a team sport. And one of the things that we've done in some of our products is help people... So we all know the developers, like they know they're part of the security story, right? But they're not security professionals. They don't have all of the tools and all of the experience. And all of the red teaming time to sort of know where some of their mistakes might be made. So I am optimistic. They do their best, right. But what the security team needs is a way to not just tell them, like slap on the knuckles, like developer you're doing the wrong thing, but they really need a way to sort of say, okay, yes, you could do better. And here's some concrete ways that you can do better. So a lot of our systems kind of look at data, understand the data, analyze the data, and provide concrete recommendations. And there's a virtual cycle there. As long as you play the team sport, right. It's not a us versus them. It's like, how can we both win there? >> So this is a really interesting conversation because the developer all of a sudden is increasingly responsible for security. They got to worry about they're using containers. Now they got to worry about containers security. They got to worry about the run time. They got to worry about the platform. And to your point, it's like, okay, this burden is now on them. Not only do they have to be productive and produce awesome code, they got to make sure it's secure. So that role is changing. So are they up for the task? I mean, I got to believe that a lot of developers are like, oh, something else I have to worry about. So how are your customers resolving that? >> So I think they're up for the task. I think what is needed though, is a CISO and a security team again, who knows it's a team sport. Like some technologies adopted from the top down, like the CIO can say, here's what we're doing and then everybody has to do it. Some technologies adopted from the bottom up, right. It's where this individual team says, oh, we're using this thing and we're using these tools. Oh yeah, we're using containers and we're using this flavor of containers. And this other group uses Lambda services and so on. And the security team has to react because they can't mandate. They have to sort of work with those teams. So I see the best groups of people is where you have security teams who know they have to enable the developers and the developers who actually want to work with the security team. So it's the right kind of person, the right kind of CISO, right kind of security teams. It doesn't treat it as adversarial. And it works when they both work together. And that's where, your question is, how ingrained is that in the industry, that I can't say, but I know that does work. And I know that's the direction people are going. >> And I understand it's a spectrum, but I hear what you're saying. That is the best practice, the right organizational model, I guess it's cultural. I mean, it's not like there's some magic tool to make it all, the security team and the dev team collaboration tool, maybe there is, I don't know, but I think the mindset and the culture has to really be the starting point. >> Well, there is. I just talk about this idea. So however you sort of feel about DevOps and DevSecOps and so on, one core principle I see is really kind of empathy between like the developers and the operations folks, so the developers and the security team. And one way I actually, and we act like this at Illumio but one thing we do is like, you have to truly have empathy. You kind have to do somebody else's job, right. Not just like, think about it or talk about it, like do it. So there are places where the security team gets embedded deep in the organization where some of the developers get embedded in the operations work and that empathy. I know whether they go back to do what they were doing, what they learned about how the other side has to work. Some of the challenges, what they see is really valuable in sort of building that collaboration. >> So it's not job swapping, but it's embedding, is maybe how they gain that empathy. >> Exactly. And they're not experts in all those things, but do them take on those summer responsibilities, be accountable for some of those things. Now, not just do it on the side and go over somebody's shoulder, but like be accountable for something. >> That's interesting, not just observational, but actually say, okay, this is on you for some period of time. >> That is where you actually feel the pain of the other person, which is what is valuable. And so that's how you can build one of those cultures. I mean, you do need support all the way from the top, right. To be able to do that. >> For sure. And of course there are lightweight versions of that. Maybe if you don't have the stomach for... Lena Smart was on this morning, CISO of Mongo. And she was saying, she pairs like the security pros that can walk on water with the regular employees and they get to ask all these Colombo questions of the experts and the experts get to hear it and say, oh, I have to now explain this like I'm explaining it to a 10 year old, or maybe not a 10 year old, but a teenager, actually teenager's probably well ahead of us, but you know what I'm saying? And so that kind of cross correlation, and then essentially the folks that aren't security experts, they absorb enough and they can pass it on throughout the organization. And that's how she was saying she emphasizes culture building. >> And I will say, I think, Steve Smith, the CISO of AWS, like I've heard him talk a number of times and like, they do that here at like, they have some of the spirit and they've built it in and it's all the way from the top, right. And that's where if you have security over and a little silo off to the side, you're never going to do that. When the CEO supports the security professionals as a part of the business, that's when you can do the right thing. >> So you remember around the time that you and you guys started Illumio, the conversation was, security must be a board level topic. Yes, it should be, is it really, it was becoming that way. It wasn't there yet. It clearly is now, there's no question about it. >> No, ransomware. >> Right, of course. >> Let's thank ransomware. >> Right. Thank you. Maybe that's a silver lining. Now, the conversation is around, is it a organizational wide issue? And it needs to be, it needs to be, but it really isn't fully. I mean, how many organizations actually do that type of training, certainly large organizations do. It's part of the onboarding process, but even small companies are starting to do that now saying, okay, as part of the onboarding process, you got to watch this training video and sure that you've done it. And maybe that's not enough, but it's a start. >> Well, and I do think that's where, if we get back to zero trust, I mean, zero trust being a philosophy that you can adopt. I mean, we apply that kind of least privilege model to everything. And when people know that people know that this is something we do, right. That you only get access to things 'cause least privileges, you get access to absolutely to the things you need to do your job, but nothing more. And that applies to everybody in the organization. And when people sort of know this is the culture and they sort of work by that, like zero trust being that philosophy sort of helps infuse it into the organization. >> I agree with that, but I think the hard part of that in terms of implementing it for organizations is, companies like AWS, they have the tools, the people, the practitioners that can bring that to bear, many organizations don't. So it becomes an important prioritization exercise. So they have to say, okay, where do we want to apply that least privilege and apply that technology? 'Cause we don't have the resources to do it across the entire portfolio. >> And I'll give you a simple example of where it'll fail. So let's say, oh, we're least privilege, right. And so you asked for something to do your job and it takes four weeks for you to get that access. Guess what? Zero trust out the door at that organization. If you don't have again, the tools, right. To be able to walk that walk. And so it is something where you can't just say it, right. You do have to do it. >> So I feel like it's pyramid. It's got to start. I think it's got to be top down. Maybe not, I mean certainly bottom up from the developer mindset. No question about that. But in terms of where you start. Whether it's financial data or other confidential data, great. We're going to apply that here and we're not going to necessarily, it's a balance, where's the risk? Go hard on those places where there's the biggest risk. Maybe not create organizational friction where there's less risk and then over time, bring that in. >> And I think, I'll say one of the failure modes that we sort of seen around zero trust, if you go too big, too early, right. You actually have to find small wins in your organization and you pointed out some good ones. So focus on like, if you know where critical assets are, that's a good place to sort of start. Building it into the business as usual. So for example, one thing we recommend is people start in the developing zero trust segmentation policy during the development, or at least the test phase of rolling out a new application as you sort of work your way into production, as opposed to having to retro segment everything. So get it into the culture, either high value assets or work like that, or just pick something small. We've actually seen customers use our software to sort of like lock down RDP like back to ransomware, loves RDP lateral movement. So why can we go everywhere to everywhere with RDP? Well, you need it to sort of solve some problems, but just focus on that one little slice of your environment, one application and lock that down. That's a way to get started and that sort of attacks the ransomware problem. So there's lots of ways, but you got to make some demonstrable first steps and build that momentum over time to sort of get to that ultimate end goal. >> PJ Illumio has always been a thought leader in security generally in this topic specifically. So thanks for coming back on theCUBE. It's always great to have you guys. >> All right. Thanks, been great. >> All right. And thank you for watching. Keep it right there. This is Dave Vellante for theCUBE's coverage of AWS re:Inforce 2022 from Boston. We'll be right back. (upbeat music)

>>The cube presents, Coon and cloud native con Europe, 2022, brought to you by red hat, the cloud native computing foundation and its ecosystem partners. >>Welcome to Licia Spain in Coon and cloud native con Europe, 2022. I'm Keith Townsend, along with my cohot Paul Gillon, who's been putting in some pretty good work talking to incredible people. And we have, I don't wanna call, heard the face of CNCF, but you kind of introduced me to, you don't know this, but you know, charmer executive director of CNCF. You introduced me to Kuan at Cuan San Diego's my one of my first CU coupons. And I was trying to get my bearings about me and you're on stage and I'm like, okay. Uh, she looks like a reasonable person. This might be a reasonable place to learn about cloud native. Welcome to the show. >>Thank you so much for having me. And that's so nice to hear >><laugh> it is an amazing show, roughly 7,500 people. >>Yes, that's right. Sold out >>Sold. That's a big show. And with that comes, you know, uh, so someone told me, uh, CNCF is an outstanding organization, which it, which it is you're the executive director. And I told them, you know what, that's like being the president of the United States without having air force one. <laugh> like you get home. I dunno >>About that. You >>Get, no, you get all of the, I mean, 7,500 people from across, literally across the world. That's true at Europe. We're in Europe, we're in, we're coming out of times that have been, you know, it can't be overstated. It, this, this is unlike any other times. >>Yes, absolutely >>Difficult decisions. There was a whole co uh, uh, I don't know the term, uh, uh, cuffa uh, or blow up about mask versus no mask. How do you manage just, just the diversity of the community. >>That is such a great question, because I, as I mentioned in my keynote a little bit, right? At this point, we're a community of what, 7.1 million developers. That's a really big group. And so when we think about how should we manage the diversity, the way I see it, it's essential to treat each other with kindness, professionalism, and respect. Now that's easy to say, right. Because it sounds great. Right. Old paper is awesome. Yeah. Yeah. Great >>Concept. 0.1 million people later. >><laugh> exactly. And so, uh, this is why like, uh, I phoned a friend on stage and, um, van Jones came and spoke with us. Who's the renowned CNN contributor, uh, commentator, sorry. And his advice was very much that in such a diverse community, there's always gonna be lots of perspectives, lots opinions. And we need to a always bring the version of ourselves, which we think will empower this ecosystem, BEC what are, what we are doing. If everybody did that, is that gonna be a good thing or a bad thing? And the other is we need to give each other space and grace, um, space to do what we need to do. Grace. If there are mistakes, if there are challenges. And so those are, those are some good principles for us to live by. And I think that in terms of how CNCF tries to enable the diversity, it's by really trying to hear from everybody possible, the vocal loud voices, as well as the folks who you need to reach out a little bit, pull in a little bit. So it's an ongoing, it's an ongoing challenge that we do our best with. >>How do you balance? And I've been to a lot of trade shows and conferences over the years, their trade organizers are very coin operated. You know, they're there, they're there for the money. Yeah. <laugh> and you have traditional trade shows and you have a situation here where an open source community that is motivated by very different, um, principles, but you need to make money. You need the show to be profitable. Uh, you need to sell some sponsorships, but you also need to keep it available and open to the people who, who don't have the big budgets. How are you balancing that? >>So I would actually like to, uh, share something that may not be obvious, which is that we don't actually do the shows to make money. We, um, as you said, like, uh, a lot of trade shows are coin up and the goal there is like, um, well actually they're different kinds of, I think if it's an independent event organization, it can be like, Hey, let's make as much revenue as possible. If it's part of a large, um, large company, like, like cloud provider, et cetera, the events tend to be lost leaders because they're like lead gen, I think, >>But they're, they're lost leaders, but they're profit makers ultimately >>Long term. Yeah. Yeah. It's like top of the funnel. I, I guess for us, we are only doing the events to enable the community and bring people from different companies together. So our goal is to try and break even <laugh> >>Well, that's, that's laudable. Um, the, how big does it get though? I mean, you're at the point with 7,500 attendees here where you're on the cusp of being a really big event, uh, would you limit it size eventually? Or are you just gonna let this thing run? Its course. >>So our inherent belief is that we want to be accessible and open to more and more and more people because the mission is to make cloud native ubiquitous. Right. Uh, and so that means we are excited about growth. We are excited about opening the doors for as everyone, but I think actually the one, one good thing that came out of this pandemic is that we've become a lot more comfortable with hybrid. So we have a virtual component and an in-person component. So combining that, I think makes it well, it's very challenging cause like running to events, but it's also like, it can scale a little bit better. And then if the numbers increase from like, if they double, for example, we're still, I think we're still not in the realm of south by Southwest, which, which feels like, oh, that's the step function difference. So linear increases in number of attendees, I think is a good thing. If, and when we get to the point where it's, um, you know, exponential growth at that point, we have to think about, um, a completely different event really. Right, >>Right. So 7 billion people in the world approaching 8 billion, 7.1 members in the community. Technology is obviously an enabler where I it's enabled me to, to be here and Licia Spain experiencing this beautiful city. There's so much work to be done. What mm-hmm <affirmative> what is the role of CNCF in providing access to education and technology for the rest of the world? >>Absolutely. So, you know, one of the key, uh, areas we focus on is learning and development in supporting the ecosystem in learners beginners to start their cloud native journey or expand their cloud native journey with training certifications, and actually shared this in the keynote every year. Uh, the increase in number of people taking certifications grows by 216% year over year growth. It's a lot, right? And every week about a thousand people are taking a certification exam. So, and we set that up primarily to bring people in and that's one of our more successful initiatives, but we do so many, we do mentorship programs, internship programs. We, uh, a lot of diversity scholarships, these events, it all kind of comes together to support the ecosystem, to grow >>The turning away from the events, uh, toward just toward the CNCF Brit large, you have a growing number of projects. The, the number of projects within CNCF is becoming kind of overwhelming. Is there an upper threshold at which you would, do you tighten the, the limits on, on what projects you will incubate or how big does that tent become? >>Right. I think, you know, when we had 50 projects, we were feeling overwhelmed then too, but we seem to have cop just fine. And there's a reason for that. The reason is that cloud native has been growing so fast with the world. It's a representative of what's going on in our world over the course of the pandemic. As you know, every company became a technology company. People had to like double their engineering staffs over without anybody ever having met in person mm-hmm <affirmative> right. And when that kind of change is going around the world cloud needing be being the scaffolding of how people build and deploy modern software just grew really with it. And the use cases we needed to support grew. That's why the types of projects and kinds of projects is growing. So there's a method. There's a reason to the madness I should say. And I think, um, as the world and, uh, the landscape of technology evolves cloud native will, will evolve and keep developing in either into new projects or consolidation of projects and everything is on the table. >>So I think one of these perceptions Riley Arone is that CNCF is kind of where the big people go to play. If you're a small project and you're looking at CNCF, you're thinking one day I'll get big enough. Like how should small project leaders or leaders of small projects, how should they engage CNCF? >>Totally. And, you know, I want to really change this narrative because, um, in CNCF we have three tiers of projects. There's the graduated ones, which are at the top. These are the most mature ones we really believe and put our sand behind them. They, uh, then there's the incubating projects, which are pretty solid technologies with good usage that are getting there. And then there's the sandbox, which is literally a sandbox and op open ground for innovation. And the bar to entry is low in that it's, uh, easy to apply. There's a mass boat to get you in. And once you're in, you have a neutral IP zone created by being a CNCF project that you can attract more maintainers, more companies can start collaborating. So we, we become an enabler for the small projects, so everybody should know that >>FYI. Yeah. So I won't be interested to know how that, so I have an idea. So let's say I don't have an idea, but let's say that idea have, >>I'm sure you have an idea. <laugh>, I'm >>Sure I have idea. And, and I just don't have the infrastructure to run a project. I need help, but I think it it's going to solve a pro problem. Yeah. What's that application process like, >>So, okay. So you apply after you already have let's a GitHub repo. Okay. Yeah. >>So you, I have a GI help repo. >>Yeah. As in like your pro you've started the project, you started the coding, you've like, put it out there on GitHub, you have something going. And so it's not at just ideal level. Mm-hmm, <affirmative>, it's at like early stage of execution level. Um, and so, and then your question was, how do you apply? >>Yeah. So how do I, so I have, let's say that, uh, let, let's talk about something I'm thinking about doing, and I actually do, is that we're thinking about doing a open store, a cloud native framework for people migrating to the public cloud, to, or to cloud native. There's just not enough public information about that. And I'm like, you know what? I wanna contribute what I know to it. So that's a project in itself, not necessarily a software project, but a IP project, or let's say I have a tool to do that migration. And I put that up on my GitHub report. I want people to iterate on that tool. >>Right. So it would be a simple process of literally there is when you go to, um, our, uh, online, uh, materials, there's a simple process for sandbox where you fill a Google form, where you put in your URL, explain what you're doing, or some basic information hit submit. And we batch process these, um, about every once a month, I think. And, uh, the TC looks at the, what you've filled in, takes a group vote and goes from there. >>When about your operating model, I mean, do, do you, you mentioned you don't look to make a profit in this show. Do you look, and I wanna be sure CNCF is a non-profit, is that correct? Correct. Do you look, what models do you look at in determining your own governance? Do you look at a commercial business? Do you look at a nonprofit? Um, like of ourselves? Yeah. What's your model for how you run CNCF. >>Oh, okay. So it's a nonprofit, as I said, and our model is very simple. We want to raise the funds that we are able to raise in order to then invest them into community initiatives that play the supporter enabler role to all these projects we just talked about. We're not, we are never the project. We are the top cheerleader of the project. Think of us like that. And in terms of, um, but interestingly, unlike, I, I mean, I don't know much about other found, uh, nonprofit session compare, but interestingly, the donating companies are relevant, not just because of their cash that they have put in, but because those companies are part of this ecosystem and they need to, um, them being in this ecosystem, they help create content around cloud native. They, they do more than give us money. And that's why we really like our members, uh, they'll provide contributing engineers to projects. They will help us with marketing with case studies and interviews and all of that. And so it, it becomes this like healthy cycle of it starts with someone donating to become a member, but they end up doing so many different things. Mm-hmm <affirmative> and ultimately the goal is make cloud native ubiquitous and all this goes towards >>That. So talk to me about conflict resolution, because there's some really big projects in CNC, but only some stuff that is changed, literally changing the world, but there's competing interest between some of the projects. I mean, you, you, there there's, if you look at service mesh, there's a lot of service mesh solutions Uhhuh. Yes. And there's just different visions. Where's the CNCF and, and kind of just making sure the community aspect is thought across all of the different or considered across all the different projects as they have the let's say inevitably bump heads. >>Yeah. So by design CNCF was never meant to be a king maker where you picked one project. Right. And I think that's been working out really well because, um, one is when you accept a project, you're not a hundred percent sure that specific one is gonna take over that technology space. Right. So we're leaving it open to see who works it out. The second is that as every company is becoming a technology company, use cases are different. So a service mesh service mesh a might work really well for my company, but it really may not be a fit for your code base. And so the diversity of options is actually a really good thing. >>So talk to me about, uh, saw an interesting note coming out of the keynote yesterday, 65% of the participants here at CU con are new to Kuan. I'm like, oh, I'm a, I'm a vet. You are, I went to two or three before this. So O GE yeah, OG actually, that's what I tweeted OG of Kuan, but, uh, who, who are they like, what's making up? Are they developers? Are they traditional enterprises? Are they contributing companies? Who's the 65%, >>Um, who's the 65%, >>Right? The new, new, >>Well, it's all kinds of C companies sending their developers, right? It's sometimes there's a lot of them are end users. I think at least half or a third, at least of attendees are end user companies. And, uh, then there is also like the new startups around town. And then there is like the, every big company or small has been hiring developers as fast as possible. And even if they've always been a player in cloud native, they need to send all these people to this ecosystem to start building the relationships start like learning the technology. So it's all kinds of folks are collecting to that here. >>As I, as I think about people starting to learn the technologies, learn the communities, the one thing the market change for this coupon for me over others is the number of customers, sharing stories, end user organizations. Mm-hmm, <affirmative>, mm-hmm, <affirmative> much of the cuon that I've been through many of the open source conferences. It's always been like vendors pushing their message, et cetera. What talk, tell me about that. C change. >>One thing that's like just immediate, um, and the case right now is that all the co-chairs for the event who are in charge of designing the agenda are end users. So we have Emily Fox from apple. We have Jasmine James from Twitter, and we have Ricardo Roka from se. So they're all end users. So naturally they're like, you know, picking talks that they're like, well, this is very relevant. Imma go for that and I'm here for it. Right? So that's one thing that's just happening. The other though is a greater trend, which is, as I was saying in the pandemic, so many companies has to get going and quickly that they have built expertise and users are no longer the passive recipients of information. They're equal contributors. They know what they need, what they want, they have experiences to share. And you're seeing that reflected in the conference. >>One thing I've seen at other conferences in the past that started out really for practitioners, uh, is that invariably, they want to go upscale and they wanna draw the CIOs and the, oh yeah. The, uh, you know, the executive, the top executives. Is that an objective, uh, for you or, or do you really want to keep this kind of a, a t-shirt crowd for the long term? >>Hey, everyone's welcome. That's really important, you know? Right. And, um, so we, and that's why we are trying to expand. It's like, you know, middle out as they had in the Silicon valley show the idea being, sorry, I just meant this a little. Okay. So the idea being that we've had the core developer crews, developer, DevOps, SRE crowd, right op over the course of the last virtual events, we actually expanded in the other direction. We put in a business value track, which was more for like people in the business, but not in as a developer or DevOps engineer. We also had a student thing where it's like, you're trying to get all the university crowd people, and it's been working phenomen phenomenally. And then actually this, this event, we went, uh, in the other direction as well. We hosted our inaugural CTO summit, which is for senior leadership and end user companies. And the idea is they're discussing topics of technology that are business relevant. So our topic this time was resiliency in multi-cloud and we're producing a research paper about it. That's gonna come out in some weeks. So BA so with, for us, it's about getting everybody under this tent. Right. And, but it will never mean that we deprioritize what we started with, which is the engineering crowd. It's just an expansion >>Stay true to your roots. >>Yes. Well, Prianca, we're going to talk to a lot of those startup communities tomorrow. Ah, tomorrow's coverage. It's all about startups. Why should CTOs, uh, new startups talk to these upstarts of as opposed to some of the bigger players here on the show floor, over 170 sponsoring companies, the show floor has been vibrant engaging. Yes. And we're going to get into that community tomorrow's coverage on the cube from Valencia Spain. I'm Keith Townson, along with Paul Gillon and you're watching the cube, the leader and high tech coverage.

>>Yeah. Hello and welcome to the Cubes Presentation of Women in text. Global event Celebrating International Women's Day I'm John for a host of the Cube were with Sally E. Senior Policy Advisor Global Foundation for Cyber Studies and Research. Sally, great to see you. Thanks for coming on the cue for International Women's Day. Appreciate it. >>Pleasure, John. Great speech again. >>Love your title. Global Foundation for Cyber Studies. Um, global is a big part of the theme this year. Uh, cyber studies. We're seeing a lot of cyber activity all around the world, networks, communities coming together, the role of data. I mean, everything is touching our lives. There are no boundaries anymore. What does it all mean? There's so much to talk about your in the middle of it before we get into it. Tell us about your career and your history. How you got interested in tech and what you're working on. >>Absolutely. I love it. Kind of this age of convergence coming together right now, isn't it? That's how I would describe it. And that's kind of a bit like my career. I think in many ways as well. So for the audience, really great to be here and share about that today, and I kind of say, three main palace, so one would be emergent technologies. So, you know, I started off right through from coding to advisory to CTO type roles as well also change management. And now I'm more advisors right across from a I to five G to to Iot and security, for example as well. Also passionate about education checking education for me. They always go hand in hand, some a professor at a number of universities and in my non for profit, we really do a lot of outreach around educational opportunities as well. And that third pillar opponent hinted at it already will be social impact. So really passionate about how we can use tech as a force for good things around sustainability right at the heart of that, but also around diversity equity and inclusion. So we do a lot of pro project your locally and globally around kind of reframing what a tech career looks like, giving people more democratised access. Those tech opportunities outside of that a bit like yourself, you know, podcast host and writer and speaker and things as well, so very much going to building that community around key tech topics. >>Well, folks watching should check it out on Twitter. She's that great content you mentioned Mobile World Congress. Before we get on camera, you mentioned convergence. I mean, we're at a time now. I got to ask you while I got you here before we get into the whole schools and career tech thing, we've seen this movie before, but never at this scale. The convergence and the confluence of education and scale of cloud computing, the ability to level up and get, um, I won't say democratised. That's kind of overused. But I'm just talking about like with cloud computing could be educated and in market with a job instantly. Um, the barriers just seem to be moving away because of the the openings and the roles are changing. So, more than ever, this whole new tech scene comes together in a way. Can you share your thoughts and vision because to me, we're seeing this happening at such a scale unprecedented in my career? >>It is. And that's one of those words that the part had been overused, unprecedented, but right now it really, really is. It's not just a speed of change. I think it's a scale of change as well. You know, I think previously we've talked about disciplines in silos to a certain extent. Haven't we know in terms of like, an AI special is, um or five g one or other disciplines as well? But really, now that convergence about what one tech enables another, it really is that smart technology coming together for more and more different use cases, but that residents around how important education is alongside that alongside process alongside culture and shared values as well it really is. It's kind of holistic integration of everything that matters at the moment. And it's evolving business models as well. You know, shared values rights centre stage around that MWC just come back from that, And the key topics there weren't just by G, it was the importance of ecosystem collaboration. For example, there are less tracks that were isolated on one technology. It was more this conflation of these different technologies coming together and what we can achieve from that from business but also for society so really exciting focus areas now things that maybe once or a few years ago, more than periphery. They're now absolutely centre stage. So it's good to see that progress in that area. And I love to advocate around that. >>And the education piece is so important, and we always stay here in Cuba. It's a data problem, right? Everything's a data problem when you look at schools and education is structured and unstructured data kind of our our systems right, So structured as schools, institutions, those kinds of career paths or education pathways. And then you haven't structured freeform communities, seeing a lot more education going on within groups. Um, off structured environments like schools, Can you and you do a lot with schools? Can you share more how you're doing? Um uh, work with schools specifically on the structured side to get girls into careers faster and tech? And then can you also comment on the other side? What's going on in the communities because it's it's kind of going on in parallel, but they're not mutually exclusive. >>No, absolutely community, absolutely key word that I love that, and I think when we're talking about diversity and technology, it's not just what we're doing now with what we're looking at is looking ahead, but also looking at future pipeline as well. So for me, I use this express a little bit. But change the narrative. That's what springs to mind for me when we're talking about that, and particularly for girls going into technology but also more broadly, diversity of experience. More broadly, we do have these drop offs, so UK is one example, but it is really representative of the global trends that we're seeing. Now. We get a drop off of girls in particular, taking ice subjects at GCSE level so kind of that subject choice choice at 12 to 14, that kind of area. We get the same thing at a level that's equivalent of 16 to 18 and then even safer university or even apprenticeships, whichever both equally valid. But even if people are taking those types of skills, they're not then choosing to apply them in their careers. So we're seeing these kind of three pillars where we need to intervene earlier. So for me, the more that we can do things you know from dedicated educational offers, but equally partnering with tech companies to do outreach around this area. We need to go in younger and younger is so important to address that. Why? Why are people thinking they can't? Why is his career not for me, for example, so addressing that is huge. And that's one of the things we do with my nonprofit that's called aspirational futures. We go into schools and two universities, but equally do things with older adults and re Skilling and up Skilling as well. Because again, we can't leave that behind either. There's something for all different kind of age groups and backgrounds here, but specifically, I think, in terms of getting people interested in this career, curiosity matters. You know, I think it's an underrated skills. So it's changing the narrative again. And what the tech career actually is, what skills are valid? You know, I mentioned, I have a coding background as a starter. But not all tech careers involve coding, particularly the rise of low code or no code, for example as well. So really valued skill. But so many other skills are valid as well, you know, creativity or emotional intelligence problem solving skills. So for me, I like to drive forward. All those skills can make a difference as an individual, as a team, so your you know your tech career. All those skills are valid and you can make a huge difference. And I also think, you know, just kind of really bringing to the fore what different types of projects you can be involved in in tech as well. And I found really resonating when you can talk about tech for good projects and show how you're making a difference about some of those big challenges. Um, that's kind of really kind of resonating responsible people as well. So again, the more we can show tangible projects where you can make a difference and the whole range of skills that are involved in that it really helps people to think differently and gain that skills confidence. So it's like, >>Well, that's awesome insight. I want to just double click on that for a second, because one the drop off. Can you just repeat the ages where you see the drop off with the drop offs are >>absolutely yeah, no problem, John. So it's kind of when you're making your first choices around your first kind of qualifications. Between that 12 to 14 age group, 16 to 18 and then 18 to 21 I think we've really got to tackle that So again the earlier we can go in the better and again supporting people within organisations as well. So I do a lot of work like internally, with organisations as well people looking to up skill and re skill. You mentioned about data and the importance of data literacy earlier on in the conversation as well. For example, going into organisations and really helping to support people in all roles, not just tech facing roles develop that skills, confidence as well. So for me it's access to skills really bringing forward the difference. You can make that holistic range of skills that makes a difference, but also the confidence to apply them as well. You know, we talk about agility, of organisations, a lot areas, one of those kind of words in the last 12 months. But maybe we don't talk about personal agility and team agility as well. So I kind of talked about it. This little toolbox, if we can give people more and more things to draw from it, the only constant is this rate of change. If you've got more things in your armoury to cope with that and be an agile to that. It takes that fear away about what happens next because you feel you've got more skills to dip into it and to apply. So for me, it's that that confidence, not just the access to the skills >>and the other thing, too, I thought was insightful. I want to just reiterate and bring to the surface again as skills, right? So you don't have to be a coder. And I see I have two daughters just with my family. Yeah, I do python. They kind of put their toe in the water cause it's cool. Maybe that's a path, and they kind of don't like, maybe get into it. But it's not about coding anymore because you said low code, no code. Certainly. Maybe AI writes the code. We all see that happening. It's problem solving. It's you could be in health care and you could be nerd native, as we say, as on some of the other interviews of that year at the problem, solving the aperture of skills is much broader now. Can >>you share more than >>more than because with your with your programme and your nonprofit, I know you're in the middle of it, and this is important to get that out there. >>Absolutely so skills. You know, I think we need to change the focus on what skills make a difference if you see what I mean. I think you're absolutely right. There's some misconceptions about, you know, you want to go into tech, you need to be a coda. And you're right with the upscale around low Skilling. Sorry, Low code and the code opportunities. Um, I think the niches around being a specialist. Koda. We're gonna get more roles in that area, but in other areas, we need to look at different skills gap. So I'm advising people to look at where the gaps are now. So cyber security is a key example of that testing architecture. Those gaps are getting bigger. Their amazing skills, opportunities. They're so focused on a particular discipline. But it's all those skills that surround that that make a difference as well. So as I mentioned, you know, e Q creativity, communication skills, because it's not just about having the skills to build the future, knew that imagination to refocus about what that could even be. You know, that was one of the MWC 20 to refrain, reimagine and I love to kind of galvanise that spirit and people that you can be part of that, you know, wherever you are now. And I actually run a little series called 365, and you mentioned something right at the start of our conversation about International Women's Day being such an important focus area. But also we need to think about this beyond that as well. So hence that's the title of the series that I run because it's a focus on that every single day of the year. You know, I interviewed people that could be a C suite roles, but equally I've had some amazing interviews with 12 to 14 year olds, even younger, the youngest of the seven year old. He's doing like an amazing project in their kitchen with a three D printer working with local school or a hospice doing something around Ukraine. Another project we're doing at the moment, actually, and it's so resonating it's trying to show people wherever you are now, wherever you want to be, there's somebody relatable that you can make. You can see whatever sector, in whatever age, whatever background, and I think it's to give that inspiration. Hey, you know what I can do that that can be me. So visibility of role models, it really matters. And to really broaden out what role model looks like, you know? >>And then I think people out there you see yourself. I mean, this is what we been >>proven right? >>It's proven I want to get into the aspirational futures thing that you have going on, and I know this is important to you, but also something else you said was, is that there's more jobs open and say cybersecurity than ever before. And you're seeing this trend where all these new roles are emerging because of the tech that weren't around years ago, right? And so we've been having conversations in the Cube saying, Hey, all these roles are new, but also problems are new to these New new problems are surfacing because of the this new environment we're in. So these new roles still have to solve problems, so we need people to solve those problems. This is the future. This is the conversation that people are trying to get zero in on misinformation, cybersecurity, you name it. Society is changing with >>new. You >>have new new problems and new opportunities. Could you share your aspirational future? How you vector into that? >>Yeah, absolutely. And for me it's just again that we're convergence around people in technology and partnership, and that's what we aim to do. We do projects at a very local level, but equally we do them at national and international level as well. And one of our kind of people assume I'm talking pillars a lot, but I like it as a framework. So one of those esteem learning. So putting an equal value on the arts as well as science, technology, engineering, mathematics because I think they are. You know, as I mentioned before, hand that imagination, creativity, curiosity, collaboration, skills. They're equally valid as a different types of tech skills as well. We need an equal value and all of them. I think that's hugely important, important today. I think over the last 5 to 10 years, maybe there's been less of a focus within curriculums on the arts area than the other areas. So for me, putting that equal focus back is hugely important to navigate change, you know, I think that's that's that's absolutely key. So we focus on that area and we do a whole range of tech for good projects, and that's the way we help people to learn, you know, for example, data 90% at the moment of data isn't touched again when it's archived after three months. How can we turn that into a learning opportunity? For example? Some of the projects we use some of this is not going to be used again. We do it in a very safe, secure way, but we use that as one of our training aids, and then we apply them for local projects. We have initiatives from hackathons and ideation right through to very tangible hubs that we've actually built out where people can go, learn up skill and kind of learn through play and experimentation as well. Because again, I think that sometimes under explored that type of value and that freedom to be able to do that. And we also do things, change management skills. We talk about agile learning, agile technology need agile change management as well. So it's a very holistic skills. Look at what you need to navigate that future and have the confidence to apply them. So steam is very much our focus, applying them for tech for good projects and doing that externally, but also within organisations as well. So that very much is shared value approach to good business, but good for society as well. So yes, that this toolbox, that technology I applied earlier we really try and give people that support. To be able to do that, to move forward with confidence and optimism. >>I think adding the aid to stem really for steam is really smart because entrepreneurship or any problem solving creativity is the spark of innovation. >>And that's a super >>important skill. And we've seen it, whether it's startup or in a big company or in society, so super, super insightful. So I got to ask you, as a policy senior policy advisor on cyber studies globally, what are the core issues you're looking at right now? What are you shutting the light on and what's the most important thing you're working on? And then what's the most important thing you're working that people aren't talking about, that people should pay attention to >>Absolutely so. One of my key roles of the foundation is is kind of share of global trust. Essentially, um, and again trust is that one of the key issues of our time? One thing that people are talking about so much that relates with that actually is there's there's research from a group called The Woman. They've been looking at this for about 17 years or so. The research that came out most recently and I've got some original research that kind of support this as well is that for the first time ever, consumers are looking at organisations like tech organisations and other large organisations, in particular the enterprise level, really, as the bastions of trust to a bigger extent than NGOs or even governments. And that's the first time we've seen it at that level. So trust really really matters. It's one of the biggest differentiators of our time, so we're trying to help people. How do you establish trust? How do you build transparency, commitment and accountability, particularly in areas where there's currently confusion, so as one example going back Security zero Trust That phrase is used an awful lot, isn't it? But it's sometimes causing some confusion. Actually, it against what it's trying to deliver if you see what to me. So now I just do something recently with SMB s in particular and there is a confusion that effectively, you know, you could You could buy off the shelf and it's once and done. Um, And then we're sorted for the zero Trust security. And obviously it's not like that. It's an ongoing journey, and there's so many different constituent parts. So there's some things I'm seeing at the moment in the market with there's confusion around around certain language, for example. So again it goes back to backing things up with the technology but also research and awareness so we can see where those skills gaps are. You can see where there's awareness gaps are we can help to fill them. So that's an important part of that particular role bringing the technology in the culture and the education hand in hand together. So it's something I'm really passionate about, and for me sort of related to this, Um, I do a lot of work around S G, um, to the sustainable development goals. In particular, environmental and social governance is something that's becoming much more of a bigger kind of centre stage conversation. I'm an action point in a moment which is fantastic because this is something I've been involved in kind as long as I can remember. So I work directly with organisations like, um Unesco, lots of different professional bodies. It's kind of a huge driver for me. So one thing to kind of look out for that's coming very soon. I'm seeing an issue around around measurement in this area. You know, we're seeing consumers becoming more and more conscious and employees, you know you want to work for by from advocate organisations that have that same value alignment that you have personally and professionally, hugely important. We're seeing some great reports coming out around better e S g measurement. But it can be hard to compare between different organisations, so we are getting more transparency. But it's difficult sometimes to make fare comparisons. Um, so what I'm trying to do a lot of work on at the moment is how you go beyond that transparency to commitment to accountability and that deeper level and that comparability. So I would say kind of to the audience moment, Look out for a bit of a new index. It's going to help people, I think, make those conscious choices make informed choices. So it's something I'm super, super passionate about. I want to try and take that to next level in terms of its actualisation. >>That's awesome. And certainly we'll link to it on our site. All the work you're doing on interviews will put links there as well. We'll make sure we'll follow up on that. Great to have you on. You're such an inspiration. Amazing work, cutting edge work. And I'm I'm super impressed with the cyber studies, and I think this is really important. I have to ask you a final question because you're in the middle of it again with covid and the unfortunate situations we've been living with Covid. And now, obviously with this Ukraine situation that the cyber has been pulled to the front of the agenda and you're seeing a cultural shift. You certainly got Web three. Cyber is now part of everyone's life, and they can see it. They've been seeing it living it. Everything's been pulled forward as a cultural shift happening, okay, and and it's really interesting right now, and I want to get your thoughts because this now people are now aware what cyberwar means cyber security cyber. At home, I have remote work. Cyber has become front and centre or digital. However you want to call it in our lives pulled forward. >>So I'm not even sure in some >>cases, maybe rightfully so, and others. What's your view on this whole cultural cyber being pulled forward? >>It is. It's really, really interesting. And so one of the things I do is I am now ready to a Cyber Insights magazine as well. So we're developing a lot of content pieces around this and lots of things I'm seeing here. So your covid point, I think one of the most interesting things there is around literacy. For example, you remember when we went back to 18 months ago? We're having daily briefings, whether that's from from UK Parliament or the U. S. Equivalent. And different phrases were coming into everyday language driven by the curve or driven by the data. And they're coming into everyday life and people family kitchen table. It was something that hasn't been spoken about before, but suddenly it was driving everyday decision making and what you could and couldn't do. And that's raised awareness. And I think it helped people to ask better questions and to challenge things that they're seeing. And where has that data come from? How has it been presented to have seen that there? I think similarly, where we're having that same understanding and raise of questioning around what we're hearing around cyber as well. You're looking at where that source has come from, and how can we look at that in a different way? So again, I think it's raising that awareness, which is really, really crucial, >>the >>other thing as well around cyber security in particular. And again, I don't think this is talked about as much. When we talk about aspects around inclusion, we talk about diversity equity. Um, I'll see inclusion. I talk about belonging a lot as well. I think there's other aspects around sustainability that Inter relate as well, because when we find, for example, communities that are not included, they tend to be more adversely affected by, for example, climate factors as well. There's an interrelation. They're equally We find that people that haven't got, for example, the same level of cybersecurity protection are also in that same. There's an interrelation across all those elements were not talking about that either. So that's the other thing. I want to kind of bring attention to their again. They aren't separate conversations is a huge crossover between these different conversations and actions that we can do to make a difference. So there's some positive aspects about things that have happened over the last period of time and also some challenges that if we're aware of them, we can work together again, that collaboration piece to be able to overcome them. You know, I've got I've got a book coming out, all for charity called Tech for Good and one of my kind of tag lines. There is around contagion of positive change. Again, let's reframe the language around what's been happening. And let's kind of put that together is something that's far more positive. >>Language is super important, great >>content here. So >>thanks so much for coming. I really appreciate all the great insight and taking the time out of your busy day to to join us here in the Cube. Women in tech Global Event. Thank you so much. >>My absolute pleasure. Thank you. Thank you all for watching. >>Okay. The cubes presentation of women in text. Global event Celebrating International Women's Day. I'm John for a host of the Cube. Thanks for watching

(upbeat techno music) >> Welcome to theCube's coverage of VMworld 2021. I'm Lisa Martin. Another Cube alum joining me on the program next, Sanjay Uppal is here, the SVP and GM of Service Provider and Edge Business at VMware. Sanjay, it's great to see you. Thanks for coming back on the program. >> Oh yeah. Thank you. Thanks Lisa. And thank you to theCube. >> It's great that we're covering VMworld. I can't wait til they're back in person. This is another event that is virtual for obvious reasons. But I wanted to dig into your role and have you really kind of unpack that for us. Your role is the senior vice president and general manager of the Service Provider and Edge Business. Talk to me about that. >> Yeah, it's a bit of a mouthful, but really what we're doing here is recognizing that the world is shifting and a lot of the workloads are moving to the edge. So that's the edge part of my responsibility. And the other part is the service providers. Service provider of course, is the name for facilities based telecom operators, as they used to be called in the past, but simply called service providers today. So putting those two things together because service provider, 5G and the edge all go together. So I'm running that as a business for VMware. >> Got it. Let's get VMware's definition of the edge. I always like to do that because some companies have a slightly different spin on it. What is it to VMware? >> Yeah, so to VMware, the edge is distributed digital infrastructure. Digital infrastructure of course, is the software stack that you need to run the applications on top, and it's for running workloads. Now, the important part here that we're defining is that the workloads can be in what's known as the underlay, which you can think of as the infrastructure that is needed to run 5G and fiber. But the workloads can also be in the overlay, which is where you find software defined RAN, secure access service edge. And the workloads can be at the edge application layer. These are the new class of applications that we'll talk about. So it's for running workloads. And the other important part of it is, it's across a number of locations. This is not just about being in a few handful of data centers. This is about being in hundreds of thousands, sometimes millions of locations, which has its own quirks in terms of how that infrastructure should work. And the important point is that the edge is placed close to where the end points are either producing or consuming data. So that's what the edge is, as we define it at VMware. >> Got it. Talk to me about the strategy and the vision that VMware has for edge. >> That's, you know, we're at a very important inflection point in the industry, as far as the edge is concerned. And I just always link it back into what's happening, as an example, in music. So one of my favorite songs from Aerosmith is, "Living on the Edge," and that's literally where we are right now. We're living on the edge and what Aerosmith says is, "We're looking at the world in a different way because things are changing all the way around." Of course, I'm paraphrasing a little bit, but our strategy at VMware is to take this living at the edge, which is happening across the board, and to capture it into infrastructure that we're building, come up with a common software stack that will support workloads that are running in the underlay, in the overlay or at the application layer, and support this entirely new class of applications that are coming in. And these applications, to contrast it with what has been happening before, these applications are being built for experiences. And I'll dig into this in a little bit, but really essentially VMware strategy is to come up with that common software stack that is going to be placed at all of these edge locations, sometimes millions of them, for different types of workloads, but the commonality of the stack is important because that is what the service providers and the enterprises use to derive the benefits. >> Being designed for experiences. It's so interesting, because that's what we expect in our personal lives, in our business lives. We want to have good experiences, whether we're ordering something on Amazon or we're trying to collaborate via Slack or something like that. Experience matters. It sounds silly to say, but it's absolutely true. Talk to me about some of the things, the edge being core to customer's future in any industry. >> Yeah. So, you know, from an industry standpoint, we always used to talk about, what are the features of your product and what are the benefits for customers? And then we started seeing an evolution from benefits into, what are the outcomes that the customers want? But now we are getting from outcomes to experiences. And you take, just an example of a retail chain that we're working with, what they want to do is not just simply sell a product to a customer, walks into the store. They want that person to have an excellent experience. And in order to get to that experience, as an example of what would happen is, this person walks into a store. They recognize who that person is, what they had purchased before, they look at what are the likelihood that they want to buy something today? Do I have that thing in my inventory? If I don't, can I manufacture it with my third generation printer that I have over here? The 3D printer that is sitting in the back room. And then, once that is produced in the next few minutes, can they have an experienced in playing a game with the sportsmen of their choice, on this massive screen that's in there? That's experience. That's not just walking into a store, buying a product and walking out. Another experience would be, when you look at healthcare, what's going on right now that when you have a symptom, you go to your doctor to get checked out. But what if your body tells you that there's something that you need to get done? So this entire new class of applications are coming in with sensors that have artificial intelligence in them that are metricating what is happening. And these sensors with that intelligence then get fed into the edge infrastructure, because this is voluminous amount of information. As you can imagine, the amount of metrics that your body needs to track, all this voluminous information needs to get correlated. And then you may need to make an inference about it. Again, that's an experience because you're completely changing the nature of health as this is going about. So in every vertical industry, we have these examples of experiences and what this requires is computation, networking and storage to be pushed all the way into the edge. It requires a network to get this done. It requires connectivity. And it requires, as I've spoken about before, this common software stack that VMware is bringing. >> So talk to me about what's being announced and unveiled at VMworld. >> So what we are announcing very simply is the VMware Edge. And what that VMware Edge is, it comprises three common software stacks at different layers of the stack. So the first thing that we're saying is that we are announcing the VMware Edge compute stack. So this is software that companies can use, ISV's can use, to develop Edge native applications. These are applications that are born at the edge. They're not applications that are necessarily being refactored from somewhere else. And this is stack that is available in very small form factors, all the way to large form factors, and it'S stack that's connected together. As I mentioned before, the numbers of locations are very important. So we are packaging this, we're making it available across the board next week. This is the first part of the announcement. The second part of the announcement is the expansion of our secure access service edge offering. And that expansion includes going from software defined RAN, which was the first and highly successful service to include secure access, cloud web security, and then to follow that on in a multi-services approach and add more services as we go along. And the third piece is to take our Telco cloud platform, we are announcing that that platform is being co-opted to now run at the edge. Now, one very important development in that part, is that we've had our ESXI product, which is very successful in running in the data center, we have an edge ready version for this product. We've made a 10X improvement in the overhead and latency of ESXI. So now it can be deployed in edge locations in very small form factors, and it is absolutely equivalent to bare metal overhead. So now when companies are looking at, is there overhead associated with the ESXI hypervisor? We're saying, no. It's equivalent to bare metal. And all the benefits that you get with deploying ESXI, will now accrue to benefits that you would have at the edge. >> Talk to me about how the events of the past 18 months, we've seen massive acceleration in digital transformation. We've seen, you mentioned the retailer, the retailer is having to be able to massively shift curbside delivery, e-commerce. How have the events of the last 18 months influenced or catalyzed VMware Edge? >> Absolutely. So if you take a step back and think what has happened due to the pandemic, all of us are working from locations that are not, we're not going to some centralized location to our offices. We're actually working from our home edges. We are literally living at the edge when we were working from home. And also when you go to do curbside pickup, you're making a decision right there. You're going to where that edge location is for that retail store. So really to me, what has happened with the pandemic, is emphasized the need for moving computation all the way to the edge. Now you take one use case, work from home itself. Work from home has gone up by, in some cases, 5X to 8X compared to what it was before. And we've seen the network come under tremendous strain because of work from home. We've seen that the user experience, if it's not good, then of course your productivity gets hampered. So work from home is one of those use cases that has been focused on, because of the pandemic, and we've come up with the solution that will help people when they're sitting in their home environment, the kids can do homework, someone can be watching, streaming movie, but the business users still continues to function with full productivity. So it's really emphasizing the need for moving computation all the way out to the edge. >> Yeah. The edge exploded in the last year and a half. I'm going to now rethink, instead of working from home or living at work, living on the edge. So thank you for giving me that idea. That definitely changes how I feel about this room right here. Talk to me about some of the customers, customer examples, customers in terms of their feedback, as VMware has been developing this. I know you're very much a customer centric organization, but what were some of the directions on the influences from the field? >> I think, as far as customers go, they're an integral part of our development process. It's not like we develop a product and then we go sell it to the customer. What we do is, we get the customer to be a part of that process. We figured out what are the issues that the customers are facing in their own business. As an example, when the pandemic hit, in the healthcare space we had one acute care hospital that came to us and said, "well, we can't get enough of the telemedicine done because the radiologists and all are not able to come into the office." Well, we came up with a solution So that radiologist sitting at home can still look at very high definition images as they're talking to their patients. Now, once we develop the first part of the solution, we actually brought the customer in, gave them a prototype. And then I tell my team that when the customer gives feedback, it's like they're handing us a flashlight and that flashlight illuminates the path ahead for us. And so we follow that path that the customer has set based on the technology that we've produced. Our responsibility is to iterate on that technology in a very fast cycle, so that as we get the flashlights, we illuminate the path and that gets to building the product. And then we get the product built and then we have a happy, successful customer with good outcomes and experiences. And in the end, VMware has done something positive, not just in terms of our business, but for the world at large. >> Right. I love that. Handing the customer a flashlight. Another one I'm going to steal from you, Sanjay. Thank you. You've given me two good ones today. And also a different look at Aerosmith, which I probably now won't be able to get that song out of my head. Some of the trends that we've seen, trends over the last 18 months, what are some of the things that you think we've had a lot of acceleration, but there's a lot of positivity that's come from that, that I don't think gets enough coverage. All of the capabilities that we now have. If you take even just the work from home use case that you mentioned, that's going to be persisting for quite some time, some amount of it's going to be permanent. But what are some of the trends that you're seeing now that you think are really going to help facilitate the edge and the compute and the network and customers being able to take advantage of that even faster? >> Yeah. I think that one of the really important changes that has come because of the pandemic is giving customers choice. And as a part of it, VMware is really focused on multicloud. So, the cloud has come in, we had a movement of workloads from the private data center into the public cloud, but now what customers are saying is, we want choice. We want to make sure that this infrastructure is always available to us. So we are focusing from a VMware standpoint on multicloud. Now, what does that mean? It means that it gives customers choice. They can go to different cloud providers, including the private data center and run their applications on top. And this, we think, is here to stay. This is a trend that we think is as important as what's happening in the future of work. Because previously it used to be, we used to think of work as a destination. It's not. It's a workspace right now. People could essentially be working from anywhere. And one of the things that we've learned in the pandemic is that, that actually does happen. Human beings, we are flexible enough that we can accommodate to these changes that are coming in. So the future of work is going to be distributed. It's going to be workspaces and not workplaces. And then multicloud and marrying those two things together is what we are focusing on at VMware. >> What are some of the tracks or sessions at VMware where folks can go to learn more about that use case in particular, as well as the VMware Edge and what you're announcing? >> Yeah, so we have some excellent tracks. We have a track about, of course, the distributed edge. We have a track about what's going on with cross-cloud services that we have come up with. We have tracks in terms of what's happening with networking and security, because security obviously goes hand in hand with everything. Zero trust is becoming fundamental in everything that we do. I was talking to one of my customers who owns gas stations, and he was saying, "Sanjay, I have gas stations in places that I would never visit. But there are people who would sit at these gas stations. I still need for them to come into the network, but I can't trust the devices that they're coming in on." So these would be a few of the tracks that I would recommend that people would go and watch. >> Excellent. Yeah. Speaking of zero trust and just the massive changes in the threat landscape in the last year and a half, the things that we've seen with massive rise in ransomware and DDoS attacks and attacks like this becoming a when, not if, kind of a scenario. So everybody needed to ensure that they have, they can trust the people and the devices on the network. Sanjay, thank you so much for joining me, talking to us about VMware Edge. You gave us some great analogies there that I'm going to take forward with me. And I look forward to seeing you, hopefully next year at VMworld, in person. Fingers crossed. >> In-person would be awesome. Thank you so much, Lisa. And thank you to theCube. >> Our pleasure. Sunjay Uppal. I'm Lisa Martin. You're watching theCube's coverage of VMworld 2021. (upbeat techno music)

(bright upbeat music) >> Oh welcome here to theCUBE's coverage, continuing coverage of AnsibleFest 2021. It's a pleasure to have you with us today and also to join us today is Stephen Elliott, who is the Group Vice President of Management Software and DevOps at IDC. Stephen Good to see you today, thanks for being here on theCUBE. >> Hey thanks John, it's great to be here. >> You bet, good no, thank you again for the time. Well let's just jump right in, I know this is right in your sweet spot. You know, talk about IT automation. You've done a lot of research on this, but let's just talk about overall if you will. Give us that 30-foot perspective of what you're seeing in terms of your research, when we talk about IT automation these days, and configuration management. >> Sure, yeah. Yeah I know, I mean, it's been fascinating to watch with COVID the acceleration of the investments in automation across the board. And really our enterprise IT inquiry that we've taken, it really is just fascinating to see. Whether it's network automation, looking at self-service configuration, looking at provisioning, looking at a patch. I mean, you name the manual toil that enterprise IT organizations are, you know, looking to automate, and we're just finding tremendous investment themes across those areas. I think on top of that, there's been a lot of acceleration of this idea of DevOps, of driving automation across development and operations teams, and in certainly realizing that it's really hard to hire great people. And so we're seeing that companies are utilizing automation as a way to drive your career development, training across teams, and then certainly as a way to augment their teams to help these teams scale when they have difficulties hiring more and more staff. >> Yeah well let's take that first one, that last point first here, I think that's a certainly invaluable point, and that we've heard a lot about labor all over in all sectors right about, you know, finding the right talent for the task. So, in terms of this process, IT automation, and you're talking about maybe some companies being so much short handed or trying to fine-tune their labor needs or whatever. Tell me a little bit more about that in terms of automation and how this helps that process rather than hinders it. >> Yeah, you know, it's interesting, sometimes when IT executives talk about automation, they talk about staff replacement. And actually for the lean forward companies, for most companies that make these investments. That's not the case at all. It's actually an augmentation strategy where they realize, look it's really hard to find great talent. We have an opportunity to take the talent we have, apply new skills, look at automation as a way to get existing teams more productive, as well as an opportunity to learn new skills across teams. You know, whether it's development, operations, site reliability engineering, IT ops, et cetera, networking, you know, we're seeing organizations have a much more impact, you know, much more impactful opportunity to do staff development. And so this helps with scale, it also just helps give organizations, you know, the opportunity to move people across teams, particularly if you've decided that there's one type of automation that you want to utilize, one type of configuration language. It makes things very interesting when you have, you know, an operations person who might want to become a site reliability engineer, or, you know, a DevOps team that understands they have to utilize automation, maybe they want to utilize it, you know, a common framework for that. So, we're seeing executives really look at this as, this isn't about staff replacement at all, it's actually quite the opposite. It's about retention, it's about career training and development, it's about, you know, being able to share staff across teams, and then certainly, you know, this whole notion of augmentation and increasing productivity have organizations realize that, you know, with these generally net new models, you know, containers, microservices, public cloud, DevOps, software defined infrastructure, you know, agile, all these different organizational constructs, and types of technology architectures are driving up complexity. So the ability to simplify that through automation, the ability to drive higher returns on investment through automated processes and workflows, you know, it's really striking a chord with executive teams. >> And this is obviously I think just part of this natural trend, right? As the complexity, the networks and operations has increased, finding efficiencies through automation, that's just kind of this natural flow. Has it been pande-- or how has it been pandemic driven to a certain respect then? You touched on that earlier with your first comments, but what have you seen let's say over the past year at how companies have been reacting to that environment into their business operations? >> Yeah, I know it's been interesting from the C-suite down particularly, where CEOs have really started to realize that often their business architecture is in fact their technology architecture. And the pandemic has forced the C-suite to change their customer engagement models more often than not. So many, you know, B2B companies now had to become B2C. And so, you know, many companies had to pull back, or scale back their operations in the case of, you know, hotel, lodging, airlines. Where they really had to realize, wow, you know, we've got to figure out something because, you know, we're not going to fill capacity. So, you had a lot of CEOs and CIOs recognize that their technology architecture in fact can help make these adjustments. And part of that is driving automated, you know, work streams, whether it's through, you know, new digital services, whether it's through, you know, faster provisioning of infrastructure for their DevOps and development application teams, whether it's driving higher levels of system reliability, which as we all know, you know, customers are pretty impatient. So if digital services aren't working, you're going to move on to something else pretty quickly and give, you know, a competitor, you know, revenue opportunity. So, I think a lot of those swim lane, you know, a lot of those tailwinds, I should say, have really struck a chord in the C-suite and has really driven investments that are driving, you know, core modernization, application modernization, customer engagement models, and business models that, you know, were around 24 months ago. We're finding that the focus on reliability of systems, you know, across the applications to involve systems and networks that are, you know, public-private are really, you know, having that transparency. These things are the foundation. You know, you think about building a house, these are foundational capabilities that from an operations perspective, from a development perspective have really helped shape a lot of the thinking and investment themes that the C-suite now, because COVID accelerated a lot of these modernization projects have really driven, you know, positive outcomes for. >> When you talk about impatience, there's also kind of a, I guess, a queasiness you might say, or some anxiety about any kind of change, you know, and as you're talking about these automated processes, and bringing the whole new realm of opportunity at the business. And so also introduces maybe some angst, I would think a little bit, or what are you telling and what do you see in clients? And what kind of advice are you giving them in terms of their IOT automation decisions and about deploying these really massive changes in some respects to how they conduct the business? >> Yeah I know it's a great question, and we get that quite often. What we advise are a couple of starting points. You know first and foremost, most organizations are automating something somewhere. And particularly with DevOps teams, development, SREs, operations, infrastructure platform teams, networking teams. You know, these teams have a lot of opportunity to automate their toil. And so you have to start somewhere. So pick a use case that, you know you can win, you can get great benefits and a high return on that investment. And as you sort of go through that at the team or departmental level, start then to think about what are additional processes, you know, across your peer group. You know, maybe you're a networking you should be talking to operations, maybe an Ops talking to the DevOps teams and development, et cetera. And really start to highlight some additional ways that you can utilize that singular platform and reach across, you know, your peer groups to drive your more integrated, more automated processes. And these are types of use cases that run the gamut. So from a development standpoint, these would be, you know application release, it would look at CICD, you know, pipeline deployments, et cetera. Of course, you know, manual, moving from manual automated testings, or hot button issue. But from an operational perspective, many of those processes interlock, right with provisioning, with security mechanisms and processes. And then of course, you know, the involvement of the network in terms of, you know, configuration, which is a common issue. So things like configuration, provisioning, self-service, you know, the interlock of security mechanisms. A lot of these are pretty common themes regardless of the team, you know, and regardless of the outcome that's, you know, required. So I think first and foremost, start small, but think big. Secondly think about a potential platform play as it relates to automation. The third piece is make sure you get the right peer groups involved and the key stakeholders. You know, this isn't something you just flip the switch and boom, you know, you're successful. This will take a little bit of time and it's impactful in terms of the team, impactful in terms of the processes and of course, you know, the technology. So having a strong leader and, you know, set of key stakeholders who can drive this to fruition, can really, you know, not only get great wins from the business perspective, but also really drive, you know, a continuous improvement model and drive that theme of automation, you know, particularly as it relates to agile and DevOps and site reliability engineering. It can really play an important role in helping scale out those successes that many of those teams are already sort of built. So it's the extension of the investment but at the same time, it just makes for, you know, a continual cycle of improvement opportunities for these teams to drive further automation across their particular processes. >> Well, this is obviously based on a lot of the AnsibleFest coverage, I talked about that off the, on the outset of the interview. And so let's just focus on Red Hat for a little bit here. First off, give me your take, give me your 2 cents on Red Hat in terms of, you know, how they're doing, and obviously some big announcements, you know, port works and then some on the Ansible Platform. So, first off give me a little idea on Red Hat, and then let's drill down to the news they're making on their announcements. >> Sure, yeah it's interesting, you know, Red Hat Ansible is continuously doing very well in the marketplace. Both from an adoption perspective, as well as just, you know, continuing to get more net new logos. In addition to that, you know, post the Red Hat IBM acquisition, IBM continues to take advantage of Ansible across its portfolio. So, you know, we're seeing further reach into the market into accounts that are both IBM and Red Hat related. I think another piece too, we've recently did some work around, you know, business value of Red Hat Ansible Automation Platform. And a lot of those customers really talked to us about this notion of, you know, starting small, but also thinking more broadly across what type of returns they could get from the platform as well as, you know, it's not just about cost reduction, right? It's really about cost containment, it's about acceleration of your pipelines, it's about driving higher levels of system reliability. So, the other thing we found our customers are really recognizing, it's a balance of business and technical metrics that they want to sort of choose to drive and measure their success. But also at the same point, it's a recognition on the part of Red Hat and their product and development teams they'd really listen to a lot of customers, gotten, you know, features in and really started to think about this breadth of how automation can support, not just operations, but development. You know, this idea of autonomous automation, you know, being able to empower different sets of personas or customers to drive, you know, faith and trust in a product to say, hey, we want to automate a particular piece of a process. And we're just going to, you know, build up the policy, inherently use the templates and boom turn it on and, you know, set it and forget it. So that, that's, you know, a coming wave where customers are starting to, you know, work with Red Hat and particularly the Ansible Platform to understand what does that mean? You know, how do we execute that? And then, you know, as we get more comfortable with turning on that more autonomous perspective, you know, how can we then spread that idea out to different teams? So, you know, we're seeing a lot of these themes and as we talk to customers, you know, hearing a lot of good feedback with regards to, you know, Red Hat and IBM taking advantage of the technology, as well as more importantly customers getting, you know, significant value and returns from the platform itself. >> Right, well Stephen, I appreciate the insights. Certainly it's an interesting future awaiting off course the world of IT automation, a lot more intelligence, right? A lot more autonomy, a lot more challenges, but I'm sure Red Hat is very much up to that. And thank you for being with us here today on theCUBE. >> Hey thank you John it great to be here. >> You bet, Stephen Elliot joining us from IDC talking about Red Hat and Ansible and we'll continue with more coverage a little bit later on theCUBE. Thanks for joining this segment with Stephen Elliott. (bright upbeat music)

(music) >> Hi, welcome to today's session of the CUBE's presentation of the AWS STARTUP SHOWCASE. New breakthroughs in DevOps, Data Analytics and Cloud Management Tools. This segment features HackerOne for DevOps. I'm Lisa Martin, and I am joined by Alex Rice, the founder and CTO of HackerOne. Alex, welcome to the program. >> Thank you for having me. >> Alex and I are going to spend the next 20 minutes or so talking about strengthening cloud application security with HackerOne. I want to go ahead Alex, and start you founded HackerOne back in 2012. Talk to me about, why you founded it? What were the glaring obvious gaps in the market? >> So I, I started out with the software development engineering background before moving into security about halfway through my career. And one of the things that's always bothered me about the security industry is how unreliable our feedback loops are. We only ever really get quality software by having as many, many points of feedback as possible in there from customer surveys and analytics and monitoring. And the security industry has just been really spotty about that. So when I was running the product security team for, for Facebook for a number of years, one of the surprising things that we did, that ended up being one of the best feedback loops we had, we just said to the, to the, the world hackers out there, if you find a vulnerability, find a security flaw, find something that we missed, we'll reward you for it. And we were really blown away with what very creative folks all across the world came back with. And so this concept of inviting outside friendly hackers to point out your flaws in exchange for compensation, ends up being a very valuable tool for any engineering team and any, any security team, particularly those that are adapting to more modern, faster agile environments. >> Right? Like DevOps. So you've amassed a community of over 1.2 million good actors, ethical hackers as you say. How do you vet those folks since there's so many nefarious actors out there? >> It's a great question what we start with. The bulk of the programs that we run on HackerOne are public. They're open to the world. There are organizations like Facebook and GM and the department of defense that say to anybody out there, if you find something that we've missed, we want to know about it. So it doesn't, you're not giving the hackers any special permissions or access that they wouldn't normally have. You're, you're inviting them to collaborate with you. From there we learned a lot about the hackers skillsets and demeanor and their track record to then vet them for more private or targeted programs. So while there are these public programs, that is where those million hackers originate from that list is, is vetted and filtered down for more private engagements. Because most folks building technology, they don't need a million hackers to help them out. They need 10 of the right hackers on their team at the right time. And vetting them and matching those hackers to the right challenges is, is a core part of what we try to do here at HackerOne. >> One of the things that we talk a lot about on this program is, you know, the last five years, this shortage, the cybersecurity skills gap. Is, is HackerOne's answer to that? These 1.2 million ethical hackers who can find those vulnerabilities that are open vectors for criminals to exploit. >> It's part of it. It's very much a part of it. My personal hypothesis about this on a big part of why we have such a glaring skills gap is because we've tried to separate it out from core engineering and DevOps principles. The most secure products out there, the ones that hopefully you trust and we all use regularly. Security is a core part of their engineering practices. It's a core part of their DevOps practices and the skillset overlaps dramatically there. And so we've had a lot more success in involving the core DevOps and engineering teams in security practices and really doing it as, as any other component of, of quality software development. And the challenge of that is that you're not going to find everything that you need in a single job description. If you're building a modern application or deploying modern infrastructure, the diversity of skill sets that you need is just staggering. And if you try to apply the old employment model of, okay, I need a security expert on this application. I need an expert in AWS and Kubernetes and RDS, and queuing systems and encryption for my and database security and account takeover. You quickly realize that it's just impossible for every organization that needs all that expertise to hire somebody with all that expertise. So our, our approach and what we try to do is to make sure that the core teams own responsibility for that security, but they're able to tap experts when they need them at, at, in a model that is really much more acclimated to how modern software is built. >> Got it. Okay. Interesting. Talk to me about the HackerOne security platform. Let's kind of dissect that. >> Absolutely. So there's a, there's a few different types of programs that we run for customers. At our, at its hard. There are public programs that we refer to as, as vulnerability disclosure programs. This is usually a security ad, it could be as simple as a security ad for a email address report vulnerabilities. That's really just an invitation to the world out there that says. Hey, we, our application is available to the public and you as a member of the public, if you find a security issue that we should be aware of, we'd like to hear about it. And it's incredible the amount of value that software teams receive just from asking, this putting that invitation out there. Then in parallel with those, for the organizations that are looking for more talented, a deeper dive we've run bug bounty programs, which is a very similar flavor, but the, our engineering and software teams will post bounties for the specific types of issues that they care about. Meaning if you can find a way to compromise user data, or if you can get access to our infrastructure, we'll reward $5,000 or $10,000. And you're specifically asking people to help you find things that will align with your goals and protect your customers. And then the, the third model that we do are our security assessments. These are a very targeted point in time assessments. They're not ongoing commitments. There are when a DevOps team is deploying a new application or releasing a new architecture or running new infrastructure, when they need a very targeted set of expertise for a constrained timeline to fit into their release processes, we can run assessments of matching just a small number of factors to what you care about and tie all that into your to release process. >> Okay. Let's talk about now, we know, one of the things that we've seen in the last 18 months as this massive acceleration to digital, we've seen a much more cloud adoption and really lifelines. Zoom, Netflix, for example, being these lifelines. As more organizations are moving to the cloud, we think, well, maybe risks are getting higher. With respect to customers that are moving to AWS. How does hacker one security platform help? >> The potential of technology. If it wasn't clear before the pandemic started, it should be clear to everybody now, like it is, it's unbelievable the positive impact it's able to have on our lives. And at the same time, most people don't trust technology. We as a technology industry have done a poor job of earning the public's trust that the technology that many of their lives are starting to depend upon is as trustworthy as they needed to be. And that's not a new challenge. Like as long as we've been developing software, there have been bugs, there have been security problems, but it's really amplified it both with the pace of development and just how accessible that's becoming to that to the world. And so in, in prior development models where we were releasing software, much more infrequently, where it was deployed in very controlled environments and accessible only to specific people who happen to be in a physical location or had a particular corporate account, that's all starting to change. Software is being released so much faster at a, at a pace that their traditional security models were already struggling to keep up with. And now are just completely, completely outclass. That's the trend number one that's changed. It's just the speed at which we have to apply. Security is, is unprecedented in this new world. And then at the same time, the access has just gone through the roof, the way of operating a modern business and surfing modern customers dictates that we have to meet them where they are wherever they are in the world, which means the adversaries have the same level of access that we're now affording to our, to our customers. So for our financial services customers that have gone completely remote access in the, in the last year, that's a whole range of attack surface. It wasn't accessible for many of them are using cloud systems to do that. Our healthcare customers that previously a tech service, it was only accessible when you were actually in the hospital is now open in large parts of the public and has many many more private conversations than it did before. And it's more than anything else that realization that we need this technology to be always on accessible anywhere in the world and trusted because people need to trust it. Like their lives depend on it. Literally has, has really changed how we need to look at this challenge. >> Yeah. That speed at which the attack surface is just spreading. And I was looking at some cybersecurity data in the last week or so, and there's really no signs of it slowing down. We saw this, the rapid shift to remote work a year and a half ago, remote learning. And we've got obviously we're in this hybrid world now where, you know, companies are in hybrid cloud, we're in this hybrid workforce of some remote, some homes, some doing both back and forth with that attack surface spreading. Give me an idea of some of the customers that you guys are working with to help them with HackerOne secure their AWS environments. >> Yeah. Our customer base really follows technology adoption trends. All of our early customers were, were tech companies that are kind of the ones that pioneered this model. Facebook, Google, Microsoft, Twitter, Uber were the, the early tech companies that quickly over the first ones to realize that the traditional approach to security model was just insufficient for a new cloud forward environment. Behind them you'll find technological, technology leaders in every industry. It's hard to just talk about the tech industry today. When you look at any industry out there, you can find one or two examples of very technology forward companies. On the finance side, customers like Goldman Sachs and Capital One. They really view themselves as technology companies these days. They're not finished service organizations or banking organizations, they're first and foremost technology companies. They were the first, some of the first to adopt this, this model. On the military side, the department of defense was one of the first organizations to do this cause they've long had, they're both one of the most traditional organizations out there. They've always had innovation arms to adapting practices like this. The automobile industry was a little bit early on the technology adoption trend. As consumers started relying on and demanding more technology in their vehicles. They were one of the early adopters of, of a practice here. And in the more recent years, the line has just completely gone away. We don't really use what we were engaging with a customer you don't really even ask. Are you, what's your, what's your digital strategy? or do you have a technology team? or are you developing first party applications? Do you use any cloud services? The answer to it is just is it's yes. So much more often than it's not. I think there's the safe assumption in 2021 is if you're, if you're doing business, you are probably have a software engineering team, you are probably deploying on the cloud. And if you're not, you're probably not going to be doing business in the, in the next decade. >> Right. That's, that's going to be a big differentiator, but you bring up a good point that every you can, you can almost say every company these days is a tech company or needs to become a tech powered company, a data-driven company. That is critical to especially organizations in this climate being able to pivot continuously as our world is changing. I want you to walk us through Alex, some of the HackerOne assessments that folks can do specifically in the AWS environment. >> For specifically for AWS, what we found is there's a category of AWS and we're really a cloud customers that want the always on security feedback loops that come from bounty programs. And so we, we've had that offering for quite a while of folks that want a feedback, no matter when it happens, because they're continuously received releasing applications. But then increasingly one of the use cases that we discovered was folks were in the midst of moving new applications to AWS, almost on a, on a weekly or monthly cadence. And they need needed a security testing cycle that would keep pace with that. Particularly folks that are ongoing any type of cloud migration or lifted shift of their, of their applications. And so we, we rolled out at AWS tailored specific version of our security assessment product. You can get it in the AWS marketplace as well, that lets you spin up a targeted security assessment on demand through the, through your native AWS tooling, whenever you need it. And the most common use case being this, we plan to open up access to this application next week. We'd love to have some hackers kicking the tires on it this week before the whole world has the opportunity to do that. All of those findings are then integrated back into Rietta U.S security hub, and tailored in a way that is meant for the DevOps teams and engineering teams that are deploying to, to be able to tell us what's going on. We're not asking folks to, to break out into specific security workflows. We really fundamentally believe that security accessible to DevOps teams is, is what's needed to keep us all moving fast and ship trustworthy now applications in the cloud. >> Is that at all a facilitator, you know, when we talk about DevOps folks, security folks, Devsecops. We talk about sort of the, the cultural shift and developers needing the DevOps folks need to be focusing on getting applications out at speed, security folks, developers, you know, we don't want to have to have security responsibilities. Are you helping to facilitate some of those? >> Yeah. We are, and it is more of a personal opinion here, but as someone who's worked on on many engineering teams and built multiple application and product security teams, the strongest ones in the industry, the lines between the product team and the product security team or the DevOps team or the security team are non-existent, those experts exist on to. I hate terms like Devsecops. We, it's necessary to, to approach things, but like if you're going to have a term like DevSecOps, you need to expand it to like DevQaSec in for ops. And it's just, you can't possibly capture every skillset and the critical aspect of quality software development in, in a short little acronym like that. And to me, DevSecOps just feels like a, an attempt by the industry to get invited to a party that nobody wants them at. And I really think we have to rewire our thinking. And if you have a, a development and an operations team, which are the two core functions there that doesn't take hands-on responsibility for the security of what they're developing and operating you're in trouble. Right? The more you try to outsource that to another team, another set of expertise, the worst you're going to be. There's a, there's a analogy that I draw to this that is a little bit of a poor analogy, but it, if it works well for me. For those of us that have been around in software engineering for, for long enough, there was a huge push in the early two thousands to build quality assurance processes across the board. Like everyone was investing in QA and building our QA teams. And every study across the board showed quality just tank after people invested millions in QA and quality assurance. And when, when you dig into it, it's intuitive, right? Like as soon as you can say. Oh, thank goodness quality is now somebody else's job. I've got, there's a dedicated team that can think about quality and deal with quality. Quality goes away. And security follows the exact same paradigm. Modern software is too complex, too interconnected, to be able to expect somebody else to completely do it for you. And so we really try to consult our customers on you should be thinking about organizational structures and responsibility, major SIGs that ensure developers and operations have the seat at the table in the security of the product. And then the challenge is how do we get the right people onto those teams? How do we get the right experience to them versus bolting it on with another acronym in the middle? >> I love your opinion there. In terms of facilitating that the latter part of what you just spoke, how are you finding those conversations within customers going? Is this now, I mean, think about it from a security perspective, it's going up to the board level imperative. Are you finding, especially in the last 18 months that your conversations with organizations are changing as that escalates up the chain? >> They are, but we also take a very pragmatic approach to this. I give you a very, a, a fairly, a personal opinion there on how to do it. The reality is most organizations aren't structured that way. They have a DevOps team, they have a security team, and the two are often in somewhat of an adversarial relationship. And, and we, we certainly work within those environments. You certainly can have a mature security program in an environment like that. It's not like there's one silver bullet to solve it, but we do work closely with our customers to try to bring down those walls. And increasingly technology leaders are engaged and hands-on, and are looking for ways to make this better. Five years ago, the CSO, The Chief Information Security Officer was almost always our main buyer, and our main point of contact. Is much, much more common now to see VPs of engineering, CIO's, CTOs have direct line responsibility for, security teams. And I think we're starting to see the early shifts of work structures that reflect that. If you have a DevOps team and you have a security team, that's responsible for the security of what the DevOps team is doing, and they are reporting to the same executive where there are major points of bureaucracy and politics between them. Every executive we talked to feels that, they lived through an experience like that, and they're motivated to start bringing those balls down. >> They've been through that pain and know the imperative give up getting alignment. So we've talked a lot in the last minute here. So I'm curious, we talked a lot about what HackerOne is doing, what you're doing for the AWS community, what's in it for your customers, but I'd love to understand just really quickly what's in it for the hackers? I do understand that you guys have more ethical hackers than black hats out there are out there, they're new assistants, which is good to know. But, what's in it? You know, from a bounty perspective for the hackers that work with you. >> We believe we're creating meaningful economic opportunity for, for hackers out there. We've had over a dozen hackers that have made a million dollars on the platform helping customers. But more importantly, it maps to how you want to develop your skillset. As hackers, a big part of the cyber security workforce challenge is these unrealistic job expectations that require every security engineer to be a Jack of all trades and work across 10 different product teams and master all of these skills. Whereas this model allows hackers to specialize. You can be a specialist in a very particular piece of technology and apply that specialization across everyone that depends upon it, and focus on what you can do best without dealing with the office politics or the unrealistic job expectations of what's needed in a modern school professional. It's one of the most painful things about the security community is you'll, you'll look at junior entry-level job descriptions for security engineers that already require five years of experience and expertise in 10 different technologies, which is just it's unrealistic. You're you're not going to find it. You don't want to, to be that individual. But it's also, it's back to what we were talking about earlier. It's trying to ask to find unicorns for roles that are just not in line with how modern software is built. And so I think for that, for the hacker community, what we hope we're doing is we hope we're creating meaningful economic opportunity. We're also hope we're enabling folks to develop and contribute to society with their skills in a way that they would like to. >> Awesome. Alex, thank you so much for joining me today, giving me kind of a background on what HackerOne's doing, what you're doing for AWS, the opportunities what's in it for me as a customer, what's in it for me as an ethical hacker. It's been great having you on the program. >> Thank you very much. Take care. >> This has been our coverage of the AWS startup showcase new breakthroughs in DevOps, data analytics and cloud management tools for Alex Rice. I'm Lisa Martin. Thanks for watching. (music)

(upbeat music) >> Welcome to theCUBE's coverage of PagerDuty Summit. I'm your host, Natalie Erlich for theCUBE. We're now joined by our guest Jonathan Rende. He is the SVP and General Manager of Products at PagerDuty. Thank you very much for joining the program today. >> That's a pleasure to be here. Thanks for having me, Natalie. Well, Summit 2021, an exciting time for PagerDuty. What are you looking forward to most? >> Well, finally, I'm looking forward to at some point, hopefully, not having to wear my mask in public anymore. I know that's the right thing to do still, and I am doing that, but it seems like things are starting to get back to normal. And because of that, what we're finding is a lot of our customers and clients business practices, especially in certain industries like the hospitality and entertainment, they're coming back as well, and to pre-COVID levels and their same level of usage and everything obviously, that got a little bit dampened during the pandemic. So I'm just looking forward to businesses normal and probably the biggest is talking to my colleagues in three dimensions in person versus two dimensions on a zoom. >> Right. Right. And yeah, I mean, it seems like, unfortunately, not this time we get to see each other in person. But looks like customer service is a big focus at the Summit. Why is it so important right now for companies to provide a seamless customer and digital experience? >> Well, we've learned a lot in the last 12 to 15 months. And one of those is that our historical audiences, developers, ITOps folks who have been on the front lines. And for the, a big part they've been distributed already. Customer service teams have always been on the front lines whenever there's a customer experience problem. And they're no longer working in the office across cubes being able to communicate they're remote now as well. And so with a couple of really interesting things have happened. One with the rise of digital services, the use, the demand on them, heck my own parents are now ordering groceries online, which they never did before. And with the increase with many of our clients and customers, the customer success organizations have to deliver a whole new level of customer experience for that digital experience versus just the brick and mortar in on-premise type of experience. And it's created a whole new set of needs around collaboration, communication. And we've seen that customer service teams are a critical component working with development and IT part of kind of like a three-legged stool that has to work together really well for great customer experience now in the digital age. >> Well, you mentioned this big push for digital and especially in light of the pandemic and what other ways did the pandemic impact customer service? >> So first, like maybe building on what I was just saying, just the collaboration aspect. Most customer service teams have historically that I get an opportunity to work with, they have to work for better, for worse in reactive mode. Cases get opened up, something isn't working, a customer is unhappy, there's a customer satisfaction issue, and so they're pulled in. And those individuals, they're lacking all the contexts that they need, and oftentimes, they're in a world where they have to pull in other individuals. And I think gone are the days where they can pass that customer case off to just another individual and then another individual and another individual, that's incredibly frustrating from a customer business experience. And so this notion of eliminating hand-offs and empowering that individual to be able to reach out to the people that they need and handle that case kind of from beginning to end and communicate directly bidirectionally with engineering teams when they're fixing an issue with electronic shopping cart, digital shopping cart, that's critical. They need to have that flow of information because they're a member of the team so that they can proactively communicate with their clients and give them updates of what's happening. >> Well, last year you announced a customer service solution. What are you announcing this week? >> So a couple of big things, we've recently just made available kind of like a complete in context experience or PagerDuty for customer service app for Zendesk and upcoming with Salesforce. It's really all about an agent, not having to switch out of their help desk, their contact center environment. They can get all the information they need in their world without having to move to other applications. They can instantly know if there's a really important issue in the back office with the systems, with the digital services that they need to be aware of. So we have a whole new set of PagerDuty for customer service products that we've made available. And then also a couple of different options for our customers and how they can consume that. We have a professional version and a business version. And really the difference between the two is if you want your customer service agents to really have full case ownership, to be able to be empowered to do everything, pull in the folks that they want to, they can do that in the business version of our package. >> How and why should DevOps and customer service work together in your opinion? >> So historically, I've always felt that in many times engineering teams will identify because of monitoring and many other technologies that they're using that they'll understand, that there is something that could be customer impacting and they'll work that diligently. Unfortunately, it's been more of a, kind of a stakeholder relationship only with customer service. Yes, they need to know about it. But what we've really worked towards is making sure that customer service is not just the stakeholder, they're an active participant because issues can be identified from customers on the front end or proactively by items issues that are identified in the back office. So being able to be right in the center of the customer world is super, super critical. >> And when you look at the next year and even the next five years, what are you most excited about? >> I think it's really empowering helping our customers, our community, customer service agents on the frontline do more, have more power at their fingertips. I know over and over again, I think, greater value is delivered to customers through those individuals that are contacted not always in the best of times. And there's some amazing statistics out there sets that it takes 10 good experiences to make up for a bad experience if you're a customer. So there's a big impact to this or if there's a particular pricing or product issue that a customer service issue is way more important, way more impactful, will lead somebody to use an alternative service versus the product itself or the pricing of it. It's the service element that's most important. Given all of that, when somebody does in their time of need have a customer service issue, when they do have a positive experience, three quarters of the time, they're super open to sharing that with others. And so if I look at some of that, again, what I'm excited about looking forward is how can we empower those agents to be able from cradle to grave. Take a case that comes in proactively communicate with their customers to provide a great experience to address some of those statistics. And we're really focused on automating that process. It's another truism is that, well, every business wants their customers to exponentially grow. You can't grow your customer service organization exponentially. You can't hire an infinite number of bodies. And so technology plays a really important role in that. And having PagerDuty for customer service as an integrated part of your Salesforce or your Zendesk or your fresh desk implementation will help those teams scale a little quality of life for those agents is important. And we believe that we can really help in that area. Minimize stress disruptions and help them provide better service to their customers. >> Yeah. Well, we touched on a lot of areas in terms of customer service, but another key feature of your role at PagerDuty is in product. So if you could outline some of the key products at PagerDuty and perhaps some insight on what you have in the pipeline. >> Yeah. So outside of just customer service, one of the huge parts of our community are those in ITOps and DevOps. And one of the areas of responsibility I have working with the team that I'm super proud of is what we're doing with what was recently announced last September, our Rundeck acquisitions. So we're announcing something called Runbook actions as a part of the PagerDuty platform. Think of it as a very simple, safe level of automation that every DevOps team can use to better address issues and kind of eliminate a lot of the toil and manual activities when they get pulled into a major event. And so we're releasing this new add on product, very excited about it. It's the first introduction of our Rundeck technology, new as a part of the integrated within the PagerDuty platform. So the reception we've gotten so far in early days has been tremendous and people are really excited, again, to eliminate toil, eliminate a lot of manual activities, allow them to fix items faster when seconds really matter. >> Terrific. Well, really, really appreciate your insights, Jonathan Rende, SVP and General Manager of Products at PagerDuty. Thanks very much for your insights. >> Thank you, Natalie. >> Terrific. And that's all for this session of the PagerDuty Summit. I'm your host Natalie Erlich. Thank you for watching.

from the cube studios in palo alto in boston bringing you data-driven insights from the cube and etr this is breaking analysis with dave vellante the convenience of online access to bank accounts payment apps crypto exchanges and other transaction systems has created enormous risks which the vast majority of individuals either choose to ignore or simply don't understand the internet has become the new private network and unfortunately it's not so private apis scripts spoofing insider crime sloppy security hygiene by users and much more all increase our risks the convenience of cloud-based services in many respects exacerbates the problem but software built in the cloud is a big part of the solution hello everyone and welcome to this week's wikibon cube insights powered by etr in this breaking analysis we'll try to raise awareness about a growing threat to your liquid assets and hopefully inspire you to do some research and take actions to lower the probability of you losing thousands hundreds of thousands or millions of dollars let's go back to 2019 in an event that should have forced us to act but for most of us didn't in september of that year jack dorsey's twitter twitter account was hacked the hackers took over his account and posted racial slurs and other bizarre comments before twitter could regain control of the account and assure us that this wasn't a system-wide attack most concerning however was the manner in which the attackers got a hold of dorsey's twitter account they used an increasingly common and relatively easy to execute technique referred to as a sim hijack or a sim swap the approach allows cyber thieves to take control of a victim's phone number now they often will target high-profile individuals like ceos and celebrities to embarrass or harass them but increasingly they're going after people's money of course now just in the past month we've seen a spate of attacks where individuals have lost cash it's a serious problem of increasing frequency so let's talk a little bit about how it works now some of you are familiar with this technique but most people that we talk to either aren't aware of it or aren't concerned you should be in a sim hack like this one documented on medium in may of 2019 four months prior to the dorsey attack the hackers who have many of your credentials that have likely been posted on the dark web they have your email they have your frequently used passwords your phone number your address your mother's maiden name name of your favorite pet and so forth they go in and they spoof a mobile phone carrier rep into thinking that it's you and they convince the agent that they've switched phones or have some other ruse to get a new sim card sent to them or they pay insiders at the phone carrier to steal sim card details hey 100 bucks a card big money now once in possession of the sim card info the attacker now can receive sms messages as part of two-factor authentication systems that are often used to verify identity they can't use face id on mobile but what they can do is go into your web account and change the password or other information the website then sends an sms and now the attacker has the code and is in then the individual can lock you out and steal your money before you even know what hit you all right so what can you do about it first there's no system that is hack proof if the bad guys want to get you and the value is high enough they will get you but that's the key roi what's roi simply put it's a measure of return derived from dividing the value stolen by the cost of getting that value it's benefit divided by cost so a good way to dissuade a criminal is to increase the denominator if you make it harder to steal the value goes down the roi is less here's a layered system shared by jason floyer the son of our very own david floyer smart dna there so we appreciate his contribution to the cube the system involves three layers of protection first you got to think about all the high value online systems that you have here are just a few you got bank accounts you have investment accounts you might have betting sites that has cash in it e-commerce sites and so forth now many of these sites if not most will use sms-based two-factor authentication to identify you now that exposes you to the sim hack the system that jason proposes let's start in the middle of this chart the first thing is you got to acknowledge that the logins that you're using to access your critical systems are already public so the first thing you do is to get a in quotes secure email in other words one that no one knows about and isn't on the dark web find a provider that you trust maybe the one maybe one that doesn't sell ads but that look that's your call or maybe go out and buy a domain and create a private email address now the second step is to use a password manager now for those who don't know what that is you're probably already using one that comes with your chrome browser for example and it remembers your passwords and autofills them now if you on your iphone if you're an iphone user go to settings passwords and security recommendations or if you're on an android phone open your chrome app and go to settings passwords check passwords you're likely to see a number of recommendations as in dozens or maybe even hundreds that have been compromised reuse passwords and or or are the subject of a data breach so a password manager is a single cloud-based layer that works on your laptop and your mobile phone and allows you to largely automate the creation management and maintenance of your online credentials now the third layer here involves an external cloud-based or sometimes app-based two-factor authentication system that doesn't use sms one that essentially turns your phone into a hardware authentication device much like an external device that you would use like a yubikey now that's also a really good idea to use as that third layer that hardware fob so the system basically brings together all your passwords under one roof under one system with some layers that lower the probability of your money getting stolen again it doesn't go to zero percent but it's dramatically better than the protection that most people have here's another view of that system and this venn the password manager in the middle manages everything and yes there's a concern that all your passwords are in one place but once set up it's more secure than what you're likely doing today we'll explain that and it'll make your life a lot easier the key to this system is there's there's a single password that you have to remember for the password manager and it takes care of everything else now for many password managers you can also add a non-sms based third-party two-factor authentication capability we'll come back and talk about that in a moment so the mobile phone here uses facial recognition if it's enabled so it would require somebody they had either have you at gunpoint to use your phone and to stick it in front of your face to get into your accounts or you know eventually they'll become experts at deep fakes that's probably something we're going to have to contend with down the road so it's the desktop or laptop via web access that is of the greatest concern in this use case this is where the non-sms-based third-party two-factor authentication comes into play it's installed on your phone and if somebody comes into your account from an unauthorized device it forces a two-factor authentication not using sms but using a third-party app as you guessed it is running in the cloud this is where the cloud creates this problem but it's also here to help solve this problem but the key is this app it generates a verification code that changes on your phone every 20 seconds and you can't get into the website without entering that auto generated code well normal people can't get in there's probably some other back door if they really want to get you but i think you see that this is a better system than what 99 of the people have today but there's more to the story so just as with enterprise tech and dealing with the problem of ransomware air gaps are an essential tool in com combating our personal cyber crime so we've added a couple of items to jason's slide so the this air gap and the secure password notion what you want to do is make sure that that password manager is strong and it's easy for you to remember it's never used anywhere except for the password manager which also uses the secure email now if you've set up a non s if you've set up a two factor authentication sms or otherwise you're even more protected non-sms is better for the reasons we've described now for your crypto if you got a lot first of all get out of coinbase not only does coinbase gouge you on transaction costs but we'd recommend storing a good chunk of your crypto in an air-gapped vault now what you want to do is you want to make a few copies of this critical information you want to keep your secure password on you in one spot or memorize it but maybe keep a copy in your wallet your physical wallet and put the rest in a fireproof filing cabinet and a safety deposit box and or fire proof lock a lock box or a book in your library but but have multiple copies that somebody has to get to in order to hack you and you want to put also all your recovery codes so when you set all this up you're going to get recovery codes for the password manager in your crypto wallets that you own yeah it gets complicated and it's a pain but imagine having 30 percent or more of your liquid assets stolen now look we've really just scratched the surface here and you you're going to have to do some research and talk to people who have set this stuff up to get it right so figure out your secure email provider and then focus on the password manager now just google it and take your time deciding which one is the best for you here's a sample there are many some are free you know the better ones are for pay but carve out a full day to do research and set up your system take your time and think about how you use it before pulling the trigger on these tools and document everything offline air gap it now the other tooling that you want to use is the non-sms based third-party authentication app so in case you get sim hacked you've got further protection this turns your phone into a secure token generator without using sms unfortunately it's even more complicated because not only are there a lot of tools but not all your financial systems and apps we will support the same two-factor authentication app your password manager for example might only support duo your crypto exchange might support authy but your bank might only support symantec vip or it forces you to have a key fob or use sms so it's it's a mishmash so you may need to use multiple authentication apps to protect your liquid assets yeah i'm sorry but the consequences of not protecting your money and identity are worth the effort okay well i know there's a deviation from our normal enterprise tech discussions but look we're all the cios of our respective home i.t we're the network admin the storage admin the tech support help desk and we're the chief information security officer so as individuals we can only imagine the challenges of securing the enterprise and one of the things we talk about a lot in the cyber security space is complexity and fragmentation it's just the way it is now here's a chart from etr that we use frequently which lays out the security players in the etr data set on two dimensions net score or spending velocity in the vertical axis and market share or pervasiveness within the data set on the horizontal now for change i'm not going to elaborate on any of the specific vendors today you've seen a lot of this before but the chart underscores the complexity and fragmentation of this market and this is just really literally one tiny subset but the cloud which i said at the outset is a big reason that we got into this problem holds a key to solving it now here's one example listen to this clip of dave hatfield the longtime industry exec he's formerly an executive with pure storage he's now the ceo of laceworks lace work a very well-funded cloud-based security company that in our view is attacking one of the biggest problems in security and that's the fragmentation issue that we've often discussed take a listen so at the core of what we do you know you know it's um it's really trying to merge when we look at we look at security as a data problem security and compliance is the data problem and when you apply that to the cloud it's a massive data problem you know you literally have trillions of data points you know across shared infrastructure that we you need to be able to ingest and capture uh and then you need to be able to process efficiently and provide context back to the end user and so we approached it very differently than how legacy approaches have been uh in place you know largely rules-based engines that are written to be able to try and stop the bad guys and they miss a lot of things and so our data-driven approach uh that we patented is called uh polygraph it's it's a security architecture and there are three primary benefits it does a lot of things but the three things that we think are most profound first is it eliminates the need for you know dozens of point solutions um i was shocked when i you know kind of learned about security i was at symantec back in the day and just to see how fragmented this market is it's one of the biggest markets in tech 124 billion dollars in annual spend growing at 300 billion dollars in the next three years and it's massively fragmented and the average number of point solutions that customers have to deal with is dozens like literally 75 is the average number and so we wanted to take a platform approach to solve this problem where the larger the attack service that you put in the more data that you put into our machine learning algorithms the smarter that it gets and the higher the efficacies look hatfield nailed it in our view i mean the cloud and edge explodes the threat surface and this becomes a data problem at massive scale now is lace work going to solve all these problems no of course not but having researched this it's common for individuals to be managing dozens of tools and enterprises as hatfield said 75 on average with many hundreds being common the number one challenge we hear from csos and they'll tell you this is a lack of talent lack of human skills and bandwidth to solve the problem and a big part of that problem is fragmentation multiple apis scripts different standards that are constantly being updated and evolved so if the cloud can help us reduce tooling creep and simplify and automate at scale as the network continues to expand like the universe we can keep up with the adversaries they're never going to get ahead of them so look i know this topic is a bit off our normal swim lane but we think this is so important and no people that have been victimized so we wanted to call your attention to the exposure and try to get you to take some action even if it's baby steps so let's summarize you really want to begin by understanding where your credentials have been compromised because i promise they have been just look at your phone or look into your browser and see those recommendations and you're going to go whoa i got to get on this at least i hope you do that now you want to block out an entire day to focus on this and dig into it in order to protect you or your and your family's assets there's a lot of stake here and look one day is not going to kill you it's worth it then you want to begin building those three layers that we showed you choose a private email that is secure quote-unquote quote-unquote research the password manager that's find the one that's going to work for you do you want one that's web-based or an app that you download how does the password manager authenticate what do the reviews say how much does it cost don't rush into this you may want to test this out on a couple of low risk systems before fully committing because if you screw it up it's really a pain to unwind so don't rush into it then you want to figure out how to use your non-sms based two-factor authentication apps and identify which assets you want to protect you don't want to protect everything do you really care about your credentials on a site where you signed up years ago and never use it anymore it doesn't have any credit cards in it just delete it from your digital life and focus on your financial accounts your crypto and your sites where your credit card or other sensitive information lives and can be stolen also it's important to understand which institutions utilize which authentication methods really important that you make sure to document everything and air gap the most sensitive credentials and finally you're going to have to keep iterating and improving your security because this is a moving target you will never be 100 protected unfortunately this isn't a one-shot deal you're going to do a bunch of work it's hard but it's important work you're going to maintain your password you're going to change them every now and then maybe every few months six months maybe once a year whatever whatever is right for you and then a couple years down the road maybe two or three years down the road you might have to implement an entirely new system using the most modern tooling which we believe is going to be cloud-based or you could just ignore it and see what happens okay that's it for now thanks to the community for your comments and input and thanks again to jason floyer whose analysis around this topic was extremely useful remember i publish each week on wikibon.com and siliconangle.com these episodes are all available as podcasts all you can do is research breaking analysis podcasts or you can always connect on twitter i'm at d vallante or email me at david.velante siliconangle.com of course i always appreciate the comments on linkedin and clubhouse follow me so you're notified when we start a room and riff on these topics don't forget to check out etr.plus for all the survey data this is dave vellante for the cube insights powered by etr be well and we'll see you next time

>>from around the globe. It's the Cube with digital coverage of AWS reinvent 2020 sponsored by Intel, AWS and our community partners. >>Hello and welcome back to the cubes Virtual coverage of AWS reinvent 2020. Um, John for your host with a cube virtual were not there in person, but we're gonna do it our job with the best remote we possibly can. Where? Wall to wall coverage on the AWS reinvent site as well as on demand on the Cube. Three new 3 65 platform. We got some great power panel analysts here to dig in and discuss Partner Day for a W S what it means for the customer. What it means for the enterprise, the buyer, the people trying to figure out who to buy from and possibly new partners. How can they re engineer and reinvent their company to partner better with Amazon, take advantage of the benefits, but ultimately get more sales? We got Tim Crawford, star Beat Joel and Day Volonte, Friends of the Cube. We all know him on Twitter, You guys, the posse, the Cube policy. Thanks for coming on. I'm sure it's good guys entertaining and we're >>hanging out drinking beer. Oh, my God. That'd be awesome. You guys. >>Great to have you on. I wanted to bring you on because it's unique. Cross section of perspectives. And this isn't This is from the end user perspective. And, Tim, you've been talking about the c x o s for years. You expert in this? Sorry. You're taking more from a cloud perspective. You've seen the under the hood. What's happening? Let's all put it together. If your partner Okay, first question to the group. I'm a partner. Do I win with Amazon, or do I lose with Amazon? First question. >>Yeah, I'll jump in. I'll say, you know, regardless you win, you win with Amazon. I think there's a lot of opportunity for partners with Amazon. Um, you have to pick your battles, though. You have to find the right places where you can carve out a space that isn't too congested but also isn't really kind of fettered with a number of incumbents. And so if you're looking at the enterprise space, I think that there is a ton of potential because, let's face it, >>Amazon >>doesn't have all of the services packaged in a way that the enterprise can consume. And I think that leaves a lot of fertile ground for s eyes and I SVS to jump in and be able to connect those dots so I'd say it's win, win >>start be if you're like a so cohesively onstage. Jackson's coming out talking about China, the chips and data. If you're like a vendor and I s V you're a startup or your company trying to reinvent How do you see Amazon as a partner? >>Yeah, I see Amazon as a big market for me. You know, it increased my sort of tam, if you will. Uh, the one big sort off trend is that the lines between technology providers and service providers are blurred. Actually, it's flipping. I believe it will flip at some time. We will put consume technology from service providers, and they are becoming technology providers. Actually, they're not just being pipe and power kind of cloud. They are purely software, very high sort of highly constructed machinery, if you will. Behind the scenes with software. >>That's >>what Amazon is, uh, big machine. If you are, and you can leverage that and then you can help your customers achieve their business called as a partner. I think's the women and the roll off. Actually, Assize is changing, I believe a size. Well, I thought they were getting slow, sidetracked by the service providers. But now they have to actually change their old the way they they used to get these, you know, shrink wrap software, and then install and configure and all that stuff. Now it's in a cloud >>on >>they have to focus a little more on services, and and some of the s eyes are building tools for multi cloud consumption and all that. So things are changing under under this whole big shift to go out. >>I mean, I think if you're in S I and you're lifting and shifting, you make a few bucks and helping people do that deal with the tech. But I think we're the rial. Money is the business transformation, and you find the technology is there, it's it's another tool in the bag. But if you can change your operating model, that's gonna drive telephone numbers to the bottom line. That's a boardroom discussion, and that's where the real dollars are for s eyes. That's like that's why guys like Accent you're leading leading into the cloud Big time >>e think I think you're absolutely right, David. I think that's that's one aspect that we have to kind of call out is you can be one of those partners that is focused on the transaction and you'll be successful doing that. But you're absolutely right. If you focus on the long game. I think that is just like I said, completely fertile ground. And there are a lot of opportunities because historically Amazon was ah was a Lego parts, uh, type of cloud provider, right? They provided you with the basic building blocks, which is great for Web scale and startups not so good for enterprise. And so now Amazon is starting to put together in package part, so it's more consumable by enterprises. But you still need that help. And as Sarpy just mentioned, you also have to consider that Amazon is not the only aspect that you're gonna be using. You're gonna be using other providers to. And so I think this again is where partners they pick a primary, and then they also bring in the others where appropriate. >>All right, I want to get into this whole riff. I have a cherry chin on day one. Hey, came on the special fireside chat with me and we talked about, um, cloud errors before cloud Amazon. And now I'll call postcode because we're seeing this kind of whole new, you know, in the cloud kind of generation. And so he said, OK, this pre cloud you had Amazon generation, whereas lift and shift. Ah, lot of hybrid And you have everything is in the cloud like a snowflake kind of thing. And he kind of call it the reptiles versus the amphibians you're on. See your inland, your hybrid, and then you're you're in the water. I mean, so So he kind of went on, Took that another level, meaning that. Okay, this is always gonna be hybrid. But there's a unique differentiation for being all in the cloud. You're seeing different patterns. Amazon certainly has an advantage. See, Dev Ops guru, that's just mining the data of their entire platform and saying Okay, Yeah, do this. There's advantages for being in the cloud that aren't available. Hybrid. So amphibian on land and sea hybrid. And then in the cloud. How do you guys see that if you're a partner. You wanna be on the new generation. What's the opportunity to capture value? He has hybrid certainly coexist. But in the new era, >>remember Scott McNealy used to talk about car makers and car dealers. And of course, Sun's gone. But he used to say, We want to be a carmaker. Car dealers. They got big houses and big boats, but we're gonna be a carmaker. Oh, I think it's some similarities here. I mean, there's a lot of money to be made as a as a car dealer. But you see, companies like Dell, H P E. You know, they want to be carmakers. Obviously Google Microsoft. But there are gonna be a lot of successful really big carmakers in this game. >>Yeah, I believe I believe I always call it Amazon Is the makers cloud right, So they are very developer friendly. They were very developer friendly for startups. Uh, a stem said earlier, but now they are very developer, friendly and operations friendly. Now, actually, in a way for enterprises, I believe, and that the that well, the jerry tend to sort of Are you all all in cloud are sitting just in the dry land. Right now, I think every sort off organization is in a different sort off mature, at different maturity level. But I think we're going all going towards a technology consumption as a service. Mostly, I think it will be off Prem. It can be on Prem in future because off age and all that. And on that note, I think EJ will be dominated by Tier one cloud providers like crazy people who think edge will be nominally but telcos and all that. I think they're just, uh, if >>I made Thio, if I may interject for a second for the folks watching, that might not be old enough to know who Scott McNealy is. He's the founder of Sun Microsystems, which was bought by Oracle years ago. Yeah, basically, because many computer, there's a lot of young kids out there that even though Scott McNealy's But remember, >>do your homework, Scott, you have to know who Scott Scott McNealy >>also said, because Bill Gates was dominant. Microsoft owns the tires and the gas to, and they want to own the road. So remember Microsoft was dominating at that time. So, Tim Gas data is that I mean, Amazon might have everything there. >>I was gonna go back to the to the comment. You know, McNeely came out with some really, really good analogies over his tenure. Um, it's son and you know, son had some great successes. But unfortunately, Cloud is not as simplistic as buying a car and having the dealership and the ecosystem of gas and tires. And the rest you have to think about the toll journey. And that journey is incredibly complicated, especially for the enterprise that's coming from legacy footprints, monolithic application stacks and trying to understand how to make that transition. It's almost it's almost, in a way mawr analogous to your used to riding a bike, and now you're gonna operate a semi. And so how do you start to put all of the pieces into place to be able to make that transition? And it's not trivial. You have to figure out how your culture changes, how your processes changes. There are a lot of connected parts. It's not a simple as the ecosystem of tires and gas. We have to think about how that data stream fits in with other data streams where analytics are gonna be done. What about tying back to that system of record that is going to stay on the legacy platform. Oh, and by the way, some of that has to still stay on Prem. It can't move to the cloud yet. So we have this really complicated, diverse environment that we have to manage, and it's only getting more complicated. And I think that's where the opportunity comes in for the size and s visas. Step into that. Understand that journey, understand the transitions. I don't believe that enterprises, at least in the near term, let alone short term, will be all in cloud. I think that that's more of a fantasy than reality. There is a hybrid state that that is going to be transitory for some period of time, and that's where the big opportunity is. >>I think you're right on time. I think just to double down on that point, just to bring that to another level is Dave. Remember back in the days when PCs where the boom many computers with most clients there was just getting started? There was a whole hype cycle on hard drives, right? Hard drives were the thing. Now, if you look out today, there's more. Observe, ability, startups and I could count, right? So to Tim's point, this monolithic breakdown and component izing decomposing, monolithic APs or environments with micro services is complex. So, to me, the thing that I see is that that I could relate to is when I was breaking in in the eighties, you had the mainframes. Is being the youngun I'm like, Okay, mainframes, old monolithic client server is a different paradigm thing. You had, uh, PCs and Internet working. I think all that change is happening so fast right now. It's not like over 10 years to Tim's points, like mainframes to iPhones. It's happening in like three years. Imagine crunching all that complexity and change down to a short window. I think Amazon has kind of brought that. I'm just riffing on that, But >>yeah, you're absolutely right, John. But I think there's another piece and we can use a very specific example to show this. But another piece that we have to look at is we're trying to simplify that environment, and so a good place to simplify that is when we look at server lis and specifically around databases, you know, historically, I had to pick the database architecture that the applications would ride on. Then I have to have the infrastructure underneath and manage that appropriately so that I have both the performance a swell, a security as well as architecture. Er and I have to scale that as needed. Today, you can get databases of service and not have to worry about the underpinnings. You just worry about the applications and how those data streams connect to other data streams. And so that's the direction that I think things were going is, and we see this across the enterprise we're looking for. Those packaged package might be a generalized term, but we're looking for um, or packaged scenario and opportunity for enterprises rather than just the most basic building blocks. We have to start putting together the preformed applications and then use those as larger chunks. And >>this is the opportunity for a size I was talking before about business transformation. If you take, take Tim's database example, you don't need somebody anymore. Toe, you know, set up your database to tune it. I mean, that's becoming autonomous. But if you think about the way data pipelines work in the way organizations are structured where everything because it goes into this monolithic data lake or and and And it's like generic content coming in generic data where the business owner has to get in line and beg a data scientist or quality engineered or thio ingest a new data source. And it's just like the old data warehouse days where I think there's tremendous opportunities for s eyes to go in a completely re architect. The data model. Sergeant, This is something you and I were talking about on Twitter. It's That's why I like what snowflakes doing. It's kind of a AWS is trying to do with lasted glue views, but there's a whole business transformation opportunity for s eyes, which I just think is huge. Number l >>e all talk. Go ahead. Sorry. Yeah, >>I think we >>all talk, but we know we all agree on one thing that the future is hybrid for at least for next. You know, 10 years, if not more. Uh, hybrid is hard. The data proximity is, uh, very important. That means Leighton see between different workloads, right? That's super important. And I talk about this all the time and almost in every conversation I have about about. It's just scenario, is that there three types of applications every every enterprise systems or fractured systems, systems of engagement and the systems of innovation and my theory of cloud consumption tells me that sooner or later, systems off record. We'll move into SAS SAS world. That's that's how I see it. There's no other way around, I believe, and the systems off engagement or systems off differentiation something and call it. They will leverage a lot off platforms, the service and in that context context, I have said it many times the to be a best of the breed platform. As a service, you have to be best off the breed, um, infrastructure as a service provider. And that's Amazon. And that is that's also a zero to a certain extent, and then and and Google is trying to do that, too. So the feature sort off gap between number one cloud and two and three is pretty huge. I believe I think Amazon is doing great data democratization through several less. I just love serving less for that Several things over. Unless there is >>a winning formula is no doubt about several times I totally agree. But I think one of the things that I miss it has done is they've taken server lists. They brought their putting all the I as and the chips, and they're moving all the value up to the service layer, which gives them the advantage over others. Because everyone else is trying to compete down here. They're gonna be purpose built. If you look what Apple is doing with the chips and what the Amazon is doing, they're gonna kind of have this chip to chip scenario and then the middle. Where in between is the container ization, the micro services and Lambda? So if you're a developer, you approach is it's programmable at that point that could that could be a lock spec. I think for Amazon, >>it absolutely could be John. But I think there's another aspect here that we have to touch on, especially as we think about partners and where the opportunities come in. And that is that We often talk about non cloud to cloud right, how to get from on Prem to cloud. But the piece that you also have thio bring into the conversation is Theo edge to cloud continuum and So I think if you start to look at some of the announcements this week from AWS, you start looking at some of the new instance types uh, that are very ai focused. You look at the two new form factors for outposts, which allows you to bring cloud to a smaller footprint within an on premise premises, situation, uh, different local zones. And then Thea other piece that I think is really interesting is is their announcements around PCs and eks anywhere being able to take cloud in kubernetes, you know, across the board. And so the challenge here is, as I mentioned earlier, complexity is paramount. It's concern for enterprises just moving to cloud. You start layering in the edge to cloud continuum, and it just it gets exponentially more complicated. And so Amazon is not going to be the one to help you go through that. Not because they can't, but frankly, just the scale of help that is going to be needed amongst enterprises is just not there. And so this is really where I think the opportunity lies for the s eyes and I SVS and partners. You >>heard how Jassy defined hybrid John in the article that you wrote when you did your one on one with him, Tim and the in the analyst call, you answered my question and then I want to bring in Antonio near his comment. But Jassy basically said, Look, we see the cloud bring We're gonna bring a W s to the edge and we see data centers. This is another edge node and San Antonio Neary after HP is pretty good quarter uh came out and said, Well, we heard the public cloud provider talking about hybrid welcome, you know? >>Yeah, they were going and then getting here jumped on that big time. But we'll be looking hybrid. Tim nailed The complexity is the is the evil is friction is a friction area. If the complexity could be mastered by the edge provider closest to the customer, that's gonna be valuable, um, for partners. And then we can do that. Amazon's gonna have to continue to remove the friction and putting that together, which is why I'm nervous about their channel partners. Because if I'm a partner, I asked myself, How do I make money with Amazon? Right? At the end of the day, it's money making right. So how can I be successful? Um, not gonna sell more in the marketplace. Will the customer consumer through there? Is it friction or is a complex So this notion of complexity and friction becomes a double edged sword Tim on both sides. So we have five minutes left. Let's talk about the bottom side Complexity, >>friction. So you're absolutely right, John. And you know, the other thing that that I would say is for the partner, you have to look beyond what Amazon is selling today. Look at where the customers are going. And you know, David, I think you and I were both in an analyst session with Andy Jassy several years ago where one of the analysts asked the question. So you know, what's your perspective on Hybrid Cloud? In his response, candidly was, while we have this particular service and really, what he was talking to is a service that helps you on board to Amazon's public cloud. There was there was not an acknowledgment of hybrid cloud at the time, But look at how things have changed just in a short few years, and I understand where Jassy is coming from, but this is just exemplifies the fact that if you're a partner, you have to look beyond what Amazon is saying and think toe how the customer is evolving, how the enterprise is evolving and get yourself ahead of them. That will position you best for both today. And as you're building for the future. >>That's a great point, Dave. Complexity on buying. I'm a customer. You can throw me a marketplace all you want, but if I'm not gonna be tied into my procurement, how I'm consuming technology. Tim's point. Amazon isn't the only game in town. I got other suppliers. >>Yeah, well, certainly for some technology suppliers, they're basically could bring their on prem estate if it's big enough into the cloud. Uh, you know what is big enough? That's the big question here. You know, our guys like your red hats big enough. Okay, we know that Nutanix pure. They're sort of the next layer down. Can they do? They have enough of a customer base that they could bring into the cloud, create that abstraction layer, and then you got the born in the cloud guy Snowflake, Colombia or two good examples. Eso They've got the technology partners and then they're the size and consultants. And again, I see that is the really big opportunity is 10 points out? Amazon is acknowledging that hybrid Israel in in a newly defined way, they're going out to the edge, find you wanna call data center the edge. How are they going to support those installations? How are they gonna make sure that they're running properly? That they're connected to the business process? Those air That's s I whitespace. Huge. >>Guys, we have to wrap it up right now. But I just end on, you know, we'll get everyone go A little lightning around quick soundbite on the phrase with him, which stands for what's in it from me. So if I'm a partner, I'm a customer. I look at Amazon, I think. What's in it for me? Yeah. What a za customer like what do I get out of this? >>Yeah, having done, like more than 100 data center audits, and I'm seeing what mess up messes out there and having done quite a few migrations to cloud migrations of the messy messages piece, right? And it doesn't matter if you're migrating 10% or 20 or 30 it doesn't matter that how much you're migrating? It's a messy piece, and you cannot do with our partners that work. Actually, you need that. Know how you need to infuse that that education into into your organization, how to consume cloud, how toe make sense of it, how you change your processes and how you train your people. So it touches all the products, people and processes. So on three years, you gotta have partners on your side to make it >>so Hey, I'll go quick. And, Tim, you give you the last word. Complexity is cash. Chaos is cash. Follow the complexity. You'll make cash. >>Yeah, you said it, David. I think anyway, that you can help an enterprise simplify. And if you're the enterprise, if you're the customer, look for those partners. They're gonna help you simplify the journey over time. That's where the opportunity really lies. >>Okay, guys, Expert power panel here on Cuba live program, part of AWS reinvent virtual coverage, bringing you all the analysis from the experts. Digital transformations here. What's in it for me is a partner and customer. Help me make some money, master complexity and serve my customer. Mister Cube. Thanks for watching >>que Yeah, from around the globe. It's the cute