(upbeat music) >> Hello everyone, welcome back to theCUBE's coverage of Cloud Native SecurityCon North America 2023. Obviously, CUBE's coverage with our CUBE Center Report. We're not there on the ground, but we have folks and our CUBE Alumni there. We have entrepreneurs there. Of course, we want to be there in person, but we're remote. We've got Ben Hirschberg, CTO and Co-Founder of Armo, a cloud native security startup, well positioned in this industry. He's there in Seattle. Ben, thank you for coming on and sharing what's going on with theCUBE. >> Yeah, it's great to be here, John. >> So we had written on you guys up on SiliconANGLE. Congratulations on your momentum and traction. But let's first get into what's going on there on the ground? What are some of the key trends? What's the most important story being told there? What is the vibe? What's the most important story right now? >> So I think, I would like to start here with the I think the most important thing was that I think the event is very successful. Usually, the Cloud Native Security Day usually was part of KubeCon in the previous years and now it became its own conference of its own and really kudos to all the organizers who brought this up in, actually in a short time. And it wasn't really clear how many people will turn up, but at the end, we see a really nice turn up and really great talks and keynotes around here. I think that one of the biggest trends, which haven't started like in this conference, but already we're talking for a while is supply chain. Supply chain is security. I think it's, right now, the biggest trend in the talks, in the keynotes. And I think that we start to see companies, big companies, who are adopting themselves into this direction. There is a clear industry need. There is a clear problem and I think that the cloud native security teams are coming up with tooling around it. I think for right now we see more tools than adoption, but the adoption is always following the tooling. And I think it already proves itself. So we have just a very interesting talk this morning about the OpenSSL vulnerability, which was I think around Halloween, which came out and everyone thought that it's going to be a critical issue for the whole cloud native and internet infrastructure and at the end it turned out to be a lesser problem, but the reason why I think it was understood that to be a lesser problem real soon was that because people started to use (indistinct) store software composition information in the environment so security teams could look into, look up in their systems okay, what, where they're using OpenSSL, which version they are using. It became really soon real clear that this version is not adopted by a wide array of software out there so the tech surface is relatively small and I think it already proved itself that the direction if everyone is talking about. >> Yeah, we agree, we're very bullish on this move from the Cloud Native Foundation CNCF that do the security conference. Amazon Web Services has re:Invent. That's their big show, but they also have re:Inforce, the security show, so clearly they work together. I like the decoupling, very cohesive. But you guys have Kubescape of Kubernetes security. Talk about the conversations that are there and that you're hearing around why there's different event what's different around KubeCon and CloudNativeCon than this Cloud Native SecurityCon. It's not called KubeSucSecCon, it's called Cloud Native SecurityCon. What's the difference? Are people confused? Is it clear? What's the difference between the two shows? What are you hearing? >> So I think that, you know, there is a good question. Okay, where is Cloud Native Computing Foundation came from? Obviously everyone knows that it was somewhat coupled with the adoption of Kubernetes. It was a clear understanding in the industry that there are different efforts where the industry needs to come together without looking be very vendor-specific and try to sort out a lot of issues in order to enable adoption and bring great value and I think that the main difference here between KubeCon and the Cloud Native Security Conference is really the focus, and not just on Kubernetes, but the whole ecosystem behind that. The way we are delivering software, the way we are monitoring software, and all where Kubernetes is only just, you know, maybe the biggest clog in the system, but, you know, just one of the others and it gives great overview of what you have in the whole ecosystem. >> Yeah, I think it's a good call. I would add that what I'm hearing too is that security is so critical to the business model of every company. It's so mainstream. The hackers have a great business model. They make money, their costs are lower than the revenue. So the business of hacking in breaches, ransomware all over the place is so successful that they're playing offense, everyone's playing defense, so it's about time we can get focus to really be faster and more nimble and agile on solving some of these security challenges in open source. So I think that to me is a great focus and so I give total props to the CNC. I call it the event operating system. You got the security group over here decoupled from the main kernel, but they work together. Good call and so this brings back up to some of the things that are going on so I have to ask you, as your startup as a CTO, you guys have the Kubescape platform, how do you guys fit into the landscape and what's different from your tools for Kubernetes environments versus what's out there? >> So I think that our journey is really interesting in the solution space because I think that our mode really tries to understand where security can meet the actual adoption because as you just said, somehow we have to sort out together how security is going to be automated and integrated in its best way. So Kubescape project started as a Kubernetes security posture tool. Just, you know, when people are really early in their adoption of Kubernetes systems, they want to understand whether the installation is is secure, whether the basic configurations are look okay, and giving them instant feedback on that, both in live systems and in the CICD, this is where Kubescape came from. We started as an open source project because we are big believers of open source, of the power of open source security, and I can, you know I think maybe this is my first interview when I can say that Kubescape was accepted to be a CNCF Sandbox project so Armo was actually donating the project to the CNCF, I think, which is a huge milestone and a great way to further the adoption of Kubernetes security and from now on we want to see where the users in Armo and Kubescape project want to see where the users are going, their Kubernetes security journey and help them to automatize, help them to to implement security more fast in the way the developers are using it working. >> Okay, if you don't mind, I want to just get clarification. What's the difference between the Armo platform and Kubescape because you have Kubescape Sandbox project and Armo platform. Could you talk about the differences and interaction? >> Sure, Kubescape is an open source project and Armo platform is actually a managed platform which runs Kubescape in the cloud for you because Kubescape is part, it has several parts. One part is, which is running inside the Kubernetes cluster in the CICD processes of the user, and there is another part which we call the backend where the results are stored and can be analyzed further. So Armo platform gives you managed way to run the backend, but I can tell you that backend is also, will be available within a month or two also for everyone to install on their premises as well, because again, we are an open source company and we are, we want to enable users, so the difference is that Armo platform is a managed platform behind Kubescape. >> How does Kubescape differ from closed proprietary sourced solutions? >> So I can tell you that there are closed proprietary solutions which are very good security solutions, but I think that the main difference, if I had to pick beyond the very specific technicalities is the worldview. The way we see that our user is not the CISO. Our user is not necessarily the security team. From our perspective, the user is the DevOps and the developers who are working on the Kubernetes cluster day to day and we want to enable them to improve their security. So actually our approach is more developer-friendly, if I would need to define it very shortly. >> What does this risk calculation score you guys have in Kubscape? That's come up and we cover that in our story. Can you explain to the folks how that fits in? Is it Kubescape is the platform and what's the benefit, what's the purpose? >> So the risk calculation is actually a score we are giving to clusters in order for the users to understand where they are standing in the general population, how they are faring against a perfect hardened cluster. It is based on the number of different tests we are making. And I don't want to go into, you know, the very specifics of the mathematical functions, but in general it takes into account how many functions are failing, security tests are failing inside your cluster. How many nodes you are having, how many workloads are having, and creating this number which enables you to understand where you are standing in the global, in the world. >> What's the customer value that you guys pitching? What's the pitch for the Armo platform? When you go and talk to a customer, are they like, "We need you." Do they come to you? Is it word of mouth? You guys have a strategy? What's the pitch? What's so appealing to the customers? Why are they enthusiastic about you guys? >> So John, I can tell you, maybe it's not so easy to to say the words, but I nearly 20 years in the industry and though I've been always around cyber and the defense industry and I can tell you that I never had this journey where before where I could say that the the customers are coming to us and not we are pitching to customers. Simply because people want to, this is very easy tool, very very easy to use, very understandable and it very helps the engineers to improve security posture. And they're coming to us and they're saying, "Well, awesome, okay, how we can like use it. Do you have a graphical interface?" And we are pointing them to the Armor platform and they are falling in love and coming to us even more and we can tell you that we have a big number of active users behind the platform itself. >> You know, one of the things that comes up every time at KubeCon and Cloud NativeCon when we're there, and we'll be in Amsterdam, so folks watching, you know, we'll see onsite, developer productivity is like the number one thing everyone talks about and security is so important. It's become by default a blocker or anchor or a drag on productivity. This is big, the things that you're mentioning, easy to use, engineering supporting it, developer adoption, you know we've always said on theCUBE, developers will be the de facto standards bodies by their choices 'cause developers make all the decisions. So if I can go faster and I can have security kind of programmed in, I'm not shifting left, it's just I'm just having security kind of in there. That's the dream state. Is that what you guys are trying to do here? Because that's the nirvana, everyone wants to do that. >> Yeah, I think your definition is like perfect because really we had like this, for a very long time we had this world where we decoupled security teams from developers and even for sometimes from engineering at all and I think for multiple reasons, we are more seeing a big convergence. Security teams are becoming part of the engineering and the engineering becoming part of the security and as you're saying, okay, the day-to-day world of developers are becoming very tangled up in the good way with security, so the think about it that today, one of my developers at Armo is creating a pull request. He's already, code is already scanned by security scanners for to test for different security problems. It's already, you know, before he already gets feedback on his first time where he's sharing his code and if there is an issue, he already can solve it and this is just solving issues much faster, much cheaper, and also you asked me about, you know, the wipe in the conference and we know no one can deny the current economic wipe we have and this also relates to security teams and security teams has to be much more efficient. And one of the things that everyone is talking, okay, we need more automation, we need more, better tooling and I think we are really fitting into this. >> Yeah, and I talked to venture capitalists yesterday and today, an angel investor. Best time for startup is right now and again, open source is driving a lot of value. Ben, it's been great to have you on and sharing with us what's going on on the ground there as well as talking about some of the traction you have. Just final question, how old's the company? How much funding do you have? Where you guys located? Put a plug in for the company. You guys looking to hire? Tell us about the company. Were you guys located? How much capital do you have? >> So, okay, the company's here for three years. We've passed a round last March with Tiger and Hyperwise capitals. We are located, most of the company's located today in Israel in Tel Aviv, but we have like great team also in Ukraine and also great guys are in Europe and right now also Craig Box joined us as an open source VP and he's like right now located in New Zealand, so we are a really global team, which I think it's really helps us to strengthen ourselves. >> Yeah, and I think this is the entrepreneurial equation for the future. It's really great to see that global. We heard that in Priyanka Sharma's keynote. It's a global culture, global community. >> Right. >> And so really, really props you guys. Congratulations on Armo and thanks for coming on theCUBE and sharing insights and expertise and also what's happening on the ground. Appreciate it, Ben, thanks for coming on. >> Thank you, John. >> Okay, cheers. Okay, this is CUB coverage here of the Cloud Native SecurityCon in North America 2023. I'm John Furrier for Lisa Martin, Dave Vellante. We're back with more of wrap up of the event after this short break. (gentle upbeat music)

>>Set restaurants. And who says TEUs had got a little ass more skin in the game for us, in charge of his destiny? You guys are excited. Robert Worship is Chief Alumni. >>My name is Dave Ante, and I'm a long time industry analyst. So when you're as old as I am, you've seen a lot of transitions. Everybody talks about industry cycles and waves. I've seen many, many waves. Met a lot of industry executives and of a little bit of a, an industry historian. When you interview many thousands of people, probably five or 6,000 people as I have over the last half of a decade, you get to interact with a lot of people's knowledge and you begin to develop patterns. And so that's sort of what I bring is, is an ability to catalyze the conversation and, you know, share that knowledge with others in the community. Our philosophy is everybody's expert at something. Everybody's passionate about something and has real deep knowledge about that's something well, we wanna focus in on that area and extract that knowledge and share it with our communities. This is Dave Ante. Thanks for watching the Cube. >>Hello everyone and welcome back to the Cube where we are streaming live this week from CubeCon. I am Savannah Peterson and I am joined by an absolutely stellar lineup of cube brilliance this afternoon. To my left, a familiar face, Lisa Martin. Lisa, how you feeling? End of day two. >>Excellent. It was so much fun today. The buzz started yesterday, the momentum, the swell, and we only heard even more greatness today. >>Yeah, yeah, abs, absolutely. You know, I, I sometimes think we've hit an energy cliff, but it feels like the energy is just >>Continuous. Well, I think we're gonna, we're gonna slide right into tomorrow. >>Yeah, me too. I love it. And we've got two fantastic analysts with us today, Sarge and Keith. Thank you both for joining us. We feel so lucky today. >>Great being back on. >>Thanks for having us. Yeah, Yeah. It's nice to have you back on the show. We were, had you yesterday, but I miss hosting with you. It's been a while. >>It has been a while. We haven't done anything in since, Since pre >>Pandemic, right? Yeah, I think you're >>Right. Four times there >>Be four times back in the day. >>We, I always enjoy whole thing, Lisa, cuz she's so well prepared. I don't have to do any research when I come >>Home. >>Lisa will bring up some, Oh, sorry. Jeep, I see that in 2008 you won this award for Yeah. Being just excellent and I, I'm like, Oh >>Yeah. All right Keith. So, >>So did you do his analysis? >>Yeah, it's all done. Yeah. Great. He only part, he's not sitting next to me too. We can't see it, so it's gonna be like a magic crystal bell. Right. So a lot of people here. You got some stats in terms of the attendees compared >>To last year? Yeah, Priyanka told us we were double last year up to 8,000. We also got the scoop earlier that 2023 is gonna be in Chicago, which is very exciting. >>Oh, that is, is nice. Yeah, >>We got to break that here. >>Excellent. Keith, talk to us about what some of the things are that you've seen the last couple of days. The momentum. What's the vibe? I saw your tweet about the top three things you were being asked. Kubernetes was not one of them. >>Kubernetes were, was not one of 'em. This conference is starting to, it, it still feels very different than a vendor conference. The keynote is kind of, you know, kind of all over the place talking about projects, but the hallway track has been, you know, I've, this is maybe my fifth or sixth CU con in person. And the hallway track is different. It's less about projects and more about how, how do we adjust to the enterprise? How do we Yes. Actually do enterprise things. And it has been amazing watching this community grow. I'm gonna say grow up and mature. Yes. You know, you know, they're not wearing ties yet, but they are definitely understanding kind of the, the friction of implementing new technology in, in an enterprise. >>Yeah. So ge what's your, what's been your take, We were with you yesterday. What's been the take today to take aways? >>NOMA has changed since yesterday, but a few things I think I, I missed talking about that yesterday were that, first of all, let's just talk about Amazon. Amazon earnings came out, it spooked the market and I think it's relevant in this context as well, because they're number one cloud provider. Yeah. And all, I mean, almost all of these technologies on the back of us here, they are related to cloud, right? So it will have some impact on these. Like we have to analyze that. Like will it make the open source go faster or slower in, in lieu of the fact that the, the cloud growth is slowing. Right? So that's, that's one thing that's put that's put that aside. I've been thinking about the, the future of Kubernetes. What is the future of Kubernetes? And in that context, I was thinking like, you know, I think in, when I put a pointer there, I think in tangents, like, what else is around this thing? So I think CN CNCF has been writing the success of Kubernetes. They are, that was their number one flagship project, if you will. And it was mature enough to stand on its own. It it was Google, it's Google's Borg dub da Kubernetes. It's a genericized version of that. Right? So folks who do tech deep down, they know that, Right. So I think it's easier to stand with a solid, you know, project. But when the newer projects come in, then your medal will get tested at cncf. Right. >>And cncf, I mean they've got over 140 projects Yeah. Right now. So there's definitely much beyond >>Kubernetes. Yeah. So they, I have numbers there. 18 graduated, right, 37 in incubation and then 81 in Sandbox stage. They have three stages, right. So it's, they have a lot to chew on and the more they take on, the less, you know, quality you get goes into it. Who is, who's putting the money behind it? Which vendors are sponsoring like cncf, like how they're getting funded up. I think it >>Something I pay attention to as well. Yeah. Yeah. Lisa, I know you've got >>Some insight. Those are the things I was thinking about today. >>I gotta ask you, what's your take on what Keith said? Are you also seeing the maturation of the enterprise here at at coupon? >>Yes, I am actually, when you say enterprise versus what's the other side? Startups, right? Yeah. So startups start using open source a lot more earlier or lot more than enterprises. The enterprise is what they need. Number one thing is the, for their production workloads, they want a vendor sporting them. I said that yesterday as well, right? So it depend depending on the size of the enterprise. If you're a big shop, definitely if you have one of the 500 or Fortune five hundreds and your tech savvy shop, then you can absorb the open source directly coming from the open source sort of universe right. Coming to you. But if you are the second tier of enterprise, you want to go to a provider which is managed service provider, or it can be cloud service provider in this case. Yep. Most of the cloud service providers have multiple versions of Kubernetes, for example. >>I'm not talking about Kubernetes only, but like, but that is one example, right? So at Amazon you can get five different flavors of Kubernetes, right? Fully manage, have, manage all kind of stuff. So people don't have bandwidth to manage that stuff locally. You have to patch it, you have to roll in the new, you know, updates and all that stuff. Like, it's a lot of work for many. So CNCF actually is formed for that reason. Like the, the charter is to bring the quality to open source. Like in other companies they have the release process and they, the stringent guidelines and QA and all that stuff. So is is something ready for production? That's the question when it comes to any software, right? So they do that kind of work and, and, and they have these buckets defined at high level, but it needs more >>Work. Yeah. So one of the things that, you know, kind of stood out to me, I have good friend in the community, Alex Ellis, who does open Fast. It's a serverless platform, great platform. Two years ago or in 2019, there was a serverless day date. And in serverless day you had K Native, you had Open Pass, you had Ws, which is supported by IBM completely, not CNCF platforms. K native came into the CNCF full when Google donated the project a few months ago or a couple of years ago, now all of a sudden there's a K native day. Yes. Not a serverless day, it's a K native day. And I asked the, the CNCF event folks like, what happened to Serverless Day? I missed having open at serverless day. And you know, they, they came out and said, you know what, K native got big enough. >>They came in and I think Red Hat and Google wanted to sponsor a K native day. So serverless day went away. So I think what what I'm interested in and over the next couple of years is, is they're gonna be pushback from the C against the cncf. Is the CNCF now too big? Is it now the gatekeeper for do I have to be one of those 147 projects, right? In order enough to get my project noticed the open, fast, great project. I don't think Al Alex has any desire to have his project hosted by cncf, but it probably deserves, you know, shoulder left recognition with that. So I'm pushing to happen to say, okay, if this is open community, this is open source. If CNC is the place to have the cloud native conversation, what about the projects that's not cncf? Like how do we have that conversation when we don't have the power of a Google right. Or a, or a Lenox, et cetera, or a Lenox Foundation. So GE what, >>What are your thoughts on that? Is, is CNC too big? >>I don't think it's too big. I think it's too small to handle the, what we are doing in open source, right? So it's a bottle. It can become a bottleneck. Okay. I think too big in a way that yeah, it has, it has, it has power from that point of view. It has that cloud, if you will. The people listen to it. If it's CNCF project or this must be good, it's like in, in incubators. Like if you are y white Combinator, you know, company, it must be good. You know, I mean, may not be >>True, but, >>Oh, I think there's a bold assumption there though. I mean, I think everyone's just trying to do the best they can. And when we're evaluating projects, a very different origin and background, it's incredibly hard. Very c and staff is a staff of 30 people. They've got 180,000 people that are contributing to these projects and a thousand maintainers that they're trying to uphold. I think the challenge is actually really great. And to me, I actually look at events as an illustration of, you know, what's the culture and the health of an organization. If I were to evaluate CNCF based on that, I'd say we're very healthy right now. I would say that we're in a good spot. There's a lot of momentum. >>Yeah. I, I think CNCF is very healthy. I'm, I'm appreciative for it being here. I love coupon. It's becoming the, the facto conference to have this conversation has >>A totally >>Different vibe to other, It's a totally different vibe. Yeah. There needs to be a conduit and truth be told, enterprise buyers, to subject's point, this is something that we do absolutely agree on, on enterprise buyers. We want someone to pick winners and losers. We do, we, we don't want a box of Lego dumped on our, the middle of our table. We want somebody to have sorted that out. So while there may be five or six different service mesh solutions, at least the cncf, I can go there and say, Oh, I'll pick between the three or four that are most popular. And it, it's a place to curate. But I think with that curation comes the other side of it. Of how do we, how, you know, without the big corporate sponsor, how do I get my project pushed up? Right? Elevated. Elevated, Yep. And, and put onto the show floor. You know, another way that projects get noticed is that startups will adopt them, Push them. They may not even be, I don't, my CNCF project may not, my product may not even be based on the CNCF product. But the new stack has a booth, Ford has a booth. Nothing to do with a individual prod up, but promoting open source. What happens when you're not sponsored? >>I gotta ask you guys, what do you disagree on? >>Oh, so what, what do we disagree on? So I'm of the mindset, I can, I can say this, I I believe hybrid infrastructure is the future of it. Bar none. If I built my infrastructure, if I built my application in the cloud 10 years ago and I'm still building net new applications, I have stuff that I built 10 years ago that looks a lot like on-prem, what do I do with it? I can't modernize it cuz I don't have the developers to do it. I need to stick that somewhere. And where I'm going to stick that at is probably a hybrid infrastructure. So colo, I'm not gonna go back to the data center, but I'm, I'm gonna look, pick up something that looks very much like the data center and I'm saying embrace that it's the future. And if you're Boeing and you have, and Boeing is a member, cncf, that's a whole nother topic. If you have as 400 s, hpu X, et cetera, stick that stuff. Colo, build new stuff, but, and, and continue to support OpenStack, et cetera, et cetera. Because that's the future. Hybrid is the future. >>And sub g agree, disagree. >>I okay. Hybrid. Nobody can deny that the hybrid is the reality, not the future. It's a reality right now. It's, it's a necessity right now you can't do without it. Right. And okay, hybrid is very relative term. You can be like 10% here, 90% still hybrid, right? So the data center is shrinking and it will keep shrinking. Right? And >>So if by whole is the data center shrinking? >>This is where >>Quick one quick getting guys for it. How is growing by a clip? Yeah, but there's no data supporting. David Lym just came out for a report I think last year that showed that the data center is holding steady, holding steady, not growing, but not shrinking. >>Who sponsored that study? Wait, hold on. So the, that's a question, right? So more than 1 million data centers have been closed. I have, I can dig that through number through somebody like some organizations we published that maybe they're cloud, you know, people only. So the, when you get these kind of statements like it, it can be very skewed statements, right. But if you have seen the, the scene out there, which you have, I know, but I have also seen a lot of data centers walk the floor of, you know, a hundred thousand servers in a data center. I cannot imagine us consuming the infrastructure the way we were going into the future of co Okay. With, with one caveat actually. I am not big fan of like broad strokes. Like make a blanket statement. Oh no, data center's dead. Or if you are, >>That's how you get those esty headlines now. Yeah, I know. >>I'm all about to >>Put a stake in the ground. >>Actually. The, I think that you get more intelligence from the new end, right? A small little details if you will. If you're golden gold manak or Bank of America, you have so many data centers and you will still have data centers because performance matters to you, right? Your late latency matters for applications. But if you are even a Fortune 500 company on the lower end and or a healthcare vertical, right? That your situation is different. If you are a high, you know, growth startup, your situation is different, right? You will be a hundred percent cloud. So cloud gives you velocity, the, the, the pace of change, the pace of experimentation that actually you are buying innovation through cloud. It's proxy for innovation. And that's how I see it. But if you have, if you're stuck with older applications, I totally understand. >>Yeah. So the >>We need that OnPrem. Yeah, >>Well I think the, the bring your fuel sober, what we agree is that cloud is the place where innovation happens. Okay? At some point innovation becomes legacy debt and you have thus hybrid, you are not going to keep your old applications up to date forever. The, the, the math just doesn't add up. And where I differ in opinion is that not everyone needs innovation to keep moving. They need innovation for a period of time and then they need steady state. So Sergeant, we >>Argue about this. I have a, I >>Love this debate though. I say it's efficiency and stability also plays an important role. I see exactly what you're talking about. No, it's >>Great. I have a counter to that. Let me tell you >>Why. Let's >>Hear it. Because if you look at the storage only, right? Just storage. Just take storage computer network for, for a minute. There three cost reps in, in infrastructure, right? So storage earlier, early on there was one tier of storage. You say pay the same price, then now there are like five storage tiers, right? What I'm trying to say is the market sets the price, the market will tell you where this whole thing will go, but I know their margins are high in cloud, 20 plus percent and margin will shrink as, as we go forward. That means the, the cloud will become cheaper relative to on-prem. It, it, in some cases it's already cheaper. But even if it's a stable workload, even in that case, we will have a lower tier of service. I mean, you, you can't argue with me that the cloud versus your data center, they are on the same tier of services. Like cloud is a better, you know, product than your data center. Hands off. >>I love it. We, we are gonna relish in the debates between the two of you. Mic drops. The energy is great. I love it. Perspective. It's not like any of us can quite see through the crystal ball that we have very informed opinions, which is super exciting. Yeah. Lisa, any last thoughts today? >>Just love, I love the debate as well. That, and that's, that's part of what being in this community is all about. So sharing about, sharing opinions, expressing opinions. That's how it grows. That's how, that's how we innovate. Yeah. Obviously we need the cloud, but that's how we innovate. That's how we grow. Yeah. And we've seen that demonstrated the last couple days and I and your, your takes here on the Cuban on Twitter. Brilliant. >>Thank you. I absolutely love it. I'm gonna close this out with a really important analysis on the swag of the show. Yes. And if you know, yesterday we were looking at what is the weirdest swag or most unique swag We had that bucket hat that took the grand prize. Today we're gonna focus on something that's actually quite cool. A lot of the vendors here have really dedicated their swag to being local to Detroit. Very specific in their sourcing. Sonotype here has COOs. They're beautiful. You can't quite feel this flannel, but it's very legit hand sound here in Michigan. I can't say that I've been to too many conferences, if any, where there was this kind of commitment to localizing and sourcing swag from around the corner. We also see this with the Intel booth. They've got screen printers out here doing custom hoodies on spot. >>Oh fun. They're even like appropriately sized. They had local artists do these designs and if you're like me and you care about what's on your wrist, you're familiar with Shinola. This is one of my favorite swags that's available. There is a contest. Oh going on. Hello here. Yeah, so if you are Atan, make sure that you go and check this out. The we, I talked about this on the show. We've had the founder on the show or the CEO and yeah, I mean Shine is just full of class as since we are in Detroit as well. One of the fun themes is cars. >>Yes. >>And Storm Forge, who are also on the show, is actually giving away an Aston Martin, which is very exciting. Not exactly manufactured in Detroit. However, still very cool on the car front and >>The double oh seven version named the best I >>Know in the sixties. It's love it. It's very cool. Two quick last things. We talk about it a lot on the show. Every company now wants to be a software company. Yep. On that vein, and keeping up with my hat theme, the Home Depot is here because they want everybody to know that they in fact are a technology company, which is very cool. They have over 500,000 employees. You can imagine there's a lot of technology that has to go into keeping Napa. Absolutely. Yep. Wild to think about. And then last, but not at least very quick, rapid fire, best t-shirt contest. If you've ever ran to one of these events, there are a ton of T-shirts out there. I rate them on two things. Wittiest line and softness. If you combine the two, you'll really be our grand champion for the year. I'm just gonna hold these up and set them down for your laughs. Not afraid to commit, which is pretty great. This is another one designed by locals here. Detroit Code City. Oh, love it. This one made me chuckle the most. Kiss my cash. >>Oh, that's >>Good. These are also really nice and soft, which is fantastic. Also high on the softness category is this Op Sarah one. I also like their bird logo. These guys, there's just, you know, just real nice touch. So unfortunately, if you have the fumble, you're not here with us, live in Detroit. At least you're gonna get taste of the swag. I taste of the stories and some smiles hear from those of us on the cube. Thank you both so much for being here with us. Lisa, thanks for another fabulous day. Got it, girl. My name's Savannah Peterson. Thank you for joining us from Detroit. We're the cube and we can't wait to see you tomorrow.

(upbeat music) >> Good afternoon and welcome back to KubeCon. John Furrier and I are live here from theCUBE Studios in Detroit, Michigan. And very excited for an afternoon shock full of content. John, how you holding up day too? >> I'm doing great and got a great content. This episode should be really good. We're going to be talking about modern applications, Red Hat and Konveyor, all the great stuff going on. >> Yes, and it's got a little bit of a community spin, very excited. You know I've been calling out the great Twitter handles of our guests all week and I'm not going to stop now. We have with us Coffee Art Lover, Savitha, and she's joined with Christopher here from Konveyor and Red Hat, welcome to the show. >> Thank you. >> How you doing and what's the vibe? >> The vibe is good. >> Yeah, pretty good. >> Has anything caught your attention? You guys are KubeCon veterans, we were talking about Valencia and shows prior. Anything sticking out to you this year? >> Yeah, just the amount of people here in this like post-COVID it's just so nice to see this many people get together. 'Cause the last couple of KubeCons that we've had they've been good but they've been much smaller and we haven't seen the same presence that we've had. And I feel like we're just starting to get back to normal what we had going like pre-COVID with KubeCon. >> Go ahead. >> Oh, sorry. And for me it's how everyone's like still respectful of everyone else and that's what sticking out to me. Like you go out of the conference center and you cannot see anyone like most or like respecting anyone's space. But here it's still there, it keeps you safe. So I'm super happy to be here. >> Yeah, I love that. I think that plays to the community. I mean, the CNCF community is really special. All these open source projects are layered. You run community at Red Hat so tell us a little bit more about that. >> So I have been focusing on the Konveyor community site for a while now since Konveyor got accepted into the CNCF Sandbox project. Yeah, it's so exciting and it's like I'm so thrilled and I'm so excited for the project. So it's something that I believe in and I do a lot of (indistinct) stuff and I learned a lot from the community. The community is what keeps me coming back to every KubeCon and keep me contributing. So I'm taking all the good stuff from there and then like trying to incorporate that into the conveyor community world. But not at a scale of like 20,000 or like 30,000 people but at a scale of like hundreds, we are in hundreds and hoping to like expand it to like thousands by next year. Hopefully, yeah. >> Talk about the project, give a quick overview what it is, where it's at now, obviously it's got traction, you got some momentum, I want to hear the customer. But give a quick overview of the project. Why are people excited about it? >> Sure. It is one of the open source of modernization tool sets that's available right now. So that's super exciting. So many people want to contribute to it. And what we basically do is like you see a lot of large companies and they want to like do the migration and the journey and we just want to help them, make their life easier. So we are in this environment which is like surrounded by cars, think of it like lane assist system or like think of it as an additional system, smart system but that's not taking control, like full control. But then it's there to like guide you through your journey safe and in a predictable way and you'll reach your destination point in a much happier, safer and like sooner. So that's what we are doing. I know that's a lot of talk but if you want the technical thing then I'll just say like we are here to help everyone who wants to modernize. Help them by refractoring and replatforming their applications in a safer and predictable way at scale. I think I got everything. What do you think Christopher? >> Yeah. I mean, we've seen a real need in the market to solve this problem as more and more companies are looking to go cloud native. And I feel like in the last 10 years we had this period where a lot of companies were kind of dabbling in the cloud and they're identifying the low hanging fruit for their migrations, or they were starting out with new applications in the cloud. We're just starting to move into a period where now they're trying to bring over legacy applications. Now they're trying to bring over the applications that have been running their business for 10, 20, even 30 years. And we're trying to help them solve the problem of how do we start with that? How do we take a holistic look at our applications and come up with a game plan of how we're going to bring those into being cloud native? >> Oh, yeah, go. >> One other thing I want to get to you mentioned replatforming and refactoring. A lot of discussion on what that means now. Refactoring with the cloud, we see a lot of great examples, people really getting a competitive advantage by refactoring in that case. But re-platforming also has meaning, it seems to be evolving. So guys can you share your your thoughts on what's re-platforming versus refactoring? >> I'll let you go. >> So for re-platforming, there's a few different stages that we can do this in. So we have this term in migration called lift and shift. It's basically taking something as is and just plopping it in and then having certain technologies around it that make it act in a similar way as it was before but in more of a cloud type of way. And this is a good way for people to get their feet wet, to get their applications into the cloud. But a lot of times they're not optimized around it, they're not able to scale, they're not able to have a lot of the cost effective things that go with it as well. So that's like the next step is that that's the refactoring. Where we're actually taking apart this idea, these domains is what we would call it for the business. And then breaking them down into their parts which then leads to things like microservices and things like being able to scale horizontally and proving that is. >> So the benefits of the cloud higher level services. >> Absolutely. >> So you shift to the platform which is cloud, lift and shift or get it over there, and then set it up so it can take advantage and increase the functionality. Is that kind of the difference? >> And one thing that we're seeing too is that these companies are operating this hybrid model. So they've brought some containers over and then they have legacy like virtual machines that they want to bring over into the cloud, but they're not in a position right now where they can re refactor or even- >> In position, it's not even on a table yet. >> So that's where we're also seeing opportunities where we can identify ways that we can actually lift and shift that VM closer at least to the containers. And that's where a lot of my conversations as a cloud success architect are of how do we refactor but also re-platform the most strategic candidate? >> So is Konveyor a good fit for these kinds of opportunities? >> Yes, 100%. It actually asks you like it starts certain phases like assessment phase, then it ask you a bunch of question about your infrastructure, applications and everything to gauge, and then provide you with the right strategy. It's not like one strategy. So it will provide you with the right strategy either re-platform, refracture or like what is best, retire, rehost, whatever, but replatform and refactor are the most that we are focused on right now. Hopefully that we might expand but I'm not sure. >> I think you just brought up a really good point and I was curious about this too 'cause Christopher you mentioned you're working with largely Fortune 50 companies, so some of the largest companies on earth. We're not talking about scale, we are talking about extraordinarily large scale. >> Thousands sometimes of applications. >> And I'm thinking a lot, I'm just sitting here listening to you thinking about the complexity. The complexity of each one of these situations. And I'm sure you've seen some of it before, you've been doing this for a while, and you're mentioning that Konveyor has different sorts of strategies. What's the flow like for that? I mean, just even thinking about it feels complex for me sitting here right now. >> Yeah, so typically when we're doing a large scale migration that lasts anywhere for like a year or two sometimes with these Fortune 50 companies. >> Some of this legacy stuff has got to be. >> This is usually when they're already at the point where they're ready to move and we're just there to tell them how to move it at that point. So you're right, there's years that have been going on to get to the point that even I'm involved. But from an assessment standpoint, we spend months just looking at applications and assessing them using tools like Konveyor to just figure out, okay, are you ready to go? Do you have the green light or do we have to pull the brakes? And you're right, so much goes into that and it's all strategic. >> Oh my gosh. >> So I guess, a quarter or a third of our time we're not even actually moving applications, we're assessing the applications and cutting up the strategy. >> That's right, there's many pieces to this puzzle. >> Absolutely. >> And I bet there's some even hidden in the corners under the couch that people forgot were even there. >> We learn new things every time too. Every migration we learn new patterns and new difficulties which is what's great about the community aspect. Because we take those and then we add them into the community, into Konveyor and then we can build off of that. So it's like you're sharing when we're doing those migrations or companies are using Konveyor and sharing that knowledge, we're building off what other people have done, we're expanding that. So there's a real advantage to using a tool like Konveyor when it comes to previous experiences. >> So tell me about some of the trends that you're seeing across the board with the folks that you're helping. >> Yeah, so trends wise like I said, I feel like the low hanging fruit has been already done in the last 10 years. We're seeing very critical like mission critical applications that are typically 10, 20 years old that need to get into the the cloud. Because that term data gravity is what's preventing them from moving into the cloud. And it's usually a large older what we would call monolithic application that's preventing them from moving. And trying to identify the ways that we can take that apart and strategically move it into the cloud. And we had a customer survey that went out to a few hundred different people that were using Konveyor. And the feedback we got was about 50% of them are currently migrating like have large migrations going on like this. And then another 30, 40% have that targeted next two years. >> So it's happening. >> It's happening now. This is a problem, this isn't a problem that we're trying to future proof, it is happening now for most corporations. They are focused on finding ways to be cost optimized and especially in the way our market is working in this post-COVID world, it's more critical than ever. And a lot of people are pouring even though they're cutting back expenses, they're still putting focus their IT for these type of migrations. >> What's the persona of people that you're trying to talk to about Konveyor? Who is out there? >> What's the community like? >> What's the community makeup and why should someone join the team? Why should someone come in and work on the project? >> So someone who is interested or trying to start their journey or someone who's already like going through a journey and someone who has went through the journey, right? They have the most experience of like what went wrong and where it could be improved. So we cater to like everyone out there pretty much, right? Because some point of the time right now it's cloud native right now this is a ecosystem. In five years it would be like totally different thing. So the mission of the project is going to be like similar or like probably same, help someone replatform and rehost things into the next generation of whatever that's going to come. So we need everyone. So that is the focus area or like the targeted audience. Right now we have interest from people who are actually actively ongoing the migration and the challenges that they are facing right now. >> So legacy enterprises that up and running, full workloads, multiple productions, hundreds and hundreds of apps, whose boss has said, "We're going to the cloud." And they go, oh boy. How do we do this? Lift and shift, get re-platform? There's a playbook, there's a method. You lift and shift, you get it in there, get the core competency, use some manage service restitch it together, go cloud native. So this is the cloud native roadmap. >> And the beauty of Konveyor is that it also gives you like plans. So like once it assists and analyzed it, it comes up with plans and reports so that you can actually take it to your management and say like, well, let's just target these, these and many application, X number of application in like two weeks. Now let's just do it in waves. So that is some feature that we are looking forward to in conveyor three which is going to be released in the first quarter of 2023. So it's exciting, right? >> It is exciting and it makes a lot of sense. >> It makes everyone happy, it makes the engineers happy. Don't have to be overworked. It also like makes the architects like Chris happy and it also makes- >> Pretty much so. >> As exemplified right here, love that. >> It makes the management happy because they see that there is like progress going on and they can like ramp it up or wrap it down holiday season. Do not touch prediction, right? Do not touch prediction. >> You hear that manager, do not touch production. >> It's also friendships too 'cause people want to be in a tribe that's experiencing the same things over and over again. I think that is really the comradery and the community data sharing. >> Yeah, that's the beauty of community, right? You can be on any number of teams but you are on the same team. Like any number of companies but on the same team. It also like reflected in the keynotes I think yesterday someone mentioned it. Sorry, I cannot recall the name of who mentioned it but it's like different companies, same team, similar goal. We all go through the journey together. >> Water level rises together too. We learn from each other and that's what community is really all about. You can tell folks at home might not be able to feel it but I can. You can tell how community first you both are. Last question for you before we wrap up, is there anything that you wish the world knew about Konveyor that they don't know right now, or more people knew? And if not, your marketing team is nailing it and we'll just give them a high five. >> I think it goes with just what we were talking about. It's not just a tool for individual applications and how to move it, it's how do we see things from a bigger picture? And this is what this tool ultimately is also trying to solve is how do we work together to move hundreds if not thousands of applications? Because it takes a village. >> Quite literally with that volume size. >> My biggest advice to people who are considering this who are in large enterprise or even smaller enterprise. Make sure that you understand this is a team effort. Make sure you're communicating and lessons learned on one team is going to be lessons learned for another team. So share that information. When you're doing migrations make sure that all that knowledge is spread because you're just going to end up repeating the same mistakes over and over again. >> That is a beautiful way to close the show. Savitha, Christopher, thank you so much for being with us. John, always a pleasure. And thank you for tuning into theCUBE live from Detroit. We'll be back with our next interview in just a few. (upbeat music)

(upbeat music) >> Hey guys, welcome back to the show floor of KubeCon + CloudNativeCon '22 North America from Detroit, Michigan. Lisa Martin here with John Furrier. This is day one, John at theCUBE's coverage. >> CUBE's coverage. >> theCUBE's coverage of KubeCon. Try saying that five times fast. Day one, we have three wall-to-wall days. We've been talking about Kubernetes, containers, adoption, cloud adoption, app modernization all morning. We can't talk about those things without addressing security. >> Yeah, this segment we're going to hear container and Kubernetes security for modern application 'cause the enterprise are moving there. And this segment with Red Hat's going to be important because they are the leader in the enterprise when it comes to open source in Linux. So this is going to be a very fun segment. >> Very fun segment. Two guests from Red Hat join us. Please welcome Doron Caspin, Senior Principal Product Manager at Red Hat. Michael Foster joins us as well, Principal Product Marketing Manager and StackRox Community Lead at Red Hat. Guys, great to have you on the program. >> Thanks for having us. >> Thank you for having us. >> It's awesome. So Michael StackRox acquisition's been about a year. You got some news? >> Yeah, 18 months. >> Unpack that for us. >> It's been 18 months, yeah. So StackRox in 2017, originally we shifted to be the Kubernetes-native security platform. That was our goal, that was our vision. Red Hat obviously saw a lot of powerful, let's say, mission statement in that, and they bought us in 2021. Pre-acquisition we were looking to create a cloud service. Originally we ran on Kubernetes platforms, we had an operator and things like that. Now we are looking to basically bring customers in into our service preview for ACS as a cloud service. That's very exciting. Security conversation is top notch right now. It's an all time high. You can't go with anywhere without talking about security. And specifically in the code, we were talking before we came on camera, the software supply chain is real. It's not just about verification. Where do you guys see the challenges right now? Containers having, even scanning them is not good enough. First of all, you got to scan them and that may not be good enough. Where's the security challenges and where's the opportunity? >> I think a little bit of it is a new way of thinking. The speed of security is actually does make you secure. We want to keep our images up and fresh and updated and we also want to make sure that we're keeping the open source and the different images that we're bringing in secure. Doron, I know you have some things to say about that too. He's been working tirelessly on the cloud service. >> Yeah, I think that one thing, you need to trust your sources. Even if in the open source world, you don't want to copy paste libraries from the web. And most of our customers using third party vendors and getting images from different location, we need to trust our sources and we have a really good, even if you have really good scanning solution, you not always can trust it. You need to have a good solution for that. >> And you guys are having news, you're announcing the Red Hat Advanced Cluster Security Cloud Service. >> Yes. >> What is that? >> So we took StackRox and we took the opportunity to make it as a cloud services so customer can consume the product as a cloud services as a start offering and customer can buy it through for Amazon Marketplace and in the future Azure Marketplace. So customer can use it for the AKS and EKS and AKS and also of course OpenShift. So we are not specifically for OpenShift. We're not just OpenShift. We also provide support for EKS and AKS. So we provided the capability to secure the whole cloud posture. We know customer are not only OpenShift or not only EKS. We have both. We have free cloud or full cloud. So we have open. >> So it's not just OpenShift, it's Kubernetes, environments, all together. >> Doron: All together, yeah. >> Lisa: Meeting customers where they are. >> Yeah, exactly. And we focus on, we are not trying to boil the ocean or solve the whole cloud security posture. We try to solve the Kubernetes security cluster. It's very unique and very need unique solution for that. It's not just added value in our cloud security solution. We think it's something special for Kubernetes and this is what Red that is aiming to. To solve this issue. >> And the ACS platform really doesn't change at all. It's just how they're consuming it. It's a lot quicker in the cloud. Time to value is right there. As soon as you start up a Kubernetes cluster, you can get started with ACS cloud service and get going really quickly. >> I'm going to ask you guys a very simple question, but I heard it in the bar in the lobby last night. Practitioners talking and they were excited about the Red Hat opportunity. They actually asked a question, where do I go and get some free Red Hat to test some Kubernetes out and run helm or whatever. They want to play around. And do you guys have a program for someone to get start for free? >> Yeah, so the cloud service specifically, we're going to service preview. So if people sign up, they'll be able to test it out and give us feedback. That's what we're looking for. >> John: Is that a Sandbox or is that going to be in the cloud? >> They can run it in their own environment. So they can sign up. >> John: Free. >> Doron: Yeah, free. >> For the service preview. All we're asking for is for customer feedback. And I know it's actually getting busy there. It's starting December. So the quicker people are, the better. >> So my friend at the lobby I was talking to, I told you it was free. I gave you the sandbox, but check out your cloud too. >> And we also have the open source version so you can download it and use it. >> Yeah, people want to know how to get involved. I'm getting a lot more folks coming to Red Hat from the open source side that want to get their feet wet. That's been a lot of people rarely interested. That's a real testament to the product leadership. Congratulations. >> Yeah, thank you. >> So what are the key challenges that you have on your roadmap right now? You got the products out there, what's the current stake? Can you scope the adoption? Can you share where we're at? What people are doing specifically and the real challenges? >> I think one of the biggest challenges is talking with customers with a slightly, I don't want to say outdated, but an older approach to security. You hear things like malware pop up and it's like, well, really what we should be doing is keeping things into low and medium vulnerabilities, looking at the configuration, managing risk accordingly. Having disparate security tools or different teams doing various things, it's really hard to get a security picture of what's going on in the cluster. That's some of the biggest challenges that we talk with customers about. >> And in terms of resolving those challenges, you mentioned malware, we talk about ransomware. It's a household word these days. It's no longer, are we going to get hit? It's when? It's what's the severity? It's how often? How are you guys helping customers to dial down some of the risk that's inherent and only growing these days? >> Yeah, risk, it's a tough word to generalize, but our whole goal is to give you as much security information in a way that's consumable so that you can evaluate your risk, set policies, and then enforce them early on in the cluster or early on in the development pipeline so that your developers get the security information they need, hopefully asynchronously. That's the best way to do it. It's nice and quick, but yeah. I don't know if Doron you want to add to that? >> Yeah, so I think, yeah, we know that ransomware, again, it's a big world for everyone and we understand the area of the boundaries where we want to, what we want to protect. And we think it's about policies and where we enforce it. So, and if you can enforce it on, we know that as we discussed before that you can scan the image, but we never know what is in it until you really run it. So one of the thing that we we provide is runtime scanning. So you can scan and you can have policy in runtime. So enforce things in runtime. But even if one image got in a way and get to your cluster and run on somewhere, we can stop it in runtime. >> Yeah. And even with the runtime enforcement, the biggest thing we have to educate customers on is that's the last-ditch effort. We want to get these security controls as early as possible. That's where the value's going to be. So we don't want to be blocking things from getting to staging six weeks after developers have been working on a project. >> I want to get you guys thoughts on developer productivity. Had Docker CEO on earlier and since then I had a couple people messaging me. Love the vision of Docker, but Docker Hub has some legacy and it might not, has does something kind of adoption that some people think it does. Are people moving 'cause there times they want to have these their own places? No one place or maybe there is, or how do you guys see the movement of say Docker Hub to just using containers? I don't need to be Docker Hub. What's the vis-a-vis competition? >> I mean working with open source with Red Hat, you have to meet the developers where they are. If your tool isn't cutting it for developers, they're going to find a new tool and really they're the engine, the growth engine of a lot of these technologies. So again, if Docker, I don't want to speak about Docker or what they're doing specifically, but I know that they pretty much kicked off the container revolution and got this whole thing started. >> A lot of people are using your environment too. We're hearing a lot of uptake on the Red Hat side too. So, this is open source help, it all sorts stuff out in the end, like you said, but you guys are getting a lot of traction there. Can you share what's happening there? >> I think one of the biggest things from a developer experience that I've seen is the universal base image that people are using. I can speak from a security standpoint, it's awesome that you have a base image where you can make one change or one issue and it can impact a lot of different applications. That's one of the big benefits that I see in adoption. >> What are some of the business, I'm curious what some of the business outcomes are. You talked about faster time to value obviously being able to get security shifted left and from a control perspective. but what are some of the, if I'm a business, if I'm a telco or a healthcare organization or a financial organization, what are some of the top line benefits that this can bubble up to impact? >> I mean for me, with those two providers, compliance is a massive one. And just having an overall look at what's going on in your clusters, in your environments so that when audit time comes, you're prepared. You can get through that extremely quickly. And then as well, when something inevitably does happen, you can get a good image of all of like, let's say a Log4Shell happens, you know exactly what clusters are affected. The triage time is a lot quicker. Developers can get back to developing and then yeah, you can get through it. >> One thing that we see that customers compliance is huge. >> Yes. And we don't want to, the old way was that, okay, I will provision a cluster and I will do scans and find things, but I need to do for PCI DSS for example. Today the customer want to provision in advance a PCI DSS cluster. So you need to do the compliance before you provision the cluster and make all the configuration already baked for PCI DSS or HIPAA compliance or FedRAMP. And this is where we try to use our compliance, we have tools for compliance today on OpenShift and other clusters and other distribution, but you can do this in advance before you even provision the cluster. And we also have tools to enforce it after that, after your provision, but you have to do it again before and after to make it more feasible. >> Advanced cluster management and the compliance operator really help with that. That's why OpenShift Platform Plus as a bundle is so popular. Just being able to know that when a cluster gets provision, it's going to be in compliance with whatever the healthcare provider is using. And then you can automatically have ACS as well pop up so you know exactly what applications are running, you know it's in compliance. I mean that's the speed. >> You mentioned the word operator, I get triggering word now for me because operator role is changing significantly on this next wave coming because of the automation. They're operating, but they're also devs too. They're developing and composing. It's almost like a dashboard, Lego blocks. The operator's not just manually racking and stacking like the old days, I'm oversimplifying it, but the new operators running stuff, they got observability, they got coding, their servicing policy. There's a lot going on. There's a lot of knobs. Is it going to get simpler? How do you guys see the org structures changing to fill the gap on what should be a very simple, turn some knobs, operate at scale? >> Well, when StackRox originally got acquired, one of the first things we did was put ACS into an operator and it actually made the application life cycle so much easier. It was very easy in the console to go and say, Hey yeah, I want ACS my cluster, click it. It would get provisioned. New clusters would get provisioned automatically. So underneath it might get more complicated. But in terms of the application lifecycle, operators make things so much easier. >> And of course I saw, I was lucky enough with Lisa to see Project Wisdom in AnsibleFest. You going to say, Hey, Red Hat, spin up the clusters and just magically will be voice activated. Starting to see AI come in. So again, operations operator is got to dev vibe and an SRE vibe, but it's not that direct. Something's happening there. We're trying to put our finger on. What do you guys think is happening? What's the real? What's the action? What's transforming? >> That's a good question. I think in general, things just move to the developers all the time. I mean, we talk about shift left security, everything's always going that way. Developers how they're handing everything. I'm not sure exactly. Doron, do you have any thoughts on that. >> Doron, what's your reaction? You can just, it's okay, say what you want. >> So I spoke with one of our customers yesterday and they say that in the last years, we developed tons of code just to operate their infrastructure. That if developers, so five or six years ago when a developer wanted VM, it will take him a week to get a VM because they need all their approval and someone need to actually provision this VM on VMware. And today they automate all the way end-to-end and it take two minutes to get a VM for developer. So operators are becoming developers as you said, and they develop code and they make the infrastructure as code and infrastructure as operator to make it more easy for the business to run. >> And then also if you add in DataOps, AIOps, DataOps, Security Ops, that's the new IT. It seems to be the new IT is the stuff that's scaling, a lot of data's coming in, you got security. So all that's got to be brought in. How do you guys view that into the equation? >> Oh, I mean you become big generalists. I think there's a reason why those cloud security or cloud professional certificates are becoming so popular. You have to know a lot about all the different applications, be able to code it, automate it, like you said, hopefully everything as code. And then it also makes it easy for security tools to come in and look and examine where the vulnerabilities are when those things are as code. So because you're going and developing all this automation, you do become, let's say a generalist. >> We've been hearing on theCUBE here and we've been hearing the industry, burnout, associated with security professionals and some DataOps because the tsunami of data, tsunami of breaches, a lot of engineers getting called in the middle of the night. So that's not automated. So this got to get solved quickly, scaled up quickly. >> Yes. There's two part question there. I think in terms of the burnout aspect, you better send some love to your security team because they only get called when things get broken and when they're doing a great job you never hear about them. So I think that's one of the things, it's a thankless profession. From the second part, if you have the right tools in place so that when something does hit the fan and does break, then you can make an automated or a specific decision upstream to change that, then things become easy. It's when the tools aren't in place and you have desperate environments so that when a Log4Shell or something like that comes in, you're scrambling trying to figure out what clusters are where and where you're impacted. >> Point of attack, remediate fast. That seems to be the new move. >> Yeah. And you do need to know exactly what's going on in your clusters and how to remediate it quickly, how to get the most impact with one change. >> And that makes sense. The service area is expanding. More things are being pushed. So things will, whether it's a zero day vulnerability or just attack. >> Just mix, yeah. Customer automate their all of things, but it's good and bad. Some customer told us they, I think Spotify lost the whole a full zone because of one mistake of a customer because they automate everything and you make one mistake. >> It scale the failure really. >> Exactly. Scaled the failure really fast. >> That was actually few contact I think four years ago. They talked about it. It was a great learning experience. >> It worked double edge sword there. >> Yeah. So definitely we need to, again, scale automation, test automation way too, you need to hold the drills around data. >> Yeah, you have to know the impact. There's a lot of talk in the security space about what you can and can't automate. And by default when you install ACS, everything is non-enforced. You have to have an admission control. >> How are you guys seeing your customers? Obviously Red Hat's got a great customer base. How are they adopting to the managed service wave that's coming? People are liking the managed services now because they maybe have skills gap issues. So managed service is becoming a big part of the portfolio. What's your guys' take on the managed services piece? >> It's just time to value. You're developing a new application, you need to get it out there quick. If somebody, your competitor gets out there a month before you do, that's a huge market advantage. >> So you care how you got there. >> Exactly. And so we've had so much Kubernetes expertise over the last 10 or so, 10 plus year or well, Kubernetes for seven plus years at Red Hat, that why wouldn't you leverage that knowledge internally so you can get your application. >> Why change your toolchain and your workflows go faster and take advantage of the managed service because it's just about getting from point A to point B. >> Exactly. >> Well, in time to value is, you mentioned that it's not a trivial term, it's not a marketing term. There's a lot of impact that can be made. Organizations that can move faster, that can iterate faster, develop what their customers are looking for so that they have that competitive advantage. It's definitely not something that's trivial. >> Yeah. And working in marketing, whenever you get that new feature out and I can go and chat about it online, it's always awesome. You always get customers interests. >> Pushing new code, being secure. What's next for you guys? What's on the agenda? What's around the corner? We'll see a lot of Red Hat at re:Invent. Obviously your relationship with AWS as strong as a company. Multi-cloud is here. Supercloud as we've been saying. Supercloud is a thing. What's next for you guys? >> So we launch the cloud services and the idea that we will get feedback from customers. We are not going GA. We're not going to sell it for now. We want to get customers, we want to get feedback to make the product as best what we can sell and best we can give for our customers and get feedback. And when we go GA and we start selling this product, we will get the best product in the market. So this is our goal. We want to get the customer in the loop and get as much as feedback as we can. And also we working very closely with our customers, our existing customers to announce the product to add more and more features what the customer needs. It's all about supply chain. I don't like it, but we have to say, it's all about making things more automated and make things more easy for our customer to use to have security in the Kubernetes environment. >> So where can your customers go? Clearly, you've made a big impact on our viewers with your conversation today. Where are they going to be able to go to get their hands on the release? >> So you can find it on online. We have a website to sign up for this program. It's on my blog. We have a blog out there for ACS cloud services. You can just go there, sign up, and we will contact the customer. >> Yeah. And there's another way, if you ever want to get your hands on it and you can do it for free, Open Source StackRox. The product is open source completely. And I would love feedback in Slack channel. It's one of the, we also get a ton of feedback from people who aren't actually paying customers and they contribute upstream. So that's an awesome way to get started. But like you said, you go to, if you search ACS cloud service and service preview. Don't have to be a Red Hat customer. Just if you're running a CNCF compliant Kubernetes version. we'd love to hear from you. >> All open source, all out in the open. >> Yep. >> Getting it available to the customers, the non-customers, they hopefully pending customers. Guys, thank you so much for joining John and me talking about the new release, the evolution of StackRox in the last season of 18 months. Lot of good stuff here. I think you've done a great job of getting the audience excited about what you're releasing. Thank you for your time. >> Thank you. >> Thank you. >> For our guest and for John Furrier, Lisa Martin here in Detroit, KubeCon + CloudNativeCon North America. Coming to you live, we'll be back with our next guest in just a minute. (gentle music)

(upbeat music) >> We're back. You're watching theCUBE's coverage of Red Hat Summit 2022 here in the Seaport in Boston. I'm Dave Vellante with my co-host, Paul Gillin. Justin Boitano is here. He's the Vice President of Enterprise and Edge Computing at NVIDIA. Maybe you've heard of him. And Tushar Katarki who's the Director of Product Management at Red Hat. Gentlemen, welcome to theCUBE, good to see you. >> Thank you. >> Great to be here, thanks >> Justin, you are a keynote this morning. You got interviewed and shared your thoughts on AI. You encourage people to got to think bigger on AI. I know it's kind of self-serving but why? Why should we think bigger? >> When you think of AI, I mean, it's a monumental change. It's going to affect every industry. And so when we think of AI, you step back, you're challenging companies to build intelligence and AI factories, and factories that can produce intelligence. And so it, you know, forces you to rethink how you build data centers, how you build applications. It's a very data centric process where you're bringing in, you know, an exponential amount of data. You have to label that data. You got to train a model. You got to test the model to make sure that it's accurate and delivers business value. Then you push it into production, it's going to generate more data, and you kind of work through that cycle over and over and over. So, you know, just as Red Hat talks about, you know, CI/CD of applications, we're talking about CI/CD of the AI model itself, right? So it becomes a continuous improvement of AI models in production which is a big, big business transformation. >> Yeah, Chris Wright was talking about basically take your typical application development, you know, pipeline, and life cycle, and apply that type of thinking to AI. I was saying those two worlds have to come together. Actually, you know, the application stack and the data stack including AI need to come together. What's the role of Red Hat? What's your sort of posture on AI? Where do you fit with OpenShift? >> Yeah, so we're really excited about AI. I mean, a lot of our customers obviously are looking to take that data and make meaning out of it using AI is definitely a big important tool. And OpenShift, and our approach to Open Hybrid Cloud really forms a successful platform to base all your AI journey on with the partners such as NVIDIA whom we are working very closely with. And so the idea really is as Justin was saying, you know, the end to end, when you think about life of a model, you've got data, you mine that data, you create models, you deploy it into production. That whole thing, what we call CI/CD, as he was saying DevOps, DevSecOps, and the hybrid cloud that Red Hat has been talking about, although with OpenShift as the center forms a good basis for that. >> So somebody said the other day, I'm going to ask you, is INVIDIA a hardware company or a software company? >> We are a company that people know for our hardware but, you know, predominantly now we're a software company. And that's what we were on stage talking about. I mean, ultimately, a lot of these customers know that they've got to embark on this journey to apply AI, to transform their business with it. It's such a big competitive advantage going into, you know, the next decade. And so the faster they get ahead of it, the more they're going to win, right? But some of them, they're just not really sure how to get going. And so a lot of this is we want to lower the barrier to entry. We built this program, we call it Launchpad to basically make it so they get instant access to the servers, the AI servers, with OpenShift, with the MLOps tooling, with example applications. And then we walk them through examples like how do you build a chatbot? How do you build a vision system for quality control? How do you build a price recommendation model? And they can do hands on labs and walk out of, you know, Launchpad with all the software they need, I'll say the blueprint for building their application. They've got a way to have the software and containers supported in production, and they know the blueprint for the infrastructure and operating that a scale with OpenShift. So more and more, you know, to come back to your question is we're focused on the software layers and making that easy to help, you know, either enterprises build their apps or work with our ecosystem and developers to buy, you know, solutions off the shelf. >> On the harbor side though, I mean, clearly NVIDIA has prospered on the backs of GPUs, as the engines of AI development. Is that how it's going to be for the foreseeable future? Will GPUs continue to be core to building and training AI models or do you see something more specific to AI workloads? >> Yeah, I mean, it's a good question. So I think for the next decade, well, plus, I mean not forever, we're going to always monetize hardware. It's a big, you know, market opportunity. I mean, Jensen talks about a $100 billion, you know, market opportunity for NVIDIA just on hardware. It's probably another a $100 billion opportunity on the software. So the reality is we're getting going on the software side, so it's still kind of early days, but that's, you know, a big area of growth for us in the future and we're making big investments in that area. On the hardware side, and in the data center, you know, the reality is since Moore's law has ended, acceleration is really the thing that's going to advance all data centers. So I think in the future, every server will have GPUs, every server will have DPUs, and we can talk a bit about what DPUs are. And so there's really kind of three primary processors that have to be there to form the foundation of the enterprise data center in the future. >> Did you bring up an interesting point about DPUs and MPUs, and sort of the variations of GPUs that are coming about? Do you see those different PU types continuing to proliferate? >> Oh, absolutely. I mean, we've done a bunch of work with Red Hat, and we've got a, I'll say a beta of OpenShift 4.10 that now supports DPUs as the, I'll call it the control plane like software defined networking offload in the data center. So it takes all the software defined networking off of CPUs. When everybody talks about, I'll call it software defined, you know, networking and core data centers, you can think of that as just a CPU tax up to this point. So what's nice is it's all moving over to DPU to, you know, offload and isolate it from the x86 cores. It increases security of data center. It improves the throughput of your data center. And so, yeah, DPUs, we see everybody copying that model. And, you know to give credit where credit is due, I think, you know, companies like AWS, you know, they bought Annapurna, they turned it into Nitro which is the foundation of their data centers. And everybody wants the, I'll call it democratized version of that to run their data centers. And so every financial institution and bank around the world sees the value of this technology, but running in their data centers. >> Hey, everybody needs a Nitro. I've written about it. It's Annapurna acquisition, 350 million. I mean, peanuts in the grand scheme of things. It's interesting, you said Moore's law is dead. You know, we have that conversation all the time. Pat Gelsinger promised that Moore's law is alive and well. But the interesting thing is when you look at the numbers, that's, you know, Moore's law, we all know it, doubling of the transistor densities every 18 to 24 months. Let's say that, that promise that he made is true. What I think the industry maybe doesn't appreciate, I'm sure you do, being in NVIDIA, when you combine what you were just saying, the CPU, the GPU, Paul, the MPU, accelerators, all the XPUs, you're talking about, I mean, look at Apple with the M1, I mean 6X in 15 months versus doubling every 18 to 24. The A15 is probably averaging over the last five years, a 110% performance improvement each year versus the historical Moore's law which is 40%. It's probably down to the low 30s now. So it's a completely different world that we're entering now. And the new applications are going to be developed on these capabilities. It's just not your general purpose market anymore. From an application development standpoint, what does that mean to the world? >> Yeah, I mean, yeah, it is a great point. I mean, from an application, I mean first of all, I mean, just talk about AI. I mean, they are all very compute intensive. They're data intensive. And I mean to move data focus so much in to compute and crunch those numbers. I mean, I'd say you need all the PUs that you mentioned in the world. And also there are other concerns that will augment that, right? Like we want to, you know, security is so important so we want to secure everything. Cryptography is going to take off to new levels, you know, that we are talking about, for example, in the case of DPUs, we are talking about, you know, can that be used to offload your encryption and firewalling, and so on and so forth. So I think there are a lot of opportunities even from an application point of view to take of this capacity. So I'd say we've never run out of the need for PUs if you will. >> So is OpenShift the layer that's going to simplify all that for the developer. >> That's right. You know, so one of the things that we worked with NVIDIA, and in fact was we developed this concept of an operator for GPUs, but you can use that pattern for any of the PUs. And so the idea really is that, how do you, yeah-- (all giggle) >> That's a new term. >> Yeah, it's a new term. (all giggle) >> XPUs. >> XPUs, yeah. And so that pattern becomes very easy for GPUs or any other such accelerators to be easily added as a capacity. And for the Kubernetes scaler to understand that there is that capacity so that an application which says that I want to run on a GPU then it becomes very easy for it to run on that GPU. And so that's the abstraction to your point about how we are making that happen. >> And to add to this. So the operator model, it's this, you know, open source model that does the orchestration. So Kubernetes will say, oh, there's a GPU in that node, let me run the operator, and it installs our entire run time. And our run time now, you know, it's got a MIG configuration utility. It's got the driver. It's got, you know, telemetry and metering of the actual GPU and the workload, you know, along with a bunch of other components, right? They get installed in that Kubernetes cluster. So instead of somebody trying to chase down all the little pieces and parts, it just happens automatically in seconds. We've extended the operator model to DPUs and networking cards as well, and we have all of those in the operator hub. So for somebody that's running OpenShift in their data centers, it's really simple to, you know, turn on Node Feature Discovery, you point to the operators. And when you see new accelerated nodes, the entire run time is automatically installed for you. So it really makes, you know, GPUs and our networking, our advanced networking capabilities really first class citizens in the data center. >> So you can kind of connect the dots and see how NVIDIA and the Red Hat partnership are sort of aiming at the enterprise. I mean, NVIDIA, obviously, they got the AI piece. I always thought maybe 25% of the compute cycles in the data center were wasted doing storage offloads or networking offload, security. I think Jensen says it's 30%, probably a better number than I have. But so now you're seeing a lot of new innovation in new hardware devices that are attacking that with alternative processors. And then my question is, what about the edge? Is that a blue field out at the edge? What does that look like to NVIDIA and where does OpenShift play? >> Yeah, so when we talk about the edge, we always going to start talking about like which edge are we talking about 'cause it's everything outside the core data center. I mean, some of the trends that we see with regard to the edges is, you know, when you get to the far edge, it's single nodes. You don't have the guards, gates, and guns protection of the data center. So you start having to worry about physical security of the hardware. So you can imagine there's really stringent requirements on protecting the intellectual property of the AI model itself. You spend millions of dollars to build it. If I push that out to an edge data center, how do I make sure that that's fully protected? And that's the area that we just announced a new processor that we call Hopper H100. It supports confidential computing so that you can basically ensure that model is always encrypted in system memory across the bus, of the PCI bus to the GPU, and it's run in a confidential way on the GPU. So you're protecting your data which is your model plus the data flowing through it, you know, in transit, wallet stored, and then in use. So that really adds to that edge security model. >> I wanted to ask you about the cloud, correct me if I'm wrong. But it seems to me that that AI workloads have been slower than most to make their way to the cloud. There are a lot of concerns about data transfer capacity and even cost. Do you see that? First of all, do you agree with that? And secondly, is that going to change in the short-term? >> Yeah, so I think there's different classes of problems. So we'll take, there's some companies where their data's generated in the cloud and we see a ton of, I'll say, adoption of AI by cloud service providers, right? Recommendation engines, translation engines, conversational AI services, that all the clouds are building. That's all, you know, our processors. There's also problems that enterprises have where now I'm trying to take some of these automation capabilities but I'm trying to create an intelligent factory where I want to, you know, merge kind of AI with the physical world. And that really has to run at the edge 'cause there's too much data being generated by cameras to bring that all the way back into the cloud. So, you know, I think we're seeing mass adoption in the cloud today. I think at the edge a lot of businesses are trying to understand how do I deploy that reliably and securely and scale it. So I do think, you know, there's different problems that are going to run in different places, and ultimately we want to help anybody apply AI where the business is generating the data. >> So obviously very memory intensive applications as well. We've seen you, NVIDIA, architecturally kind of move away from the traditional, you know, x86 approach, take better advantage of memories where obviously you have relationships with Arm. So you've got a very diverse set of capabilities. And then all these other components that come into use, to just be a kind of x86 centric world. And now it's all these other supporting components to support these new applications and it's... How should we think about the future? >> Yeah, I mean, it's very exciting for sure, right? Like, you know, the future, the data is out there at the edge, the data can be in the data center. And so we are trying to weave a hybrid cloud footprint that spans that. I mean, you heard Paul come here, talk about it. But, you know, we've talked about it for some time now. And so the paradigm really that is, that be it an application, and when I say application, it could be even an AI model as a service. It can think about that as an application. How does an application span that entire paradigm from the core to the edge and beyond is where the future is. And, of course, there's a lot of technical challenges, you know, for us to get there. And I think partnerships like this are going to help us and our customers to get there. So the world is very exciting. You know, I'm very bullish on how this will play out, right? >> Justin, we'll give you the last word, closing thoughts. >> Well, you know, I think a lot of this is like I said, it's how do we reduce the complexity for enterprises to get started which is why Launchpad is so fundamental. It gives, you know, access to the entire stack instantly with like hands on curated labs for both IT and data scientists. So they can, again, walk out with the blueprints they need to set this up and, you know, start on a successful AI journey. >> Just a position, is Launchpad more of a Sandbox, more of a school, or more of an actual development environment. >> Yeah, think of it as it's, again, it's really for trial, like hands on labs to help people learn all the foundational skills they need to like build an AI practice and get it into production. And again, it's like, you don't need to go champion to your executive team that you need access to expensive infrastructure and, you know, and bring in Red Hat to set up OpenShift. Everything's there for you so you can instantly get started. Do kind of a pilot project and then use that to explain to your executive team everything that you need to then go do to get this into production and drive business value for the company. >> All right, great stuff, guys. Thanks so much for coming to theCUBE. >> Yeah, thanks. >> Thank you for having us. >> All right, thank you for watching. Keep it right there, Dave Vellante and Paul Gillin. We'll be back right after this short break at the Red Hat Summit 2022. (upbeat music)

(upbeat music) >> Welcome everybody to this CUBE Conversation. My name is Dave Vellante, and we're here to talk about Object storage and the momentum in the space. And what Dell Technologies is doing to compete in this market, I'm joined today by Anahad Dhillon, who's the Product Manager for Dell, EMC's ECS, and new ObjectScale products. Anahad, welcome to theCUBE, good to see you. >> Thank you so much Dave. We appreciate you having me and Dell (indistinct), thanks. >> Its always a pleasure to have you guys on, we dig into the products, talk about the trends, talk about what customers are doing. Anahad before the Cloud, Object was this kind of niche we seen. And you had simple get, put, it was a low cost bit bucket essentially, but that's changing. Tell us some of the trends in the Object storage market that you're observing, and how Dell Technology sees this space evolving in the future please. >> Absolutely, and you hit it right on, right? Historically, Object storage was considered this cheap and deep place, right? Customers would use this for their backup data, archive data, so cheap and deep, no longer the case, right? As you pointed out, the ObjectSpace is now maturing. It's a mature market and we're seeing out there customers using Object or their primary data so, for their business critical data. So we're seeing big data analytics that we use cases. So it's no longer just cheap and deep, now your primary workloads and business critical workloads being put on with an object storage now. >> Yeah, I mean. >> And. >> Go ahead please. >> Yeah, I was going to say, there's not only the extend of the workload being put in, we'll also see changes in how Object storage is being deployed. So now we're seeing a tighter integration with new depth models where Object storage or any storage in general is being deployed. Our applications are being (indistinct), right? So customers now want Object storage or storage in general being orchestrated like they would orchestrate their customer applications. Those are the few key trends that we're seeing out there today. >> So I want to dig into this a little bit with you 'cause you're right. It used to be, it was cheap and deep, it was slow and it required sometimes application changes to accommodate. So you mentioned a few of the trends, Devs, everybody's trying to inject AI into their applications, the world has gone software defined. What are you doing to respond to all these changes in these trends? >> Absolutely, yeah. So we've been making tweaks to our object offering, the ECS, Elastic Cloud Storage for a while. We started off tweaking the software itself, optimizing it for performance use cases. In 2020, early 2020, we actually introduced SSDs to our notes. So customers were able to go in, leverage these SSD's for metadata caching improving their performance quite a bit. We use these SSDs for metadata caching. So the impact on the performance improvement was focused on smaller reads and writes. What we did now is a game changer. We actually went ahead later in 2020, introduced an all flash appliance. So now, EXF900 and ECS all flash appliance, it's all NVME based. So it's NVME SSDs and we leveraged NVME over fabric xx for the back end. So we did it the right way did. We didn't just go in and qualified an SSD based server and ran object storage on it, we invested time and effort into supporting NVME fabric. So we could give you that performance at scale, right? Object is known for scale. We're not talking 10, 12 nodes here, we're talking hundreds of nodes. And to provide you that kind of performance, we went to ahead. Now you've got an NVME based offering EXF900 that you can deploy with confidence, run your primary workloads that require high throughput and low latency. We also come November 5th, are releasing our next gen SDS offering, right? This takes the Troven ECS code that our customers are familiar with that provides the resiliency and the security that you guys expect from Dell. We're re platforming it to run on Kubernetes and be orchestrated by Kubernetes. This is what we announced that VMware 2021. If you guys haven't seen that, is going to go on-demand for VMware 2021, search for ObjectScale and you get a quick demo on that. With ObjectScale now, customers can quickly deploy enterprise grade Object storage on their existing environment, their existing infrastructure, things like VMware, infrastructure like VMware and infrastructure like OpenShift. I'll give you an example. So if you were in a VMware shop that you've got vSphere clusters in your data center, with ObjectScale, you'll be able to quickly deploy your Object enterprise grid Object offering from within vSphere. Or if you are an OpenShift customer, right? If you've got OpenShift deployed in your data center and your Red Hat shop, you could easily go in, use that same infrastructure that your applications are running on, deploy ObjectScale on top of your OpenShift infrastructure and make available Object storage to your customers. So you've got the enterprise grade ECS appliance or your high throughput, low latency use cases at scale, and you've got this software defined ObjectScale, which can deploy on your existing infrastructure, whether that's VMware or Red Hat OpenShift. >> Okay, I got a lot of follow up questions, but let me just go back to one of the earlier things you said. So Object was kind of cheap, deep and slow, but scaled. And so, your step one was metadata caching. Now of course, my understanding is with Object, the metadata and the data within the object. So, maybe you separated that and made it high performance, but now you've taken the next step to bring in NVME infrastructure to really blow away all the old sort of scuzzy latency and all that stuff. Maybe you can just educate us a little bit on that if you don't mind. >> Yeah, absolutely. Yeah, that was exactly the stepped approach that we took. Even though metadata is tightly integrated in Object world, in order to read the actual data, you still got to get to the metadata first, right? So we would cache the metadata into SSDs reducing that lookup that happens for that metadata, right? And that's why it gave you the performance benefit. But because it was just tied to metadata look-ups, the performance for larger objects stayed the same because the actual data read was still happening from the hard drives, right? With the new EXF900 which is all NVME based, we've optimized the our ECS Object code leveraging VME, data sitting on NVME drives, the internet connectivity, the communication is NVME over fabric, so it's through and through NVME. Now we're talking milliseconds and latency and thousands and thousands of transactions per second. >> Got it, okay. So this is really an inflection point for Objects. So these are pretty interesting times at Dell, you got the cloud expanding on prem, your company is building cloud-like capabilities to connect on-prem to the cloud across cloud, you're going out to the edge. As it pertains to Object storage though, it sounds like you're taking a sort of a two product approach to your strategy. Why is that, and can you talk about the go-to market strategy in that regard? >> Absolutely, and yeah, good observation there. So yes and no, so we continued to invest in ECS. ECS continues to stay a product of choice when customer wants that traditional appliance deployment model. But this is a single hand to shape model where you're everything from your hardware to your software the object solution software is all provided by Dell. ECS continues to be the product where customers are looking for that high performance, fine tune appliance use case. ObjectScale comes into play when the needs are software defined. When you need to deploy the storage solution on top of the same infrastructure that your applications are run, right? So yes, in the short-term, in the interim, it's a two product approach of both products taking a very distinct use case. However, in the long-term, we're merging the two quote streams. So in the long-term, if you're an ECS customer and you're running ECS, you will have an in-place data upgrade to ObjectScale. So we're not talking about no forklift upgrades, we're not talking about you're adding additional servers and do a data migration, it's a code upgrade. And then I'll give you an example, today on ECS, we're at code variation 3.6, right? So if you're a customer running ECS, ECS 3.X in the future, and so we've got a roadmap where 3.7 is coming out later on this year. So from 3.X, customers will upgrade the code data in place. Let's call it 4.0, right? And that brings them up to ObjectScale. So there's no nodes left behind, there's an in-place code upgrade from ECS to the ObjectScale merging the two code streams and the long-term, single code, short-term, two products for both solving the very distinct users. >> Okay, let me follow up, put on my customer hat. And I'm hearing that you can tell us with confidence that irrespective of whether a customer invested ECS or ObjectScale, you're not going to put me into a dead-end. Every customer is going to have a path forward as long as their ECS code is up-to-date, is that correct? >> Absolutely, exactly, and very well put, yes. No nodes left behind, investment protection, whether you've got ECS today, or you want to invest into ECS or ObjectScale in the future, correct. >> Talk a little bit more about ObjectScale. I'm interested in kind of what's new there, what's special about this product, is there unique functionality that you're adding to the product? What differentiates it from other Object stores? >> Absolutely, my pleasure. Yeah, so I'll start by reiterating that ObjectScale it's built on that Troven ECS code, right? It's the enterprise grid, reliability and security that our customers expect from Dell EMC, right? Now we're re platforming ECS who allow ObjectScale to be Kubernetes native, right? So we're leveraging that microservices-based architecture, leveraging that native orchestration capabilities of Kubernetes, things like resource isolation or seamless (indistinct), I'm sorry, load balancing and things like that, right? So the in-built native capabilities of Kubernetes. ObjectScale is also build with scale in mind, right? So it delivers limitless scale. So you could start with terabytes and then go up to petabytes and beyond. So unlike other file system-based Object offerings, ObjectScale software would have a limit on your number of object stores, number of buckets, number of objects you store, it's limitless. As long as you can provide the hardware resources under the covers, the software itself is limitless. It allows our customers to start small, so you could start as small as three node and grow their environment as your business grows, right? Hundreds of notes. With ObjectScale, you can deploy workloads at public clouds like scale, but with the reliability and control of a private cloud data, right? So, it's then your own data center. And ObjectScale is S3 compliant, right? So while delivering the enterprise features like global replication, native multi-tenancy, fueling everything from Dev Test Sandbox to globally distributed data, right? So you've got in-built ObjectScale replication that allows you to place your data anywhere you got ObjectScale (indistinct). From edge to core to data center. >> Okay, so it fits into the Kubernetes world. I call it Kubernetes compatible. The key there is automation, because that's the whole point of containers is, right? It allows you to deploy as many apps as you need to, wherever you need to in as many instances and then do rolling updates, have the same security, same API, all that level of consistency. So that's really important. That's how modern apps are being developed. We're in a new age year. It's no longer about the machines, it's about infrastructure as code. So once ObjectScale is generally available which I think is soon, I think it's this year, What should customers do, what's their next step? >> Absolutely, yeah, it's coming out November 2nd. Reach out to your Dell representatives, right? Get an in-depth demo on ObjectScale. Better yet, you get a POC, right? Get a proof of concept, have it set up in your data center and play with it. You can also download the free full featured community edition. We're going to have a community edition that's free up to 30 terabytes of usage, it's full featured. Download that, play with it. If you like it, you can upgrade that free community edition, will license paid version. >> And you said that's full featured. You're not neutering the community edition? >> Exactly, absolutely, it's full featured. >> Nice, that's a great strategy. >> We're confident, we're confident in what we're delivering, and we want you guys to play with it without having your money tied up. >> Nice, I mean, that's the model today. Gone are the days where you got to get new customers in a headlock to get them to, they want to try before they buy. So that's a great little feature. Anahad, thanks so much for joining us on theCUBE. Sounds like it's been a very busy year and it's going to continue to be so. Look forward to see what's coming out with ECS and ObjectScale and seeing those two worlds come together, thank you. >> Yeah, absolutely, it was a pleasure. Thank you so much. >> All right, and thank you for watching this CUBE Conversation. This is Dave Vellante, we'll see you next time. (upbeat music)

(upbeat music) >> Welcome everybody to this CUBE Conversation. My name is Dave Vellante, and we're here to talk about Object storage and the momentum in the space. And what Dell Technologies is doing to compete in this market, I'm joined today by Anahad Dhillon, who's the Product Manager for Dell, EMC's ECS, and new ObjectScale products. Anahad, welcome to theCUBE, good to see you. >> Thank you so much Dave. We appreciate you having me and Dell (indistinct), thanks. >> Its always a pleasure to have you guys on, we dig into the products, talk about the trends, talk about what customers are doing. Anahad before the Cloud, Object was this kind of niche we seen. And you had simple get, put, it was a low cost bit bucket essentially, but that's changing. Tell us some of the trends in the Object storage market that you're observing, and how Dell Technology sees this space evolving in the future please. >> Absolutely, and you hit it right on, right? Historically, Object storage was considered this cheap and deep place, right? Customers would use this for their backup data, archive data, so cheap and deep, no longer the case, right? As you pointed out, the ObjectSpace is now maturing. It's a mature market and we're seeing out there customers using Object or their primary data so, for their business critical data. So we're seeing big data analytics that we use cases. So it's no longer just cheap and deep, now your primary workloads and business critical workloads being put on with an object storage now. >> Yeah, I mean. >> And. >> Go ahead please. >> Yeah, I was going to say, there's not only the extend of the workload being put in, we'll also see changes in how Object storage is being deployed. So now we're seeing a tighter integration with new depth models where Object storage or any storage in general is being deployed. Our applications are being (indistinct), right? So customers now want Object storage or storage in general being orchestrated like they would orchestrate their customer applications. Those are the few key trends that we're seeing out there today. >> So I want to dig into this a little bit with you 'cause you're right. It used to be, it was cheap and deep, it was slow and it required sometimes application changes to accommodate. So you mentioned a few of the trends, Devs, everybody's trying to inject AI into their applications, the world has gone software defined. What are you doing to respond to all these changes in these trends? >> Absolutely, yeah. So we've been making tweaks to our object offering, the ECS, Elastic Cloud Storage for a while. We started off tweaking the software itself, optimizing it for performance use cases. In 2020, early 2020, we actually introduced SSDs to our notes. So customers were able to go in, leverage these SSD's for metadata caching improving their performance quite a bit. We use these SSDs for metadata caching. So the impact on the performance improvement was focused on smaller reads and writes. What we did now is a game changer. We actually went ahead later in 2020, introduced an all flash appliance. So now, EXF900 and ECS all flash appliance, it's all NVME based. So it's NVME SSDs and we leveraged NVME over fabric xx for the back end. So we did it the right way did. We didn't just go in and qualified an SSD based server and ran object storage on it, we invested time and effort into supporting NVME fabric. So we could give you that performance at scale, right? Object is known for scale. We're not talking 10, 12 nodes here, we're talking hundreds of nodes. And to provide you that kind of performance, we went to ahead. Now you've got an NVME based offering EXF900 that you can deploy with confidence, run your primary workloads that require high throughput and low latency. We also come November 5th, are releasing our next gen SDS offering, right? This takes the Troven ECS code that our customers are familiar with that provides the resiliency and the security that you guys expect from Dell. We're re platforming it to run on Kubernetes and be orchestrated by Kubernetes. This is what we announced that VMware 2021. If you guys haven't seen that, is going to go on-demand for VMware 2021, search for ObjectScale and you get a quick demo on that. With ObjectScale now, customers can quickly deploy enterprise grade Object storage on their existing environment, their existing it infrastructure, things like VMware, infrastructure like VMware and infrastructure like OpenShift. I'll give you an example. So if you were in a VMware shop that you've got vSphere clusters in your data center, with ObjectScale, you'll be able to quickly deploy your Object enterprise grid Object offering from within vSphere. Or if you are an OpenShift customer, right? If you've got OpenShift deployed in your data center and your Red Hat shop, you could easily go in, use that same infrastructure that your applications are running on, deploy ObjectScale on top of your OpenShift infrastructure and make available Object storage to your customers. So you've got the enterprise grade ECS appliance or your high throughput, low latency use cases at scale, and you've got this software defined ObjectScale, which can deploy on your existing infrastructure, whether that's VMware or Red Hat OpenShift. >> Okay, I got a lot of follow up questions, but let me just go back to one of the earlier things you said. So Object was kind of cheap, deep and slow, but scaled. And so, your step one was metadata caching. Now of course, my understanding is with Object, the metadata and the data within the object. So, maybe you separated that and made it high performance, but now you've taken the next step to bring in NVME infrastructure to really blow away all the old sort of scuzzy latency and all that stuff. Maybe you can just educate us a little bit on that if you don't mind. >> Yeah, absolutely. Yeah, that was exactly the stepped approach that we took. Even though metadata is tightly integrated in Object world, in order to read the actual data, you still got to get to the metadata first, right? So we would cache the metadata into SSDs reducing that lookup that happens for that metadata, right? And that's why it gave you the performance benefit. But because it was just tied to metadata look-ups, the performance for larger objects stayed the same because the actual data read was still happening from the hard drives, right? With the new EXF900 which is all NVME based, we've optimized the our ECS Object code leveraging VME, data sitting on NVME drives, the internet connectivity, the communication is NVME over fabric, so it's through and through NVME. Now we're talking milliseconds and latency and thousands and thousands of transactions per second. >> Got it, okay. So this is really an inflection point for Objects. So these are pretty interesting times at Dell, you got the cloud expanding on prem, your company is building cloud-like capabilities to connect on-prem to the cloud across cloud, you're going out to the edge. As it pertains to Object storage though, it sounds like you're taking a sort of a two product approach to your strategy. Why is that, and can you talk about the go-to market strategy in that regard? >> Absolutely, and yeah, good observation there. So yes and no, so we continued to invest in ECS. ECS continues to stay a product of choice when customer wants that traditional appliance deployment model. But this is a single hand to shape model where you're everything from your hardware to your software the object solution software is all provided by Dell. ECS continues to be the product where customers are looking for that high performance, fine tune appliance use case. ObjectScale comes into play when the needs are software defined. When you need to deploy the storage solution on top of the same infrastructure that your applications are run, right? So yes, in the short-term, in the interim, it's a two product approach of both products taking a very distinct use case. However, in the long-term, we're merging the two quote streams. So in the long-term, if you're an ECS customer and you're running ECS, you will have an in-place data upgrade to ObjectScale. So we're not talking about no forklift upgrades, we're not talking about you're adding additional servers and do a data migration, it's a code upgrade. And then I'll give you an example, today on ECS, we're at code variation 3.6, right? So if you're a customer running ECS, ECS 3.X in the future, and so we've got a roadmap where 3.7 is coming out later on this year. So from 3.X, customers will upgrade the code data in place. Let's call it 4.0, right? And that brings them up to ObjectScale. So there's no nodes left behind, there's an in-place code upgrade from ECS to the ObjectScale merging the two code streams and the long-term, single code, short-term, two products for both solving the very distinct users. >> Okay, let me follow up, put on my customer hat. And I'm hearing that you can tell us with confidence that irrespective of whether a customer invested ECS or ObjectScale, you're not going to put me into a dead-end. Every customer is going to have a path forward as long as their ECS code is up-to-date, is that correct? >> Absolutely, exactly, and very well put, yes. No nodes left behind, investment protection, whether you've got ECS today, or you want to invest into ECS or ObjectScale in the future, correct. >> Talk a little bit more about ObjectScale. I'm interested in kind of what's new there, what's special about this product, is there unique functionality that you're adding to the product? What differentiates it from other Object stores? >> Absolutely, my pleasure. Yeah, so I'll start by reiterating that ObjectScale it's built on that Troven ECS code, right? It's the enterprise grid, reliability and security that our customers expect from Dell EMC, right? Now we're re platforming ECS who allow ObjectScale to be Kubernetes native, right? So we're leveraging that microservices-based architecture, leveraging that native orchestration capabilities of Kubernetes, things like resource isolation or seamless (indistinct), I'm sorry, load balancing and things like that, right? So the in-built native capabilities of Kubernetes. ObjectScale is also build with scale in mind, right? So it delivers limitless scale. So you could start with terabytes and then go up to petabytes and beyond. So unlike other file system-based Object offerings, ObjectScale software would have a limit on your number of object stores, number of buckets, number of objects you store, it's limitless. As long as you can provide the hardware resources under the covers, the software itself is limitless. It allows our customers to start small, so you could start as small as three node and grow their environment as your business grows, right? Hundreds of notes. With ObjectScale, you can deploy workloads at public clouds like scale, but with the reliability and control of a private cloud data, right? So, it's then your own data center. And ObjectScale is S3 compliant, right? So while delivering the enterprise features like global replication, native multi-tenancy, fueling everything from Dev Test Sandbox to globally distributed data, right? So you've got in-built ObjectScale replication that allows you to place your data anywhere you got ObjectScale (indistinct). From edge to core to data center. >> Okay, so it fits into the Kubernetes world. I call it Kubernetes compatible. The key there is automation, because that's the whole point of containers is, right? It allows you to deploy as many apps as you need to, wherever you need to in as many instances and then do rolling updates, have the same security, same API, all that level of consistency. So that's really important. That's how modern apps are being developed. We're in a new age year. It's no longer about the machines, it's about infrastructure as code. So once ObjectScale is generally available which I think is soon, I think it's this year, What should customers do, what's their next step? >> Absolutely, yeah, it's coming out November 2nd. Reach out to your Dell representatives, right? Get an in-depth demo on ObjectScale. Better yet, you get a POC, right? Get a proof of concept, have it set up in your data center and play with it. You can also download the free full featured community edition. We're going to have a community edition that's free up to 30 terabytes of usage, it's full featured. Download that, play with it. If you like it, you can upgrade that free community edition, will license paid version. >> And you said that's full featured. You're not neutering the community edition? >> Exactly, absolutely, it's full featured. >> Nice, that's a great strategy. >> We're confident, we're confident in what we're delivering, and we want you guys to play with it without having your money tied up. >> Nice, I mean, that's the model today. Gone are the days where you got to get new customers in a headlock to get them to, they want to try before they buy. So that's a great little feature. Anahad, thanks so much for joining us on theCUBE. Sounds like it's been a very busy year and it's going to continue to be so. Look forward to see what's coming out with ECS and ObjectScale and seeing those two worlds come together, thank you. >> Yeah, absolutely, it was a pleasure. Thank you so much. >> All right, and thank you for watching this CUBE Conversation. This is Dave Vellante, we'll see you next time. (upbeat music)

(upbeat electronic music) >> Welcome back to the Quantcast Industry Summit on the demise of third-party cookies. The Cookie Conundrum, A Recipe for Success. I'm John Furrier, host of theCUBE. The changing landscape of advertising is here, and Shiv Gupta, founder of U of Digital is joining us. Shiv, thanks for coming on this segment. I really appreciate it. I know you're busy. You've got two young kids, as well as providing education to the digital industry. You got some kids to take care of and train them too. So, welcome to the cube conversation here as part of the program. >> Yeah, thanks for having me. Excited to be here. >> So, the house of the changing landscape of advertising really centers around the open to walled garden mindset of the web and the big power players. We know the big three, four tech players dominate the marketplace. So, clearly in a major inflection point. And you know, we've seen this movie before. Web, now mobile revolution. Which was basically a re-platforming of capabilities, but now we're in an era of refactoring the industry, not replatforming. A complete changing over of the value proposition. So, a lot at stake here as this open web, open internet-- global internet, evolves. What are your, what's your take on this? There's industry proposals out there that are talking to this specific cookie issue? What does it mean and what proposals are out there? >> Yeah, so, you know, I really view the identity proposals in kind of two kinds of groups. Two separate groups. So, on one side you have what the walled gardens are doing. And really that's being led by Google, right? So, Google introduced something called the Privacy Sandbox when they announced that they would be deprecating third-party cookies. And as part of the Privacy Sandbox, they've had a number of proposals. Unfortunately, or you know, however you want to say, they're all bird-themed, for some reason I don't know why. But the one, the bird-themed proposal that they've chosen to move forward with is called FLOC, which stands for Federated Learning of Cohorts. And, essentially what it all boils down to is Google is moving forward with cohort level learning and understanding of users in the future after third-party cookies. Unlike what we've been accustomed to in this space, which is a user level understanding of people and what they're doing online for targeting and tracking purposes. And so, that's on one side of the equation. It's what Google is doing with FLOC and Privacy Sandbox. Now, on the other side is, you know, things like unified ID 2.0 or the work that ID5 is doing around building new identity frameworks for the entire space that actually can still get down to the user level. Right? And so again, Unified ID 2.0 comes to mind because it's the one that's probably gotten the most adoption in the space. It's an open source framework. So the idea is that it's free and pretty much publicly available to anybody that wants to use it. And Unified ID 2.0 again is user level. So, it's basically taking data that's authenticated data from users across various websites that are logging in and taking those authenticated users to create some kind of identity map. And so, if you think about those two work streams, right? You've got the walled gardens and or, you know, Google with FLOC on one side. And then you've got Unified ID 2.0 and other ID frameworks for the open internet on the other side. You've got these two very different type of approaches to identity in the future. Again, on the Google side it's cohort level, it's going to be built into Chrome. The idea is that you can pretty much do a lot of the things that we do with advertising today but now you're just doing them at a group level so that you're protecting privacy. Whereas, on the other side with the open internet you're still getting down to the user level and that's pretty powerful but the the issue there is scale, right? We know that a lot of people are not logged in on lots of websites. I think the stat that I saw was under 5% of all website traffic is authenticated. So, really if you simplify things and you boil it all down you have kind of these two very differing approaches. >> So we have a publishing business. We'd love to have people authenticate and get that closed loop journalism thing going on. But, if businesses wannna get this level too, they can have concerns. So, I guess my question is, what's the trade-off? Because you have power in Google and the huge data set that they command. They command a lot of leverage with that. And again, centralized. And you've got open. But it seems to me that the world is moving more towards decentralization, not centralization. Do you agree with that? And does that have any impact to this? Because, you want to harness the data, so it rewards people with the most data. In this case, the powerful. But the world's going decentralized, where there needs to be a new way for data to be accessed and leveraged by anyone. >> Yeah. John, it's a great point. And I think we're at kind of a crossroads, right? To answer that question. You know, I think what we're hearing a lot right now in the space from publishers, like yourself, is that there's an interesting opportunity right now for them, right? To actually have some more control and say about the future of their own business. If you think about the last, let's say 10, 15, 20 years in advertising in digital, right? Programmatic has really become kind of the primary mechanism for revenue for a lot of these publishers. Right? And so programmatic is a super important part of their business. But, with everything that's happening here with identity now, a lot of these publishers are kind of taking a look in the mirror and thinking about, "Okay, we have an interesting opportunity here to make a decision." And, the decision, the trade off to your question is, Do we continue? Right? Do we put up the login wall? The registration wall, right? Collect that data. And then what do we do with that data? Right? So it's kind of a two-fold process here. Two-step process that they have to make a decision on. First of all, do we hamper the user experience by putting up a registration wall? Will we lose consumers if we do that? Do we create some friction in the process that's not necessary. And if we do, right? We're taking a hit already potentially, to what end? Right? And, I think that's the really interesting question, is to what end? But, what we're starting to see is publishers are saying you know what? Programmatic revenue is super important to us. And so, you know, path one might be: Hey, let's give them this data. Right? Let's give them the authenticated information, the data that we collect. Because if we do, we can continue on with the path that our business has been on. Right? Which is generating this awesome kind of programmatic revenue. Now, alternatively we're starting to see some publishers say hold up. If we say no, if we say: "Hey, we're going to authenticate but we're not going to share the data." Right? Some of the publishers actually view programmatic as almost like the programmatic industrial complex, right? That's almost taken a piece of their business in the last 10, 15, 20 years. Whereas, back in the day, they were selling directly and making all the revenue for themselves, right? And so, some of these publishers are starting to say: You know what? We're not going to play nice with FLOC and Unified ID. And we're going to kind of take some of this back. And what that means in the short term for them, is maybe sacrificing programmatic revenue. But their bet is long-term, maybe some of that money will come back to them direct. Now, that'll probably only be the premium pubs, right? The ones that really feel like they have that leverage and that runway to do something like that. And even so, you know, I'm of the opinion that if certain publishers kind of peel away and do that, that's probably not great for the bigger picture. Even though it might be good for their business. But, you know, let's see what happens. To each business their own >> Yeah. I think the trade-off of monetization and user experience has always been there. Now, more than ever, people want truth. They want trust. And I think the trust factor is huge. And if you're a publisher, you wannna have your audience be instrumental. And I think the big players have sucked out of the audience from the publishers for years. And that's well-documented. People talk about that all the time. I guess the question, it really comes down to is, what alternatives are out there for cookies and which ones do you think will be more successful? Because, I think the consensus is, at least from my reporting and my view, is that the world agrees. Let's make it open. Which one's going to be better? >> Yeah. That's a great question, John. So as I mentioned, right? We have two kinds of work streams here. We've got the walled garden work stream being led by Google and their work around FLOC. And then we've got the open internet, right? Let's say Unified ID 2.0 kind of represents that. I personally don't believe that there is a right answer or an end game here. I don't think that one of them wins over the other, frankly. I think that, you know, first of all, you have those two frameworks. Neither of them are perfect. They're both flawed in their own ways. There are pros and cons to both of them. And so what we're starting to see now, is you have other companies kind of coming in and building on top of both of them as kind of a hybrid solution, right? So they're saying, hey we use, you know, an open ID framework in this way to get down to the user level and use that authenticated data. And that's important, but we don't have all the scale. So now we go to a Google and we go to FLOC to kind of fill the scale. Oh and hey, by the way, we have some of our own special sauce. Right? We have some of our own data. We have some of our own partnerships. We're going to bring that in and layer it on top, right? And so, really where I think things are headed is the right answer, frankly, is not one or the other. It's a little mishmash of both with a little extra, you know, something on top. I think that's what we're starting to see out of a lot of companies in the space. And I think that's frankly, where we're headed. >> What do you think the industry will evolve to, in your opinion? Because, I think this is going to be- You can't ignore the big guys on this Obviously the programmatic you mentioned, also the data's there. But, what do you think the market will evolve to with this conundrum? >> So, I think John, where we're headed, you know, I think right now we're having this existential crisis, right? About identity in this industry. Because our world is being turned upside down. All the mechanisms that we've used for years and years are being thrown out the window and we're being told, "Hey, we're going to have new mechanisms." Right? So cookies are going away. Device IDs are going away. And now we've got to come up with new things. And so, the world is being turned upside down and everything that you read about in the trades and you know, we're here talking about it, right? Everyone's always talking about identity, right? Now, where do I think this is going? If I was to look into my crystal ball, you know, this is how I would kind of play this out. If you think about identity today, right? Forget about all the changes. Just think about it now and maybe a few years before today. Identity, for marketers, in my opinion, has been a little bit of a checkbox activity, right? It's been, Hey, Okay. You know, ad tech company or media company. Do you have an identity solution? Okay. Tell me a little bit more about it. Okay. Sounds good. That sounds good. Now, can we move on and talk about my business and how are you going to drive meaningful outcomes or whatever for my business. And I believe the reason that is, is because identity is a little abstract, right? It's not something that you can actually get meaningful validation against. It's just something that, you know? Yes, you have it. Okay, great. Let's move on, type of thing, right? And so, that's kind of where we've been. Now, all of a sudden, the cookies are going away. The device IDs are going away. And so the world is turning upside down. We're in this crisis of: how are we going to keep doing what we were doing for the last 10 years in the future? So, everyone's talking about it and we're tryna re-engineer the mechanisms. Now, if I was to look into the crystal ball, right? Two, three years from now, where I think we're headed is, not much is going to change. And what I mean by that, John is, I think that marketers will still go to companies and say, "Do you have an ID solution? Okay, tell me more about it. Okay. Let me understand a little bit better. Okay. You do it this way. Sounds good." Now, the ways in which companies are going to do it will be different. Right now it's FLOC and Unified ID and this and that, right? The ways, the mechanisms will be a little bit different. But, the end state. Right? The actual way in which we operate as an industry and the view of the landscape in my opinion, will be very simple or very similar, right? Because marketers will still view it as a, tell me you have an ID solution, make me feel good about it, help me check the box and let's move on and talk about my business and how you're going to solve for my needs. So, I think that's where we're going. That is not by any means to discount this existential moment that we're in. This is a really important moment, where we do have to talk about and figure out what we're going to do in the future. My viewpoint is that the future will actually not look all that different than the present. >> And then I'll say the user base is the audience, their data behind it helps create new experiences, machine learning and AI are going to create those. And if you have the data, you're either sharing it or using it. That's what we're finding. Shiv Gupta, great insights. Dropping some nice gems here. Founder of U of Digital and also the adjunct professor of programmatic advertising at Leavey School of business in Santa Clara University. Professor, thank you for coming and dropping the gems here and insight. Thank you. >> Thanks a lot for having me, John. Really appreciate it. >> Thanks for watching The Cookie Conundrum This is theCUBE host, John Furrier, me. Thanks for watching. (uplifting electronic music)

(upbeat music playing) >> Okay, now we're going to look deeper into the intersection of technology and money and actually a force for good mobile and the infrastructure around it has made sending money as easy as sending a text. But the capabilities that enable this to happen are quite amazing, especially because as users we don't see the underlying complexity of the transactions. We just enjoy the benefits and there's many parts of the world that historically have not been able to enjoy these benefits. And the ecosystems that are developing around these new platforms are truly transformative. And with me to explain the business impacts of these innovations is all a person who was the head of mobile financial services at Ericsson Allah. Welcome to the program. Thanks for coming on. >> Thank you, Dave. Thank you for having me here in the program. And they're really excited to tell me tell us about the product that we have within Ericsson. >> Well, let's get right into it. I mean your firm has developed the Ericsson wallet platform. What is that plan? >> Yes. The wallet platform is one of the product but being, you can say offer here by Erickson and the platform is built on enabled financial services not for only the bank segment, but also for the unbanked. And we have, the function that we are providing a such here is both transfer the service provider payment. You have the cash in the cash out you have a lots of other features that we kind of enable through the ecosystem as such. And I would really like you say to emphasize on the use. And they're the really, I would say connectivity that we have in these platform here, because looking at you can say the pandemic assaults here. Now we really have made, you can say tremendous Shane here through all the function, et cetera feature that we have here. >> Yeah. And I mean, I I'm surrounded by banks in Massachusetts. No problem. I'm in Boston, right? So, but there's a lot of places in the world that aren't I take for granted some of the capabilities that are there, but part of this is to enable people who don't have access to those types of services. Maybe you could talk about that and talk about some of the things that you're enabling with the platform >> Right? You just think of there you can say unbanked people here but we have across the emerging market. I think we have 1.7 billion unbanked people here but we actually can through one of the path from enable proof getting a bank account, et cetera, and so on here. And what we actually providing, you can say in, in this in this feature rates here is that you you can pay your electricity bill. For example, here, you can pay your bill and you can go through merchant, you can do the cash out. You can do multiple thing here, just like, I mean, to enable the, the departure that financial inclusion that we have. So, I mean, from my point of view, where we see things, as I said we also sit in Sweden, we have bank account we have something called swish where we send you can say money back and back and forth between the family, et cetera. On these type of transaction, we can have enable for all. You can say the user better come across the platform here and the, the kind of growth that we have within this usage here. And we seeing also, I mean we leverage here to get with a speed today on a fantastic scale that we actually have here with I would say are both, you can say feature performance going I will say re really in the direction. But we couldn't imagine here. You can say a few years back here. It is fantastic transformation but we undergo here through the platform of the technology that we have. >> No, it reminds me of sort of the early days of mobile people talked about being able to connect remote users in places like Africa or other parts of the world that haven't been able to enjoy things like a land line. And I presume you're seeing a lot of interest in those types of regions. Maybe you could talk about that a little bit. >> Yeah. Correct. I mean we see all of these region here about, for example, now we not only entering, you can say the specifically the Africa region but also you can say the middle East and the Asia Pacific and also actually Latin America. I mean, a lot of these country here, all looking into you can say the expansion, how they can evolve you can say the financial inclusion from what they have today, when they are, and you can say from telco provider, they would like to have an asset of different use cases here. And we're seeing that transformation, but we have right now from just voice, you can say SMS and 5G, et cetera. This is the platform that we have to sort of enable the transaction for a mobile financial system. But we would like also to see about the kind of operator or bond being the business with much more features here. And this is another, you can say, I was attraction to attract the user where the the mobile transfer system. We see these kind of expanding very heavily in these, these kind of market. >> I think this is really transformative, not, I mean in terms of people's lives. I mean, your first of all, you're talking about the convenience of being able to move money as bits as opposed to paper, but as well I would think supporting entrepreneurship and businesses getting started, I mean, there's a whole set of cultural and societal impacts that you're having. How do you see that? >> Yeah. We also provide the, you say, I mean is also supporting, say micro loans and need as an entrepreneurial sort of stock. You can say any kind of company. You need to get off these, this around here. We have seen that we have a of enterprise. Those is a cross functional, the whole asset that we are, that we are oriented today. >> Talk a little bit about partnerships and ecosystems. I know you've got big partnerships with, with HPE. We're going to get to that. They're kind of as a technology provider, but what about, other partnerships like I'm imagining that if I'm going to pay my bill with this you've got other providers that got to connect into your platform. How are those ecosystem partnerships evolving? >> Well, are kind of enabler about we are providing to the operator. The partnerships is then going through the operator. It could be any kind of you can say external instrument that we have today and they can know if you can go directly to that to the bank, you can go directly to any core provider. You have these most et cetera, so on but these are all partners would be in. You could say connected through there. You can say, operate through a subsidy. What we doing actually with our platform is to kind of make the navel and to kind of provide the food ecosystem as partnership to operate a SAS today here. That's kind of the baseline that we see how you can say. We are sort of supporting of building the full ecosystem around the platform in order to connect here. Wells come to both the light, the cord as I said, here, the merchant, the bank, any kind of, type of, you can say I would say service provider here but that we can see could enable the ecosystem. >> Okay. And I don't want to geek out here but it sounds like it's an open system that my developers can plug into through APIs. They're not going to throw cold water on it. They're going to embrace it and say, Oh yeah this is actually easy for me to integrate with. Is that correct? >> Correct. Correct. And the open API that we actually are providing today I think that you can say there are thousands of you can say developer, just you can say connecting to our system. And actually we also providing both sandbox and Ann Arbor. You can see the application in order to support this to developers in order to kind of create this ecosystem here. It's a multiple things that we see through what you can say here, they're both the partners partnership, the open API, or you can say that the development that is doing for prudent channels. So, I mean, it's an fascinating amazing development that we'll see our frontier right now. >> Now what's HP's role in all this, what are they providing? How are you partnering with them? >> It's very good question. I will say. And we look back, you can say, and we have evaluate a lot of you say that the provide the fruit year here and you can just imagine the kind of stability that we need to provide when come to the financial inclusion system here because what we need to have a very strong uptake of making sure that we don't both go with the performance and the stability. And what we have seen in our lab is that the partnership with HP have domestically evolve. Our, you can say our stability assessed on the system. And right now we are leveraging the Dockers with the microservices here to get with HB on the platform that you're providing. I would say that the transformation we have done in disability, but we have get through the food. You can say HP system is, is really fantastic at the moment. >> I'm no security expert, but I talked to a lot of security experts in what I do know is they tell me that, that you can't just bolt security on. It's going to be designed in from the start. I would imagine that that's part of the HPP partnership but what about security? Can I fully trust this platform? >> No, it's very valid question. I will say we have one of the most you can say secure system here we also running multiple external. You can say a system validation data it's called the PRD assess certification is a certification but we have external auditor. You can say trying to breach the system look at the process that we are developing making sure that we have, you can say, or off you can say the documentation really in shape. And seeing that we follow the procedure when we are both developing the code. And also when we look into all the API that we actually exposed to our end users. I would say that we haven't had any breach on our system. And we really work in tightly. I would say both to get with, I would say HP and the of course the customers out and every time we do a low once, we also make you can say final security validation on the system here in order to sort of see that we have an end to end because the application, but it's completely secure. That's a very important topic from our point of view. >> There's a usual, I don't even want to think about that. Like I said, up front it's going to be hidden from me all that complexity, but it's sort of same question around compliance and privacy. I an often, security, privacy there's sort of two sides of the same coin, but compliance privacy you've got to worry about KYC, know your customer. There's a lot of complexity around that. And that's another key piece. >> Now, like you said, the KYC is an important part that we have food support in our system. And then we validate you can say all the users, we also are running you can say without credit scoring companies, the you can say operator or partnering with, his combined you can say with both the KYC and the credit scoring that we are performing, that's make us a very you can say unique, stable platform and such. >> Last question is, what about going forward? What's the roadmap look like? What can you share? What should we expect going forward in terms of the impact that this will have on society and how the technology will evolve? >> Well, what is he going forward? That's very interesting question because what we see right now is how we kind of have changed the life for so many. You can say unbanked people here, and we would like to have you can say any kind of assets that going forward here, any kind of you can see that the digital currency is evolving through both government. You can see over the top players like Google you can say WhatsApp, all of these things here. We want to be the one that also connecting. You can say these type of platform together and see that we could be the heart of the ecosystem going forward here, independent in what kind of, you can say customer we aiming for. I will say this is kind of the role that we will play in the future here, depending on what kind of currency it would be. It's a very interesting future. We see with this you can say overall digital currency, the market and the trends that we are now right now evolving on. >> Very exciting. And we were talking about elevating, potentially billions of people, all... Thanks very much for sharing this innovation with the audience and best of luck with this incredible platform. Congratulations. >> Thank you so much, Dave. And once again, thank you for having me here. And I'll talk to you soon again. Thank you. >> Thank you. It's been our pleasure and thank you for watching. This is Dave Vellante. (upbeat music playing)

>> Announcer: From around the globe, it's the CUBE with digital coverage of AWS re:Invent 2020 special coverage sponsored by AWS Global Partner Network. >> Welcome back to theCUBE's virtual coverage of AWS re:invent 2020, it's virtual this year, we're usually in person this year we have to do remote interviews because of the pandemic, but it's been a great run, a lot of great content happening here in these next three weeks of re:Invent. We've got two great guests here as part of our coverage of the APN Partner Experience. I'm your host, John Furrier. Barbara Kessler, Global APN Programs Leader, and Ryan Broadwell, Global Director of ISVs for AWS. Thanks for coming on the CUBE, Thanks for joining me. >> Hey, thanks for having us, it's great to be here. >> You know we heard of-- >> Yeah thanks for having us John. >> Thanks for coming on. Sorry we're not in person, but tons of content. I mean, there's a lot of the VODs, the main stages, but the news hitting this morning around Doug's comments from strong focus of ISVs is just a continuation. We heard that last year, but this year more focus investments there, new announcements take us through what we just heard and what it means. >> Yeah John, I'll jump in first and then let Barbara add some additional color and commentary, but I think it is a continuation for us as we look at continuing to build a momentum with our ISVs they're mission critical for us, and we hear that loud and clear from our customers. So as you think about building off what Doug was talking about, I think it's first important for us to start with, we look to help our partners build and build well-designed solutions on AWS, supporting their innovation and transformation and working together to deliver scalable, reliable, secure solutions for our customers. To facilitate this, we offer programs such as AWS SaaS Factory, that provide enablement to our ISVs to build new products, migrate single tenent environments or optimize existing SaaS Solutions on AWS. And we do this through mechanisms like Webinars, Bootcamps, Workshops and even one-on-one engagements. You know, as you talked about, we just heard from Doug announce AWS SaaS Boost, which is a ready to use open source implementation of SaaS tooling and best practices to accelerate ISV SaaS Path. Through SaaS Factory which we've worked on with many ISVs in the last few years and you're well aware of, we have lots of learnings and we've helped a lot of partners make that journey towards SaaS. Partners like BMC, CloudZero, Nasdaq, Cohesity, or F5 transform their delivery and business models to SaaS. We've had a lot of demand for this type of engagement. And we knew it was important that we come up with a scalable way to help partners accelerate their transformation. SaaS Boost provides prescriptive experience to transform applications through an intuitive tool with many core services needed to develop and operate on the AWS Cloud. In addition to that, we look to use the well-architected framework, which is proven to set the architectural best practices for designing in operating systems in the Cloud, to help ISVs build their solutions on AWS. We just launched two additional lenses in well-architected tool, to enable ISVs to conduct these reviews from within the AWS console, one SaaS environment, and one aligned with foundational technical reviews, which helps partners prepare for the technical validation in AWS Partner Programs. >> You know, the SaaS Boost, I love that I was joking on Twitter, it sounds like an energy drink. Give me some of that SaaS Boost, don't drink too many of them you get immune to two to strong out, but this is what people want Barbara. This is about the Partner Network. You guys are providing more stuff, more successful programs and capabilities. This is what the demand is for. Help me get there faster path to SaaS. Can you explain what this means for partners? What's in it for them, can you share your thoughts? >> Yeah, absolutely. And you know, Ryan talked about some of the things that we do to help partners build their ISVs and software or SaaS products. But in addition to that, we provide a number of programs and resources to help partners also grow their business through marketing and sales focused programs. That's an area that we are focused on investing deeply with our partner community. For example, we offer APN Marketing Central through which partners can find and launch free customizable marketing campaigns, or even find a marketing agency to work with that has experienced messaging AWS, it also offers APN marketing activity. We recognize that not all partners, especially if they're in their startup stages, have those investments and skill sets yet around marketing. So Marketing Academy offers self service content to teach partners who don't have that capability in house today, to how to drive awareness campaigns and build demand for their offerings. We also offer a broad set of funding benefits to help partners starting from the build stage that Ryan talks about through Sandbox Credits to support their development, all the way through marketing with Market Development Funds as they're selling with what we call our partner Opportunity Acceleration Program, which is how we fund POC to support our partners and winning new customers. We also heard Doug announce in the keynote that we are launching the ISV Accelerate Program. This is our new co-selling program for ISVs that offer compensation incentives for AWS account managers, access to co-sale specialists and reduced marketplace listing fees to help our partners continue to grow their business with us. >> You know, successful selling is amazing. You want to make money. I mean, come on, you bring it a lot to the table. Co-selling I think that's a huge point. Nice call out there. Ryan, can you give some examples of partners that have been successful with these resources? >> Hey John, thank you. Yeah, it'd be great to kind of walk through with one good example and a little bit of detail. And what we've seen with Sisense is a great example of a partner that leveraged these resources and the work that they've done with Luma Health. So Luma Health serves millions of patients, provides a Cloud-hosted patient engagement platform that connects patients and providers. You know when word about COVID started, spreading Luma helped solve a big increase in questions and concerns from patients and the providers. Luma Health saw an opportunity to create new products, to help patients and providers during the pandemic, to decide what to build and how to build it, the company wanted to analyze sentimental signal and data real-time. Using Sisense, Amazon Redshift and Amazon Web Services, Data Migration Services, Luma Health built a platform that delivered analytics and insights it needed, democratizing access to the data for all users. As a result, Luma Health uncovered insights such as facts that SMS was the preferred method of communication and that many patients had similar questions. Just three weeks after their hypothesis, Luma Health released new products based on its insights, a turn-key EHR enabled healthcare solution, zero contact check-in and COVID-19 Broadcast Messaging System. >> So a lot of good successes. The question that I would ask you guys, this is the probably what's on everyone's mind is I'm a partner, I'm growing, obviously I'm in the partner network because I'm being successful. I don't have a lot of time. I need to figure out all the stuff that you have. You have so much going on that's good for me. I don't know what to do. Can you help me figure out what resources and programs to leverage? I could imagine this is a question that I would have, I want it too, I want to make money co-sell, I want to get into this program. What's the best path? I mean, what do I do? Can you share how you help your partners get on the right road, have the right resources, What are the right programs? 'Cause it makes it more consumable. This is probably a big challenge, can you share your thoughts? >> Yeah, happy to explore that. So we certainly find a lot of opportunity to innovate with our partners and customers and a result we do offer a broad range of programs, resources, material to meet the diverse needs of those partners and customers. One focus of these programs and enablement models that we offer partners, is to help our partners build their products and build their business with us. And the other focus is to create program structures that help customers find the right partner and the right solution at the right time. But we recognize it's a lot (chuckles) and we want to make sure that our partners are easily able to find what's most relevant to them. And to deliver this more effectively for ISV partners specifically, Doug just announced the launch of ISV Partner Path. As with everything we do at AWS, this new program structure works backwards from our customers and our partners to deliver the needs of both of those audiences. When a customer identifies a need for a solution, they search for that solution based on their business needs and the outcomes that they're looking to deliver rather than searching based on a partner profile. So ISV Partner Path pivots the focus that we have today on partner-level tier badging to instead focus on solution-level validation badging that helps us better align to what our customers are looking for and how they look for software products. The new model responds to that partner and customer feedback that we've heard, it removes APN tier requirements for ISVs and introduces the ability to engage across all of the products, services, and solutions that a partner offers and it pivots the partner badge attainment. So today our partners attain badging based on a tier and moving forward, they'll attain that badging to go to market with solutions that are validated and have gone through a technical assessment to either integrate effectively or run effectively on AWS. So if you were requirements to access APN programs from differentiation to funding and co-selling, partners can engage more quickly in a more meaningful way and in a more clear path to develop their solution offering and go to market with AWS. >> Ryan anything you want to add on in terms of structural support in terms of account management and does everyone get in on a wrap? Is there certain levels of attention? When does that come into play? >> Yeah, I think Barbara has made a great point in that we have a lot of great programmatic resources, but there's also no substitution for engagement with a person. And we have Partner Development Resources available to engage with our partners and help them develop their individualized plans that help them understand how they maximize the opportunity with their customer set and expand their customer sets. This starts as soon as a partner registers with the AWS Partner Network, they're contacted by a Partner Development team member within the first business day. This is a commitment we find incredibly important to the partner. And even when we have five or more new partners registering every single day. We look to go beyond that and it's not just about onboarding to your point John, our partner team works backwards from the customer and the partner to help develop what is that joint plan? How do we focus on what strategic to the partner and what becomes strategic to our customers? With that plan our team works to activate that broadly across the team in support of achieving our joint goals. And then naturally all partnerships, we want join accountability, we want mechanisms to measure success. >> You know I talked to a lot of channel partners over the years in my career, and the Cloud it really highlights the speed and the agility feature, but it all comes down to the same thing. I want to get my solution in front of the customer, I want to make money, I want to make it easy to use, make it easy to consume. I want to leverage the Cloud. This is kind of the process, this is how it always happens. This is what they want and you guys are bringing a lot to the table and that's important. And I think co-selling having the kind of support, making it consumable is easy and super great. So I have to ask you with that, what's your advice for people who are jumping in? Because you're seeing more on boarding of ISVs than ever before. And we've been commenting on theCUBE for multiple years. We've been seeing the uptick in software SaaS ISVs. And remember Amazon is not in the SaaS business a hundred percent. And government just collapsed the platform as a service in the IS categories that highlights the fact that your entire ISV landscape is wide open and growing. So there's new ISV is coming in. (chuckles) What advice would you give them to get started, experience and -- >> Yeah, I can take that. >> Yeah. >> Yeah, I can take that one thank you. And I actually want to build on something Ryan said, we actually have more than 50 new partners joining the AWS Partner Network every single day. And so having the right structure for those partners to easily navigate and the right resources for them is something that's very top of mind for us. I think I can distill down about two primary pieces of advice from my perspective for a new partner who's trying to figure out how to work with us and get involved. First and foremost, build a relationship with your Partner Manager, help them know and understand your business, the customers that you focus on, the solutions you provide. The Partner Manager is your advocate and could be your mentor in working with AWS. Make sure they know what you're good at. Partners are able to build the best traction with our shared customers and our AWS sales team when it's very clear what they're good at and how their solutions solve specific customer problems. And specialization through programs such as competency, which validate solutions based on industry in this case or workload is really key to helping communicate that specific value. And second, I would say avail yourself of the resources available to you. We offer a number of self-serve resources, such as the new ISV Navigate Track that is launching in conjunction with ISV Partner Path that provides individuals the sort of step by step guidance to move through that engagement with us, they connect them to all the resources that they need. Marketing Central which we discussed earlier to drive marketing campaigns that can be very self-served and driven by the Partner Central, which offers a wealth of content, white papers, et cetera. That's our portal through which partners engage. And you can also access things like training and certification discounts to build your Cloud skills to support your business. But I think both of those are really important things to keep in mind for partners who are just kind of getting started with us as well as partners who've been working with us for a while now. >> Ryan, what do you want to add to that because again, there's more ISVs is coming. And again, Amazon has been very disruptive in it's enablement of partners. Not everyone fits into a nice clean bucket. I mean what looks like a category might be old and being disrupted into to a new category being developed. All these new categories and new solutions. It's hard to put people into buckets. So you have a tough job, how do you give advice to your partners? >> It is tough, and the rate of transformation continues. And the rate of innovation continues to quicken. My advice is lean in with us. We continue to invest our efforts in developing this vibrant community of partners. So lean in, we'll continue to iterate around and optimize our joint plans and activities. And we'd look to be able to continue to drive success for our customers and our partners. >> Well, you guys do a great job. I want to say I've watched the APN grow and change and evolve. Market demand is there and you got the Factory, you got the Boost, you got the Lenses, you got the Partner Network, the people. It's people equation with software so congratulations. Thanks for coming on theCUBE. >> Thank you so much, appreciate the time. >> Thank you. >> Okay, great event here, re:Invent 2020 Virtual. This is theCUBE Virtual. I'm John Furrier your host, wall-to-wall coverage with theCUBE, thanks for watching. (gentle music)

>> Announcer: From around the globe, it's theCUBE. With digital coverage of AWS re:Invent 2020. Special coverage sponsored by AWS global partner network. >> Okay, welcome back everyone to theCUBE virtual coverage of re:Invent 2020 virtual. Normally we're in person, this year because of the pandemic we're doing remote interviews and we've got a great coverage here of the APN, Amazon Partner Network experience. I'm your host John Furrier, we are theCUBE virtual. Got a great guest from Tel Aviv remotely calling in and videoing, Nimrod Vax, who is the chief product officer and co-founder of BigID. This is the beautiful thing about remote, you're in Tel Aviv, I'm in Palo Alto, great to see you. We're not in person but thanks for coming on. >> Thank you. Great to see you as well. >> So you guys have had a lot of success at BigID, I've noticed a lot of awards, startup to watch, company to watch, kind of a good market opportunity data, data at scale, identification, as the web evolves beyond web presence identification, authentication is super important. You guys are called BigID. What's the purpose of the company? Why do you exist? What's the value proposition? >> So first of all, best startup to work at based on Glassdoor worldwide, so that's a big achievement too. So look, four years ago we started BigID when we realized that there is a gap in the market between the new demands from organizations in terms of how to protect their personal and sensitive information that they collect about their customers, their employees. The regulations were becoming more strict but the tools that were out there, to the large extent still are there, were not providing to those requirements and organizations have to deal with some of those challenges in manual processes, right? For example, the right to be forgotten. Organizations need to be able to find and delete a person's data if they want to be deleted. That's based on GDPR and later on even CCPA. And organizations have no way of doing it because the tools that were available could not tell them whose data it is that they found. The tools were very siloed. They were looking at either unstructured data and file shares or windows and so forth, or they were looking at databases, there was nothing for Big Data, there was nothing for cloud business applications. And so we identified that there is a gap here and we addressed it by building BigID basically to address those challenges. >> That's great, great stuff. And I remember four years ago when I was banging on the table and saying, you know regulation can stunt innovation because you had the confluence of massive platform shifts combined with the business pressure from society. That's not stopping and it's continuing today. You seeing it globally, whether it's fake news in journalism, to privacy concerns where modern applications, this is not going away. You guys have a great market opportunity. What is the product? What is smallID? What do you guys got right now? How do customers maintain the success as the ground continues to shift under them as platforms become more prevalent, more tools, more platforms, more everything? >> So, I'll start with BigID. What is BigID? So BigID really helps organizations better manage and protect the data that they own. And it does that by connecting to everything you have around structured databases and unstructured file shares, big data, cloud storage, business applications and then providing very deep insight into that data. Cataloging all the data, so you know what data you have where and classifying it so you know what type of data you have. Plus you're analyzing the data to find similar and duplicate data and then correlating them to an identity. Very strong, very broad solution fit for IT organization. We have some of the largest organizations out there, the biggest retailers, the biggest financial services organizations, manufacturing and et cetera. What we are seeing is that there are, with the adoption of cloud and business success obviously of AWS, that there are a lot of organizations that are not as big, that don't have an IT organization, that have a very well functioning DevOps organization but still have a very big footprint in Amazon and in other kind of cloud services. And they want to get visibility and they want to do it quickly. And the SmallID is really built for that. SmallID is a lightweight version of BigID that is cloud-native built for your AWS environment. And what it means is that you can quickly install it using CloudFormation templates straight from the AWS marketplace. Quickly stand up an environment that can scan, discover your assets in your account automatically and give you immediate visibility into that, your S3 bucket, into your DynamoDB environments, into your EMR clusters, into your Athena databases and immediately building a full catalog of all the data, so you know what files you have where, you know where what tables, what technical metadata, operational metadata, business metadata and also classified data information. So you know where you have sensitive information and you can immediately address that and apply controls to that information. >> So this is data discovery. So the use case is, I'm an Amazon partner, I mean we use theCUBE virtuals on Amazon, but let's just say hypothetically, we're growing like crazy. Got S3 buckets over here secure, encrypted and the rest, all that stuff. Things are happening, we're growing like a weed. Do we just deploy smallIDs and how it works? Is that use cases, SmallID is for AWS and BigID for everything else or? >> You can start small with SmallID, you get the visibility you need, you can leverage the automation of AWS so that you automatically discover those data sources, connect to them and get visibility. And you could grow into BigID using the same deployment inside AWS. You don't have to switch migrate and you use the same container cluster that is running inside your account and automatically scale it up and then connect to other systems or benefit from the more advanced capabilities the BigID can offer such as correlation, by connecting to maybe your Salesforce, CRM system and getting the ability to correlate to your customer data and understand also whose data it is that you're storing. Connecting to your on-premise mainframe, with the same deployment connecting to your Google Drive or office 365. But the point is that with the smallID you can really start quickly, small with a very small team and get that visibility very quickly. >> Nimrod, I want to ask you a question. What is the definition of cloud native data discovery? What does that mean to you? >> So cloud native means that it leverages all the benefits of the cloud. Like it gets all of the automation and visibility that you get in a cloud environment versus any traditional on-prem environment. So one thing is that BigID is installed directly from your marketplace. So you could browse, find its solution on the AWS marketplace and purchase it. It gets deployed using CloudFormation templates very easily and very quickly. It runs on a elastic container service so that once it runs you can automatically scale it up and down to increase the scan and the scale capabilities of the solution. It connects automatically behind the scenes into the security hub of AWS. So you get those alerts, the policy alerts fed into your security hub. It has integration also directly into the native logging capabilities of AWS. So your existing Datadog or whatever you're using for monitoring can plug into it automatically. That's what we mean by cloud native. >> And if you're cloud native you got to be positioned to take advantage of the data and machine learning in particular. Can you expand on the role of machine learning in your solution? Customers are leaning in heavily this year, you're seeing more uptake on machine learning which is basically AI, AI is machine learning, but it's all tied together. ML is big on all the deployments. Can you share your thoughts? >> Yeah, absolutely. So data discovery is a very tough problem and it has been around for 20 years. And the traditional methods of classifying the data or understanding what type of data you have has been, you're looking at the pattern of the data. Typically regular expressions or types of kind of pattern-matching techniques that look at the data. But sometimes in order to know what is personal or what is sensitive it's not enough to look at the pattern of the data. How do you distinguish between a date of birth and any other date. Date of birth is much more sensitive. How do you find country of residency or how do you identify even a first name from the last name? So for that, you need more advanced, more sophisticated capabilities that go beyond just pattern matching. And BigID has a variety of those techniques, we call that discovery-in-depth. What it means is that very similar to security-in-depth where you can not rely on a single security control to protect your environment, you can not rely on a single discovery method to truly classify the data. So yes, we have regular expression, that's the table state basic capability of data classification but if you want to find data that is more contextual like a first name, last name, even a phone number and distinguish between a phone number and just a sequence of numbers, you need more contextual NLP based discovery, name entity recognition. We're using (indistinct) to extract and find data contextually. We also apply deep learning, CNN capable, it's called CNN, which is basically deep learning in order to identify and classify document types. Which is basically being able to distinguish between a resume and a application form. Finding financial records, finding medical records. So RA are advanced NLP classifiers can find that type of data. The more advanced capabilities that go beyond the smallID into BigID also include cluster analysis which is an unsupervised machine learning method of finding duplicate and similar data correlation and other techniques that are more contextual and need to use machine learning for that. >> Yeah, and unsupervised that's a lot harder than supervised. You need to have that ability to get that what you can't see. You got to get the blind spots identified and that's really the key observational data you need. This brings up the kind of operational you heard cluster, I hear governance security you mentioned earlier GDPR, this is an operational impact. Can you talk about how it impacts on specifically on the privacy protection and governance side because certainly I get the clustering side of it, operationally just great. Everyone needs to get that. But now on the business model side, this is where people are spending a lot of time scared and worried actually. What the hell to do? >> One of the things that we realized very early on when we started with BigID is that everybody needs a discovery. You need discovery and we actually started with privacy. You need discovery in route to map your data and apply the privacy controls. You need discovery for security, like we said, right? Find and identify sensitive data and apply controls. And you also need discovery for data enablement. You want to discover the data, you want to enable it, to govern it, to make it accessible to the other parts of your business. So discovery is really a foundation and starting point and that you get there with smallID. How do you operationalize that? So BigID has the concept of an application framework. Think about it like an Apple store for data discovery where you can run applications inside your kind of discovery iPhone in order to run specific (indistinct) use cases. So, how do you operationalize privacy use cases? We have applications for privacy use cases like subject access requests and data rights fulfillment, right? Under the CCPA, you have the right to request your data, what data is being stored about you. BigID can help you find all that data in the catalog that after we scan and find that information we can find any individual data. We have an application also in the privacy space for consent governance right under CCP. And you have the right to opt out. If you opt out, your data cannot be sold, cannot be used. How do you enforce that? How do you make sure that if someone opted out, that person's data is not being pumped into Glue, into some other system for analytics, into Redshift or Snowflake? BigID can identify a specific person's data and make sure that it's not being used for analytics and alert if there is a violation. So that's just an example of how you operationalize this knowledge for privacy. And we have more examples also for data enablement and data management. >> There's so much headroom opportunity to build out new functionality, make it programmable. I really appreciate what you guys are doing, totally needed in the industry. I could just see endless opportunities to make this operationally scalable, more programmable, once you kind of get the foundation out there. So congratulations, Nimrod and the whole team. The question I want to ask you, we're here at re:Invent's virtual, three weeks we're here covering Cube action, check out theCUBE experience zone, the partner experience. What is the difference between BigID and say Amazon's Macy? Let's think about that. So how do you compare and contrast, in Amazon they say we love partnering, but we promote our ecosystem. You guys sure have a similar thing. What's the difference? >> There's a big difference. Yes, there is some overlap because both a smallID and Macy can classify data in S3 buckets. And Macy does a pretty good job at it, right? I'm not arguing about it. But smallID is not only about scanning for sensitive data in S3. It also scans anything else you have in your AWS environment, like DynamoDB, like EMR, like Athena. We're also adding Redshift soon, Glue and other rare data sources as well. And it's not only about identifying and alerting on sensitive data, it's about building full catalog (indistinct) It's about giving you almost like a full registry of your data in AWS, where you can look up any type of data and see where it's found across structured, unstructured big data repositories that you're handling inside your AWS environment. So it's broader than just for security. Apart from the fact that they're used for privacy, I would say the biggest value of it is by building that catalog and making it accessible for data enablement, enabling your data across the board for other use cases, for analytics in Redshift, for Glue, for data integrations, for various other purposes. We have also integration into Kinesis to be able to scan and let you know which topics, use what type of data. So it's really a very, very robust full-blown catalog of the data that across the board that is dynamic. And also like you mentioned, accessible to APIs. Very much like the AWS tradition. >> Yeah, great stuff. I got to ask you a question while you're here. You're the co-founder and again congratulations on your success. Also the chief product officer of BigID, what's your advice to your colleagues and potentially new friends out there that are watching here? And let's take it from the entrepreneurial perspective. I have an application and I start growing and maybe I have funding, maybe I take a more pragmatic approach versus raising billions of dollars. But as you grow the pressure for AppSec reviews, having all the table stakes features, how do you advise developers or entrepreneurs or even business people, small medium-sized enterprises to prepare? Is there a way, is there a playbook to say, rather than looking back saying, oh, I didn't do with all the things I got to go back and retrofit, get BigID. Is there a playbook that you see that will help companies so they don't get killed with AppSec reviews and privacy compliance reviews? Could be a waste of time. What's your thoughts on all this? >> Well, I think that very early on when we started BigID, and that was our perspective is that we knew that we are a security and privacy company. So we had to take that very seriously upfront and be prepared. Security cannot be an afterthought. It's something that needs to be built in. And from day one we have taken all of the steps that were needed in order to make sure that what we're building is robust and secure. And that includes, obviously applying all of the code and CI/CD tools that are available for testing your code, whether it's (indistinct), these type of tools. Applying and providing, penetration testing and working with best in line kind of pen testing companies and white hat hackers that would look at your code. These are kind of the things that, that's what you get funding for, right? >> Yeah. >> And you need to take advantage of that and use them. And then as soon as we got bigger, we also invested in a very, kind of a very strong CSO that comes from the industry that has a lot of expertise and a lot of credibility. We also have kind of CSO group. So, each step of funding we've used extensively also to make RM kind of security poster a lot more robust and invisible. >> Final question for you. When should someone buy BigID? When should they engage? Is it something that people can just download immediately and integrate? Do you have to have, is the go-to-market kind of a new target the VP level or is it the... How does someone know when to buy you and download it and use the software? Take us through the use case of how customers engage with. >> Yeah, so customers directly have those requirements when they start hitting and having to comply with regulations around privacy and security. So very early on, especially organizations that deal with consumer information, get to a point where they need to be accountable for the data that they store about their customers and they want to be able to know their data and provide the privacy controls they need to their consumers. For our BigID product this typically is a kind of a medium size and up company, and with an IT organization. For smallID, this is a good fit for companies that are much smaller, that operate mostly out of their, their IT is basically their DevOps teams. And once they have more than 10, 20 data sources in AWS, that's where they start losing count of the data that they have and they need to get more visibility and be able to control what data is being stored there. Because very quickly you start losing count of data information, even for an organization like BigID, which isn't a bigger organization, right? We have 200 employees. We are at the point where it's hard to keep track and keep control of all the data that is being stored in all of the different data sources, right? In AWS, in Google Drive, in some of our other sources, right? And that's the point where you need to start thinking about having that visibility. >> Yeah, like all growth plan, dream big, start small and get big. And I think that's a nice pathway. So small gets you going and you lead right into the BigID. Great stuff. Final, final question for you while I gatchu here. Why the awards? Someone's like, hey, BigID is this cool company, love the founder, love the team, love the value proposition, makes a lot of sense. Why all the awards? >> Look, I think one of the things that was compelling about BigID from the beginning is that we did things differently. Our whole approach for personal data discovery is unique. And instead of looking at the data, we started by looking at the identities, the people and finally looking at their data, learning how their data looks like and then searching for that information. So that was a very different approach to the traditional approach of data discovery. And we continue to innovate and to look at those problems from a different perspective so we can offer our customers an alternative to what was done in the past. It's not saying that we don't do the basic stuffs. The Reg X is the connectivity that that is needed. But we always took a slightly different approach to diversify, to offer something slightly different and more comprehensive. And I think that was the thing that really attracted us from the beginning with the RSA Innovation Sandbox award that we won in 2018, the Gartner Cool Vendor award that we received. And later on also the other awards. And I think that's the unique aspect of BigID. >> You know you solve big problems than certainly as needed. We saw this early on and again I don't think that the problem is going to go away anytime soon, platforms are emerging, more tools than ever before that converge into platforms and as the logic changes at the top all of that's moving onto the underground. So, congratulations, great insight. >> Thank you very much. >> Thank you. Thank you for coming on theCUBE. Appreciate it Nimrod. Okay, I'm John Furrier. We are theCUBE virtual here for the partner experience APN virtual. Thanks for watching. (gentle music)

>> Narrator: From around the globe, it's theCUBE with coverage of KubeCon and CloudNativeCon Europe 2020 Virtual brought to you by Red Hat, the Cloud Native Computing Foundation and ecosystem partners. >> Hi I'm Stu Miniman and this is theCUBE's coverage of KubeCon, CloudNativeCon the 2020 European show of course happening virtually and that has put some unique challenges for the people running the show, really happy to welcome to the program she is one of the co-chairs of this event, and she is also a Principal Software Engineer at Splunk, Constance Caramanolis thank you so much for joining us. >> Hi, thank you for having me, I'm really excited to be here, it's definitely an interesting time. >> Alright, so Constance we know KubeCon it's a great community, robust everybody loves to get together there's some really interesting hallway conversations and so much going on, we've been watching, the four or five years we've been doing theCUBE at this show, just huge explosion of the breadth and depth of the content and of course, great people there. Just, if we could start with a little bit, your background, as I mentioned you're the co-chair, you work for Splunk by way of an acquisition, of Omnition try saying that three times fast, and Omnition you were telling me is a company that was bought really before it came out of stealth, but when it comes to the community itself, how long have you been involved in this community? What kind of led you to being co-chair? >> Yeah, I guess I've been involved with the community since 2017, so, I was at Lyft before Omnition Splunk, and I was lucky enough to be one of the first engineers, on Envoy you might've heard of Envoy, sorry I laugh at my own jokes. (laughing) Like my first exposure to KubeCon and seeing the CNCF community was KubeCon Austin and the thing that I was amazed by was actually you said it the hallway tracks, right? I would just see someone and be like, "Hey, like, I think I've seen your code review can I say hi?" And that started back on me at least a little bit involved in terms of talking to more people then they needed people I would work on a PR or in some of the community meetings and that was my first exposure to the community. And so I was involved in Envoy pretty actively involved in Envoy all the way until from 2016 until mid 2018 and then I switched projects and turning it left and did some other stuff and I came back into CNCF community, in OpenTelemetry as of last year, actually almost exactly a year ago now to work on making tracing, I'm going to say useful and the reason why I say useful is that usually people think of tracing as, not as important as metrics and logs, but there is so much to tracing that we tend to undervalue and that's why I got involved with OpenTelemetry and Omnition, because there's some really interesting ways that you could view tracing, use tracing, and you could answer a lot of questions that we have in our day-to-day and so that's kind of that's how I got involved in the second-round community and then ended up getting nominated to be on the co-chair and I obviously said yes, because this is an amazing opportunity to meet more people and have more of that hallway track. >> Alright, so definitely want to talk about OpenTracing, but let's talk about the event first, as we were talking about. >> Yeah. >> That community you always love the speakers, when they finish a session, they get mobbed by people doing questions. When you walk through the expo hall, you go see people so give us a little bit of insight as to how we're trying to replicate that experience, make sure that there's I don't know office hours for the speakers and just places and spaces for people to connect and meet people. >> Yeah, so I will say that like, part of the challenge with KubeCone EU was that it had already been meant to be an in person event and so we're changing it to virtual, isn't going to be as smooth as a KubeCon or we have the China event that's happening in a few weeks or at Boston, right that's still going on, like, those ones are being thought out a lot more as a proper virtual event. So a little bit of the awkwardness of, now everything is going to be online, right? It's like you can't actually shake someone's hand in a hallway but we are definitely trying to be cognizant of when I'm in terms of future load, like probably less content, right. It's harder to sit in front of a screen and listen to everything and so we know that we know we have enough bandwidth we're trying to find, different pieces of software that allow for better Q and A, right? Exactly, like the mobbing after session is go in as a speaker and one as attendee is sometimes like the best part about conferences is you get to like someone might've said something like, "Hey, like this little tidbit "I need to ask you more questions about this." So we're providing software to at least make that as smooth, and I'm putting this in quotation and as you'll be able to tell anyone who's watching as I speak with my hands. Right, so we're definitely trying to provide software to at least make that initial interaction as smooth as possible, maybe as easy as possible we know it's probably going to be a little bit bumpy just because I think it's also our first time, like everyone, every conference is facing this issue so it's going to be really interesting to see how the conference software evolves. It is things that we've talked about in terms of maybe offering their office hours, for that it's still something that like, I think it's going to be really just an open question for all of us, is that how do we maintain that community? And I think maybe we were talking or kind of when I was like planting the seed of a topic beforehand, it's like it's something I think that matters like, how do we actually define community? 'Cause so much of it has been defined off that hallway track or bumping into someone, right? And going into someone's booth and be like, like asking that question there, because it is a lot more less intimidating to ask something in person than is to ask it online when everyone gets to hear your question, right. I know I ask less questions online, I guess maybe one thing I want to say is that for now that am thinking about it is like, if you have a question please ask questions, right? If recording is done, if there's a recording for a talk, the speakers are usually made available online during the session or a bit afterwards, so please ask your questions when things come up, because that's going to be a really good way to, at least have a bit of that question there. And also don't be shy, please, even when I say like in terms of like, when it comes to review, code reviews, but if something's unintuitive or let's say, think about something else, like interact with it, say it or even ask that question on Twitter, if you're brave enough, I wouldn't but I also barely use Twitter, yeah I don't know it's a big open question I don't know what the community is going to look like and if it's going to be harder. >> Yeah, well, one of the things I know every, every time I go to the show conferences, when the keynote when it's always like, okay, "How many people is this your first time at the show?" And you look around and it's somewhere, third or half people attending for the first time. >> Yeah. I know I'm trying to remember if it was year and a half ago, or so there was created a kind of one-on-one track at the show to really help onboard and give people into the show because when the show started out, it was like okay, it was Kubernetes and a couple of other things now you've got the graduated, the incubated, the dozens of sandbox projects out there and then even more projects out there so, cloud-native is quite a broad topic, there is no wrong way where you can start and there's so many paths that you can go on. So any tips or things that we're doing this time, to kind of help broaden and welcome in those new participants? >> Yeah so there's two things, one is actually the one to attract is official for a KubeCon EU so we do have like, there's a few good talks in terms of like, how to approach KubeCon it was meant to originally be for a person but at least helping people in terms of general terms, right? 'Cause sometimes there's so much terminology that it feels like you need to carry, cloud-native dictionary around with you, doing that and giving suggestions there, so that's one of the first talks that's going to be able to watch on KubeCon so I highly suggest that, This is actually a really tough question because a lot of it would have been like, I guess it would have been for me, would have been in person be like, don't be afraid to like, if you see someone that, said something really interesting in a talk you attended, like, even if it's not after the question, just be like, "Hey, I thought what you said was really cool "and I just want to say I appreciate your work." Like expressing that appreciation and just even if it isn't like the most thoughtful question in the world just saying thank you or I appreciate you as a really good way to open things up because the people who are speaking are just as well most people are probably just as scared of going up there and sharing their knowledge as probably or of asking a question. So I think the main takeaway from that is don't be shy, like maybe do a nervous dance to get those jitters out and then after (laughing) and then ask that question or say like, thank you it's really nice to meet you. It's harder to have a virtual coffee, so hopefully they have their own teapot or coffee maker beside them, but offered you that, send an email I think, one thing that is very common and I have a hard time with this is that it's easy to get overwhelmed with how much content there is or you said it's just like, I first feel small and at least if everyone is focusing on Kubernetes, especially like a few years ago, at least and you're like, maybe that there are a lot of people who are really advanced but now that there's so many different people like so many people from all range of expertise in this subject matter experts, and interests that it's okay to be overwhelmed just be like, I need to take a step back because mentally attending like a few talks a day is like, I feel like it's taking like several exams 'cause there's so much information being bombarded on you and you're trying to process it so understand that you can't process it all in one day and that's okay, come back to it, right. It's a great thing is that all of these talks are recorded and so you can watch it another time, and I would say probably just choose like three or four talks that you're really excited about and listen to those, don't need to watch everything because as I said we can't process it all and that's okay and ask questions. >> Some great advice there because right, if we were there in person it was always, attend what you really want to see, are there speakers you want to engage with? Because you can go back and watch on demand that's been one of the great opportunities with the virtual events is you can have access on demand, you can poke and prod, personally I love that a lot of them you can adjust the speed of them so, if it's something that it's kind of an intro talk, I can crank it up to one and a half or 2X speed and get through more content or I can pause it, rewind if I'm not getting it. And the other opportunity is I tell you the last two or three years, when I'm at an event, I try to just spend my time, not looking at my phone, talking to people, but now there's the opportunity, hey, if I can be of help, if anybody in the community has a question or wants to get connected to somebody, we know a lot of people I'm easily reachable on Twitter and I'm not sitting on a plane or in the middle of something that being like, so there is just a great robust community out there, online, and it were great be a part of it. So speaking of projects, you mentioned OpenTelemetry, which is what, your day job works on it's been a really, interesting topic of course for those that don't know the history, there were actually two projects that merged, it was a OpenTracing and OpenCensus created OpenTelemetry, so why don't you bring us up to speed as to where we are with the project, and what people should be looking at at the show and throughout the rest of 2020? >> OpenTelemetry is very exciting, we just did our first beta release so for anyone who's been on the fence of, is OpenTelemetry getting traction, or is it something that you're like at, this is a really great time to want to get involved in OpenTelemetry and start looking into it, if it's as a viable project, but I guess should probably take a step back of what is OpenTelemetry, OpenTelemetry as you mentioned was the merging or the marriage of OpenTracing-OpenCensus, right? It was an acknowledgement that so many engineers were trying to solve the same problem, but as most of us knows, right, we are trying to solve the same problem, but we had two different implementations and we actually ended up having essentially a lot of waste of resources because we're all trying to solve the same problem, but then we're working on two different implementations. So that marriage was to address that because, right it's like if you look at all of the major players, all of the players on OpenTelemetry, right? They have a wide variety of vendor experience, right even as of speaking from the vendor hat, right vendors are really lucky that they get to work with so many customers and they get to see all these different use cases. Then there's also just so many actually end users who are using it and they have very peculiar use cases, too, even with a wide set of other people, they're not going to obviously have that, so OpenTelemetry gets to merge all of those different use cases into one, or I guess not into one, but like into a wide set of implementations, but at least it's maintained by a larger group instead of having two separate. And so the first goal was to unify tracing tracing is really far ahead in terms of implementation,, or several implementations of libraries, like Go, Java, Python, Ruby, like on other languages right now but quite a bit of lists there and there's even a collector too which some people might refer to as an agent, depending on what background they have. And so there's a lot of ways to one, implement tracing and also metrics for your services and also gather that data and manipulate it, right? 'Cause for example, tracings so tracing where it's like you can generate a lot of traces, but sometimes missing data and like the collector is a really great place to add data to that, so going back to the state of OpenTelemetry, OpenTelemetry since we just did a beta release, right, we're getting closer to GA. GA is something that we're tracking for at some point this year, no dates yet but it's something that we're really pushing towards, but we're starting to have a very stable API in terms of tracing a metric was on its way, log was all something we're wrapping up on. It is a really great opportunity to, all the different ways that we are that, we even say like service owners, applications, even business rate that we're trying to collect data and have visibility into our applications, this is a really great way to provide one common framework to generate all that data, to gather all that data and generate all that data. So it was really exciting and I don't know, we just want more users and why we say that is to the earlier point is that the more users that we have who are engaged with community, right if you want to open an issue, have a question if you want to set up a PR please do, like we really want more community engagement. It is a great time to do that because we are just starting to get traction, right? Like hopefully, hopefully in a year or two, like we are one of those really big, big projects right up on a CNCF KubeCon and it's like, let's see how much has grown. And it's a great time to join and help influence a project and so many chances for ownership, I know it's really exciting, the company-- >> Excellent well Constance, it's really exciting >> Yeah. >> Congratulations on the progress there, I'm sure everybody's looking forward to as you said GA later this year, want to give you the final word, yourself and Vicky Cheung as the co-chairs for the event, what's your real goal? What do you hope the takeaway is from this instance of the 2020 European show? Of course, virtual now instead of Amsterdam. I guess like two parts one for the takeaway is that it's probably going to be awkward, right? Especially again going back to the community is that we don't have a lot of that in person things so this will be an awkward interaction, but it's a really great place for us to want to assess what a community means to us and how we interact with the community. So I think it's going to be going into it with an open mindset of just knowing like, don't set the expectations, like any other KubeCon because we just know it won't be right, we can't even have like the after hours, like going out for coffee or drinks and other stuff there so having that there and being open to that being different and then also if you have ideas share it with us, 'cause we want to know how we can make it better, so expect that it's different, but it's still going to provide you with a lot of that content that you've been looking for and we still want to make that as much of a welcoming experience for you, so know that we're doing our best and we're open to feedback and we're here for you. >> Excellent, well Constance thank you so much for the work that you and the team have been doing on. absolutely, one of the events that we always look forward to, thanks so much for joining us. >> Thank you for having me. >> Alright, lots more coverage of theCUBE at KubeCon-Cloud Native on Europe 2020, I'm Stu Miniman and thanks for watching. (soft music)

>> Announcer: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is a CUBE conversation. >> Hi everyone. Welcome to this CUBE Conversation. I'm John Furrier host of theCUBE here in the CUBEs, Palo Alto studios during the COVID crisis. We're quarantine with our crew, but we got the remote interviews. Got two great guests here from Fortinet FortiGuard Labs, Derek Mankey, Chief Security Insights and global threat alliances at Fortinet FortiGuard Labs. And Aamir Lakhani who's the Lead Researcher for the FortiGuard Labs. You guys is great to see you. Derek, good to see you again, Aamir, good to meet you too. >> It's been a while and it happens so fast. >> It just seems was just the other day, Derek, we've done a couple of interviews in between a lot of flow coming out of Fortinet FortiGuard, a lot of action, certainly with COVID everyone's pulled back home, the bad actors taking advantage of the situation. The surface areas increased really is the perfect storm for security in terms of action, bad actors are at an all time high, new threats. Here's going on, take us through what you guys are doing. What's your team makeup look like? What are some of the roles and you guys are seeing on your team and how does that transcend to the market? >> Yeah, sure, absolutely. So you're right. I mean like I was saying earlier that is, this always happens fast and furious. We couldn't do this without a world class team at FortiGuard Labs. So we've grown our team now to over 235 globally. There's different rules within the team. If we look 20 years ago, the rules used to be just very pigeonholed into say antivirus analysis, right? Now we have to account for, when we're looking at threats, we have to look at that growing attack surface. We have to look at where are these threats coming from? How frequently are they hitting? What verticals are they hitting? What regions, what are the particular techniques, tactics, procedures? So we have threat. This is the world of threat intelligence, of course, contextualizing that information and it takes different skill sets on the backend. And a lot of people don't really realize the behind the scenes, what's happening. And there's a lot of magic happening, not only from what we talked about before in our last conversation from artificial intelligence and machine learning that we do at FortiGuard Labs and automation, but the people. And so today we want to focus on the people and talk about how on the backend we approached a particular threat, we're going to talk to the word ransom and ransomware, look at how we dissect threats, how correlate that, how we use tools in terms of threat hunting as an example, and then how we actually take that to that last mile and make it actionable so that customers are protected. I would share that information with keys, right, until sharing partners. But again, it comes down to the people. We never have enough people in the industry, there's a big shortage as we know, but it's a really key critical element. And we've been building these training programs for over a decade with them FortiGuard Labs. So, you know John, this to me is exactly why I always say, and I'm sure Aamir can share this too, that there's never a adult day in the office and all we hear that all the time. But I think today, all of you is really get an idea of why that is because it's very dynamic and on the backend, there's a lot of things that we're doing to get our hands dirty with this. >> You know the old expression startup plan Silicon Valley is if you're in the arena, that's where the action is. And it's different than sitting in the stands, watching the game. You guys are certainly in that arena and you got, we've talked and we cover your, the threat report that comes out frequently. But for the folks that aren't in the weeds on all the nuances of security, can you kind of give the 101 ransomware, what's going on? What's the state of the ransomware situation? Set the stage because that's still continues to be threat. I don't go a week, but I don't read a story about another ransomware. And then at least I hear they paid 10 million in Bitcoin or something like, I mean, this is real, that's a real ongoing threat. What is it? >> The (indistinct) quite a bit. But yeah. So I'll give sort of the 101 and then maybe we can pass it to Aamir who is on the front lines, dealing with this every day. You know if we look at the world of, I mean, first of all, the concept of ransom, obviously you have people that has gone extended way way before cybersecurity in the world of physical crime. So of course, the world's first ransom where a virus is actually called PC Cyborg. This is a 1989 around some payment that was demanded through P.O Box from the voters Panama city at the time, not too effective on floppiness, a very small audience, not a big attack surface. Didn't hear much about it for years. Really, it was around 2010 when we started to see ransomware becoming prolific. And what they did was, what cyber criminals did was shift on success from a fake antivirus software model, which was, popping up a whole bunch of, setting here, your computer's infected with 50 or 60 viruses, PaaS will give you an antivirus solution, which was of course fake. People started catching on, the giggles out people caught on to that. So they, weren't making a lot of money selling this fraudulent software, enter ransomware. And this is where ransomware, it really started to take hold because it wasn't optional to pay for this software. It was mandatory almost for a lot of people because they were losing their data. They couldn't reverse engineer that the encryption, couldn't decrypt it, but any universal tool. Ransomware today is very rigid. We just released our threat report for the first half of 2020. And we saw, we've seen things like master boot record, MVR, ransomware. This is persistent. It sits before your operating system, when you boot up your computer. So it's hard to get rid of it. Very strong public private key cryptography. So each victim is effective with the direct key, as an example, the list goes on and I'll save that for the demo today, but that's basically, it's just very, it's prolific. We're seeing shuts not only just ransomware attacks for data, we're now starting to see ransom for extortion, for targeted around some cases that are going after critical business. Essentially it's like a DoS holding revenue streams go ransom too. So the ransom demands are getting higher because of this as well. So it's complicated. >> Was mentioning Aamir, why don't you weigh in, I mean, 10 million is a lot. And we reported earlier in this month. Garmin was the company that was hacked, IT got completely locked down. They pay 10 million, Garmin makes all those devices. And as we know, this is impact and that's real numbers. I mean, it's not other little ones, but for the most part, it's nuance, it's a pain in the butt to full on business disruption and extortion. Can you explain how it all works before we go to the demo? >> You know, you're absolutely right. It is a big number and a lot of organizations are willing to pay that number, to get their data back. Essentially their organization and their business is at a complete standstill when they don't pay, all their files are inaccessible to them. Ransomware in general, what it does end up from a very basic overview is it basically makes your files not available to you. They're encrypted. They have essentially a passcode on them that you have to have the correct passcode to decode them. A lot of times that's in a form of a program or actually a physical password you have to type in, but you don't get that access to get your files back unless you pay the ransom. A lot of corporations these days, they are not only paying the ransom. They're actually negotiating with the criminals as well. They're trying to say, "Oh, you want 10 million? "How about 4 million?" Sometimes that goes on as well. But it's something that organizations know that if they didn't have the proper backups and the hackers are getting smart, they're trying to go after the backups as well. They're trying to go after your duplicated files. So sometimes you don't have a choice in organizations. Will pay the ransom. >> And it's, they're smart, there's a business. They know the probability of buy versus build or pay versus rebuild. So they kind of know where to attack. They know that the tactics and it's vulnerable. It's not like just some kitty script thing going on. This is real sophisticated stuff it's highly targeted. Can you talk about some use cases there and what goes on with that kind of a attack? >> Absolutely. The cyber criminals are doing reconnaissance and trying to find out as much as they can about their victims. And what happens is they're trying to make sure that they can motivate their victims in the fastest way possible to pay the ransom as well. So there's a lot of attacks going on. We usually, what we're finding now is ransomware is sometimes the last stage of an attack. So an attacker may go into an organization. They may already be taking data out of that organization. They may be stealing customer data, PII, which is personal identifiable information, such as social security numbers, or driver's licenses, or credit card information. Once they've done their entire tap. Once they've gone everything, they can. A lot of times their end stage, their last attack is ransomware. And they encrypt all the files on the system and try and motivate the victim to pay as fast as possible and as much as possible as well. >> I was talking to my buddy of the day. It's like casing the joint there, stay, check it out. They do their recon, reconnaissance. They go in identify what's the best move to make, how to extract the most out of the victim in this case, the target. And it really is, I mean, it's just to go on a tangent, why don't we have the right to bear our own arms? Why can't we fight back? I mean, at the end of the day, Derek, this is like, who's protecting me? I mean, what to protect my, build my own arms, or does the government help us? I mean, at some point I got a right to bear my own arms here. I mean, this is the whole security paradigm. >> Yeah. So, I mean, there's a couple of things. So first of all, this is exactly why we do a lot of, I was mentioning the skill shortage in cyber cybersecurity professionals as an example. This is why we do a lot of the heavy lifting on the backend. Obviously from a defensive standpoint, you obviously have the red team, blue team aspect. How do you first, there's what is to fight back by being defensive as well, too. And also by, in the world of threat intelligence, one of the ways that we're fighting back is not necessarily by going and hacking the bad guys because that's illegal jurisdictions. But how we can actually find out who these people are, hit them where it hurts, freeze assets, go after money laundering networks. If you follow the cash transactions where it's happening, this is where we actually work with key law enforcement partners, such as Interpol as an example, this is the world of threat intelligence. This is why we're doing a lot of that intelligence work on the backend. So there's other ways to actually go on the offense without necessarily weaponizing it per se, right? Like using, bearing your own arms as you said, there there's different forms that people may not be aware of with that. And that actually gets into the world of, if you see attacks happening on your system, how you can use the security tools and collaborate with threat intelligence. >> I think that's the key. I think the key is these new sharing technologies around collective intelligence is going to be a great way to kind of have more of an offensive collective strike. But I think fortifying, the defense is critical. I mean, that's, there's no other way to do that. >> Absolutely, I mean, we say this almost every week, but it's in simplicity. Our goal is always to make it more expensive for the cybercriminal to operate. And there's many ways to do that, right? You can be a pain to them by having a very rigid, hardened defense. That means if it's too much effort on their end, I mean, they have ROIs and in their sense, right? It's too much effort on there and they're going to go knocking somewhere else. There's also, as I said, things like disruption, so ripping infrastructure offline that cripples them, whack-a-mole, they're going to set up somewhere else. But then also going after people themselves, again, the cash networks, these sorts of things. So it's sort of a holistic approach between- >> It's an arms race, better AI, better cloud scale always helps. You know, it's a ratchet game. Aamir, I want to get into this video. It's a ransomware four minute video. I'd like you to take us through as you the Lead Researcher, take us through this video and explain what we're looking at. Let's roll the video. >> All right. Sure. So what we have here is we have the victims that's top over here. We have a couple of things on this victim's desktop. We have a batch file, which is essentially going to run the ransomware. We have the payload, which is the code behind the ransomware. And then we have files in this folder. And this is where you would typically find user files and a real world case. This would be like Microsoft or Microsoft word documents, or your PowerPoint presentations, or we're here we just have a couple of text files that we've set up. We're going to go ahead and run the ransomware. And sometimes attackers, what they do is they disguise this. Like they make it look like an important word document. They make it look like something else. But once you run the ransomware, you usually get a ransom message. And in this case, a ransom message says, your files are encrypted. Please pay this money to this Bitcoin address. That obviously is not a real Bitcoin address. I usually they look a little more complicated, but this is our fake Bitcoin address. But you'll see that the files now are encrypted. You cannot access them. They've been changed. And unless you pay the ransom, you don't get the files. Now, as researchers, we see files like this all the time. We see ransomware all the time. So we use a variety of tools, internal tools, custom tools, as well as open source tools. And what you're seeing here is an open source tool. It's called the Cuckoo Sandbox, and it shows us the behavior of the ransomware. What exactly is ransomware doing. In this case, you can see just clicking on that file, launched a couple of different things that launched basically a command executable, a power shell. They launched our windows shell. And then at, then add things on the file. It would basically, you had registry keys, it had on network connections. It changed the disk. So that's kind of gives us a behind the scenes, look at all the processes that's happening on the ransomware. And just that one file itself, like I said, does multiple different things. Now what we want to do as a researchers, we want to categorize this ransomware into families. We want to try and determine the actors behind that. So we dump everything we know in a ransomware in the central databases. And then we mine these databases. What we're doing here is we're actually using another tool called Maldito and use custom tools as well as commercial and open source tools. But this is a open source and commercial tool. But what we're doing is we're basically taking the ransomware and we're asking Maldito to look through our database and say like, do you see any like files? Or do you see any types of incidences that have similar characteristics? Because what we want to do is we want to see the relationship between this one ransomware and anything else we may have in our system, because that helps us identify maybe where the ransomware is connecting to, where it's going to other processes that I may be doing. In this case, we can see multiple IP addresses that are connected to it. So we can possibly see multiple infections. We can block different external websites that we can identify a command and control system. We can categorize this to a family, and sometimes we can even categorize this to a threat actor as claimed responsibility for it. So it's essentially visualizing all the connections and the relationship between one file and everything else we have in our database. And this example, of course, I'd put this in multiple ways. We can save these as reports, as PDF type reports or usually HTML or other searchable data that we have back in our systems. And then the cool thing about this is this is available to all our products, all our researchers, all our specialty teams. So when we're researching botnets, when we're researching file-based attacks, when we're researching IP reputation, we have a lot of different IOC or indicators of compromise that we can correlate where attacks go through and maybe even detect new types of attacks as well. >> So the bottom line is you got the tools using combination of open source and commercial products to look at the patterns of all ransomware across your observation space. Is that right? >> Exactly. I showed you like a very simple demo. It's not only open source and commercial, but a lot of it is our own custom developed products as well. And when we find something that works, that logic, that technique, we make sure it's built into our own products as well. So our own customers have the ability to detect the same type of threats that we're detecting as well. At FortiGuard Labs, the intelligence that we acquire, that product, that product of intelligence it's consumed directly by our prospects. >> So take me through what what's actually going on, what it means for the customer. So FortiGuard Labs, you're looking at all the ransomware, you seeing the patterns, are you guys proactively looking? Is it, you guys are researching, you look at something pops in the radar. I mean, take us through what goes on and then how does that translate into a customer notification or impact? >> So, yeah, John, if you look at a typical life cycle of these attacks, there's always proactive and reactive. That's just the way it is in the industry, right? So of course we try to be (indistinct) as we look for some of the solutions we talked about before, and if you look at an incoming threat, first of all, you need visibility. You can't protect or analyze anything that you can see. So you got to get your hands on visibility. We call these IOC indicators of compromise. So this is usually something like an actual executable file, like the virus or the malware itself. It could be other things that are related to it, like websites that could be hosting the malware as an example. So once we have that SEED, we call it a SEED. We can do threat hunting from there. So we can analyze that, right? If we have to, it's a piece of malware or a botnet, we can do analysis on that and discover more malicious things that this is doing. Then we go investigate those malicious things. And we really, it's similar to the world of CSI, right? These different dots that they're connecting, we're doing that at hyper-scale. And we use that through these tools that Aamir was talking about. So it's really a lifecycle of getting the malware incoming, seeing it first, analyzing it, and then doing action on that. So it's sort of a three step process. And the action comes down to what Aamir was saying, waterfall and that to our customers, so that they're protected. But then in tandem with that, we're also going further and I'm sharing it if applicable to say law enforcement partners, other threat Intel sharing partners too. And it's not just humans doing that. So the proactive piece, again, this is where it comes to artificial intelligence, machine learning. There's a lot of cases where we're automatically doing that analysis without humans. So we have AI systems that are analyzing and actually creating protection on its own too. So it's quite interesting that way. >> It say's at the end of the day, you want to protect your customers. And so this renders out, if I'm a Fortinet customer across the portfolio, the goal here is protect them from ransomware, right? That's the end game. >> Yeah. And that's a very important thing. When you start talking to these big dollar amounts that were talking earlier, it comes to the damages that are done from that- >> Yeah, I mean, not only is it good insurance, it's just good to have that fortification. So Derek, I going to ask you about the term the last mile, because, we were, before we came on camera, I'm a band with junkie always want more bandwidth. So the last mile, it used to be a term for last mile to the home where there was telephone lines. Now it's fiber and wifi, but what does that mean to you guys in security? Does that mean something specific? >> Yeah, absolutely. The easiest way to describe that is actionable. So one of the challenges in the industry is we live in a very noisy industry when it comes to cybersecurity. What I mean by that is that because of that growing attacks for FIS and you have these different attack factors, you have attacks not only coming in from email, but websites from DoS attacks, there's a lot of volume that's just going to continue to grow is the world that 5G and OT. So what ends up happening is when you look at a lot of security operations centers for customers, as an example, there are, it's very noisy. It's you can guarantee almost every day, you're going to see some sort of probe, some sort of attack activity that's happening. And so what that means is you get a lot of protection events, a lot of logs. And when you have this worldwide shortage of security professionals, you don't have enough people to process those logs and actually start to say, "Hey, this looks like an attack." I'm going to go investigate it and block it. So this is where the last mile comes in, because a lot of the times that, these logs, they light up like Christmas. And I mean, there's a lot of events that are happening. How do you prioritize that? How do you automatically add action? Because the reality is if it's just humans doing it, that last mile is often going back to your bandwidth terms. There's too much latency. So how do you reduce that latency? That's where the automation, the AI machine learning comes in to solve that last mile problem to automatically add that protection. It's especially important 'cause you have to be quicker than the attacker. It's an arms race, like you said earlier. >> I think what you guys do with FortiGuard Labs is super important, not only for the industry, but for society at large, as you have kind of all this, shadow, cloak and dagger kind of attack systems, whether it's national security international, or just for, mafias and racketeering, and the bad guys. Can you guys take a minute and explain the role of FortiGuards specifically and why you guys exist? I mean, obviously there's a commercial reason you built on the Fortinet that trickles down into the products. That's all good for the customers, I get that. But there's more at the FortiGuards. And just that, could you guys talk about this trend and the security business, because it's very clear that there's a collective sharing culture developing rapidly for societal benefit. Can you take a minute to explain that? >> Yeah, sure. I'll give you my thoughts, Aamir will add some to that too. So, from my point of view, I mean, there's various functions. So we've just talked about that last mile problem. That's the commercial aspect. We created a through FortiGuard Labs, FortiGuard services that are dynamic and updated to security products because you need intelligence products to be able to protect against intelligent attacks. That's just a defense again, going back to, how can we take that further? I mean, we're not law enforcement ourselves. We know a lot about the bad guys and the actors because of the intelligence work that we do, but we can't go in and prosecute. We can share knowledge and we can train prosecutors, right? This is a big challenge in the industry. A lot of prosecutors don't know how to take cybersecurity courses to court. And because of that, a lot of these cyber criminals reign free, and that's been a big challenge in the industry. So this has been close my heart over 10 years, I've been building a lot of these key relationships between private public sector, as an example, but also private sector, things like Cyber Threat Alliance. We're a founding member of the Cyber Threat Alliance. We have over 28 members in that Alliance, and it's about sharing intelligence to level that playing field because attackers roam freely. What I mean by that is there's no jurisdictions for them. Cyber crime has no borders. They can do a million things wrong and they don't care. We do a million things right, one thing wrong and it's a challenge. So there's this big collaboration. That's a big part of FortiGuard. Why exists too, as to make the industry better, to work on protocols and automation and really fight this together while remaining competitors. I mean, we have competitors out there, of course. And so it comes down to that last mile problems on is like, we can share intelligence within the industry, but it's only intelligence is just intelligence. How do you make it useful and actionable? That's where it comes down to technology integration. >> Aamir, what's your take on this societal benefit? Because, I would say instance, the Sony hack years ago that, when you have nation States, if they put troops on our soil, the government would respond, but yet virtually they're here and the private sector has to fend for themselves. There's no support. So I think this private public partnership thing is very relevant, I think is ground zero of the future build out of policy because we pay for freedom. Why don't we have cyber freedom if we're going to run a business, where is our help from the government? We pay taxes. So again, if a military showed up, you're not going to see companies fighting the foreign enemy, right? So again, this is a whole new changeover. What's your thought? >> It really is. You have to remember that cyber attacks puts everyone on an even playing field, right? I mean, now don't have to have a country that has invested a lot in weapons development or nuclear weapons or anything like that. Anyone can basically come up to speed on cyber weapons as long as an internet connection. So it evens the playing field, which makes it dangerous, I guess, for our enemies. But absolutely I think a lot of us, from a personal standpoint, a lot of us have seen research does I've seen organizations fail through cyber attacks. We've seen the frustration, we've seen, like besides organization, we've seen people like, just like grandma's lose their pictures of their other loved ones because they kind of, they've been attacked by ransomware. I think we take it very personally when people like innocent people get attacked and we make it our mission to make sure we can do everything we can to protect them. But I will add that at least here in the U.S. the federal government actually has a lot of partnerships and a lot of programs to help organizations with cyber attacks. The US-CERT is always continuously updating, organizations about the latest attacks and regard is another organization run by the FBI and a lot of companies like Fortinet. And even a lot of other security companies participate in these organizations. So everyone can come up to speed and everyone can share information. So we all have a fighting chance. >> It's a whole new wave of paradigm. You guys are on the cutting edge. Derek always great to see you, Aamir great to meet you remotely, looking forward to meeting in person when the world comes back to normal as usual. Thanks for the great insights. Appreciate it. >> Pleasure as always. >> Okay. Keep conversation here. I'm John Furrier, host of theCUBE. Great insightful conversation around security ransomware with a great demo. Check it out from Derek and Aamir from FortiGuard Labs. I'm John Furrier. Thanks for watching.

(upbeat music) >> From around the globe, it's theCUBE with coverage of KubeCon and CloudNativeCon Europe 2020 Virtual brought to you by Red Hat, the Cloud Native Computing Foundation, and the ecosystem partners. >> Hi, and welcome back to theCUBE's coverage of KubeCon + CloudNativeCon 2020 in Europe, of course, the virtual edition. I'm Stu Miniman, and happy to welcome you back to the program. One of the keynote speakers is also a board member of the CNCF, Vijoy Pandey, who is the Vice President and Chief Technology Officer for Cloud at Cisco. Vijoy, nice to see you, thanks so much for joining us. >> Hi there, Stu, so nice to see you again. It's a strange setting to be in, but as long as we are both healthy, everything's good. >> Yeah, we still get to be together a little bit even though while we're apart. We love the the engagement and interaction that we normally get to the community, but we just have to do it a little bit differently this year. So we're going to get to your keynote. We've had you on the program to talk about "Networking, Please Evolve". I've been watching that journey. But why don't we start at first, you've had a little bit of change in roles and responsibility. I know there's been some restructuring at Cisco since the last time we got together. So give us the update on your role. >> Yeah, so let's start there. So I've taken on a new responsibility. It's VP of Engineering and Research for a new group that's been formed at Cisco. It's called Emerging Tech and Incubation. Liz Centoni leads that and she reports on to Chuck. The charter for the team, this new team, is to incubate the next bets for Cisco. And if you can imagine, it's natural for Cisco to start with bets which are closer to its core business. But the charter for this group is to move further and further out from Cisco's core business and take Cisco into newer markets, into newer products, and newer businesses. I'm running the engineering and resource for that group. And again, the whole deal behind this is to be a little bit nimble, to be a little bit, to startupy in nature, where you bring ideas, you incubate them, you iterate pretty fast, and you throw out 80% of those, and concentrate on the 20% that makes sense to take forward as a venture. >> Interesting. So it reminds me a little bit but different, I remember John Chambers, a number of years back, talking about various adjacencies trying to grow those next multi-billion dollar businesses inside Cisco. In some ways, Vijoy, it reminds me a little bit of your previous company, very well known for driving innovation, giving engineers 20% of their time to work on things, maybe give us a little bit insight, what's kind of an example of a bet that you might be looking at in this space, bring us in tight a little bit. >> Well, that's actually a good question. And I think a little bit of that comparison is all those conversations are taking place within Cisco as well as to how far out from Cisco's core business do we want to get when we're incubating these bets? And yes, my previous employer, I mean, Google X actually goes pretty far out when it comes to incubations, the core business being primarily around ads, now Google Cloud as well. But you have things like Verily and Calico, and others, which are pretty far out from where Google started. And the way we're looking at the these things within Cisco is, it's a new muscle for Cisco, so we want to prove ourselves first. So the first few bets that we are betting upon are pretty close to Cisco's core but still not fitting into Cisco's BU when it comes to, go to market alignment or business alignment. So one of the first bets that we're taking into account is around API being the queen when it comes to the future of infrastructure, so to speak. So it's not just making our infrastructure consumable as infrastructure as code but also talking about developer relevance, talking about how developers are actually influencing infrastructure deployments. So if you think about the problem statement in that sense, then networking needs to evolve. And I've talked a lot about this in the past couple of keynotes, where Cisco's core business has been around connecting and securing physical endpoints, physical I/O endpoints, wherever they happen to be, of whatever type they happen to be. And one of the bets that we are, actually two of the bets, that we're going after is around connecting and securing API endpoints, wherever they happen to be, of whatever type they happen to be. And so API networking or app networking is one big bet that we're going after. Another big bet is around API security. And that has a bunch of other connotations to it, where we think about security moving from runtime security, where traditionally Cisco has played in that space, especially on the infrastructure side, but moving into API security, which is earlier in the development pipeline, and higher up in the stack. So those are two big bets that we're going after. And as you can see, they're pretty close to Cisco's core business, but also are very differentiated from where Cisco is today. And once you prove some of these bets out, you can walk further and further away, or a few degrees away from Cisco's core. >> All right, Vijoy, why don't you give us the update about how Cisco is leveraging and participating in open source? >> So I think we've been pretty, deeply involved in open source in our past. We've been deeply involved in Linux Foundation Networking. We've actually chartered FD.io as a project there and we still are. We've been involved in OpenStack, we have been supporters of OpenStack. We have a couple of products that are around the OpenStack offering. And as you all know, we've been involved in CNCF, right from the get-go, as a foundation member. We brought NSM as a project. I had Sandbox currently, but we're hoping to move it forward. But even beyond that, I mean, we are big users of open source, a lot of those has offerings that we have from Cisco, and you will not know this if you're not inside of Cisco. But Webex, for example, is a big, big user of Linkerd, right from the get-go, from version 1.0, but we don't talk about it, which is sad. I think, for example, we use Kubernetes pretty deeply in our DNAC platform on the enterprise side. We use Kubernetes very deeply in our security platforms. So we're pretty good, pretty deep users internally in our SaaS products. But we want to press the accelerator and accelerate this whole journey towards open source, quite a bit moving forward as part of ET&I, Emerging Tech and Incubation, as well. So you will see more of us in open source forums, not just CNCF, but very recently, we joined the Linux Foundation for Public Health as a premier foundational member. Dan Kohn, our old friend, is actually chartering that initiative, and we actually are big believers in handling data in ethical and privacy-preserving ways. So that's actually something that enticed us to join Linux Foundation for Public Health, and we will be working very closely with Dan and foundational companies that do not just bring open source but also evangelize and use what comes out of that forum. >> All right, well, Vijoy, I think it's time for us to dig into your keynote. We've we've spoken with you in previous KubeCons about the "Network, Please Evolve" theme that you've been driving on. And big focus you talked about was SD-WAN. Of course, anybody that's been watching the industry has watched the real ascension of SD-WAN. We've called it one of those just critical foundational pieces of companies enabling multi-cloud. So help explain to our audience a little bit, what do you mean when you talk about things like Cloud Native SD-WAN and how that helps people really enable their applications in the modern environment? >> Yes, well, I mean, we've been talking about SD-WAN for a while. I mean, it's one of the transformational technologies of our time where prior to SD-WAN existing, you had to stitch all of these MPLS labels and actually get your connectivity across to your enterprise or branch. And SD-WAN came in and changed the game there, but I think SD-WAN, as it exists today, is application-unaware. And that's one of the big things that I talk about in my keynote. Also, we've talked about how NSM, the other side of the spectrum, is how NSM or Network Service Mesh has actually helped us simplify operational complexities, simplify the ticketing and process health that any developer needs to go through just to get a multi-cloud, multi-cluster app up and running. So the keynote actually talked about bringing those two things together, where we've talked about using NSM in the past in chapter one and chapter two. And I know this is chapter three, and at some point, I would like to stop the chapters. I don't want this like an encyclopedia of "Networking, Please Evolve". But we are at chapter three, and we are talking about how you can take the same consumption models that I talked about in chapter two, which is just adding a simple annotation in your CRD, and extending that notion of multi-cloud, multi-cluster wires within the components of our application, but extending it all the way down to the user in an enterprise. And as we saw an example, Gavin Belson is trying to give a keynote holographically and he's suffering from SD-WAN being application-unaware. And using this construct of a simple annotation, we can actually make SD-WAN cloud native, we can make it application-aware, and we can guarantee the SLOs, that Gavin is looking for, in terms of 3D video, in terms of file access for audio, just to make sure that he's successful and Ross doesn't come in and take his place. >> Well, I expect Gavin will do something to mess things up on his own even if the technology works flawlessly. Vijoy, the modernization journey that customers are on is a never-ending story. I understand the chapters need to end on the current volume that you're working on, but we'd love to get your viewpoint. You talk about things like service mesh, it's definitely been a hot topic of conversation for the last couple of years. What are you hearing from your customers? What are some of the kind of real challenges but opportunities that they see in today's cloud native space? >> In general, service meshes are here to stay. In fact, they're here to proliferate to some degree, and we are seeing a lot of that happening, where not only are we seeing different service meshes coming into the picture through various open source mechanisms. You've got Istio there, you've Linkerd, you've got various proprietary notions around control planes like App Mesh, from Amazon, there's Consul, which is an open source project, but not part of CNCF today. So there's a whole bunch of service meshes in terms of control planes coming in. Envoy is becoming a de facto sidecar data plane, whatever you would like to call it, de facto standard there, which is good for the community, I would say. But this proliferation of control planes is actually a problem. And I see customers actually deploying a multitude of service meshes in their environment, and that's here to stay. In fact, we are seeing a whole bunch of things that we would use different tools for, like API gateways in the past, and those functions actually rolling into service meshes. And so I think service meshes are here to stay. I think the diversity of service meshes is here to stay. And so some work has to be done in bringing these things together. And that's something that we are trying to focus in on as well. Because that's something that our customers are asking for. >> Yeah, actually, you connected for me something I wanted to get your viewpoint on, go dial back, 10, 15 years ago, and everybody would say, "Oh, I really want to have a single pane of glass "to be able to manage everything." Cisco's partnering with all of the major cloud providers. I saw, not that long before this event, Google had their Google Cloud Show, talking about the partnership that you have with, Cisco with Google. They have Anthos, you look at Azure has Arc, VMware has Tanzu. Everybody's talking about really the kind of this multi-cluster management type of solution out there, and just want to get your viewpoint on this Vijoy as to how are we doing on the management plane, and what do you think we need to do as an industry as a whole to make things better for customers? >> Yeah, I think this is where I think we need to be careful as an industry, as a community and make things simpler for our customers. Because, like I said, the proliferation of all of these control planes begs the question, do we need to build something else to bring all these things together? I think the SMI proposal from Microsoft is bang on on that front, where you're trying to unify at least the consumption model around how you consume these service meshes. But it's not just a question of service meshes as you saw in the SD-WAN announcement back in the Google discussion that we just, Google conference that you just referred. It's also how SD-WANs are going to interoperate with the services that exist within these cloud silos to some degree. And how does that happen? And there was a teaser there that you saw earlier in the keynote where we are taking those constructs that we talked about in the Google conference and bringing it all the way to a cloud native environment in the keynote. But I think the bigger problem here is how do we manage this complexity of this pallet stacks? Whether it's service meshes, whether it's development stacks, or whether it's SD-WAN deployments, how do we manage that complexity? And single pane of glass is overloaded as a term, because it brings in these notions of big monolithic panes of glass. And I think that's not the way we should be solving it. We should be solving it towards using API simplicity and API interoperability. And I think that's where we as a community need to go. >> Absolutely. Well, Vijoy, as you said, the API economy should be able to help on these, the service architecture should allow things to be more flexible and give me the visibility I need without trying to have to build something that's completely monolithic. Vijoy, thanks so much for joining. Looking forward to hearing more about the big bets coming out of Cisco, and congratulations on the new role. >> Thank you, Stu. It was a pleasure to be here. >> All right, and stay tuned for lots more coverage of theCUBE at KubeCon + CloudNativeCon. I'm Stu Miniman. Thanks for watching. (upbeat music)

>> Narrator: From around the globe, it's theCUBE, covering HPE Discover Virtual Experience brought to you by HPE. >> Hi, and welcome back to theCUBE's coverage of HPE Discover 2020 the virtual experience. I'm your host Stu Miniman. I'm really happy to be joined on the program two of our CUBE alumni, we have the Daves from Hewlett Packard labs. Sitting in the screen next to me is Dave Husak he is a fellow and general manager for the Cloudless Initiative. And on the other side of the screen, we have Dave Larson, vice president and CTO of the Cloudless Initiative. Dave and Dave, thank you so much for joining us again. >> Delighted to be here. >> All right, so specifically we're going to be talking a bit about security, obviously, you know, very important in the cloud era. And as we build our native architect, you know, Dave Husak, I guess, why don't you set the stage for us a little bit, of you know, where security fits into, you know, HPE overall and, you know, the mission that you know, last year a lot of buzz and discussion and interest around Cloudless. So just put that as a start and then we'll, get into a lot of discussion about security. >> Right yeah, last year we did, you know, launch the initiative and, you know, we framed it as, it composed of three components, one of which in fact, the most important aspect of which it was the trust fabric Cloudless Trust Fabric, which was you know, built on the idea of intrinsic security for all workload end points, right. And this is a theme that you see playing out, you know, a year later playing out, I think across the industry. You hear that language and that, you know, that kind of idea of being promoted in the context of zero trust, you know, new capabilities being launched by VMware and other kinds of runtime environments, right. And you know, the way I like to say it is that we have entered an era of security first in IT infrastructure. It's no longer going to be practical to build IT infrastructure and then, you know, have products that secure it, right. You know, build perimeters, do micro-segment or anything like that. Workload end points need to be intrinsically secure. And you know, the upshot of that really at this point is that all IT infrastructure companies are security companies now. The you know it, acknowledge it, like it or not, we're all security companies now. And so, you know, a lot of the principles applying in the Cloudless Trust Fabric are those zero trust principles are based on cryptographic, workload, identity, leverage unique aspects of HPs products and infrastructure that we've already been delivering with hardware and Silicon root of trust built into our reliance servers and other capabilities like that. And you know, our mission, my mission is to propel that forward and ensure that HP is, you know, at the forefront of securing everything. >> Yeah, excellent definitely, you know love the security first discussion. Every company we've talked to absolutely security is not only a sea level, but you know, typically board level discussion, I guess my initial feedback, as you would say, if every company today is a security company, many of them might not be living up to the expectation just yet So Dave Larson, let's say, you know, applications are, you know, at the core of what we've look at it in cloud native. It's new architectures, new design principles. So give us some, what is HPE thoughts and stuff, how security fits into that, and what's different from how we might've thought about security in the past the applications? Well, I think Dave touched on it, right? From a trust fabric perspective, we have to think of moving to something where the end points themselves, whether their workloads or services are actually intrinsically secure and that we can instantiate some kind of a zero trust framework that really benefits the applications. It really isn't sufficient to do intermediate inspection. In fact, the real, the primary reason why that's no longer possible is that the world is moving too encryption everywhere. And as soon as all packets are encrypted in flight, not withstanding claims to the contrary, it's virtually impossible to do any kind of inference on the flows to apply any meaningful security. But the way we see it is that the transition is moving to a modality where all services, all workloads, all endpoints can be mutually attested, cryptographically identified in a way that allows a zero trust model to emerge so that all end points can know what they are speaking to on the remote end and by authorization principals determine whether or not they're allowed to speak to those. So from a HPE perspective, the area where we build is from the bottom up, we have a Silicon root of trust in our server platform. It's part of our ILO five Integrated lights out baseboard management controller. We can actually deliver a discreet and measurable identity for the hardware and projected up into the workload, into the software realm. >> Excellent, Ty I heard you mentioned identity makes me think of the Cytel acquisition that the HPE made early this year, people in the cloud native community into CubeCon you know, SPIFFE of course, is a project that had gotten quite a bit of attention. Can give us a little bit as to how that acquisition fits into this overall discussion we were just having? >> Oh yeah, so we acquired Cytel into the initiative, beginning of this year. As you, understand Stu, right. Cryptographic identity is fundamental to zero trust security because we're no longer, like Dave pointed out we're no longer relying, on intermediary devices, firewalls, or other kinds of functions to manage, you know, authorize those communications. So the idea of building cryptographic identity into all workload endpoints, devices and data is sort of a cornerstone of any zero trust security strategy. We were delighted to bring the team on board. Not only from the standpoint that they are the world's experts, original contributors, and moderators and committers in the stewardship of SPIFFE and SPIRE the two projects in the CNCF. But you know, the impact they're going to have on the HPs product development, hardware and software is going to be outsized. And it also, you know, as a, I'll have to point this out as well, you know, It is the, this is the most prominent open source project that HP is now stewarding, right. In terms of its acceptance, of SPIFFE and SPIRE, or both poised to be I have an announcement here shortly, probably. But we expect they're going to be promoted to the incubating phase of CNCF maturity from the Sandbox is actually one of the first Sandbox projects in the CNCF. And so it's going to join that Pantheon of know, you know, top few dozen out of I think 1,390 projects in the CNCF. So like you pointed out Stu you know, SPIFFE and SPIRE are right now, you know, the world's leading candidate as, you know, sort of the certificate standard for cryptographic workload endpoint identity. And we're looking at that as a very fundamental enabling technology for this transformation, that the industry is going to go through. >> Yeah, it's really interesting if we pull on that open source thread a little bit more, you know, I think back to earlier in my career, you know, 15, 20 years ago, and if you talk to a CIO, you know, security might be important to them, but they keep what they're building and how their IT infrastructure, is something that they keep very understood. And if you were a vendor supplying to them, you had to be under NDA to understand, because that was a differentiation. Now we're talking about lifting cloud, we're talking about open source, you know, even when I talked to the financial institutions, they're all talking amongst themselves the how do we share best practices because it's not, am I secure? It's we all need to be secure. I wonder if you can comment a little bit on that trend, you know, how the role of open source. Yeah, this is an extension of Kerckhoffs's principle, right? The idea that a security system has to be secure, even if you know the system, right. That's it's only the contents of the ease in the communication letter, that are important. And that is playing out, at the highest level in our industry now, right. So it is, like I said, cryptographic identity and identity based encryption are the cornerstones of building a zero trust fabric. You know, one of the other things is, cause you mentioned that, we also observed is that the CNCF, the Apache foundation. The other thing that's, I think a contrast to 15 years ago, right back 15, 20 years ago, open source was a software development phenomenon, right. Where, you know, the usual idea, you know, there's repositories of code, you pull them down, you modify them for your own particular purposes and you upstream this, the changes and such, right. It's less about that now. It is much more a model for open source operations than it is a model for open source development. Most of the people that are pulling down those repositories unless they are using them, they're not modifying them, right. And as you also, I think understand, right. The framework of the CNCF landscape comprehensive, right? You can build an entire IT infrastructure operations environment by you know, taking storage technologies, security technologies, monitoring management, you know, it's complete, right. And it is, you know, becoming really, you know, a major operational discipline out there in the world to harness all of that development harness, the open source communities. Not only in the software, not only in the security space, but I think you know comprehensively and that engine of growth and development is I think probably the largest, you know manpower and brainpower, and you know, operational kind of active daily users model out there now, right. And, it's going to be critical. I think for the decade, this decade that's coming. That the successful IT infrastructure companies have to be very tightly engaged with those communities in that process, because open source operations is the new thing. It's like, you know DevOps became OpsDev or something like that is the trend. >> Yeah, and I'm glad you brought that up you know I think about the DevOps movement, really fused security, it can't be a bolt on it can't be an afterthought. The mantra I've heard over the last few years, is security is everyone's responsibility. Dave Larson, you know, the question I have for you is, how do we make sure, you know, policy is enforced you know, even I think about an organization everyone's responsible for it, you know, who's actually making sure that things happen because, you know, if everybody's looking after it, it should be okay. But, you know, bring us down a little bit from the application standpoint. >> Well, I would say, you know, first of all, you have to narrow the problem down, right? The more we try to centralize security with discreet appliances, that's some kind of a choke point, the explosion, the common editorial explosion of policy declaratives that are necessary in order to achieve that problem to achieve the solution becomes untenable, right? There is no way to achieve the right kind of policy enforcement unless we get as close to the actual workloads themselves, unless we implement a zero trust model where only known and authorized end points are allowed to communicate with each other, you know. We've lived with a really unfortunate situation in the internet at large, for the last couple of decades where an IP address is both a location and an identifier. This is problem because that can be abused. it's something that can be changed. It's something that is easily spoofed, and frankly the nature of that element of the way we connect applications together is the way that almost virtually all exploits, get into the environment and cause problems. If we move to a zero trust model where the individual end points will only speak with only respond to something that is authorized and only things that are authorized and they trust nothing else, we eliminate 95 to 99% of them problem. And we are in an automated stance that will allow us to have much better assurance of the security of the connections between the various endpoints and services. >> Excellent, so, you know, one of the questions that always comes up, some of the pieces we're talking about here are open source. You talk about security and trust across multiple environments. How does HPE differentiate from, you know, everything else out there and, you know, how are you taking the leadership position? I'd love to hear both of your commentary on that. >> Yeah, well, like I said, initially, the real differentiation for us is that HPE was the market leader for industry standard servers, from a security perspective. Three years ago in our ProLiant gen 10 servers, when we announced them, they had the Silicon root of trust and we've shipped more than a million and a half servers into the market with this capability that is unique in the market. And we've been actively extending that capability so that we can project the identity, not just to the actual hardware itself, but that we can bind it in a multi-factor sense, the individual software components that are hosted on that server, whether it's the operating system, a hypervisor, a VM, a container framework, or an actual container, or a piece of it code from a serverless perspective. All of those things need to be able to be identified and we can bring a multi-factor identity capability to individual workloads that can be the underpinning for this zero across connection capability. >> Great and David, anything you'd like to add there? >> No, like what he said I think HP is uniquely positioned you know, the depth and the breadth of our installed base of platforms that are already zero trust ready, if you will, right. Coupled with the identity technology that we're developing in the context of the Cytel acquisition and David, my work in a building, the cloudless trust fabric, you know, are the, like I said, the cornerstones of these architectures, right? And HP has a couple of unfair advantages here you know, okay breadth and depth of our, the customer base and the installed base of the system is already put out there. While the world is transitioning, you know, inevitably to these, you know, these kinds of security architectures, these kinds of IT infrastructure architectures, HP has a, you know, a leadership team position by default here that we can take advantage of. And our customers can reap the benefits of without, well, you know, without you know, rebuilding forklift upgrading, or otherwise, you know, it is, yeah as Dave talked about, you know, a lot will change, right. There's more to do, right? As we move from, you know, IP addresses and port numbers, as identities for security, because we know that perimeter security, network security like that is busted, right. It is, you know, every headline making, you know, kind of advanced persistent threat kind of vulnerabilities it's all at the root of all those problems, right. There are technologies like OPA, right you know, policy has to be reframed in the context of workload identity, not in network identity know. Like call this legal sort of the microsegmentation fallacy, right. You know that, you know, perimeters are broken, not a valid security strategy anymore. So the answer can't be, let's just draw smaller perimeters, especially since we're now filling them up with evermore, you know, dynamic evanescent kind of workload endpoints, you know, containers coming and going at a certain pace. And serverless instances, right. All of those things springing up and, and being torn down, you know, on, you know, very short life cycle that's right. It is inconceivable that traditional, you know perimeter based micro-segmentation based security frameworks can keep up with the competent tutorial explosion and the pace with which we are going to be where, you know, orchestration frameworks are going to be deploying these end points. There are, you know, there's a lot more to do, you know, but this is, the transformation story. This is of the 2020s, you know, infrastructure, IT infrastructure school is very different in two, five, 10 years from now than it does today. And you know that's you know we believe HP has, like I said, a few unfair advantages to lead the world in terms of those transformations. >> Excellent, well, appreciate the look towards the future as well as where we are today. Dave and Dave, thanks so much for joining. Thank you, Stu. >> Thanks, dude, pleasure. >> All right, we'll be back with lots more coverage. HPE Discover 2020 the Virtual Experience. I'm Stu Miniman and thank you for watching theCUBE. (upbeat music)