>>Good afternoon, brilliant humans, and welcome back to the Cube. We're live in Detroit, Michigan at Cub Con, and I'm joined by John Furrier. John three exciting days buzzing. How you doing? >>That's great. I mean, we're coming down to the third day. We're keeping the energy going, but this segment's gonna be awesome. The CD foundation's doing amazing work. Developers are gonna be running businesses and workflows are changing. Productivity's the top conversation, and you're gonna start to see a coalescing of the communities who are continuous delivery, and it's gonna be awesome. >>And, and our next guess is an outstanding person to talk about this. We are joined by Stephen Chin, the chair of the CD Foundation. Steven, thanks so much for being here. >>No, no, my pleasure. I mean, this has been an amazing week quote that CubeCon with all of the announcements, all of the people who came out here to Detroit and, you know, fantastic. Like just walking around, you bump into all the right people here. Plus we held a CD summit zero day events, and had a lot of really exciting announcements this week. >>Gotta love the shirt. I gotta say, it's one of my favorites. Love the logos. Love the love the branding. That project got traction. What's the news in the CD foundation? I tried to sneak in the back. I got a little laid into your co-located event. It was packed. Everyone's engaged. It was really looked, look really cool. Give us the update. >>What's the news? Yeah, I know. So we, we had a really, really powerful event. All the key practitioners, the open source leads and folks were there. And one of, one of the things which I think we've done a really good job in the past six months with the CD foundation is getting back to the roots and focusing on technical innovation, right? This is what drives foundations, having strong projects, having people who are building innovation, and also bringing in a new innovation. So one of the projects which we added to the CD foundation this week is called Persia. So it's a, it's a decentralized package repository for getting open source libraries. And it solves a lot of the problems which you get when you have centralized infrastructure. You don't have the right security certificates, you don't have the right verification libraries. And these, these are all things which large companies provision and build out inside of their infrastructure. But the open source communities don't have the benefit of the same sort of really, really strong architecture. A lot of, a lot of the systems we depend upon. It's >>A good point, yeah. >>Yeah. I mean, if you think about the systems that developers depend upon, we depend upon, you know, npm, ruby Gems, Mayn Central, and these systems been around for a while. Like they serve the community well, right? They're, they're well supported by the companies and it's, it's, it's really a great contribution that they give us. But every time there's an outage or there's a security issue, guess, guess how many security issues that our, our research team found at npm? Just ballpark. >>74. >>So there're >>It's gotta be thousands. I mean, it's gotta be a lot of tons >>Of Yeah, >>They, they're currently up to 60,000 >>Whoa. >>Vulnerable, malicious packages in NPM and >>Oh my gosh. So that's a super, that's a jar number even. I know it was gonna be huge, but Holy mo. >>Yeah. So that's a software supply chain in actually right there. So that's, that's open source. Everything's out there. What's, how do, how does, how do you guys fix that? >>Yeah, so per peria kind of shifts the whole model. So when, when you think about a system that can be sustained, it has to be something which, which is not just one company. It has to be a, a, a set of companies, be vendor neutral and be decentralized. So that's why we donated it to the Continuous Delivery Foundation. So that can be that governance body, which, which makes sure it's not a single company, it is to use modern technologies. So you, you, you just need something which is immutable, so it can't be changed. So you can rely on it. It has to have a strong transaction ledger so you can see all of the history of it. You can build up your software, build materials off of it, and it, it has to have a strong peer-to-peer architecture, so it can be sustained long term. >>Steven, you mentioned something I want to just get back to. You mentioned outages and disruption. I, you didn't, you didn't say just the outages, but this whole disruption angle is interesting if something happens. Talk about the impact of the developer. They stalled, inefficiencies create basically disruption. >>No, I mean, if, if, so, so if you think about most DevOps teams in big companies, they support hundreds or thousands of teams and an hour of outage. All those developers, they, they can't program, they can't work. And that's, that's a huge loss of productivity for the company. Now, if you, if you take that up a level when MPM goes down for an hour, how many millions of man hours are wasted by not being able to get your builds working by not being able to get your codes to compile. Like it's, it's >>Like, yeah, I mean, it's almost hard to fathom. I mean, everyone's, It's stopped. Exactly. It's literally like having the plug pulled >>Exactly on whenever you're working on, That's, that's the fundamental problem we're trying to solve. Is it, it needs to be on a, like a well supported, well architected peer to peer network with some strong backing from big companies. So the company is working on Persia, include J Frog, which who I work for, Docker, Oracle. We have Deploy hub, Huawei, a whole bunch of other folks who are also helping out. And when you look at all of those folks, they all have different interests, but it's designed in a way where no single party has control over the network. So really it's, it's a system system. You, you're not relying upon one company or one logo. You're relying upon a well-architected open source implementation that everyone can rely >>On. That's shared software, but it's kind of a fault tolerant feature too. It's like, okay, if something happens here, you have a distributed piece of it, decentralized, you're not gonna go down. You can remediate. All right, so where's this go next? I mean, cuz we've been talking about the role of developer. This needs to be a modern, I won't say modern upgrade, but like a modern workflow or value chain. What's your vision? How do you see that? Cuz you're the center of the CD foundation coming together. People are gonna be coalescing multiple groups. Yeah. >>What's the, No, I think this is a good point. So there, there's a, a lot of different continuous delivery, continuous integration technologies. We're actually, from a Linux Foundation standpoint, we're coalescing all the continued delivery events into one big conference >>Next. You just made an announcement about this earlier this week. Tell us about CD events. What's going on, what's in, what's in the cooker? >>Yeah, and I think one of the big announcements we had was the 0.1 release of CD events. And CD events allows you to take all these systems and connect them in an event scalable, event oriented architecture. The first integration is between Tecton and Capin. So now you can get CD events flowing cleanly between your, your continuous delivery and your observability. And this extends through your entire DevOps pipeline. We all, we all need a standards based framework Yep. For how we get all the disparate continuous integration, continuous delivery, observability systems to, to work together. That's also high performance. It scales with our needs and it, it kind of gives you a future architecture to build on top of. So a lot of the companies I was talking with at the CD summit Yeah. They were very excited about not only using this with the projects we announced, but using this internally as an architecture to build their own DevOps pipelines on. >>I bet that feels good to hear. >>Yeah, absolutely. Yeah. >>Yeah. You mentioned Teton, they just graduated. I saw how many projects have graduated? >>So we have two graduated projects right now. We have Jenkins, which is the first graduated project. Now Tecton is also graduated. And I think this shows that for Tecton it was, it was time, the very mature project, great support, getting a lot of users and having them join the set of graduated projects. And the continuous delivery foundation is a really strong portfolio. And we have a bunch of other projects which also are on their way towards graduation. >>Feels like a moment of social proof I bet. >>For you all. Yeah, yeah. Yeah. No, it's really good. Yeah. >>How long has the CD Foundation been around? >>The CD foundation has been around for, i, I won't wanna say the exact number of years, a few years now. >>Okay. >>But I, I think that it, it was formed because what we wanted is we wanted a foundation which was purpose built. So CNCF is a great foundation. It has a very large umbrella of projects and it takes kind of that big umbrella approach where a lot of different efforts are joining it, a lot of things are happening and you can get good traction, but it produces its own bottlenecks in process. Having a foundation which is just about continuous delivery caters to more of a DevOps, professional DevOps audience. I think this, this gives a good platform for best practices. We're working on a new CDF best practices Yeah. Guide. We're working when use cases with all the member companies. And it, it gives that thought leadership platform for continuous delivery, which you need to be an expert in that area >>And the best practices too. And to identify the issues. Because at the end of the day, with the big thing that's coming out of this is velocity and more developers coming on board. I mean, this is the big thing. More people doing more. Yeah. Well yeah, I mean you take this open source continuous thunder away, you have more developers coming in, they be more productive and then people are gonna even either on the DevOps side or on the straight AP upside. And this is gonna be a huge issue. And the other thing that comes out that I wanna get your thoughts on is the supply chain issue you talked about is hot verifications and certifications of code is such big issue. Can you share your thoughts on that? Because Yeah, this is become, I won't say a business model for some companies, but it's also becoming critical for security that codes verified. >>Yeah. Okay. So I, I think one of, one of the things which we're specifically doing with the Peria project, which is unique, is rather than distributing, for example, libraries that you developed on your laptop and compiled there, or maybe they were built on, you know, a runner somewhere like Travis CI or GitHub actions, all the libraries being distributed on Persia are built by the authorized nodes in the network. And then they're, they're verified across all of the authorized nodes. So you nice, you have a, a gar, the basic guarantee we're giving you is when you download something from the Peria network, you'll get exactly the same binary as if you built it yourself from source. >>So there's a lot of trust >>And, and transparency. Yeah, exactly. And if you remember back to like kind of the seminal project, which kicked off this whole supply chain security like, like whirlwind it was SolarWinds. Yeah. Yeah. And the exact problem they hit was the build ran, it produced a result, they modified the code of the bill of the resulting binary and then they signed it. So if you built with the same source and then you went through that same process a second time, you would've gotten a different result, which was a malicious pre right. Yeah. And it's very hard to risk take, to take a binary file Yep. And determine if there's malicious code in it. Cuz it's not like source code. You can't inspect it, you can't do a code audit. It's totally different. So I think we're solving a key part of this with Persia, where you're freeing open source projects from the possibility of having their binaries, their packages, their end reduces, tampered with. And also upstream from this, you do want to have verification of prs, people doing code reviews, making sure that they're looking at the source code. And I think there's a lot of good efforts going on in the open source security foundation. So I'm also on the governing board of Open ssf >>To Do you sleep? You have three jobs you've said on camera? No, I can't even imagine. Yeah. Didn't >>You just spin that out from this open source security? Is that the new one they >>Spun out? Yeah, So the Open Source Security foundation is one of the new Linux Foundation projects. They, they have been around for a couple years, but they did a big reboot last year around this time. And I think what they really did a good job of now is bringing all the industry players to the table, having dialogue with government agencies, figuring out like, what do we need to do to support open source projects? Is it more investment in memory, safe languages? Do we need to have more investment in, in code audits or like security reviews of opensource projects. Lot of things. And all of those things require money investments. And that's what all the companies, including Jay Frogger doing to advance open source supply chain security. I >>Mean, it's, it's really kind of interesting to watch some different demographics of the developers and the vendors and the customers. On one hand, if you're a hardware person company, you have, you talk zero trust your software, your top trust, so your trusted code, and you got zero trust. It's interesting, depending on where you're coming from, they're all trying to achieve the same thing. It means zero trust. Makes sense. But then also I got code, I I want trust. Trust and verified. So security is in everything now. So code. So how do you see that traversing over? Is it just semantics or what's your view on that? >>The, the right way of looking at security is from the standpoint of the hacker, because they're always looking for >>Well said, very well said, New >>Loop, hope, new loopholes, new exploits. And they're, they're very, very smart people. And I think when you, when you look some >>Of the smartest >>Yeah, yeah, yeah. I, I, I work with, well former hackers now, security researchers, >>They converted, they're >>Recruited. But when you look at them, there's like two main classes of like, like types of exploits. So some, some attacker groups. What they're looking for is they're looking for pulse zero days, CVEs, like existing vulnerabilities that they can exploit to break into systems. But there's an increasing number of attackers who are now on the opposite end of the spectrum. And what they're doing is they're creating their own exploits. So, oh, they're for example, putting malicious code into open source projects. Little >>Trojan horse status. Yeah. >>They're they're getting their little Trojan horses in. Yeah. Or they're finding supply chain attacks by maybe uploading a malicious library to NPM or to pii. And by creating these attacks, especially ones that start at the top of the supply chain, you have such a large reach. >>I was just gonna say, it could be a whole, almost gives me chills as we're talking about it, the systemic, So this is this >>Gnarly nation state attackers, like people who wanted serious >>Damages. Engineered hack just said they're high, highly funded. Highly skilled. Exactly. Highly agile, highly focused. >>Yes. >>Teams, team. Not in the teams. >>Yeah. And so, so one, one example of this, which actually netted quite a lot of money for the, for the hacker who exposed it was, you guys probably heard about this, but it was a, an attack where they uploaded a malicious library to npm with the same exact namespace as a corporate library and clever, >>Creepy. >>It's called a dependency injection attack. And what happens is if you, if you don't have the right sort of security package management guidelines inside your company, and it's just looking for the latest version of merging multiple repositories as like a, like a single view. A lot of companies were accidentally picking up the latest version, which was out in npm uploaded by Alex Spearson was the one who did the, the attack. And he simultaneously reported bug bounties on like a dozen different companies and netted 130 k. Wow. So like these sort of attacks that they're real Yep. They're exploitable. And the, the hackers >>Complex >>Are finding these sort of attacks now in our supply chain are the ones who really are the most dangerous. That's the biggest threat to us. >>Yeah. And we have stacker ones out there. You got a bunch of other services, the white hat hackers get the bounties. That's really important. All right. What's next? What's your vision of this show as we end Coan? What's the most important story coming outta Coan in your opinion? And what are you guys doing next? >>Well, I, I actually think this is, this is probably not what most hooks would say is the most exciting story to con, but I find this personally the best is >>I can't wait for this now. >>So, on, on Sunday, the CNCF ran the first kids' day. >>Oh. >>And so they had a, a free kids workshop for, you know, underprivileged kids for >>About, That's >>Detroit area. It was, it was taught by some of the folks from the CNCF community. So Arro, Eric hen my, my older daughter, Cassandra's also an instructor. So she also was teaching a raspberry pie workshop. >>Amazing. And she's >>Here and Yeah, Yeah. She's also here at the show. And when you think about it, you know, there's always, there's, there's, you know, hundreds of announcements this week, A lot of exciting technologies, some of which we've talked about. Yeah. But it's, it's really what matters is the community. >>It this is a community first event >>And the people, and like, if we're giving back to the community and helping Detroit's kids to get better at technology, to get educated, I think that it's a worthwhile for all of us to be here. >>What a beautiful way to close it. That is such, I'm so glad you brought that up and brought that to our attention. I wasn't aware of that. Did you know that was >>Happening, John? No, I know about that. Yeah. No, that was, And that's next generation too. And what we need, we need to get down into the elementary schools. We gotta get to the kids. They're all doing robotics club anyway in high school. Computer science is now, now a >>Sport, in my opinion. Well, I think that if you're in a privileged community, though, I don't think that every school's doing robotics. And >>That's why Well, Cal Poly, Cal Poly and the universities are stepping up and I think CNCF leadership is amazing here. And we need more of it. I mean, I'm, I'm bullish on this. I love it. And I think that's a really great story. No, >>I, I am. Absolutely. And, and it just goes to show how committed CNF is to community, Putting community first and Detroit. There has been such a celebration of Detroit this whole week. Stephen, thank you so much for joining us on the show. Best Wishes with the CD Foundation. John, thanks for the banter as always. And thank you for tuning in to us here live on the cube in Detroit, Michigan. I'm Savannah Peterson and we are having the best day. I hope you are too.

>> We're back at the Seaport in Boston. Dave Vellante and Paul Gill. You're watching The Cubes coverage of Red Hat Summit, 2022. A little different this year, a smaller venue. Maybe a thousand people. Love the keynotes, compressed. Big virtual audience. So we're happy to be coming to you live, face to face. It's been a while since we've had these, for a lot of folks, this is their first in person event. You know, it's kind of weird getting used to that, but I think in the next few months, it's going to become the new, sort of quasi abnormal. Francis Chow is here. He's the Vice President and GM of In-Vehicle OS and Edge at Red Hat. Francis, welcome. That's the most interesting title we've had all week. So thanks for coming here. >> Thank you, Dave. Thank you, Paul, for having me here. >> So The Edge, I mean The Edge is, we heard about the International Space Station. We heard about ski boots, of course In-Vehicle. What's the Edge to you? >> Well, to me Edge actually could mean many different things, right? The way we look at Edge is, there is the traditional enterprise Edge, where this is the second tier, third tier data centers that this extension from your core, the network and your centralized data center, right to remote locations. And then there are like Telco Edge, right? where we know about the 5G network, right Where you deploy bay stations and which would have a different size of requirements right. Of traditional enterprise edge networks. And then there are Operational Edge where we see the line of business operating on those locations, right? Things like manufacturing for oil rigs, retail store, right? So very wide variety of Edge that are doing OT type of technology, and then last but not least there is the customer on or kind of device edge where we now putting things into things like cars, as you said, like ski booth, and have that interaction with the end consumers. >> Is this why? I mean, there's a lot of excitement at Red. I could tell among the Red hat people about this GM deal here is this why that's so exciting to them? This really encompasses sort of all of those variants of the edge in automotive, in automobile experience. Doesn't it? >> I think why this is exciting to the industry and also to us is that if you look at traditionally how automotive has designed, right the way the architect vehicle today has many subsystems, they are all purpose viewed, very tight cut, coupled with hardware and software. And it's very difficult to reuse, right? So their cause of development is high. The time to develop is long and adding to that there is a lengthy safety certification process which also kind of make it hard. Because every time you make a change in the system you have to re-certify it again. >> Right. >> And typically it takes about six to 12 months to do so. Every time you make a change. So very lengthy passes, which is important because we want to ensure occupants are safe in a vehicle. Now what we bring to the table, which I think is super exciting is we bring this platform approach. Now you can use a consistent platform that is open and you can actually now run multiple doming applications on the same platform which means automakers can reuse components across model years and brands. That will lower the development cost. Now I think one of the key things that we bring to the table is that we introduce a new safety certification approach called Continuous Safety Certification. We actually announced that in our summit last year with the intent, "Hey, we're going to deliver this functional certified Linux platform" Which is the first four Linux. And the way we do it is we work with our partner Excedr to try to define that approach. And at the high level the idea really is to automate that certification process just like how we automate software development. Right, we are adding that monitoring capabilities with functional safety related artifacts in our CI three pipeline. And we are able to aim to cut back that kind of certification time to a fraction of what is needed today. So what we can do, I think with this collaboration with GM, is help them get faster time to market, and then lower development costs. Now, adding to that, if you think about a modern Linux platform, you can update it over the air, right? This is the capability that we are working with GM as well. Now what customers can expect now, right for future vehicle is there will be updates on apps and services, just like your cell phone, right. Which makes your car more capable over time and more relevant for the long term. >> So there's some assumptions you're making at the edge. First of all, you described a spectrum retail store which you know, to me, okay, it's Edge, but you can take an X-86 box or a hyper converged infrastructure throw it in there. And there's some opportunities to do some stuff in real time, but it's kind of an extension natural extension of IT. Whereas in vehicle you got to make some assumptions spotty connectivity to do software download and you can't do truck rolls at the far edge, right? None of that is okay, and so there's some assumptions there and as you say, your role is to compress the time to market, but also deliver a better consumer >> Absolutely. >> Experience, so what can we expect? You started to talk about the future of in vehicle, you know, or EVs, if you will, what should we expect as consumers? You, you're saying over the year software we're seeing that with some of the EV makers, for sure. But what's the future look like? >> I think what consumers can expect is really over a period of time, right? A similar experience, like what you have with your mobile mobile device, right? If you look back 15, 20 years, right? You buy a phone, right? That's the feature that you have with your phone, right? No update, it is what it is right, for the lifetime of the product which is pretty much what you have now, if you buy a vehicle, right. You have those features capabilities and you allow it for the lifetime of the vehicle. >> Sometimes you have to drive in for a maintenance, a service to get a software update. >> We can talk about that too right. But as we make the systems, update-able right you can now expect more frequent and seamless update of both the operating system and the application services that sit on top of that. Right, so I think right in the future consumers can expect more capable vehicles after you purchase it because new developmental software can now be done with an update over the air. >> I assume this relationship with GM is not exclusive. Are you talking with other automakers as well? >> We are talking to auto makers, other auto makers. What we working with GM is really a product that could work for the industry, right? This is actually what we both believe in is the right thing to do right? As we are able to standardize how we approach the infrastructure. I think this is a good thing for the whole industry to help accelerate innovation for the entire industry. >> Well which is sort of natural next question. Are we heading toward an open automotive platform? Like we have an open banking platform in that industry. Do you see the possibility that there could be a single platform that all or most of the auto makers will work on? >> I wouldn't use the word single, but I definitely would use the word open. Right? Our goal is to build this open platform, right. Because we believe in open source, right. We believe in community, right. If we make it open, we have more contributors to come in and help to make the system better in a way faster. And actually like you said, right. Improve the quality, right, better. Right, so that the chance of recall is now lower with, with this approach. >> You're using validated patterns as part of this initiative. Is that right? And what is a validated pattern? How is it different from a reference architecture? Is it just kind of a new name for reference architecture? or what value does it bring to the relation? >> For automotive right, we don't have a validated pattern yet but they can broadly kind of speak about what that is. >> Yeah. >> And how we see that evolve over time. So validated pattern basically is a combination of Red Hat products, multiple Red Hat products and partner products. And we usually build it for specific use case. And then we put those components together run rigorous tests to validate it that's it going to work, so that it becomes more repeatable and deployable for those particular edge use cases. Now we do work with our partners to make it happen, right. Because in the end, right we want to make a solution that is about 80% of the way and allow our partners to kind of add more value and their secret sauce on top and deploy it. Right, and I'll give you kind of one example, right You just have the interview with the Veterans Affairs team, right. One of our patents, right? The Medical Diagnosis Pattern, right. Actually we work with them in the early development stage of that. Right, what it does is to help make assessments on pneumonia with chest X rates, right. So it's a fully automated data pipeline. We get the chest x-ray from an object store use AIML to diagnose whether there's new pneumonia. And then I'll put that in a dashboard automated with the validated pattern. >> So you're not using them today, but can we expect that in the future? It sounds like >> Yes absolutely it's in the works, yes. >> It would be a perfect vertical. >> How do you believe your work with GM? I mean, has implications across Red hat? It seems like there are things you're going to be doing with GM that could affect other parts of your own product portfolio. >> Oh, absolutely. I think this actually is, it's a pivotal moment for Red Hat and the automotive industry. And I think broadly speaking for any safety conscious industry, right. As we create this Proof-point right that we can build a Linux system that is optimized for footprint performance, realtime capabilities, and be able to certify it for safety. Right I think all the adjacent industry, right. You think about transportation, healthcare, right. Industry that have tight safety requirements. It's just opened up the aperture for us to adjust those markets in the future. >> So we talked about a lot about the consumerization of IT over the last decade. Many of us feel as though that what's going on at the Edge, the innovations that are going on at the Edge realtime AI inferencing, you know, streaming data ARM, the innovations that ARM and others are performing certainly in video until we heard today, this notion of, you know, no touch, zero touch provisioning that a lot of these innovations are actually going to find their way into the enterprise. Kind of a follow on fault of what you were just talking about. And there's probably some future disruptions coming. You can almost guarantee that, I mean, 15 years or so we get that kind of disruption. How are you thinking about that? >> Well, I think you company, right. Some of the Edge innovation, right. You're going to kind of bring back to enterprise over time. Right but the one thing that you talk about zero touch provisioning right. Is critical right? You think about edge deployments. You're going to have to deal with a very diverse set of environments on how deployments are happen. Right think about like tail code based stations, right. You have somewhere between 75,000 to 100,000 base stations in the US for each provider right. How do you deploy it? Right, if you let's say you push one update or you want the provision system. So what we bring to the table in the latest open shift release is that, hey we make provisioning zero touch right, meaning you can actually do that without any menu intervention. >> Yeah, so I think the Edge is going to raise the bar for the enterprise, I guess is my premise there. >> Absolutely. >> So Francis, thanks so much for coming on The Cube. It's great to see you and congratulations on the collaboration. It's a exciting area for you guys. >> Thank you again, Dave and Paul. >> Our pleasure, all right keep it right there. After this quick break, we'll be back. Paul Gill and Dave Vellante you're watching The Cubes coverage Red Hat Summit 2022 live from the Boston Seaport. Be right back.

(upbeat music) >> Hey everyone and welcome back to the CUBE's continuous live coverage of AWS re:Invent 2021. continuous live coverage of AWS re:Invent 2021. Lisa Martin here with David Nicholson. We have two live sets going on, we've got two remote sets, over 100 guests working with AWS and it's a massive ecosystem of partners, really digging into the next decade of cloud innovation and we're pleased to welcome back one of our CUBE alumni, Edith Harbaugh, CEO, and co-founder of LaunchDarkly. We're going to be talking about a blueprint for continuous modernization, Edith, it's great to have you, thanks for coming. >> Thanks for having me. >> So I was doing some research, you guys raised 200 million in series D in August, just a few months ago, that new funding tripled your valuation to 3 billion up more than 3x from the previous funding rounds, so rocket ship. >> Edith: Yeah. >> I also noticed you guys are on the Forbes Cloud 100 2nd year on the list, you jumped dramatically from 100 in 2020 to 47 this year, talk to us about all the innovation and acceleration that's going on at LaunchDarkly. >> Yeah, well, it's, it's great to be here, you know, I'm the CEO and co-founder and we started seven years ago in 2014 and what we were doing back then was a really new field, like I actually came up with the name feature management, just to describe what we were doing and it was this idea that you could release features to different people at different times, which sounds really simple, but it really allows you to have valves to different populations that you can then turn something on, turn something off, run a beta, do personalization and then if something's going wrong out on the field quickly and easily, turn it off. >> So as an engineer, as a long standing engineer, what were the things that really frustrated you, that you thought this, this is missing, we've got to focus on this. >> Oh my gosh, so, I was an engineering manager, I actually do a podcast too called To Be Continuous just about all the bad things I saw happen, the worst thing you could do is, is build something that nobody wants, which is really frustrating, so I think a lot of continuous delivery came out of the urge to just get stuff out quicker. The flip side of that is that if you moved too fast, a release can be catastrophic. We used to call them the push and pray release because you push stuff out and then you're just crossing your fingers that nothing breaks because if something breaks it's extremely stressful. Your mind starts flooding with endorphins and hormones, your heart rate increases and you sometimes make even worse decisions, so what LaunchDarkly and feature management allow you to do is push it out to who you want and if something is going wrong, you could turn it off without a redeploy, if things are going right, you can continue to push it out. >> And when you say feature management, you're talking about, you're talking about a level of granularity that is finer than a release version. that is finer than a release version. >> Edith: Yeah. How do you do that? >> Our customers do it, so we provide a platform where our customers and we have 2,500 worldwide, everything from IBM and Atlassian, down to like three person startups, they decide how to encapsulate a feature >> David: Okay. >> So they could push it to who they want, so, so there's a lot of really neat use cases. >> So knowing that you're providing them with the valves. >> Edith: Yes. Then they can- think differently about how they're actually developing in anticipation of delivering encapsulated features, as opposed to, here's your new release. >> Edith: Exactly. >> Okay. >> Exactly, so we have some customers who've used LaunchDarkly to actually move to the cloud. So like TrueCar was running their own data centers and they wanted a way to start moving all of that data center traffic into AWS, so they could use LaunchDarkly to manage that traffic flow and do it in a controlled way instead of just one quick switch. >> I was looking at that case study of TrueCar, they migrated 500 websites to AWS without downtime and deploying 20x per day, which is up from 1x a week, that's a massive change. >> Yeah, I think really what we give our customers is confidence that if you know that you can always have control over stuff with feature management, you actually move much quicker. You can, you can move 20 times a day if you know that if something goes wrong, you can always turn it off, you have much more confidence. >> Where are your, you having customer conversations? I know you, you coined to the term feature management, I'd love to know a bit more contextually about the evolution from feature flags to feature management and where are those customer conversations happening? are they kind of down in the technical ways? are they more higher level? given the fact that we're in such a, still a, such a state of flux with COVID? >> Yeah, so we, we didn't invent feature flagging like the smart companies like Amazon, Facebook, Netflix have been doing feature flagging for decades now, it was always a secret sauce of this is how they could manage their own functionality. What LaunchDarkly did was kind of changed it to feature management about doing it where any other customer also had the same set of tools and platforms and also on top of that things like a workflow, scheduling, integrations. So that for example, a developer could develop something and then give the keys to the product manager, say product manager, you get to, you get to run the beta now. >> So putting, putting more control back in the hands of the folks that are, that really are touching and feeling and smelling the product. >> Yeah or customer support, you know, >> Yeah or customer support, you know, if something is going wrong in the field, instead of having to wait for an engineer to fix a bug customer support could just turn it off. >> So I'm curious about, you know, when we talk about it's a, this, this sort of dovetails with something that was discussed in the keynote today, out of the gate, Adam comes out and he's talking about microprocessor technology. Now in the era of cloud, generally people would say, that stuff doesn't matter, right? It's all about the feeling of being in the cloud and the flame, you know, the, the, the field of wheat blowing in the wind and it's a feeling that you get, it's really interesting what you're doing under the covers, but who is the, who is the audience? Who, who buys this? Because I can imagine some in the engineering, on the engineering side of things, feeling like maybe they're giving up some control, but really you're giving them more tools, but is it business people who are demanding this? how, how do you go to market? >> Yeah, so it's really interesting because our core audience is developers and VP of engineering, like they love the platform. Like our Net Promoter Score is extremely high, engineers say like, this gave me my weekends back because if a bug happens I don't have to come in. >> David: Okay so they get it. >> They get it. This isn't being pushed down- from executives that don't understand the technology. >> No, I mean, a typical thing is a developer's, like, I need this to do my job and then the business people say, well, if the developers are happy, we're happy, you know, it's, it's a developers world now, you know, they're hard to hire, you have to have them and if you have anything that will make their job easier and them happier, why wouldn't you buy it? >> That's a big facilitator, so you mentioned a high, high NPS, high Net Promoter Score, we, we talk with Amazon folks about their their focus on the customer and their customer obsession if you will, that everything starts backwards, we start from the customer, 2,500 customers in such a short time period, we talked about the funding, I imagine culturally there's similarities there, if one of the things that you're able to confidently give your customers is that confidence in LaunchDarkly. >> Yeah, you know, one of the happiest parts of my job is visiting customers, you know, I, my co-founder and I personally visited, I think the first 10 or 20 customers and if they had a bug, if they wanted something, and if they had a bug, if they wanted something, we built it. And I love going on customer sites, cause it's. And I love going on customer sites, cause it's. >> When they're telling you that you gave them their weekend back. >> Edith: Yeah. >> Huge. >> That's, yeah, that.- that's not an insignificant thing when you think about what people do with their weekends, you know, so? >> Yeah, you know, it, it feels really good to have customers say, like this literally has changed the way they built software for the better. >> I can't imagine this, you know, with everything that's happened in the last 22 months with the acceleration to cloud, but all these massive pivots by businesses, in every industry just to survive in the beginning, were an advantage, something like LaunchDarkly is for those organizations, so you have to move really, really quickly and keep changing direction to kind of figure out how do we stay afloat and now how do we thrive in that, that this has probably been a real lifesaver for a lot of organizations. >> Yeah, I mean, we've seen like a ten year roadmap at our customers compressed into a month, like we had a, a retail chain in the Midwest that was thinking about doing in-store pickup and then when COVID hit, they're like, okay, this changed from a, maybe to a, we need to have this to stay afloat and now, now they can help people pick up, same with, same with restaurants having a mobile app to do delivery or pickup, it used to be when we'll get to that next year, now it's something that you have to have. >> Oh yeah. >> Because if, if you're going to go get coffee and one place has a mile long line and their place has an app, which one are you going to pick? >> So, what do people do that don't have this capability? This, I mean, this might sound like a completely naive question, I know a lot about a lot of things, so I'm okay looking dumb sometimes, it's how I learn, so I'm okay looking dumb sometimes, it's how I learn, but seriously, if you don't have these valves, then aren't you doomed then aren't you doomed to releases that are going to be panic inducing. >> It's really, it's really painful, like, I mean, that's, that's the way I used to, to release, you know, I remember it, like you're released and you would have tried to have caught all the bugs, but it would go out and if something happened, you had to fix it on the fly and even if you have a really good deployment process, that's 20 minutes, maybe two hours. >> David: Sure, and, and. >> Which, which if you're a mobile app, it could be a business killer. >> Yeah, well we're here at AWS reinvent, I mean, how does, how does this dovetail with this, the AWS mission to migrate and modernize into the cloud native world? we're talking about cloud native, you know, development and operations that you're involved with, so there's obviously a synergy there, but why specifically AWS? >> Oh, I mean, I think one of the biggest tailwinds we've had as a business is if you're releasing twice a year, we've had as a business is if you're releasing twice a year, you don't really need a tool like this, or a platform like this, your business process is completely different, but you're going to die as a company cause you can't survive on two releases a year. If you're moving to the cloud, we help you get there and once you're in the cloud, if you want to move at the speed of business, but safely, we give you that platform. Like, so, I think continuous delivery got this bad wrap because people thought that meant that you push out stuff every second and break everything. >> David: Right. >> What we do is we allow you to innovate as fast as you want, but release in a controlled way. >> I got to ask you a question, you, you talked about the customers and your love of being with customers, one of the things I can't help thinking is that what you're helping facilitate is brand reputation. If, you know, if we have an expectation and we want to go on a, on an app and order coffee, and it's down, we're going to go to the next competitor, so from a brand reputation perspective, I'm just wondering if, if any of your customer conversations kind of go in addition to the VP of engineering kind of go in addition to the VP of engineering and it focused on the folks that are leading these companies going, our reputation is on the line, people are, let's face it during COVID far less patience than we've, we've seen a lot of really impatient people, but is, is that something that you also facilitate, is the brand reputation? >> Oh, not just a brand reputation that an outage can be costly of millions of dollars, like. that an outage can be costly of millions of dollars, like. >> Lisa: $5,600 a minute, I think is what Gartner estimates. >> Yeah, but depending on what business you're in, like if you're in a bank, you absolutely need to be reliable. If you're a streaming service like streaming, one of the biggest horse races in Australia, you need to have uptime. >> Everybody needs uptime, let's, let's just be clear if I can't get door dash or whatever, it's a disaster from my perspective as a consumer and yes, we have, we have far less patience than we've ever had. >> Yeah, I mean, we have a really interesting, we have both B2C, like streaming ash, streaming apps, delivery apps, as well as B2B streaming apps, delivery apps, as well as B2B and they both have problems that we solve but honestly, the, the, the business problems with a B2B are much more challenging sometimes. >> Well Edith, thank you so much for joining David and me on the program, talking about LaunchDarkly, what you're enabling organizations to achieve in every industry, it sounds like you're riding a rocket ship. >> It's been really fun, you know, I, I love seeing a customer that's been using us for three, five years. >> David: Wow. >> And how much their life has gotten better. >> And as you said, that's, that's no small statement. Thank you so much for joining us on the program, we appreciate your insights and look forward to hearing more news from LaunchDarkly coming out. >> Thanks. >> All right, for David Nicholson, I'm Lisa Martin, you're watching theCUBE's coverage of AWS:reinvent 2021, theCUBE, the global leader in live tech coverage. (upbeat music)

>> Announcer: From around the globe, it's theCUBE with digital coverage of DevOps virtual forum. Brought to you by Broadcom. >> Hi guys, welcome back. So we have discussed the current state and the near future state of DevOps and how it's going to evolve from three unique perspectives. In this last segment, we're going to open up the floor and see if we can come to a shared understanding of where DevOps needs to go. In order to be successful next year. So our guests today are you've seen them all before. Jeffrey Hammond is here the VP and Principal Analyst serving CIO at Forrester. We've also got Serge Lucio, the GM of Broadcom Enterprise Software Division. And Glyn Martin, the head of QA Transformation at BT. Guys welcome back. Great to have you all three together. >> Hi Lisa. (Serge speaks faintly) >> Good to be here. >> All right. So we're all very socially distanced as we talked about before. Great to have this conversation. So let's start with one of the topics that we kicked off the forum with. Jeff, we're going to start with you spiritual colocation. That's a really interesting topic that we've uncovered. But how much of the challenge is truly cultural? And what can we solve through technology? Jeff, we'll start with you, then Serge, then Glyn, Jeff take it away. >> Yeah I think fundamentally, you can have all the technology in the world. And if you don't make the right investments in the cultural practices in your development organization. You still won't be effective. Almost 10 years ago, I wrote a piece. Where I did a bunch of research around what made high performance teams software delivery teams high performance. And one of the things that came out as part of that was that these teams have a high level of autonomy. And that's one of the things that you see coming out of the Agile Manifesto. Let's take that today. Where developers are on their own in their own offices. if you've got teams where the team itself had a high level of autonomy. And they know how to work, they can make decisions. They can move forward. They're not waiting for management to tell them what to do. And so what we have seen is that organizations that embraced autonomy, and got their teams in the right place. And their teams had the information that they needed to make the right decisions. Have actually been able to operate pretty well, even as they've been remote. And it's turned out to be things like well, how do we actually push the software that we've created into production that have become the challenge is not. Are we writing the right software? And that's why I think the term spiritual colocation is so important. Because even though we may be physically distant, we're on the same plane, we're connected from a shared purpose. There's a Surgeon I worked together a long, long time ago, so just it's been what, almost 15-16 years, since we worked at the same place. And yet I would say there's probably still a certain level of spiritual colocation, between us. because of this shared purposes that we've had in the past and what we've seen in the industry, and that's a really powerful tool to build on. So what do tools play as part of that, to the extent that tools make information available to build shared purpose on. To the extent that they enable communication so that we can build that spiritual colocation. To the extent that they reinforce the culture that we want to put in place. They can be incredibly valuable, especially when we don't have the luxury of physical colocation. Hope that makes sense.(chuckles) >> It does. I should have introduced this last segment as we're all spiritually colocated. All right. So Serge, clearly you're still spiritually colocated with Jeff. Talk to me about what your thoughts are about spiritual of colocation. The cultural impact and how technology can move it forward? >> Yes, so I think, while I'm going to sound very similar to Jeff in that respect. I think it starts with kind of shared purpose, and understanding how individuals teams contribute to kind of a business outcome. What is our shared goals our shared vision with what is it we're trying to achieve collectively. And keeping kind of the line to that. And so it really starts with it Now, the big challenge always is over the last 20 years, especially in large organization has been specialization of roles and functions. And so we all have started to basically measure which we do on a daily basis using metrics, which oftentimes are completely disconnected from kind of a business outcome. Or is it on purpose. We kind of revert that to Okay, what is my database uptime? What is my cycle time? Right. And I think which we can do or where we really should be focused as an industry is to start to basically provide a lens for these different stakeholders to look at what they're doing. In the context of benefiting this business outcomes. So, probably one of my theories experience was to actually witness at one of our large financial institution. Two stakeholders across development and operations staring at the same data. Like which was related to economy changes, test execution results, coverage, official liabilities, and all the overran direction of incidents. And when you start to put these things in context, and represent that in a way that these different stakeholders can look at from their different lens. And they can start to basically communicate, and understand how they jointly or complement to do that kind of common vision or objective. >> And Glyn, we talked a lot about transformation with you last time. What are your thoughts on spiritual colocation and the cultural part of technology impact? >> Yeah, I mean I agree with Jeffrey that, you know, the people and culture are the most important thing. Actually, that's why it's really important when you're transforming to have partners who have the same vision as you. Who you can work with have the same end goal in mind. And we would constantly found that with our continuing relationship with Broadcom. What it also does, are those tools can accelerate what you're doing and can drive consistency. You know, we've seen within simplify, which is BT's Flagship Transformation Program, where we're trying to as it says, simplify the number of system stacks that we have. The number of products that we have, actually at the moment we've got different value streams within that program. Who have got organizational silos who are trying to rewrite the wheel. Who are still doing things manually. So in order to try and bring that consistency, we need the right tools that actually are at an enterprise grade, which can be flexible to work with in BT. Which is such a complex and very different environment, depending on what area BT you're in. Whether it's consumer, whether it's a mobile area, whether it's large global or government organizations. We found that we need tools that can drive that consistency. But also flex to Greenfield Brownfield kind of technologies as well. So it's really important that as it's a from a number of different aspects. That you have the right partner, and to drive the right culture here, and the same vision, but also who have the tool sets to help you accelerate, They can't do that on their own. But they can help accelerate what it is you're trying to do. And a really good example of that is we're trying to shift left, which is probably a quite a bit of a buzz phrase. And they're kind of testing well at the moment. But I could talk about things like Continuous Delivery Director to Broadcom tools. And it has many different features to it, but very simply on its own. It allows us to give the visibility of what the teams are doing. And once we have that visibility, then we can talk to the teams around could they be doing better component testing? Could they be using some virtualized services here or there? And that's not even the main purpose of Continuous Delivery Director. But it's just a reason that tools themselves can just give greater visibility of have much more intuitive and insightful conversations with other teams and reduce those organizational silos. >> Thanks, Glyn So we kind of sum that up autonomy, collaboration tools that facilitate that. So let's talk now about metrics. From your perspective, what are the metrics that matter Jeff? >> Well, I'm going to go right back to what Glyn said about data that provides visibility that enables us to to make decisions with shared purpose. And so business value has to be one of the first things that we looking at. How do we assess whether we have built something that is valuable? That could be sales revenue, it could be Net Promoter Score, if you're not selling what you've built, it could even be what the level of reuse is within your organization. Or other teams picking up the services that you've created. One of the things that I've begun to see organizations do is to align value streams with customer journeys. And then to align teams with those value streams. So that's one of the ways that you get to a shared purpose. 'Cause we're all trying to deliver around that customer journey. The value associated with it. And we're all measured on that. There are flow metrics, which are really important. How long does it take us to get a new feature out. From the time that we conceive it to the time that we can run our first experiments with it. There are quality metrics, some of the classics or maybe things like defect density or meantime to response. One of my favorites came from a company called Ultimate Software. Where they looked at the ratio of defects found in Production defects found in pre production. And their developers were in fact measured on that ratio and told them that guess what quality is your job too. Not just the test departments group. The fourth level that I think is really important in the current situation that we're in, is the level of engagement in your development organization. We used to joke that we measured this with the parking lot metric. How how full was the parking lot at 9, and how full was it at 5 o'clock. I can't do that anymore, since we're not physically colocated. But what you can do is you can look at how folks are delivering. You can look at your metrics in your SCCM environment, you can look at the relative rates of churn, you can look at things like well are our developers delivering during longer periods. Earlier in the morning, later in the evening? Are they delivering on the weekends as well. Are those signs that we might be heading toward burnout, because folks are still running at sprint levels instead of marathon levels. So all of those in combination, business value, flow, engagement and quality. I think form the backbone of any sort of metrics program. The second thing that I think you need to look at is what are we going to do with the data and the philosophy behind the data is critical. Unfortunately I see organizations where they weaponize the data. And that's completely the wrong way to look at it. What you need to do is you need to say. "How is this data helping us to identify the blockers? The things that aren't allowing us to provide the right context for people to do the right thing? And then what do we do to remove those blockers to make sure that we're giving these autonomous teams, the context that they need to do their job in a way that creates the most value for the customers?" >> Great advice, Jeff. Glyn over to you metrics that matter to you that really make a big impact. And also how do you measure quality kind of following on to the advice that Jeff provided? >> I mean, Jeff provided some great advice. Actually, he talks about value, he talks about flow, both of those things are very much on my mind at the moment. But there was a time, listen to a speaker called Mia Kirsten, a couple of months ago, he talked very much around how important flow management is. And remove and using that to remove waste, to understand in terms of, making software changes. What is it that's causing us to do it longer than we need to? So where are those areas where it takes too long. So I think that's a very important thing. For us, it's even more basic than that at the moment. We're on a journey from moving from waterfall to agile. And the problem with moving from waterfall to agile is, with waterfall, the the business had a kind of comfort that everything was tested together, and therefore it's safer. And with agile, there's that kind of how do we make sure that you know, if we're doing things quick, and we're getting stuff out the door that we give that confidence, that that's ready to go? Or if there's a risk that we're able to truly articulate what that risk is. So there's a bit about release confidence. And some of the metrics around that and how healthy those releases are and actually saying we spend a lot of money, in an investment setting up agile teams training agile teams. Are we actually seeing them deliver more quickly? And are we actually seeing them deliver more value quickly? So yeah, those are the two main things for me at the moment. But I think it's also about, generally bringing it all together DevOps. We've got the kind of value ops, AI Ops. How do we actually bring that together to so we can make quick decisions, and making sure that we are delivering the biggest bang for our partners. >> Absolutely biggest bang for the partners. Serge your thoughts. >> Yes I think we all agree, right? It starts with business metrics, flow metrics. These are one of the most important metrics and ultimately, I mean, one of the things that's very common across I highly functional teams is engagements, right? When you see a team that's highly functional, and that's agile, that practices DevOps everyday. They are highly engaged. That definitely true. Now back to you, I think, Jeff's points on weaponization of metrics. One of the key challenges we see is that organizations traditionally have been kind of, setting up benchmarks. Right. So what is a good cycle time? What is a good mean time? What is a good mean time to repair? The problem is that this is very contextual, right? It's going to vary quite a bit, depending on the nature of application and system. And so one of the things that we really need to evolve as an industry. Is to understand that it's not so much about those flow metrics is about are these flow metrics ultimately contribute to the business metric. To the business outcome. So that's one thing. The second aspect, I think that's oftentimes misunderstood, is that when you have a bad cycle time or what you perceive as being a bad cycle time or bad quality. The problem is oftentimes like, how do you go and explore why, right? What is the root cause of this? And I think one of the key challenges is that we tend to focus a lot of time on metrics. And not on the I type patterns, which are pretty common across the industry. If you look at for instance things like, lead time for instance. It's very common that organizational boundaries are going to be a key contributor to bad lead time. And so I think that there is reviewing the metrics, there is I think a lot of work that we need to do in terms of classifying this untied PaaS. Back to you, Jeff, I think you're one of the cool offers of Water-Scrum Fall as a key pattern in the industry or anti-patterns. >> Yeah >> But Water Scrum Fall, right. Is the key one right? And you will detect that through kind of a defect rival rates. That's right, that looks like an S curve. And so I think it's the output of the metrics is what do you do with those metrics. >> Right. I'll tell you Serge, one of the things that is really interesting to me in that space is. I think those of us had been in industry for a long time, we know the anti patterns, 'cause we've seen them in our career,(laughs) maybe in multiple times. And one of the things that I think you could see tooling do is perhaps provide some notification of anti patterns based on the telemetry that comes in. I think it would be a really interesting place to apply machine learning and reinforcement learning techniques. So hopefully something that we'd see in the future with DevOps tools. 'Cause as a manager that maybe only a 10 year veteran or a 15 year veteran. You may be seeing these anti patterns for the first time, and it would sure be nice to know what to do when they start to pop up.(chuckles) >> That would right? Insight, always helpful. All right guys, I would like to get your final thoughts on the fit one thing that you believe our audience really needs to be on the lookout for. and to put on our agendas. For the next 12 months. Jeff will be back to you. >> I would say, look for the opportunities that this disruption presents. And there are a couple that I see. First of all, as we shift to remote central working, we're unlocking new pools of talent. Where it's possible to implement more geographic diversity. So look to that as part of your strategy. Number two, look for new types of tools. We've seen a lot of interest in usage of low code tools. To very quickly develop applications. That's potentially part of a mainstream strategy as we go into 2021. Finally, make sure that you embrace this idea that you are supporting creative workers. That agile and DevOps are the peanut butter and chocolate to support creative workers with algorithmic capabilities. >> Peanut butter and chocolate. Glyn where do we go from there? What's the one silver bullet that you think that needs to be on the look out for? >> (indistinct) out I certainly agree that low code is next year, we'll see much more low code. We've already started going moving towards more of a SaaS based world but low code also. I think as well for me, we've still got one foot in the kind of cloud camp. We'll be fully trying to explore what that means going into the next year and exploiting the capabilities of cloud. But I think the last thing for me is, how do you really instill quality throughout the kind of the life cycle When I heard the word scrum for it kind of made me shut it. 'Cause I know that's a problem. That's where we're at with some of our things at the moment. So we need to get beyond that we need to be releasing changes more frequently into production. And actually being a bit more brave and having the confidence to actually do more testing in production and going straight to production itself. So expect to see much more of that next year. Yeah, thank you. I haven't got any food analogies unfortunately. (laughs) >> We all need some peanut butter and chocolate. All right Serge, Just take us on that sir. What's that nugget you think everyone needs to have on their agendas? >> That's interesting, right? So a couple of days ago, we had kind of a latest state of the DevOps report, right? And if you read through the report, it's all about velocity, right? It's all about we still are perceiving DevOps as being all about speed. And so to me the key advice is, in order to create kind of this spiritual colocation in order to foster engagement. We have to go back to what is it we're trying to do collectively. We have to go back to tie everything to the business outcome. And so for me, it's absolutely imperative for organizations to start to plot their value streams. To understand how they're delivering value into allowing everything they do from a metrics to delivery to flow to those metrics. And only with data, I think, are we going to be able to actually start to to restart to align kind of all these roles across the organizations and drive not just speed, but business outcomes. >> All about business outcomes. I think you guys, the three of you could write a book together. So I'll give you that as food for thought. Thank you all so much for joining me. Today and our guests, I think this was an incredibly valuable, fruitful conversation. And we appreciate all of you taking the time to spiritually colocate with us today. Guys, thank you. >> Thank you Lisa. >> Thank you. >> Thank you. >> For Jeff Hammond, Serge Lucio and Glyn Martin. I'm Lisa Martin. Thank you for watching the Broadcom DevOps virtual forum. (upbeat music)

(upbeat music) >> Hi, everybody, we're back. This is Dave Vellante with theCUBE. We're here talking storage at Amazon in Boston. Asa Kalavade's here, she's the general manager for Hybrid and Data Transfer services. >> Let me give you a perspective of how these services come together. We have DataSync, Storage Gateway, and Transfer. As a set of Hybrid and Data Transfer services. The problem that we're trying to address for customers is how to connect their on premises infrastructure to the cloud. And we have customers at different stages of their journey to the cloud. Some are just starting out to use the cloud, some are migrating, and others have migrated, but they still need access to the cloud from on-prem. So the broad charter for these services is to enable customers to use AWS Storage from on-premises. So for example, DataStorage Gateway today is used by customers to get unlimited access to cloud storage from on-premises. And they can do that with low latency, so they can run their on-prem workloads, but still leverage storage in the cloud. In addition to that, we have DataSync, which we launched at re:Invent last year, in 2018. And DataSync essentially is designed to help customers move a lot of their on-premises storage to the cloud, and back and forth for workloads that involve replication, migration, or ongoing data transfers. So together, Gateway and DataSync help solve the access and transfer problem for customers. >> Let's double down on the benefits. You started the segment just sort of describing the problem that you're solving, connecting on-prem to cloud, sort of helping create these hybrid environments. So that's really the other benefit for customers, really simplifying that sort of hybrid approach, giving them high performance confidence that it actually worked. >> Maybe talk a little bit more about that. >> So with DataSync, we see two broad use cases. There is a class of customers that have adopted DataSync for migration. So we have customers like Autodesk who've migrated hundreds of terabytes from their on-premises storage to AWS. And that has allowed them to shut down their data center, or retire their existing storage, because they're on their journey to the cloud. The other class of use cases is customers that have ongoing data that they need to move to the cloud for a workload. So it could be data from video cameras, or gene sequencers that they need to move to a data pipeline in the cloud, and they can do further processing there. And in some cases, bring the results back. So that's the second continuous data transfer use case, that DataSync allows customers to address. >> You're also talking today, about Storage Gateway high availability version of Storage Gateway. What's behind that? >> Storage Gateway today is used by customers to get access to data in the cloud, from on-premises. So if we continue this migration story that I mentioned with DataSync, now you have a customer that has moved a large amount of data to the cloud. They can now access that same data from on-premises for latency reasons, or if they need to distribute data across organizations and so on. So that's where the Gateway comes into play. Today we have 10's of thousands of customers that are using Gateway to do their back-ups, do archiving, or in some cases, use it as a target to replace their on-premises storage, with cloud backed storage. So a lot of these customers are running business critical applications today. But then some of our customers have told us they want to do additional workloads that are uninterruptible. So they can not tolerate downtime. So with that requirement in mind, we are launching this new capability around high availability. And we're quite excited, because that's solving, yet allowing us to do even more workloads on the Gateway. This announcement will allow customers to have a highly available Gateway, in a VMware environment. With that, their workloads can continue running, even if one of the Gateways goes down, if they have a hardware failure, a networking event, or software error such as the file shares becoming unavailable. The Gateway automatically restarts, so the workloads remain uninterrupted. >> So talk a little bit more about how it works, just in terms of anything customers have to do, any prerequisites they have. How does it all fit? >> Customers can essentially use this in their VMware H.A. environment today. So they would deploy their Gateway much like they do today. They can download the Gateway from the AWS console. If they have an existing Gateway, the software gets updated so they can take advantage of the high availability feature as well. The Gateway integrates into the VMware H.A. environment. It builds up a number of health checks, so we keep monitoring for the application up-time, network up-time, and so on. And if there is an event, the health check gets communicated back to VMware, and the Gateway gets restarted within, in most typical cases, under 60 seconds. >> So customers that are VMware customers, can take advantage of this, and to them, it's very non disruptive it sounds like. That's one of the benefits. But maybe talk about some of the other benefits. >> We saw a large number of our on-premises customers, especially in the enterprise environments, use VMware today. And they're using VMware HA for a number of their other applications. So we wanted to plug into that environment so the Gateway is as well highly available. So all their applications just work in that same framework. And then along with high availability, we're also introducing two additional capabilities. One is real time reports and visibility into the Gateway's resource consumption. So customers can now see embedded cloud watch graphs on how is their storage being consumed, what's their cache utilization, what's the network utilization. And then the administrators can use that to, in fairly real time, adapt the resources that they've allocated to the Gateway. So with that, as their workloads change, they can continue to adapt their Gateway resources, so they're getting the maximum performance out of the Gateway. >> So if they see a performance problem, and it's a high priority, they can put more resources on it-- >> They can attach more storage to it, or move it to a higher resourced VM, and they can continue to get the performance they need. Previously they could still do that, but they had to have manual checks. Now this is all automated, we can get this in a single pane of control. And they can use the AWS console today, like they do for their in cloud workloads. They can use that to look at performance of their on-premises Gateway's as well. So it's one pane of control. They can get CloudWatch health reports on their infrastructure on-prem. >> And if course it's cloud, so I can assume this is a service, I pay for it when I used it, I don't have to install any infrastructure, right? >> So the Gateways, again, consumption based, much like all AWS services. You download the Gateway, it doesn't cost you anything. And we charge one cent per gigabyte of data transfer through the Gateway, and it's capped at $125 a month. And you just pay for whatever storage is consumed by the Gateway. >> When you talk to senior exec's like Andy Jassy, always says "We focus on the customers." And sometimes people roll their eyes, but it's true. This is a hybrid world. Years ago, you didn't really hear much talk about hybrid. You talked to your customers and say, "Hey, we want to connect our on-prem to the public cloud." You're bringing services to do that. Asa, thanks so much for coming to theCUBE. Appreciate it. >> Thank you, thanks for your time. >> You're welcome. And thank you for watching everybody. This is Dave Vellante with theCUBE. We'll be back right after this short break. (upbeat music)

>> Narrator: From Burlingame, California, it's theCUBE. Covering Sumo Logic Illuminate 2019. Brought to you by Sumo Logic. >> Hey, welcome back, everybody, Jeff Frick here with theCUBE. We're at Sumo Logic Illuminate 2019. It's at the Hyatt Regency San Francisco Airport. We're excited to be back. It's our second year, so third year of the show, and really, one of the key tenants of this whole event is the report. It's the fourth year of the report. It's The Continuous Intelligence Report, and here to tell us all about it is the VP of Product Marketing, Kalyan Ramanathan. He's, like I said, VP, Product Management of Sumo Logic. Great to see you again. >> All right, thank you, Jeff. >> What a beautiful report. >> Absolutely, I love the cover and I love the data in the report even more. >> Yeah, but you cheat, you cheat. >> How come? >> 'Cause it's not a survey. You guys actually take real data. >> Ah, that's exactly right, exactly right. >> No, I love them, let's jump into it. No, it's a pretty interesting fact, though, and it came out in the keynote that this is not a survey. Tell us how you get the data. >> Yeah, I mean, so as you already know, Sumo Logic is a continuous intelligence platform. And what we do is to help our customers manage the operations and security of the mission critical application. And the way we do that is by collecting machine data from our customers, and many of our customers, we have two thousand, our customers, they're all running modern applications in the cloud, and when we collect this machine data, we can grade insights into how are these customers building their applications, how are these customers running and securing their application, and that insight is what is reflected in this report. And so, you're exactly right, this is not a survey. This is data from our customers that we bring into our system and then what we do is really treat things once we get this data into our system. First and foremost, we completely anonymize this data. So, we don't-- >> I was going to say Let's make sure we have to get that out. >> Yes, absolutely, so we don't have any customer references in this data. Two, we genericize this data. So, we're not looking for anomalies. We are looking for broad patterns, broad trends that we can apply across all of our customers and all of these enterprises that are running modern mission critical applications in the cloud. And then three, we analyze ten weeks to Sunday. We look at these datas, we look at what stands out in terms of good sample sizes, and that's what we reflect in this report. >> Okay, and just to close a loop on that, are there some applications that you don't include? 'Cause they're just legacy applications that're running on the cloud that doesn't give you good information, or you're basically taking them all in? >> Yeah, it's a good point, I mean we collect all data and we collect all applications, so we don't opt-in applications or out applications for that matter because we don't care about it. But what we do look for is significant sample size because we want to make sure that we're not talking about onesie-twosie applications here or there. We're looking for applications that have significant eruption in the cloud and that's what gets reflected in this report. >> Okay, well, let's jump into it. We don't have time to go through the whole thing here now, but people can get it online. They can download their own version and go through it at their leisure. Biggest change from last year as the fourth year of the report. >> Yeah, I mean, look, there are three big insights that we see in this report. The first one is, while we continue to see AWS rule in the cloud and that's not surprising at all, we're starting to see pretty dramatic adoption of multi-cloud technologies. So, two years ago, we saw a smidgen of multi-cloud in this report. Now, we have seen almost a 50% growth year over year in terms of multi-cloud adoption amongst enterprises who are in the cloud, and that's a substantial jump albeit from a smaller baseline. >> Do you have visibility if those are new applications or are those existing ones that are migrating to different platforms? Are they splitting? Do you have any kind of visibility into that? >> Yeah, I mean, it's an interesting point, and part of this is very related to the growth of Kubernetes that we also see in this report. What ypu've seen is that, in AWS itself, Kubernetes adoption has gone up significantly, what's even more interesting is that, as you think about multi-cloud adoption, we see a lot of Kubernetes, Kubernetes as the platform that is driving this multi-cloud adoption. There is a very interesting chart in this report on page nine. Obviously, I think you guys can see this if they want to download the report. If you're looking at AWS only, we see one in five customers are adopting Kubernetes. If you're looking at AWS and GCP, Google Cloud Platform, we see almost 60% of our customers are adopting Kubernetes. Now, when you put in AWS-- >> One in five at AWS, 60% we got Google, so that means four out of five at GCP are using Kubernetes and bring that average up. >> And then, if you look at AWS, Azure, and GCP, now you're talking about the creme de la creme customers who want to adopt all three clouds, it's almost 80% adoption of Kubernetes, so what it tells you is that Kubernetes has almost become this new Linux in the cloud world. If I want to deploy my application across multiple clouds, guess what, Kubernetes is that platform that enables me to deploy my application and then port it and re-target it to any other cloud or, for that matter, even an on-prem environment. >> Now, I mean, you don't see motivation behind action, but I'm just curious how much of it is now that I have Kubernetes. I can do multi-cloud or I've been wanting to do multi-cloud, and now that I have Kubernetes, I have an avenue. >> Yeah, it started another question. What's the chicken and what's the egg right here? My general sense, and we've debated this endlessly in our company, our general sense has been that the initiative to go multi-cloud typically comes top down in an organization. It's usually the CIO or the CSO who says, you know what, we need to go multi-cloud. And there are various reasons to go multi-cloud, some of which you heard in our keynote today. It could be for more reliability, it could be for more choice that you may want, it could be because you don't want to get logged into any one cloud render, so that decision usually comes top down. But then, now, the engineering teams, the ops teams have to support that decision, and what these engineering teams and these ops teams have realized is that, if they deploy Kubernetes, they have a very good option available now to port their applications very easily across these various cloud platforms. So, Kubernetes, in some sense, is supporting the top down decision to go multi-cloud which is something that is shown in spades as a result of this report. >> So, another thing that jumped out at me, or is there another top trend you want to make sure we cover before we get in some of those specifics? >> I mean we can talk to-- >> Yeah, one of them, one of them that jumped out at me was Docker. The Docker adoption. So, Docker was the hottest thing since sliced bread about four years ago, and is the shade of Kubernetes, not that they're replacements for one another specifically, but it definitely put a little bit of appall in the buzz that was the Docker, yet here, the Docker utilization, Docker use is growing year over year. 30%! >> I'll be the first one to tell you that Docker adoption has not stalled at all. This is shown in the report. It's shown in customers that we talk to. I mean, everyone is down the path of containerizing their application. The value of Docker is indisputable. That I get better agility, that I get better portability with Docker cannot be questioned. Now, what is indeed happening is that everyone who is deploying Docker today is choosing a orchestration technology and that orchestration technology happens to be Kubernetes. Again, Kubernetes is the king of the hill. If I'm deploying Docker, I'm deploying Kubernetes along with it. >> Okay, another one that jumped out at me, which shouldn't be a big surprise, but I'm a huge fan of Andy Jassy, we do all the AWS shows, and one of always the shining moments is he throws up the slide, he's got the Customer slide. >> There you go. >> It's the Services slide which is, in like, 2.6 font across a 100-foot screen that fills Las Vegas, and yet, your guys' findings is that it's really: the top ten applications are the vast majority of the AWS offerings that are being consumed. >> Yep, not just that. It's that the top services in AWS are the infrastructure-as-a-service services. These are the core services that you need if you have to build an application in AWS. You need ECDO, I need Esri, I need identity access management. Otherwise, I can't even log into AWS. So, this again goes back to that first point that I was making was that multi-cloud adoption is top of mind for many, many customers right now. It's something that many enterprises think of, and so, if I want to indeed be able to port my application from AWS to any other environment, guess what I should be doing? I shouldn't be adopting every AWS service out there because if I frankly adopted all these AWS services, the tentacles of the cloud render are just so that I will not be able to port away from my cloud render to any other cloud service out there. So, to a certain extent, many of the data points that we have in this report support the story that enterprises are becoming more conscious of the cloud platform choices that they are making. They want to at least keep an option of adopting the second or the third cloud out there, and they're consciously, therefore choosing the services that they are building their applications with. >> So, another hot topic, right? Computer 101 is databases. We're just up the road from Oracle. Oracle OpenWorld's next week. A lot of verbal jabs between Oracle and some of the cloud providers on the databases, et cetera. So, what do the database findings come back as? >> I mean, look at the top four databases: Redis, MySQL, Postgres, Mongo. You know what's common across them? They're all open-source. They're all open-source database, so if you're building your application, find standard components that you can then build your application on, whether it's a community that you can then take and move to any other cloud that you want to. That's takeaway number one. Takeaway number two, look at where Oracle is in this report. I think they're the eighth database in the cloud. I actually talked to a few customers of ours today. >> Now, are you sampling from Oracle's cloud? Is that a dataset? >> No, this is-- >> Yes, right, okay. So, I thought I want to make sure. >> And, if AWS is almost the universe of cloud today, we can debate at some bids, but it is close enough, I'd say, it tells you where Oracle is in this cloud universe, so our friends at Redwood City may talk about cloud day in and day out, but it's very clear that they're not making much of intent in the cloud at this point. >> And then, is this the first year the rollup of the type of database that NoSQL exceeded relational database? >> No, I mean, we've been doing this for the last two years, and it's very clear that NoSQL is ahead of SQL in the cloud, and I think the way we think about it is primarily because, when you are re-architecting your applications in the cloud, the cloud gives you a timeline, it gives you an opportunity to reconsider how you build out your data layer, and many of our customers are saying NoSQL is the way to go. The scalability demands, the reliability demands, so if my application was such that I now have the opportunity to rethink and redo my data layer, and frankly, NoSQL is winning the game. >> Right, it's winning big time. Another big one: serverless, Lambda. Actually, I'm kind of surprised it took so long to get to Lambda 'cause we've been going to smaller atomic units of compute, store, and networking for so, so long, but it sounds like, looks like we're starting to hit some critical mass here. >> Yeah, I mean, look, Lambda's ready for primetime. I mean we have seen that tipping point out here. Almost one in three customers of ours are using Lambda in production environments. And then, if you cast a wider net, go beyond production and even look at dev tests, what we see is that almost 60% of Sumo Logic's customers, and if you look at 2,000 customers, that's a pretty big sample size. Almost 60% of enterprises are using Lambda in some way, shape, or form. So, I think it's not surprising that Lambda is getting used quite well in the enterprise. The question really is: what are these people doing with Lambda? What's the intent behind the use of Lambda? And that's where I think we have to do some more research. My general sense, and I think it's shared widely within Sumo Logic, is that Lambda's still at the edges of the application. It's not at the core of the application. People are not building your mission critical application on Lambda yet because I think that that paradigm of thinking about event-driven application is still a little foreign to many organizations, so I think it'll take a few more years for an entire application to be built on Lambda. >> But you would think, if it's variable demand applications, whether that's a marketing promotion around the Super Bowl or running the books at the end of the month, I guess it's easy enough to just fire up the servers versus doing a pure Lambda at this point in time, but it seems like a natural fit. >> If you're doing the utility type application and you want to start it and you want to kill it and not use it after an event has come and gone, absolutely, Lambda's the way to go. The economics of Lambda. Lambda absolutely makes sense. Having said that, I mean, if you're to build a true mission critical application that you're going to be keeping on for a while to come, I'm not seeing a lot of that in Lambda yet, but it's definitely getting there. I mean we have lots of customers who are building some serious stuff on Lambda. >> Well, a lot of great information. It's nice to have the longitudinal aspect as you do this year over year, and again, we're glad you're cheating 'cause you're getting good data. >> (chuckles) >> (laughs) You're not asking people questions. >> Yeah, I mean, I'd like to finish out by saying this is a report that Sumo Logic builds every year, not because we want to sell Sumo Logic. It's because we want to give back to our community. We want our community to build great apps. We want them to understand how their peers are building some amazing mission critical apps in the cloud and so, please download this report, learn from how your peers are doing things, and that's our only intent and goal from this report. >> Great, well, thanks for sharing the information and a great catch-up, nice event. >> All right, thank you very much, Jeff. >> All right, he's Kalyan, I'm Jeff. You're watching theCUBE. We're at Sumo Logic Illuminate 2019. Thanks for watching, we'll see you next time. (upbeat electronic music)

>> Announcer: Live from Washington, DC it's theCube covering .conf 2017 brought to you by Splunk. >> Welcome back here on theCube the flagship broadcast for Silicon Angle TV, glad to have you here at .conf 2017 along with Dave Vellante, John Walls. We are live in Washington, DC and balmy Washington, DC. It's like 88 here today, really hot. >> It's cooler here than it is in Boston, I here. >> Yeah, right, but we're not used to it this time of year. Brad Medairy now joins us he's an SVP at Booz Allen Hamilton and Brad, thank you for being with us. >> Dave: And another Redskins fan I heard. >> Another Redskins fan. >> It was a big night wasn't it? Sunday night, I mean we haven't had many of those in the last decade or so. >> Yeah, yeah, I became a Redskins fan in 1998 and unfortunately a little late after the three or four superbowls. >> John: That's a long dry spell, yeah. >> Are you guys Nats fans? >> Oh, huge Nats fan, I don't know, how about Brad, I don't want to speak for you. >> I've got a soft spot in my heart for the Nats, what's the story with that team? >> Well, it's just been post-season disappointment, but this year. >> This is the year. >> This is the year, although-- >> Hey, if the Redsox and the Cubs can do it. >> I hate to go down the path, but Geos worry me a little bit, but we can talk about it offline. >> Brad: Yeah, let's not talk about DC Sports. >> Three out of five outings now have not been very good, but anyway let's take care of what we can. Cyber, let's talk a little cyber here. I guess that's your expertise, so pretty calm, nothing going on these days, right? >> It's a boring field, you know? Boring field, yeah. >> A piece of cake. So you've got clients private sector, public sector, what's kind of the cross-pollination there? I mean, what are there mutual concerns, and what do you see from them in terms of common threats? >> Yeah, so at Booz Allen we support both federal and commercial clients, and we have a long history in cyber security kind of with deep roots in the defense and the intelligence community, and have been in the space for years. What's interesting is I kind of straddle both sides of the fence from a commercial and a federal perspective, and the commercial side, some of the major breaches really force a lot of these organizations to quickly get religion, and early on everything was very compliance driven and now it's much more proactive and the need to be much more both efficient and effective. The federal space is, I think in many cases, catching up, and so I've done a lot of work across .mil and there's been a lot of investment across .mil, and very secure, .gov, you know, is still probably a fast follower, and one of the things that we're doing is bringing a lot of commercial best practices into the government space and the government's quickly moving from a compliance-based approach to cyber security to much more proactive, proactive defense. >> Can you get, it's almost like a glacier sometimes, right, I mean there's a legacy mindset, in a way, that government does it's business, but I would assume that events over the past year or two have really prompted them along a little bit more. >> I mean there's definitely been some highly publicized events around breaches across .gov, and I think there's a lot of really progressive programs out there that are working to quickly you know, remediate a lot of these issues. One of the programs we're involved in is something called CDM that's run out of DHS, Continuous Diagnostic and Mitigation, and it's a program really designed to up-armor .gov, you know to increase situational awareness and provide much more proactive reporting so that you can get real-time information around events and postures of the network, so I think there's a lot of exciting activities and I think DHS and partnership with the federal agencies is really kind of spearheading that. >> So if we can just sort of lay out the situation in the commercial world and see how it compares to what's going on in gov. Product creep, right, there's dozens and dozens and dozens of products that have been installed, security teams are just sort of overwhelmed, overworked, response is too slow, I've seen data from, whatever, 190 days to 350 days, to identify an infiltration, nevermind remediate it, and so, it's a challenge, so what's happening in your world and how can you guys help? >> Yeah, you know it's funny, I love going out to the RSA conference and, you know, I watch a lot of folks in the space, walking around with a shopping cart and they meet all these great vendors and they have all these shiny pebbles and they walk away with the silver bullet, right, and so if they implement this tool or technology, they're done, right? And I think we all know, that's not the case, and so over the years I think that we've seen a lot of, a lot of organizations, both federal and commercial, try to solve a lot of the problems through, you know, new technology solutions, whether it's the next best intrusion detection, or if it's endpoint, you know, the rage now is EDR, MDR, and so, but the problem is at the end of the day, the adversaries live in the seams, and in the world that I grew up in focused a lot around counter-terrorism. We took a data-centric approach to finding advanced adversaries, and one of the reasons that the Booz Allen has strategically partnered with Splunk is we believe that, you know, in a data-centric approach to cyber, and Splunk as a platform allows us to quickly integrate data, independent of the tools because the other thing with these tool ecosystems is all these tools work really well within their own ecosystem, but as soon as you start to mix and match best of breed tools and capabilities, they tend to not play well together. And so we use Splunk as that integration hub to bring together the data that allows us to bring our advanced trade-craft and tech-craft around hunting, understanding of the adversaries to be able to fuse that data and do advanced detection and help our clients be a lot more proactive. >> So cyber foresight is the service that you lead with? >> Yeah, you know, one of the things, having a company that's been, Booz Allen I think now is 103 years old, with obvious deep roots in the federal government, and so we have a pedigree in defense and intelligence, and we have a lot of amazing analysts, a lot of amazing, what we call, tech-craft, and what we did was, this was many many years ago, and we're probably one of the best kept secrets in threat intelligence, but after maybe five or six years ago when you started to see a lot of the public breaches in the financial services industry, a lot of the financial service clients came to us and said, "Hey, Booz Allen, you guys understand the threat, you understand actors, you understand TTPs, help educate us around what these adversaries are doing. Why are they doing it, how are they doing it, and how can we get out in front of it?" So the question has always been, you know, how can we be more proactive? And so we started a capability that we, or we developed a capability called cyber foresight where we provided some of our human intelligence analysts and applied them to open-source data and we were providing threat intelligence as a service. And what's funny is today you see a lot of the cyber threat intelligence landscape is fairly crowded, when I talk to clients they affectionately refer to people that provide threat intelligence as beltway book reporters, which I love. (laughter) But for us, you know, we've lived in that space for so many years we have the analysts, the scale, the tradecraft, the tools, the technologies, and we feel that we're really well positioned to be able to provide clients with the insights. You know, early on when we were working heavily in the financial services sector, the biggest challenge a lot of our clients had in threat intelligence was, what do I do with it? Okay, so you're going to send me, what we call a Spot Report, and so hey we know this nation-state actor with this advanced set of TTPs is targeting my organization, so what, right? I'm the CISO, I'm the CIO, should I resign? Should I jump out the window? (laughter) What do I do? I know these guys are coming after me, how do I actually operationalize that? And so what we've spent a lot of time thinking about and investing in is how to operationalize threat intelligence, and when we started, you kind of think of it as a pitcher and a catcher, right? You know, so the threat intelligence provider throws those insights, but the receiver needs to be able to catch that information, be able to put it in context, process it, and then operationalize it, implement it within their enterprise to be able to stop those advanced threats. And so one of the reasons that we gravitated toward Splunk, Splunk is a platform, Splunk is becoming really, in our mind, one of the defacto repositories for IT and cyber data across our client space, so when you take that, all those insights that Splunk has around the cyber posture and the infrastructure of an enterprise, and you overlay the threat intelligence with that, it gives us the ability to be able to quickly operationalize that intelligence, and so what does that mean? So, you know, when a security operator is sitting at a console, they're drowning in data, and, you know, analysts, we've investigated tons of commercial breaches and in most cases what we see is the analyst, at some point, had a blinking red light on their screen that was an indicator of that particular breach. The problem is, how do you filter through the noise? That's a problem that this whole industry, it's a signal to noise ratio issue. >> So you guys bring humans to that equation, human intelligence meets analytics and machine intelligence, and your adversary has evolved, and I wonder if you can talk about that, it's gone from sort of hacktivists to organized crime and nation-states, so they've become much more sophisticated. How have the humans sort of evolved as well that your bridge to bear? >> Yeah, I mean certainly the bear to entry is lower, and so now we're seeing ransomware as a service, we're seeing attacks on industrial control systems, on IOT devices, you know, financial services now is extremely concerned about building control systems because if you can compromise and build a control system you can get into potentially laterally move into the enterprise network. And so our analysts now not only are traditional intelligence analysts that understand adversaries and TTPs, but they also need to be technologists, they need to have reverse engineering experience, they need to be malware analysts, they need to be able to look at attack factors in TTPs to be able to put all the stuff in context, and again it goes back to being able to operationalize this intelligence to get value out of it quickly. >> They need to have imaginations, right? I mean thinking like the bad guys, I guess. >> Yeah, I mean we spend a lot of time, we've started up a new capability called Dark Labs and it's our way to be able to unlock some of those folks that think like bad guys and be able to unleash them to look at the world through a different lens, and be able to help provide clients insights into attack factors, new TTPs, and it's fascinating to watch those teams work. >> How does social media come into play here? Or is that a problem at all, or is that a consideration for you at all? >> Well, you know, when we look at a lot of attacks, what's kind of interesting with the space now is you look at nation-state and nation-state activists and they have sophisticated TTPs. In general they don't have to use them. Nation-states haven't even pulled out their quote "good stuff" yet because right now, for the most part they go with low-hanging fruit, low-hanging fruit being-- >> Just pushing the door open, right? >> Yeah, I mean, why try to crash through the wall when you can just, you know, the door's not locked? And so, you know, when you talk about things like social media whether it's phishing, whether it's malware injected in images, or on Facebook, or Twitter, you know, the majority of tacts are either driven through people, or driven through just unpatched systems. And so, you know, it's kind of cliche, but it really starts with policies, training of the people in your organization, but then also putting some more proactive monitoring in place to be able to kind of start to detect some of those more advanced signatures for some of the stuff that's happening in social media. >> It's like having the best security system in the world, but you left your front door unlocked. >> That's right, that's right. >> So I wonder if, Brad, I don't know how much you can say, but I wonder if you could comment just generally, like you said, we haven't seen their best pitch yet, we had Robert Gates on, and when I was interviewing him he said, "You know, we have great offensive posture and security, but we have to be super careful how we use it because when it comes to critical infrastructure we have the most to lose." And when you think about the sort of aftermath of Stuxnet, when basically the Iranians said hey we can do this too, what's the general sort of philosophy inside the beltway around offense versus defense? >> You know, I think from, that's a great question. From an offensive cyber perspective I think where the industry is going is how do you take offensive tradecraft and apply it to defensive? And so by that I mean, think about we take folks that have experience thinking like a bad guy, but unleash them in a security operation center to do things like advanced hunting, and so what they'll do is take large sets of data and start doing hypothesis driven analytics where they'll be able to kind of think like a bad guy and then they'll have developers or techies next to them building different types of analytics to try to take their mind and put it into an analytic that you can run over a set of data to see, hey, is there an actor on your network performing like that? And so I think we see in the space now a lot of focus around hunting and red teaming, and I think that's kind of the industry's way of trying to take some of that offensive mentality, but then apply it on the defensive side. >> Dave: It just acts like kind of Navy Seal operations in security. >> Right, right, yeah. I mean the challenge is there's a finite set of people in the world that really, truly have that level of tradecraft so the question is, how do you actually deliver that at any level of scale that can make a difference across this broader industry. >> So it's the quantity of those skill sets, and they always say that the amazing thing, again I come back to Stuxnet, was that the code was perfect. >> Brad: Yeah. >> The antivirus guy said, "We've never seen anything like that where the code is just perfect." And you're saying it's just a quantity of skills that enables that, that's how you know it's nation-state, obviously, something like that. >> Yeah, I mean the level of expertise, the skill set, the time it take to be able to mature that tradecraft is many many years, and so I think that when we can crack the bubble of how we can take that expertise, deliver it in a defensive way to provide unique insights that, and do that at scale because just taking one of those folks into an organization doesn't help the whole, right? How can you actually kind of operationalize that to be able to deliver that treadecraft through things like analytics as a service, through manage, detection, and response, at scale so that one person can influence many many organizations at one time. >> And, just before we go, so cyber foresight is available today, it's something you're going to market with. >> Yeah, we just partnered with Splunk, it's available as a part of Splunk ES, it's an add-on, and it provides our analysts the ability to provide insights and be able to operationalize that within Splunk, we're super excited about it and it's been a great partnership with Splunk and their ES team. >> Dave: So you guys are going to market together on this one. >> We are partnered, we're going to market together, and delivering the best of our tradecraft and our intelligence analysts with their platform and product. >> Dave: Alright, good luck with it. >> Hey, thank you, thank you very much, guys. >> Good pair, that's for sure, yeah. Thank you, Brad, for being with us here, and Monday night, let's see how it goes, right? >> Yeah, I'm optimistic. >> Very good, alright. Coach Brad Medairy joining us with his rundown on what's happening at Booz Allen. Back with more here on theCube, you're watching live .conf 2017.

>> Announcer: Live from New Orleans, it's The Cube! Covering VeeamON 2017. Brought to you by Veeam. (light techno music) >> Welcome to New Orleans, everybody. This is The Cube, the leader in live tech coverage, and this is VeeamOn 2017. My name is Dave Vellante. I'm with my co-host Stuart Miniman. Stu, it's always a pleasure to be workin' with you. >> Great to be here with you, Dave. Second time I think we've done The Cube in New Orleans, my first time I've been at a conference here in over a decade. It's hard to believe, a lot's changed. Been back since Katrina a couple of times, but first time we're here. I'm excited. A lot of people we know here. About 3,000 people in attendance. Very international audience, just like Veeam's customers. >> Yeah, it's a good venue for VeeamON. Veeam is a company, for those of you who don't know, $600 million in bookings last year, growing at almost 30% a year, penetrating the Fortune 500 very deeply, about 70% of the Fortune 500 purchases some products and services from Veeam. Global 2000, the penetration is a little bit lower, around 50%. But this is a company that has been on a meteoric rise. We saw today that one of the most telling slides from a business standpoint that I saw was that Peter McKay put up a slide showing companies that have ascended to $800 million, which is where Veeam is on the track to get to very shortly. We're talkin' about Workday, Salesforce, ServiceNow, the leaders in the software business, and here's this infrastructure company that started in, really in VMware backup, very focused on VMware backup, and now becoming the availability platform for, you know, what they're calling the always on digital enterprise. Now, let's talk about that for a second. The strategy is quite interesting, Stu. I mean, you think about this for a second and you say, "Okay, well everybody's going to do backup in the cloud. Everybody's goin' to AWS. They're going to backup on AWS." But the use cases that are emerging for Veeam are actually quite substantial. Let's talk about them. One is on OnPrem. So, if you can have the best availability solution OnPrem, obviously that's of interest to you and that's really what Veeam has done historically with VMware in particular, but now growing out. Then there's the use case of, well, I have my data in the cloud, but I kind of don't think it's, I trust the cloud so much. I'd like to have, you know, some security, and maybe I'd like to backup from the Cloud OnPrem. There's another use case which is cloud-to-cloud. I want to go from AWS to Azure. And that's a use case that's emerging within this infrastructure. So, you've really got a diverse set of use cases that are emerging and this company's tryin' to position is the strategic partner for always on availability for the digital enterprise. Powerful messaging, but simple. >> Yeah. And Dave, I want to add on that a little bit. If you follow the data, where do people have their data? As you said, right? On-Premises, where Veeam started, VMware specific, expanded out to Hyper-V. A lot of things I want to dig into this week. One of them, they've got, what is it? 231,000 customers last year. How many of those pay? How many are free? But, you know, VMware has 500,000 customers worldwide. You know, that's pretty good penetration into those environments. But SaaS applications, you know, I have lots of data there. How do I back it up? How do I pull that in to all of my environments? Third piece, public cloud, as you said. How do I manage all of those environments when I have a hybrid or MultCloud? We heard some announcements today, something I know we're going to be digging into a lot this week, but how do all those piece go together? We heard, like with VMware, the VAIO integration. Well, if I'm doing that, and I'm doing Amazon, how do those play together? How do things like VMware support in AWS work for a company like Veeam? I was really impressed, we went to the media session this morning, some of it's still embargoed, but really broad partnerships that Veeam has built had VMware and Cisco on as some of the big elite people on stage. The expo is right off to the side where we are here at the show Dave, lots of partners, lots of big companies, many legacy companies, but also lots of new interesting companies that are helping to push kind of the cloud native, you know, multi/hybrid cloud world that we live in today. >> Yeah, so again, the ascendancy of Veeam really came about as a focus company on VMware backup. Now if you think about VMware in the early days what was happening was you were consolidating physical servers. You were taking underutilized physical servers and then consolidating them and getting much more efficiency out of your IT. There was an agility aspect as well, there's certainly availability components, but one key challenge the customers had when they consolidated all those servers is that, yes the servers were underutilized, but the one application that wasn't underutilized was backup, that you used a lot of your server to do a backup, you know, a big stream of data. And so, a lot of customers had to re-architect their backup, they had to simplify their backup, and that's really where Veeam came in, and then you started to see this company explode. Now you're hearing, you know, going from backup to replication, we heard that's sort of second journey, there was a lot of that goin' on, but now it's really the center of the availability console, and I think you nailed it when you talked about the ecosystem. They've got 45,000 partners. That's a tremendous number, so obviously the channel is very important. We're going to be unpacking that this week. The business driver is to shrink RPO, Recovery Point Objective, that is the amount of data you can afford to lose, and RTO, Recovery Time Objective, the speed at which you can get your applications back up and running. Those are really the two metrics that translate into business terms, like I don't want to lose data, I don't want to be down, and that's a challenge that every backup software company, and every company generally, has to face. >> Yeah Dave, absolutely. And that was highlighted in one of the announcements that Veeam made this morning. Their continuous data protection, or CDP, announcement, not using snapshots really allows them to dial it down rather than 15 minute, you know, RPO, it's down to 15 seconds. But, is that something now that's going to compete against some of what many of their partners have? So there is that give and take. There's a large TAM that Veeam has, but as they expand, just as with every software company, you've got that ecosystem. What products do you put out there that might compete against some of the other offerings that you have there? Good energetic group, partners, I know we're excited. You know, multi year they've been doing this show, you know, real good energy, and lots of good announcements. Sometimes you go to the shows and it's like, oh, okay, you know, a couple of yawn things up on stage, but the crowd was really excited for some of the demos. A lot of good pieces, in that we're going to have, you know, full slate of guests to be able to dig into for this week. >> Yeah, just to geek out on one of those points for a minute. So you were talking about the CDP, Continuous Data Protection, the granularity historically of that has been 15 minutes using snapshots. Even though snapshots are space efficient, they're still less efficient than doing things directly through the kernel, through deep integration. Now VAIO, it's the vSphere API for IO, IO (snapping fingers) Come on, help me. Anyway, it's these geeky things that VMware they publish these specs and you got to get the SDK. So I'm interested how long they had the SDK. >> Yeah, and by the way, Dave, I checked the, there's a compatibility guide for VMware and there's about 10 partners that are listed on there and Veeam isn't there yet, probably because they just announced, you know, version 10 here of Veeam availability suite that supports that. One of the first questions is going to be, all right, when's this full GA, and when's this supported? >> These are key things. It's vSphere API for IO filtering, by the way. Okay, so these are key things that partners have to get ahold of through the SDK. Now, you know, it's interesting right? Because VMware used to be owned by EMC, and now it's owned by Dell. Do Dell and EMC have the inside track on this stuff? Does VMware sub optimize its business and its ecosystem to stack the deck for Dell or EMC? Historically, no. But, you know, this is something that we have to watch. So, we're going to be asking some of those tough questions on The Cube today. You know, David Floyer had a great quote in a SiliconANGLE article. He said, "Look, VMware would be better off in my opinion integrating with Veeam and giving Veeam a piece of that market, because it'll serve customers better, and ultimately will lower costs, which is what the software company, VMware in this case, should be doing." That was an interesting perspective from Floyer, but we're going to be going wall-to-wall coverage. Two days, Stu. Last point before the break. >> Yeah, so Dave, I got a question for you, actually. There's been some management change, Peter McKay is now co-CEO. There are rumors of acquisition. They're now, you know, over $600 million, going towards $1 billion. When do the IPO, or does one of the big players out there decide to grab them because they've got some, you know, clear IP, they've got a loyal and excited customer base, there's many companies that would love to have that in the portfolio. >> The company's cashflow positive since the early days. >> Stu: Yeah, that doesn't happen. Cashflow positive? >> No outside money taken in. There were rumors that they would go for $1 billion. The company's worth much more than $1 billion right now, so I mean, I guess that's the dilemma for Veeam, you know, what a nice problem to have. But if you look at software, even in revenue multiples, and just do the simple back of the napkin math, $1 billion in my opinion wouldn't get it done, so, that's why that deal, one of the reasons probably why it never happened. This is The Cube, we're live from New Orleans VeeamON 2017 and I say wall-to-wall coverage for two days. We got three shows goin' on this week, we got SAP Sapphire, we got Informatica, and Stu and I are here at VeeamOn. Keep right there everybody. We'll be back with our next guest right after this short break. (light techno music) (soft techno music)