>>Hey everyone, and welcome back to Las Vegas. Viva Las Vegas, baby. This is the Cube live at AWS Reinvent 2022 with tens of thousands of people. Lisa Martin here with Dave Valante. Dave, we've had some great conversations. This is day one of four days of wall to wall coverage on the cube. We've been talking data. Every company is a data company. Data protection, data resiliency, absolutely table stakes for organizations to, >>And I think ecosystem is the other big theme. And that really came to life last year. You know, we came out of the pandemic and it was like, wow, we are entering a new era. People no longer was the ecosystem worried about it, AWS competing with them. They were more worried about innovating and building on top of AWS and building their own value. And that's really, I think, the theme of the 2020s within the ecosystem. >>And we're gonna be talking about building on top of aws. Two guests join us, two alumni join us. Stephen Manley is here, the CTO of Druva. Welcome back. Jason crat as well is here. CIO and CTO of Summit Carbon Solutions. Guys, great to have you back on the program. >>Thank you. >>Let's start with you giving the audience an understanding of the company. What do you guys do? What do you deliver value for customers? All that good >>Stuff. Yeah, no, for sure. So Summit Carbon is the world's largest carbon capture and sequestration company capturing close to 15 million tons of carbon every year. So it doesn't go into the atmosphere. >>Wow, fantastic. Steven, the, the risk landscape today is crazy, right? There's, there's been massive changes. We've talked about this many times. What are some of the things, you know, ransomware is a, is, I know as you say, this is a, it's not a, if it's gonna happen, it's when it's how frequent, it's what's gonna be the damage. What are some of the challenges and concerns that you're hearing from customers out there today? >>Yeah, you know, it really comes down to three things. And, and everybody is, is terrified of ransomware and justifiably so. So, so the first thing that comes up is, how do I keep up? Because I have so much data in so many places, and the threats are evolving so quickly. I don't have enough money, I don't have enough people, I don't have enough skilled resources to be able to keep up. The second thing, and this ties in with what Dave said, is, is ecosystem. You know, it used to be that your, your backup was siloed, right? They'd sit in the basement and, and you wouldn't see, see them. But now they're saying, I've gotta work with my security team. So rather than hoping the security team stays away from me, how do I integrate with them? How do I tie together? And then the third one, which is on everybody's mind, is when that attack happens, and like you said, it's win and, and the bell rings and they come to me and they say, all right, it's time for you to recover. It's time for, for all this investment we've put in. Am I gonna be ready? Am I going to be able to execute? Because a ransom or recovery is so different than any other recovery they've ever done. So it's those three things that really are top of mind for >>How, so what is the, what are the key differences, if you could summarize? I mean, I >>Know it's so, so the first one is you can't trust the environment you're restoring into. Even with a disaster, it would finish and you'd say, okay, I'm gonna get my data center set up again and I'm gonna get things working. You know, when I try to recover, I don't know if everything's clean yet. I'm trying to recover while I'm still going through incident response. So that's one big difference. A second big difference is I'm not sure if the thing I'm recovering is good, I've gotta scan it. I've gotta make sure what's inside it is, is, is alright. And then the third thing is what we're seeing is the targets are usually not necessarily the crown jewels because those tend to be more protected. And so they're running into this, I need to recover a massive amount of what we might call tier two, tier three apps that I wasn't ready for because I've always been prepared for that tier one disaster. And so, so those three things they go, it's stuff I'm not prepared or covering. It's a flow. I'm not used to having to check things and I'm not sure where I'm gonna recover too when the, when the time comes. >>Yeah, just go ahead. Yeah, that's right. I mean, I think for me, the biggest concern is the blind spots of where did I actually back it up or not. You know, what did I get it? Cuz you, we always protect our e r p, we always protect these sort of classes of tiers of systems, but then it's like, oh, that user's email box didn't get it. Oh, that, you know, that one drive didn't get it. You know, or, or, or whatever it is. You know, the infrastructure behind it all. I forgot to back that up. That to me the blind spots are the scariest part of a ransomware attack. >>And, and if you think about it, some of the most high profile attacks, you know, on the, on the colonial pipeline, they didn't go after the core assets. They went after billing. That's right. But billing brought everything down so they're smart enough to say, right, I'm not gonna take the, the castle head on. Is there is they're that. Exactly. >>And so how do you, I get, I mean you can air gap and do things like that in terms of protecting the, the, the data, the corrupt data. How do you protect the corrupt environment? Like that's, that's a really challenging issue. Is >>It? I don't know. I mean, I'll, I'll you can go second here. I think that what's interesting to me about is that's what cloud's for. You can build as many environments as you want. You only pay for what you use, right? And so you have an opportunity to just reconstruct it. That's why things, everything is code matters. That's why having a cloud partner like Druva matters. So you can just go restore wherever you need to in a totally clean environment. >>So the answer is you gotta do it in the cloud. Yeah. What if it's on prem? >>So if it's on prem, what we see people do is, and, and, and this is where testing and, and where cloud can still be an asset, is you can look and say a lot of those assets I'm running in the data center, I could still recover in the cloud. And so you can go through DR testing and you can start to define what's in your on-prem so that you could make it, you know, so you can make it cloud recoverable. Now, a lot of the people that do that then say, well actually why am I even running this on prem anymore in the first place? I should just move this to the cloud now. But, but, but there are people in that interim step. But, but, but it's really important because you, you're gonna need a clean environment to play in. And it's so hard to have a clean environment set up in a data center cuz it basically means I'm not touching this, I'm just paying for something to sit idle. Whereas cloud, I can spin that up, right? Get a, a cloud foundation suite and, and just again, infrastructures code, spin things up, test it, spin it down. It doesn't cost me money on a daily basis. >>Jason, talk a little bit about how you are using Druva. Why Druva and give us a kind of a landscape of your IT environment with Druva. >>Yeah. You know, so when we first started, you know, we did have a competitor solution and, and, and it was only backing up, you know, we were a startup. It was only backing up our email. And so as you pointed out, the ecosystem really matters because we grew out of email pretty quick as a startup. And we had to have real use cases to protect and the legacy product just wouldn't support us. And so our whole direction, or my direction to my team is back it up wherever it is, you know, go get it. And so we needed somebody in the field, literally in the middle of Nebraska or Iowa to have their laptop backed up. We needed our infrastructure, our data center backed up and we needed our, our SaaS solutions backed up. We needed it all. And so we needed a partner like Druva to help us go get it wherever it's at. >>Talk about the value in, with Druva being cloud native. >>Yeah. To us it's a big deal, right? There's all sorts of products you could go by to go just do endpoint laptop protection or just do SAS backups. For us, the value is in learning one tool and mastering it and then taking it to wherever the data is. To me, we see a lot of value for that because we can have one team focus on one product, get good at it, and drive the value. >>That consolidation theme is big right now, you know, the economic headwinds and so forth. What was the catalyst for you? Was it, is that something you started, you know, years ago? Just it's good practice to do that? What's, >>Well, no, I mean luckily I'm in a very good position as a startup to do define it, you know, but I've been in those legacy organizations where we've got a lot of tech debt and then how do you consolidate your portfolio so that you can gain more value, right? Cause you only get one budget a year, right? And so I'm lucky in, in the learnings I've had in other enterprises to deal with this head on right now as we grow, don't add tech debt, put it in right. Today. >>Talk to us a little bit about the SaaS applications that you're backing up. You know, we, we talk a lot with customers, the shared, the shared responsibility model that a lot of customers aren't aware of. Where are you using that competing solution to protect SaaS applications before driven and talk about Yeah. The, the value in that going, the data protection is our responsibility and not the SA vendor. >>No, absolutely. I mean, and it is funny to go to, you know, it's like Office 365 applications and go to our, our CFO and a leadership and be like, no, we really gotta back it up to a third party. And they're like, but why? >>It's >>In the cloud, right? And so there's a lot of instruction I have to provide to my peers and, and, and my users to help them understand why these things matter. And, and, and it works out really well because we can show value really quick when anything happens. And now we get, I mean, even in SharePoint, people will come to us to restore things when they're fully empowered to do it. But my team's faster. And so we can just get it done for them. And so it's an extra from me, it's an extra SLA or never service level I can provide to my internal customers that, that gives them more faith and trust in my organization. >>How, how are the SEC op teams and the data protection teams, the backup teams, how are they coming together? Is is, is data protection backup just morphing into security? Is it more of an adjacency? What's that dynamic like? >>So I'd say right now, and, and I'll be curious to hear Jason's organization, but certainly what we see broadly is, you know, the, the teams are starting to work together, but I wouldn't say they're merging, right? Because, you know, you think of it in a couple of ways. The first is you've got a production environment and that needs to be secured. And then you've got a protection environment. And that protection environment also has to be secured. So the first conversation for a lot of backup teams is, alright, I need to actually work with the security team to make sure that, that my, my my backup environment, it's air gapped, it's encrypted, it's secured. Then I think the, the then I think you start to see people come together, especially as they go through, say, tabletop exercises for ransomware recovery, where it's, alright, where, where can the backup team add value here? >>Because certainly recovery, that's the basics. But as there log information you can provide, are there detection pieces that you can offer? So, so I think, you know, you start to see a partnership, but, but the reality is, you know, the, the two are still separate, right? Because, you know, my job as a a protection resiliency company is I wanna make sure that when you need your data, it's gonna be there for you. And I certainly want to, to to follow best secure practices and I wanna offer value to the security team, but there's a whole lot of the security ecosystem that I want to plug into. I'm not trying to replace them again. I want to be part of that broader ecosystem. >>So how, how do you guys approach it? Yeah, >>That's interesting. Yeah. So in my organization, we, we are one team and, and not to be too cheesy or you know, whatever, but as Amazon would say, security is job one. And so we treat it as if this is it. And so we never push something into production until we are ready. And ready to us means it's got a security package on it, it's backed up, the users have tested it, we are ready to go. It's not that we're ready just be to provide the service or the thing. It's that we are actually ready to productionize this. And so it's ready for production data and that slows us down in some cases. But that's where DevOps and this idea of just merging everything together into a central, how do we get this done together, has worked out really well for us. So, >>So it's really the DevOps team's responsibility. It's not a separate data protection function. >>Nope. Nope. We have specialists of course, right? Yeah, yeah. Because you need the extra level, the CISSPs and those people Yeah, yeah. To really know what they're doing, but they're just part of the team. Yeah. >>Talk about some of the business outcomes that you're achieving with Druva so far. >>Yeah. The business outcomes for me are, you know, I meet my SLAs that's promising. I can communicate that I feel more secure in the cloud and, and all of my workloads because I can restore it. And, and that to me helps everybody in my organization sleep well, sleep better. We are, we transport a lot of the carbon in a pipeline like Colonial. And so to us, we are, we are potential victims of, of a pipe, a non pipeline group, right? Attacking us, but it's carbon, you know, we're trying to get it outta atmosphere. And so by protecting it, no matter where it is, as long as we've got internet access, we can back it up. That provides tons of value to my team because we have hundreds of people in the field working for us every day who collect data and generate it. >>What would you say to a customer who's maybe on the fence looking at different technologies, why dva? >>You know, I think, you know, do the research in my mind, it'll win if you just do the research, right? I mean, there might be vendors that'll buy you nice dinners or whatever, and those are, those are nice things, but the, the reality is you have to protect your data no matter where it is. If it's in a SaaS application, if it's in a cloud provider, if it's infrastructure, wherever it is, you need it. And if you just go look at the facts, there it is, right? And so I, I'd say be objective. Look at the facts, it'll prove itself. >>Look at the data. There you go. Steven Druva recently announced a data resiliency guarantee with a big whopping financial sum. Talk to us a little bit about that, the value in it for your customers and for prospects, >>Right? So, so basically there's, there's really two parts to this guarantee. The first is, you know, across five different SLAs, and I'll talk about those, you know, if we violate those, the customers can get a payout of up to 10 million, right? So again, putting, putting our money where our mouth is in a pretty large amount. But, but for me, the exciting part, and this is, this is where Jason went, is it's about the SLAs, right? You know, one of Drew's goals is to say, look, we do the job for you, we do the service for you so you can offer that service to your company. And so the SLAs aren't just about ransomware, some of them certainly are, you know, that, that you're going to be able to recover your data in the event of a ransomware attack, that your data won't get exfiltrated as part of a ransomware attack. >>But also things like backup success rates, because as much as recovery matters a lot more than backup, you do need a backup if you're gonna be able to get that recovery done. There's also an SLA to say that, you know, if 10 years down the road you need to recover your data, it's still recoverable, right? So, so that kind of durability piece. And then of course the availability of the service because what's the point of a service if it's not there for you when you need it? And so, so having that breadth of coverage, I think really reflects who Druva is, which is we're doing this job for you, right? We want to make this this service available so you can focus on offering other value inside your business. And >>The insurance underwriters, if they threw holy water on >>That, they, they, they were okay with it. The legal people blessed it, you know, it, you know, the CEO signed off on it, the board of directors. So, you know, it, and it, it's all there in print, it's all there on the web. If you wanna look, you know, make sure, one of the things we wanted to be very clear on is that this isn't just a marketing gimmick that we're, we're putting, that we're putting substance behind it because a lot of these were already in our contracts anyway, because as a SAS vendor, you're signing up for service level agreements anyway. >>Yeah. But most of the service level agreements and SaaS vendors are crap. They're like, you know, hey, you know, if something bad happens, you know, we'll, we'll give you a credit, >>Right? >>For, you know, for when you were down. I mean, it's not, you never get into business impact. I mean, even aws, sorry, I mean, it's true. We're a customer. I read define print, I know what I'm signing up for. But, so that's, >>We read it a lot and we will not, we don't really care about the credits at all. We care about is it their force? Is it a partner? We trust, we fight that every day in our SLAs with our vendors >>In the end, right? I mean this, we are the last line of defense. We are the thing that keeps the business up and running. So if your business, you know, can't get to his data and can't operate, me coming to you and saying, Dave, I've got some credits for you after you, you know, after you declare bankruptcy, it'll be great. Yeah, that's not a win. >>It's no value, >>Not helpful. The goal's gotta be, your business is up and running cuz that's when we're both successful. So, so, so, you know, we view this as we're in it together, right? We wanna make sure your business succeeds. Again, it's not about slight of hand, it's not about, you know, just, just putting fine print in the contract. It's about standing up and delivering. Because if you can't do that, why are we here? Right? The number one thing we hear from our customers is Dr. Just works. And that's the thing I think I'm most proud of is Druva just works. >>So, speaking of Juva, just working, if there's a billboard in Santa Clara near the new offices about Druva, what's, what's the bumper sticker? What's the tagline? >>I, I, I think, I think that's it. I think Druva just works. Keeps your data safe. Simple as that. Safe and secure. Druva works to keep your data safe and secure. >>Saved me. >>Yeah. >>Truva just works. Guys, thanks so much for joining. David, me on the program. Great to have you back on the cube. Thank you. Talking about how you're working together, what Druva is doing to really putting, its its best foot forward. We appreciate your insights and your time. Thank >>You. Thanks guys. It's great to see you guys. Likewise >>The show for our guests and Dave Ante. I'm Lisa Martin, you're watching the Cube, the leader in enterprise and emerging tech coverage.

>>Good afternoon, brilliant humans, and welcome back to the Cube. We're live in Detroit, Michigan at Cub Con, and I'm joined by John Furrier. John three exciting days buzzing. How you doing? >>That's great. I mean, we're coming down to the third day. We're keeping the energy going, but this segment's gonna be awesome. The CD foundation's doing amazing work. Developers are gonna be running businesses and workflows are changing. Productivity's the top conversation, and you're gonna start to see a coalescing of the communities who are continuous delivery, and it's gonna be awesome. >>And, and our next guess is an outstanding person to talk about this. We are joined by Stephen Chin, the chair of the CD Foundation. Steven, thanks so much for being here. >>No, no, my pleasure. I mean, this has been an amazing week quote that CubeCon with all of the announcements, all of the people who came out here to Detroit and, you know, fantastic. Like just walking around, you bump into all the right people here. Plus we held a CD summit zero day events, and had a lot of really exciting announcements this week. >>Gotta love the shirt. I gotta say, it's one of my favorites. Love the logos. Love the love the branding. That project got traction. What's the news in the CD foundation? I tried to sneak in the back. I got a little laid into your co-located event. It was packed. Everyone's engaged. It was really looked, look really cool. Give us the update. >>What's the news? Yeah, I know. So we, we had a really, really powerful event. All the key practitioners, the open source leads and folks were there. And one of, one of the things which I think we've done a really good job in the past six months with the CD foundation is getting back to the roots and focusing on technical innovation, right? This is what drives foundations, having strong projects, having people who are building innovation, and also bringing in a new innovation. So one of the projects which we added to the CD foundation this week is called Persia. So it's a, it's a decentralized package repository for getting open source libraries. And it solves a lot of the problems which you get when you have centralized infrastructure. You don't have the right security certificates, you don't have the right verification libraries. And these, these are all things which large companies provision and build out inside of their infrastructure. But the open source communities don't have the benefit of the same sort of really, really strong architecture. A lot of, a lot of the systems we depend upon. It's >>A good point, yeah. >>Yeah. I mean, if you think about the systems that developers depend upon, we depend upon, you know, npm, ruby Gems, Mayn Central, and these systems been around for a while. Like they serve the community well, right? They're, they're well supported by the companies and it's, it's, it's really a great contribution that they give us. But every time there's an outage or there's a security issue, guess, guess how many security issues that our, our research team found at npm? Just ballpark. >>74. >>So there're >>It's gotta be thousands. I mean, it's gotta be a lot of tons >>Of Yeah, >>They, they're currently up to 60,000 >>Whoa. >>Vulnerable, malicious packages in NPM and >>Oh my gosh. So that's a super, that's a jar number even. I know it was gonna be huge, but Holy mo. >>Yeah. So that's a software supply chain in actually right there. So that's, that's open source. Everything's out there. What's, how do, how does, how do you guys fix that? >>Yeah, so per peria kind of shifts the whole model. So when, when you think about a system that can be sustained, it has to be something which, which is not just one company. It has to be a, a, a set of companies, be vendor neutral and be decentralized. So that's why we donated it to the Continuous Delivery Foundation. So that can be that governance body, which, which makes sure it's not a single company, it is to use modern technologies. So you, you, you just need something which is immutable, so it can't be changed. So you can rely on it. It has to have a strong transaction ledger so you can see all of the history of it. You can build up your software, build materials off of it, and it, it has to have a strong peer-to-peer architecture, so it can be sustained long term. >>Steven, you mentioned something I want to just get back to. You mentioned outages and disruption. I, you didn't, you didn't say just the outages, but this whole disruption angle is interesting if something happens. Talk about the impact of the developer. They stalled, inefficiencies create basically disruption. >>No, I mean, if, if, so, so if you think about most DevOps teams in big companies, they support hundreds or thousands of teams and an hour of outage. All those developers, they, they can't program, they can't work. And that's, that's a huge loss of productivity for the company. Now, if you, if you take that up a level when MPM goes down for an hour, how many millions of man hours are wasted by not being able to get your builds working by not being able to get your codes to compile. Like it's, it's >>Like, yeah, I mean, it's almost hard to fathom. I mean, everyone's, It's stopped. Exactly. It's literally like having the plug pulled >>Exactly on whenever you're working on, That's, that's the fundamental problem we're trying to solve. Is it, it needs to be on a, like a well supported, well architected peer to peer network with some strong backing from big companies. So the company is working on Persia, include J Frog, which who I work for, Docker, Oracle. We have Deploy hub, Huawei, a whole bunch of other folks who are also helping out. And when you look at all of those folks, they all have different interests, but it's designed in a way where no single party has control over the network. So really it's, it's a system system. You, you're not relying upon one company or one logo. You're relying upon a well-architected open source implementation that everyone can rely >>On. That's shared software, but it's kind of a fault tolerant feature too. It's like, okay, if something happens here, you have a distributed piece of it, decentralized, you're not gonna go down. You can remediate. All right, so where's this go next? I mean, cuz we've been talking about the role of developer. This needs to be a modern, I won't say modern upgrade, but like a modern workflow or value chain. What's your vision? How do you see that? Cuz you're the center of the CD foundation coming together. People are gonna be coalescing multiple groups. Yeah. >>What's the, No, I think this is a good point. So there, there's a, a lot of different continuous delivery, continuous integration technologies. We're actually, from a Linux Foundation standpoint, we're coalescing all the continued delivery events into one big conference >>Next. You just made an announcement about this earlier this week. Tell us about CD events. What's going on, what's in, what's in the cooker? >>Yeah, and I think one of the big announcements we had was the 0.1 release of CD events. And CD events allows you to take all these systems and connect them in an event scalable, event oriented architecture. The first integration is between Tecton and Capin. So now you can get CD events flowing cleanly between your, your continuous delivery and your observability. And this extends through your entire DevOps pipeline. We all, we all need a standards based framework Yep. For how we get all the disparate continuous integration, continuous delivery, observability systems to, to work together. That's also high performance. It scales with our needs and it, it kind of gives you a future architecture to build on top of. So a lot of the companies I was talking with at the CD summit Yeah. They were very excited about not only using this with the projects we announced, but using this internally as an architecture to build their own DevOps pipelines on. >>I bet that feels good to hear. >>Yeah, absolutely. Yeah. >>Yeah. You mentioned Teton, they just graduated. I saw how many projects have graduated? >>So we have two graduated projects right now. We have Jenkins, which is the first graduated project. Now Tecton is also graduated. And I think this shows that for Tecton it was, it was time, the very mature project, great support, getting a lot of users and having them join the set of graduated projects. And the continuous delivery foundation is a really strong portfolio. And we have a bunch of other projects which also are on their way towards graduation. >>Feels like a moment of social proof I bet. >>For you all. Yeah, yeah. Yeah. No, it's really good. Yeah. >>How long has the CD Foundation been around? >>The CD foundation has been around for, i, I won't wanna say the exact number of years, a few years now. >>Okay. >>But I, I think that it, it was formed because what we wanted is we wanted a foundation which was purpose built. So CNCF is a great foundation. It has a very large umbrella of projects and it takes kind of that big umbrella approach where a lot of different efforts are joining it, a lot of things are happening and you can get good traction, but it produces its own bottlenecks in process. Having a foundation which is just about continuous delivery caters to more of a DevOps, professional DevOps audience. I think this, this gives a good platform for best practices. We're working on a new CDF best practices Yeah. Guide. We're working when use cases with all the member companies. And it, it gives that thought leadership platform for continuous delivery, which you need to be an expert in that area >>And the best practices too. And to identify the issues. Because at the end of the day, with the big thing that's coming out of this is velocity and more developers coming on board. I mean, this is the big thing. More people doing more. Yeah. Well yeah, I mean you take this open source continuous thunder away, you have more developers coming in, they be more productive and then people are gonna even either on the DevOps side or on the straight AP upside. And this is gonna be a huge issue. And the other thing that comes out that I wanna get your thoughts on is the supply chain issue you talked about is hot verifications and certifications of code is such big issue. Can you share your thoughts on that? Because Yeah, this is become, I won't say a business model for some companies, but it's also becoming critical for security that codes verified. >>Yeah. Okay. So I, I think one of, one of the things which we're specifically doing with the Peria project, which is unique, is rather than distributing, for example, libraries that you developed on your laptop and compiled there, or maybe they were built on, you know, a runner somewhere like Travis CI or GitHub actions, all the libraries being distributed on Persia are built by the authorized nodes in the network. And then they're, they're verified across all of the authorized nodes. So you nice, you have a, a gar, the basic guarantee we're giving you is when you download something from the Peria network, you'll get exactly the same binary as if you built it yourself from source. >>So there's a lot of trust >>And, and transparency. Yeah, exactly. And if you remember back to like kind of the seminal project, which kicked off this whole supply chain security like, like whirlwind it was SolarWinds. Yeah. Yeah. And the exact problem they hit was the build ran, it produced a result, they modified the code of the bill of the resulting binary and then they signed it. So if you built with the same source and then you went through that same process a second time, you would've gotten a different result, which was a malicious pre right. Yeah. And it's very hard to risk take, to take a binary file Yep. And determine if there's malicious code in it. Cuz it's not like source code. You can't inspect it, you can't do a code audit. It's totally different. So I think we're solving a key part of this with Persia, where you're freeing open source projects from the possibility of having their binaries, their packages, their end reduces, tampered with. And also upstream from this, you do want to have verification of prs, people doing code reviews, making sure that they're looking at the source code. And I think there's a lot of good efforts going on in the open source security foundation. So I'm also on the governing board of Open ssf >>To Do you sleep? You have three jobs you've said on camera? No, I can't even imagine. Yeah. Didn't >>You just spin that out from this open source security? Is that the new one they >>Spun out? Yeah, So the Open Source Security foundation is one of the new Linux Foundation projects. They, they have been around for a couple years, but they did a big reboot last year around this time. And I think what they really did a good job of now is bringing all the industry players to the table, having dialogue with government agencies, figuring out like, what do we need to do to support open source projects? Is it more investment in memory, safe languages? Do we need to have more investment in, in code audits or like security reviews of opensource projects. Lot of things. And all of those things require money investments. And that's what all the companies, including Jay Frogger doing to advance open source supply chain security. I >>Mean, it's, it's really kind of interesting to watch some different demographics of the developers and the vendors and the customers. On one hand, if you're a hardware person company, you have, you talk zero trust your software, your top trust, so your trusted code, and you got zero trust. It's interesting, depending on where you're coming from, they're all trying to achieve the same thing. It means zero trust. Makes sense. But then also I got code, I I want trust. Trust and verified. So security is in everything now. So code. So how do you see that traversing over? Is it just semantics or what's your view on that? >>The, the right way of looking at security is from the standpoint of the hacker, because they're always looking for >>Well said, very well said, New >>Loop, hope, new loopholes, new exploits. And they're, they're very, very smart people. And I think when you, when you look some >>Of the smartest >>Yeah, yeah, yeah. I, I, I work with, well former hackers now, security researchers, >>They converted, they're >>Recruited. But when you look at them, there's like two main classes of like, like types of exploits. So some, some attacker groups. What they're looking for is they're looking for pulse zero days, CVEs, like existing vulnerabilities that they can exploit to break into systems. But there's an increasing number of attackers who are now on the opposite end of the spectrum. And what they're doing is they're creating their own exploits. So, oh, they're for example, putting malicious code into open source projects. Little >>Trojan horse status. Yeah. >>They're they're getting their little Trojan horses in. Yeah. Or they're finding supply chain attacks by maybe uploading a malicious library to NPM or to pii. And by creating these attacks, especially ones that start at the top of the supply chain, you have such a large reach. >>I was just gonna say, it could be a whole, almost gives me chills as we're talking about it, the systemic, So this is this >>Gnarly nation state attackers, like people who wanted serious >>Damages. Engineered hack just said they're high, highly funded. Highly skilled. Exactly. Highly agile, highly focused. >>Yes. >>Teams, team. Not in the teams. >>Yeah. And so, so one, one example of this, which actually netted quite a lot of money for the, for the hacker who exposed it was, you guys probably heard about this, but it was a, an attack where they uploaded a malicious library to npm with the same exact namespace as a corporate library and clever, >>Creepy. >>It's called a dependency injection attack. And what happens is if you, if you don't have the right sort of security package management guidelines inside your company, and it's just looking for the latest version of merging multiple repositories as like a, like a single view. A lot of companies were accidentally picking up the latest version, which was out in npm uploaded by Alex Spearson was the one who did the, the attack. And he simultaneously reported bug bounties on like a dozen different companies and netted 130 k. Wow. So like these sort of attacks that they're real Yep. They're exploitable. And the, the hackers >>Complex >>Are finding these sort of attacks now in our supply chain are the ones who really are the most dangerous. That's the biggest threat to us. >>Yeah. And we have stacker ones out there. You got a bunch of other services, the white hat hackers get the bounties. That's really important. All right. What's next? What's your vision of this show as we end Coan? What's the most important story coming outta Coan in your opinion? And what are you guys doing next? >>Well, I, I actually think this is, this is probably not what most hooks would say is the most exciting story to con, but I find this personally the best is >>I can't wait for this now. >>So, on, on Sunday, the CNCF ran the first kids' day. >>Oh. >>And so they had a, a free kids workshop for, you know, underprivileged kids for >>About, That's >>Detroit area. It was, it was taught by some of the folks from the CNCF community. So Arro, Eric hen my, my older daughter, Cassandra's also an instructor. So she also was teaching a raspberry pie workshop. >>Amazing. And she's >>Here and Yeah, Yeah. She's also here at the show. And when you think about it, you know, there's always, there's, there's, you know, hundreds of announcements this week, A lot of exciting technologies, some of which we've talked about. Yeah. But it's, it's really what matters is the community. >>It this is a community first event >>And the people, and like, if we're giving back to the community and helping Detroit's kids to get better at technology, to get educated, I think that it's a worthwhile for all of us to be here. >>What a beautiful way to close it. That is such, I'm so glad you brought that up and brought that to our attention. I wasn't aware of that. Did you know that was >>Happening, John? No, I know about that. Yeah. No, that was, And that's next generation too. And what we need, we need to get down into the elementary schools. We gotta get to the kids. They're all doing robotics club anyway in high school. Computer science is now, now a >>Sport, in my opinion. Well, I think that if you're in a privileged community, though, I don't think that every school's doing robotics. And >>That's why Well, Cal Poly, Cal Poly and the universities are stepping up and I think CNCF leadership is amazing here. And we need more of it. I mean, I'm, I'm bullish on this. I love it. And I think that's a really great story. No, >>I, I am. Absolutely. And, and it just goes to show how committed CNF is to community, Putting community first and Detroit. There has been such a celebration of Detroit this whole week. Stephen, thank you so much for joining us on the show. Best Wishes with the CD Foundation. John, thanks for the banter as always. And thank you for tuning in to us here live on the cube in Detroit, Michigan. I'm Savannah Peterson and we are having the best day. I hope you are too.

>> All right, we'll be back in a moment. We'll have Stephen Manly, the CTO, and Anjan Srinivas, the GM and VP of Product Management will join me. You're watching theCUBE, the leader in high tech enterprise coverage. >> Ransomware is top of mind for everyone. The attacks are becoming more frequent and more sophisticated. It's a problem you can't solve alone anymore. Ransomware is built to exploit weaknesses in your backup solution, destroying data and your last line of defense. With many vendors, it can take a lot of effort and configuration to ensure your backup environment is secure. Criminals also know that it's easy to fall behind on best practices like vulnerability scans, patches and updates. In fact, 42% of vulnerabilities are exploited after a patch has been released. After an attack, recovery can be a long and manual process that still may not restore clean or complete data. The good news is that you can keep your data safe and recover faster with the Druva data resiliency cloud on your side. The Druva platform functions completely in the cloud with no hardware, software, operating system, or complex configurations. Which means there are none of the weaknesses that ransomware commonly uses to attack backups. Our software is a service model delivers 24/7 365 fully managed security operations for your backup environment. We handle all the vulnerability scans, patches and upgrades for you. Druva also makes zero trust security easy with built in multi-factor authentication, single sign on and roll based access controls. In the event of an attack, Druva helps you stop the spread of ransomware and quickly understand what went wrong with built in access insights and anomaly detection. Then you can use industry first tools and services to automate the recovery of clean unencrypted data from the entire timeframe of the attack. Cyber attacks are a major threat, but you can make protection and recovery easy with Druva. (upbeat music) >> Welcome back everyone to theCUBE special presentation with Druva on Why Ransomware Isn't Your Only Problem. I'm John Furrier, host of theCUBE. Our next guest are Stephen Manly's, Chief Technology Officer of Druva and Anjan Srinivas, who is the general manager and Vice President of Product Management at Druva. Gentleman, you got the keys to the kingdom, the technology, ransomware, data resilience. This is the topic the IDC white paper that you guys put together with IDC really kind of nails it out. I want to get into it right away. Welcome to this segment, I really appreciate it. Thanks for coming on. >> Great to be here John. >> So what's your thoughts on the survey's conclusion, obviously, the resilience is huge. Ransomware continues to thunder away at businesses and causes a lot of problems. Disruption, I mean, it's endless ransomware problems. What's your thoughts on the conclusion? >> So I'll say the thing that pops out to me is on the one hand everybody who sees the survey, who reads it's is going to say, well, that's obvious. Of course, ransomware continues to be a problem. Cyber resilience is an issue that's plaguing everybody. But I think when you dig deeper and there's a lot of subtleties to look into. But one of the things that I hear on a daily basis from the customers is it's because the problem keeps evolving. It's not as if the threat was a static thing to just be solved and you're done. Because the threat keeps evolving, it remains top of mind for everybody because it's so hard to keep up with what's happening in terms of the attacks. >> And I think the other important thing to note, John, is that people are grappling with this ransomware attack all of a sudden where they were still grappling with a lot of legacy in their own environment. So they were not prepared for the advanced techniques that these ransomware attackers were bringing to market. It's almost like these ransomware attackers had a huge leg up in terms of technology that they had in their favor while keeping the lights on was keeping it ideally from all the tooling that needed to do. A lot of people are even still wondering when that happens next time what do I even do? So clearly not very surprising. Clearly I think it's here to stay. And I think as long as people don't retool for a modern era of data management, this is going to stay this way. >> Yeah, I mean, I hear this whole time in our CUBE conversations with practitioners. It's kind of like the security program, give me more tools I'll buy anything that comes in the market, I'm desperate. There's definitely attention, but it doesn't seem like people are satisfied with the tooling that they have. Can you guys share kind of your insights into what's going on in the product side because people claim that they have tools at fine points of recovery opportunities but they can't get there. So it seems to be that there's a confidence problem here in the market. How do you guys see that? Because I think this is where the rubber meets the road with ransomware 'cause it is a moving train, it's always changing but it doesn't seem as confidence. Can you guys talk about that? What's your reaction? >> Yeah, let me jump in first and Stephen can add to it. What happens is I think this is a panic buying and they have accumulated this tooling now just because somebody said it could solve your problem. But they haven't had a chance to take a relook from a ground up perspective to see where are the bottlenecks, where are the vulnerabilities and which tooling set needs to lie where, where does the logic need to reside. And what at Druva of we are watching people do and people do it successfully, is that as they have adopted Druva technology which is ground up built for the cloud, and really built in a way which is driven at a data insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really kind of mitigating this ransomware. And then there is a whole plethora of ecosystem players that kind of combine to really really finish the story so to say, right? So I think this has been a panic buying situation. This is like, get me any help you can give me. And I think as this settles down and people really understand that longer term as they really build out a true defense mechanism, they need to think really ground up. They will start to really see the value of technologies like Druva and try to identify the right set of ecosystem to really bring together to solve it meaningfully. >> I was going to say I mean, one of the really interesting things in this survey for me and for a moment, little more than a moment it made me think was the large number of respondents who said, I've got a really efficient well run back up environment. Who then on basically the next question said, and I have no confidence that I can recover from a ransomware attack. And you scratch your head and you think, well, if your backup environment is so good, why do you have such low confidence? And I think that's the moment when we dug deeper and we realized, if you've got a traditional architecture and let's face it, the disbase architecture has been around for almost two decades now in terms of disbased backup. You can have that tune to the help, that can be running as efficiently as you want it. But it was built before the ransomware attacks, before all these cyber issues really started hitting companies. And so I have this really well run traditional backup environment that is not at all built for these modern threat vectors. And so that's really why customers are saying, I'm doing the best I can, but as Anjan pointed out, the architecture, the tooling isn't there to support what problems I need to solve today. >> Well, that's a great point. And before we get into the customer side I want to get to in second. I interviewed Jaspreet, the founded and CEO many years ago even before the pandemic and you mentioned modern. You guys have always had the cloud with Druva, this is huge. Now that you're past the pandemic, what is that modern cloud edge that you guys have? Because that's a great point. A lot of stuff was built kind of back up and recovery bolted on, not really kind of designed into the current state of the infrastructure and the cloud native application modern environment we're seeing right now is a huge issue. >> I think to me there's three things that come up over and over and over again as we talk to people in terms of being built in cloud, being cloud native, why isn't an advantage? The first one is security and ransomware. And we can go deeper but the most obvious one that always comes up is every single backup you do with Druva is air gapped, offsite, managed under a separate administrative domain so that you're not retrofitting any sort of air gap network and buying another appliance or setting up your own cloud environment to manage this. Every backup is ransomware protected, guaranteed. I think the second advantage is the scalability. And this certainly plays into account as your business grows or in some cases as you shrink or repurpose workloads you're only paying for what you use. But it also plays a big role again when you start thinking of ransomware recoveries because we can scale your recovery in cloud on premises as much or as little as you want. And then I think the third one is we're seeing basically things evolving, new workloads, data sprawl, new threat vectors. And one of the nice parts of being SaaS service in the cloud is you're able to roll out new functionality every two weeks and there's no upgrade cycle, there's no waiting. The customer doesn't have to say, wow, I need it six months in the lab before I upgrade it and it's an 18 month, 24 month cycle before the functionality releases. You're getting it every two weeks and it's backed by Druva to make sure it works. >> That says it. Anjan, you got the product side, it's a challenging job 'cause you have so many customers asking for things probably on the roadmap you probably go hour for that one. But I want to get your thoughts on what you're hearing and seeing from customers. we just reviewed the IDC with Phil. How are you guys responding to your customer's needs? Because it seems that it's highly accelerated probably on the feature request, but also structurally as as ransomware continues to evolve. What are you hearing, what's the key customer need? How are you guys responding? >> Yeah, actually I have two things that I hear very clearly when I talk to customers. One, I think after listening to their security problems and their vulnerability challenges because we see customers and help customers who are getting challenged by ransomware on a weekly basis. And what I find that this problem is not just a technology problem, it's an operating model problem. So in order to really secure themselves, they need a security operating model and a lot of them haven't figured out that security operating model in totality. Now, where we come in as Druva is that we are providing them the cloud operating model and a data protection operating model combined with a data insights operating model which all fit into their overall security operating model that they are really owning and they need to manage and operate. Because this is just not about a piece of technology. On top of that, I think our customers are getting challenged by all the same challenges of not just spending time on keeping the lights on, but innovating faster with less. And that has been this age old problem, do more with less. But in this whole, they're like trying to innovate we're in the middle of the war so to say, right? The war is happening, they're getting attacked, but there's also net new shadow IT challenges that's forcing them to make sure that they can manage all the new applications that are getting developed in the cloud. There is thousands of SaaS applications that they're consuming not knowing which data is critical to their success and which ones to protect and govern and secure. So all of these things are coming at them at 100 miles per hour while they're just trying to live one day at a time. And unless they really develop this overall security operating model helped by cloud native technologies like Druva that is really providing them a true cloud native model of really giving like a touchless and an invisible protection infrastructure not just beyond backups, beyond just the data protection that we all know of into this kind of this mindset of kind of being able to look at where each of those functionalities need to lie. That's where I think they're grappling with. Now Druva is clearly helping them with keep up to pace with the public cloud innovations that they need to do and how to protect data. We just launched our EC2 offering to protect EC2 virtual machines back in AWS. And we are going to be continuing to evolve that to further many services that public cloud software 'cause our customers are really kind of consuming them at breakneck speed. >> So the new workloads, the new security capabilities. Love that, good call out there. Stephen there's still the issue of the disruption side of it. You guys have a guarantee, there's a cost to ownership as you get more tools. Can you talk about that angle of it? Because you got new workloads, you got the new security needs, what's the disruption impact? Because you won't avoid that, how much is it going to cost you? And you guys have this guarantee, can you explain that? >> Yeah, absolutely. So Druva launched our $10 million data resiliency guarantee. And for us, there were really two key parts to this. The first obviously is $10 million means that, again, we're willing to put our money where our mouth is and that's a big deal, right? That we're willing to back this with the guarantee. But then the second part and this is the part that I think reflects that sort of model that Anjan was talking about. We sort of look at this and we say, the goal of Druva is to do the job of protecting and securing your data for you. So that you as a customer don't have to do it anymore. And so the guarantee actually protects you against multiple types of risks all with SLAs. So everything from your data is going to be recoverable in the case of a ransomware attack. Okay, that's good. Of course, for it to be recoverable we're also guaranteeing your backup success rate. We're also guaranteeing the availability of the service. We're guaranteeing that the data that we're storing for you can't be compromised or leaked externally. And we're guaranteeing the long term durability of the data so that if you back up with us today and you need to recover it 30 years from now, that data is going to be recovered. So we wanted to really attack the end to end risks that affect our customers. Cybersecurity is a big deal but it is not the only problem out there. And the only way for this to work is to have a service that can provide you SLAs across all of the risks because that means, again, as a SaaS vendor, we're doing the job for you so you're buying results as opposed to technology. >> That's great point. Ransomware isn't the only problem, that's the title of this presentation. But it's a big one and people concerned about it so great stuff. And the last five minutes guys if you don't mind, I'd love to have you share what's on the horizon for Druva. You mentioned the new workloads Anjan, you mentioned this new security hearing shift left, DevOps is now the developer model, they're running IT. Yet data and security teams now stepping in and trying to be as high velocity as possible for the developers and enterprises. What's on the horizon for Druva? What trends is the company watching and how are you guys putting that together to stay ahead in the marketplace and the competition? >> I think listening to our customers, what we realize is they need help with the public cloud number one. I think that's a big wave of consumption. People are consolidating their data centers moving to the public cloud. They need help in expanding data protection which becomes the basis of a lot of the security operating model that I talked about. They need that first from Druva before they can start to get into much more advanced level of insights and analytics on that data to protect themselves and secure themselves and do interesting things with that data. So we are expanding our coverage on multiple fronts there. The second key thing is to really bring together a very insightful presentation layer which I think is very unique to Druva because only we can look at multiple tenants, multiple customers because we are a SaaS vendor. And look at insights and give them best practices and guidances and analytics that nobody else can give. There's no silo anymore because we are able to take a good big vision view and now help our customers with insights that otherwise that information map is completely missing. So we are able to guide them down a path where they can optimize which workloads need what kind of protection and then how to secure them. So that is the second level of insights and analytics that we are building. And there's a whole plethora of security offerings that we are going to build all the way from a feature level where we have things like recycle bin that's already available to our customers today to prevent any anomalous behavior and attacks that would delete their backups and then they still have a way to recover from it. But also things to curate and get back to that point in time where it is safe to recover and help them with a sandbox which they can recover confidently knowing it's not going to jeopardize them again and reinfect the whole environment again. So there's a whole bunch of things coming, but the key themes are public cloud, data insights and security. And that's where my focus is to go and get those features delivered. And Stephen can add a few more things around services that Stephen is looking to build and launch. >> Sure. So John, I think one of the other areas that we see just an enormous groundswell of interest. So public cloud is important, but there are more and more organizations that are running hundreds if not thousands of SaaS applications. And a lot of those SaaS applications have data. So there's the obvious things like Microsoft 365, Google Workspace, but we're also seeing a lot of interest in protecting Salesforce. Because if you think about it, if someone deletes some really important records in Salesforce, that's actually kind of the record of your business. And so we're looking at one more SaaS application protection and really getting deep in that application awareness. It's not just about backup and recovery. When you look at something like a Salesforce or something like a Microsoft 365, you do want to look into sandboxing, you want to look into long term archival. Because this is the new record of the business, what used to be in your on-premises databases that all lives in cloud and SaaS applications now. So that's a really big area of investment for us. The second one, just to echo what Anjan said is, one of the great things of being a SaaS provider is I have metadata that spans across thousands of customers and tens of billions of backups a year. And I'm tracking all sorts of interesting information that is going to enable us to do things like make backups more autonomous. So that customers, again, I want to do the job for them, we'll do all the tuning, we'll do all the management for them. To be able to better detect ransomware attacks, better respond to ransomware attacks because we're seeing across the globe. And then of course, being able to give them more insight into what's happening in their data environment so they can get a better security posture before any attack happens. Because let's face it, if you can set your data up more cleanly, you're going to be a lot less worried and a lot less exposed when that attack happens. So we want to be able to again, cover those SaaS applications in addition to the public cloud. And then we want to be able to use our metadata and use our analytics and use this massive pipeline we've got to deliver value to our customers. Not just charts and graphs, but actual services that enable them to focus their attention on other parts of the business. >> That's great stuff, Anjan. >> And remember John, I think all this while keeping things really easy to consume, consumer grade UI, APIs. And during the power of SaaS as a service simplicity to kind of continue on amongst kind of keeping these complex technologies together. >> Anjan, that's a great call out. I was going to mention ease of use and self-service, big part of the developer and IT experience expected it's a table stakes, love the analytic angle. I think that brings the scale to the table and faster time to value to get to learn best practices. But at the end of the day, automation, cross cloud protection and security to protect and recover. This is huge and this is a big part of not only just protecting against ransomware and other things, but really being fast and being agile. So really appreciate the insights. Thanks for sharing on this segment, really under the hood and really kind of the value of the product. Thanks for coming on, appreciate it. >> Thank you very much. >> Okay, there it is. You got the experts talk about the hood, the product, the value, the future of what's going on with Druva and the future of cloud native protecting and recovering. This is what it's all about. It's not just ransomware they have to worry about. In a moment, Dave Allante will give you some closing thoughts on the subject here. You're watching theCUBE, the leader in high tech enterprise coverage. >> As organizations migrate their business processes to multi-cloud environments, they still face numerous threats and risks of data loss. With a growing number of cloud platforms and fragmented applications, it leads to an increase in data silos, sprawl and management complexity. As workloads become more diverse, it's challenging to effectively manage data growth, infrastructure, and resource costs across multiple cloud deployments. Using numerous backup vendor solutions for multiple cloud platforms can lead to management complexity. More importantly, the lack of centralized visibility and control can leave you exposed to security vulnerabilities, including ransomware that can cripple your business. The Druva data resiliency cloud is the only 100% SaaS data resiliency platform that provides centralized, secure air gapped and immutable backup and recovery. With Druva, your data is safe with multiple layers of protection and is ready for fast recovery from cyber attacks, data corruption, or accidental data loss. Through a simple, easy to manage platform, you can seamlessly protect fragmented, diverse data at scale, across public clouds and your business critical SaaS applications. Druva is the only 100% SaaS vendor that can manage, govern, and protect data across multiple clouds and business critical SaaS applications. It supports not just backup up and recovery, but also data resiliency across high value use cases such as e-discovery, sensitive data governance, ransomware and security. No other vendor can match Druva for customer experience, infinite scale, storage optimization, data immutability and ransomware protection. The Druva data resiliency cloud, your data always safe, always ready. Visit druva.com today to schedule a free demo. (upbeat music) >> One of the big takeaways from today's program is that in the scramble to keep business flowing over the past two plus years, a lot of good technology practices have been put into place. But there's much more work to be done, specifically because the frequency of attacks is on the rise and the severity of lost, stolen or inaccessible data is so much higher today. Business resilience must be designed into architectures and solutions from the start. It cannot be an afterthought. Well, actually it can be, but you won't be happy with the results. Now, part of the answer is finding the right partners, of course, but it also means taking a systems view of your business, understanding the vulnerabilities and deploying solutions that can balance cost efficiency with appropriately high levels of protection, flexibility, and speed/accuracy of recovery. We hope you found today's program useful and informative. Remember, this session is available on demand in both its full format and the individual guest segments. All you got to do is go to thecube.net and you'll see all the content. Or you can go to druva.com. There are tons of resources available including analyst reports, customer stories. There's this cool TCO calculator. You can find out what pricing looks like and lots more. Thanks for watching Why Ransomware Isn't Your Only Problem made possible by Druva. A collaboration with IDC and presented by theCUBE, your leader in enterprise and emerging tech coverage. (upbeat music)

(upbeat music) >> Welcome back everyone to theCUBE special presentation with Druva on why ransomware isn't your only problem. I'm John Furrier, your host of theCUBE. Our next guest are Stephen Manly, Chief Technology Officer of Druva. And Anjan Srinivas, who is the general manager and vice president of product management in Druva. Gentleman, you got the keys to the kingdom, the technology, ransomware, data resilience. This is the topic, the IDC White Paper that you guys put together with IDC. Really nails it out. I want to get into it right away. Welcome to this segment. I really appreciate it. Thanks for coming on. >> Anjan: Great to be here John. >> So what's your thoughts on the survey's conclusion? Obviously the resilience is huge. Ransomware continues to thunder away at businesses and causes a lot of problems, disruption. I mean, it's endless ransomware problems. What's your thoughts on the conclusion? >> So I'll say the thing that pops out to me is on the one hand, everybody who sees the survey, who reads, it's going to say, well that's obvious. Of course ransomware continues to be a problem. Cyber resilience is an issue that's plaguing everybody. But I think when you dig deeper and there's a lot of subtleties to look into, but one of the things that I hear on a daily basis from the customers is it's because the problem keeps evolving. It's not as if the threat was a static thing to just be solved and you're done. Because the threat keeps evolving, it remains top of mind for everybody because it's so hard to keep up with what's happening in terms of the attacks. >> And I think the other important thing to note, John, is that people are grappling with this ransomware attack all of a sudden where they were still grappling with a lot of legacy in their own environment. So they were not prepared for the advanced techniques that these ransomware attackers were bringing to market. It's almost like these ransomware attackers had a huge leg up in terms of technology that they had in their favor while keeping the lights on was keeping IT away from all the tooling that needed to do. A lot of people are even still wondering when that happens next time, what do I even do? So clearly not very surprising. Clearly I think it's here to stay and I think as long as people don't retool for a modern era of data management, this is going to stay this way. >> Yeah, I mean I hear this all the time in our CUBE conversations with practitioners It's like the security product. Give me more tools. I'll buy anything that comes in the market. I'm desperate. There's definitely attention, but it doesn't seem like people are satisfied with the tooling that they have. Can you guys share your insights into what's going on in the product side? Because people claim that they have tools at fine points of recovery opportunities, but they can't get there. So it seems to be that there's a confidence problem here in the market. How do you guys see that? 'Cause I think this is where the rubber meets the road with ransomware 'cause it is a moving train. It's always changing, but it doesn't seem this confidence. Can you guys talk about that? What's your reaction? >> Yeah, let me jump in first and Stephen can add to it. What happens is I think this is a panic buying and they have accumulated this tooling now just because somebody said could solve your problem but they haven't had a chance to take a relook from a ground up perspective to see where are the bottlenecks, where are the vulnerabilities, and which tooling set needs to lie where, where does the logic need to reside? And what a Druva, we are watching people do and people do it successfully is that as they have adopted Druva technology, which is ground up built for the cloud and really built in a way which is driven at a data insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really mitigating this ransomware. And then there is a whole plethora of ecosystem players that combine really, really finish the story so to say. So I think this has been a panic buying situation. This is like, get me any help you can give me. And I think as this settles down and people really understand that longer term as they really build out a true defense mechanism, they need to think really ground up. They will start to really see the value of technologies like Druva and try to identify the right set of ecosystem to really bring together to solve it meaningfully. >> John: Yes, Stephen. >> I was going to say, one of the really interesting things in the survey for me and for a moment, little more than a moment, it made me think was that the large number of respondents who said I've got a really efficient well-run backup environment who then on basically the next question said, and I have no confidence that I can recover from a ransomware attack. And you scratch your head and you think, well if your backup environment is so good, why do you have such low confidence? And I think that's the moment when we dug deeper and we realized, if you've got a traditional architecture and let's face it, the disk-based architecture's been around for almost two decades now in terms of disk-based backup, you can have that tune to the health. That can be running as efficiently as you want it, but it was built before the ransomware attacks, before all these cyber issues really start hitting companies. And so I have this really well-run traditional backup environment that is not at all built for these modern threat vectors. And so that's really why customers are saying, I'm doing the best I can, but as Anjan pointed out, the architecture, the tooling isn't there to support what problems I need to solve today. >> Yeah, great point. >> And so yeah. >> Well, that's a great point. Before we get into the customer side, I want to get to in second, I interviewed Jaspreet, the founder and CEO, many years ago even before the pandemic. You mentioned modern. You guys have always had the cloud with Druva. This is huge. Now that you're past the pandemic, what is that modern cloud edge that you guys have? 'Cause that's a great point. A lot of stuff was built, backup and recovery bolted on, not really designed into the current state of the infrastructure and the cloud native application modern environment we're seeing right now is a huge issue. >> I think, to me, there's three things that come up over and over and over again as we talk to people in terms of being built in cloud, being cloud native, why is it an advantage? The first one is, is security and ransomware. And we can go deeper, but the most obvious one that always comes up is every single backup you do with Druva is air gap, offsite, managed under a separate administrative domain so that you're not retrofitting any air gap network and buying another appliance or setting up your own cloud environment to manage this. Every backup is ransomware protected, guaranteed. I think the second advantage is the scalability. And this certainly plays into account as your business grows or in some cases as you shrink or repurpose workloads. You're only paying for what you use. But it also plays a big role, again, when you start thinking of ransomware recoveries because we can scale your recovery in cloud, on-premises as much or as little as you want. And then I think the third one is, we're seeing basically things evolving, new workloads, data sprawl, new threat vectors. And one of the nice parts of being a SaaS service in the cloud is you're able to roll out new functionality every two weeks and there's no upgrade cycle, there's no waiting. The customer doesn't have to say, wow, I need it six months in the lab before I upgrade it and it's an 18-month, 24-month cycle before the functionality releases. You're getting it every two weeks and it's backed by Druva to make sure it works. >> Anjan, you got the product side. It's challenging job 'cause you have so many customers asking for things probably on the roadmap. You probably go hour for that one. But I want to get your thoughts on what you're hearing and seeing from customers. We just reviewed the IDC with Phil. How are you guys responding to your customer's needs? Because it seems that it's highly accelerated probably on the feature request, but also structurally as as ransomware continues to evolve. What are you hearing? What's the key customer need? How are you guys responding? >> Yeah, actually, I have two things that I hear very clearly when I talk to customers. One, I think after listening to their security problems and their vulnerability challenges, because we see customers and help customers who are getting challenge by ransomware on a weekly basis, and what I find that this problem is not just a technology problem, it's an operating model problem. So in order to really secure themselves, they need a security operating model and a lot of them haven't figured out that security operating model in totality. Now where we come in as Druva is that we are providing them the cloud operating model and a data protection operating model combined with a data insights operating model, which all fit into that overall security operating model that they are really owning and they need to manage and operate because this is just not about a piece of technology. On top of that, I think our customers are getting challenged by all the same challenges of not just spending time on keeping the lights on, but innovating faster with less. And that has been this age old problem, do more with less. But in this whole, they're like trying to innovate when the middle of the war so to say. The war is happening, they're getting attacked, but there's also net new shadow IT challenges that's forcing them to make sure that they can manage all the new applications that are getting developed in the cloud. There is thousands of SaaS applications that they're consuming, not knowing which data is critical to their success and which ones to protect and govern and secure. So all of these things are coming at them at a hundred miles per hour while they're just trying to live one day at a time. And unless they really develop this overall security operating model helped by cloud native technologies like Druva that really providing them a true cloud native model of really giving like a touchless and an invisible protection infrastructure. Not just beyond backups, beyond just the data protection that we all know of into this mindset of being able to look at where each of those functionalities need to lie. That's where I think they're grappling with. Now Druva is clearly helping them with keep up to pace with the public cloud innovations that they need to do and how to protect data. We just launched our EC2 offering to protect EC2 virtual machines back in AWS and we are going to be continuing to evolve that to further many services that public cloud software 'cause our customers are really consuming them at breakneck speed. >> So the new workloads, the new security capabilities, love that. Good call out there. Stephen, there's still the issue of the disruption side of it. You guys have a guarantee. There's a cost of ownership as you get more tools. Can you talk about that angle of it? Because this is, you got new workloads, you got the new security needs, what's the disruption impact? 'Cause we won't avoid that. How much it going to cost you? And you guys have this guarantee, can you explain that? >> Yeah, absolutely. So Druva launched our $10 million data resiliency guarantee. And for us, there were really two key parts to this. The first obviously is $10 million means that, again, we're willing to put our money where our mouth is and that's a big deal. That we're willing to back this with the guarantee. But then the second part, and this is the part that I think reflects that model that Anjan was talking about. We look at this and we say, the goal of Druva is to do the job of protecting and securing your data for you so that you as a customer don't have to do it anymore. And so the guarantee actually protects you against multiple types of risks all with SLAs. So everything from, your data's going to be recoverable in the case of a ransomware attack. Okay, that's good. Of course for it to be recoverable, we're also guaranteeing your backup success rate. We're also guaranteeing the availability of the service. We're guaranteeing that the data that we're storing for you can't be compromised or leaked externally. And we're guaranteeing the long term durability of the data so that if you back up with us today and you need to recover 30 years from now, that data's going to be recovered. So we wanted to really attack the end-to-end risks that affect our customers. Cybersecurity is a big deal, but it is not the only problem out there and the only way for this to work is to have a service that can provide you SLAs across all of the risks because that means, again, as a SaaS vendor, we're doing the job for you so you're buying results as opposed to technology. >> That's great. Great point. Ransomware isn't the only problem. That's the title of this presentation, but it's a big one. People concerned about it. So great stuff. In the last five minutes guys, if you don't mind, I'd love to have you share what's on the horizon for Druva. You mentioned the new workloads Anjan. You mentioned this new security hearing shift left. DevOps is now the developer model. They're running IT, yet data and security teams now stepping in and trying to be as high velocity as possible for the developers and enterprises. What's on the horizon for Druva? What trends is the company watching, and how are you guys putting that together to stay ahead in the marketplace in the competition? >> Yeah, I think listening to our customers, what we realize is they need help with the public cloud, number one. I think that's a big wave of consumption. People are consolidating their data centers moving to the public cloud. They need help in expanding data protection, which becomes the basis of a lot of the security operating model that I talked about. They need that first from Druva before they can start to get into much more advanced level of insights and analytics on that data to protect themselves and secure themselves and do interesting things with that data. So we are expanding our coverage on multiple fronts there. The second key thing is to really bring together a very insightful presentation layer, which I think is very unique to Druva because only we can look at multiple tenants, multiple customers because we are a SaaS vendor and look at insights and give them best practices and guidances and analytics that nobody else can give. There's no silo anymore because we are able to take a good big vision view and now help our customers with insights that otherwise that information map is completely missing. So we are able to guide them down a path where they can optimize which workloads need, what kind of protection, and then how to secure them. So that is the second level of insights and analytics that we are building. And there's a whole plethora of security offerings that we are going to build all the way from a feature level where we have things like recycled bin that's already available to our customers today to prevent any anomalous behavior and attacks that would delete their backups and then they still have a way to recover from it, but also things to curate and get back to that point in time where it is safe to recover and help them with a sandbox, which they can recover confidently knowing it's not going to jeopardize them again and reinfect the whole environment again. So there's a whole bunch of things coming, but the key themes are public cloud, data insights, and security and that's where my focus is to go and get those features delivered. And Stephen can add a few more things around services that Stephen is looking to build and launch. >> Sure. So John, I think one of the other areas that we see just an enormous groundswell of interest. So public cloud is important, but there are more and more organizations that are running hundreds, if not thousands of SaaS applications and a lot of those SaaS applications have data. So there's the obvious things like Microsoft 365, Google Workspace, but we're also seeing a lot of interest in protecting Salesforce because if you think about it, if someone deletes some really important records in Salesforce, that's actually the record of your business. And so we're looking at more and more SaaS application protection and really getting deep in that application awareness. It's not just about backup and recovery when you look at something like a Salesforce or something like a Microsoft 365, you do want to look into sandboxing, you want to look into long-term archival because, and this is the new record of the business. What used to be in your on-premises databases, that all lives in cloud and SaaS applications now. So that's a really big area of investment for us. The second one, just to echo what Anjan said is, one of the great things of being a SaaS provider is I have metadata that spans across thousands of customers and tens of billions of backups a year. And I'm tracking all sorts of interesting information that is going to enable us to do things like make backups more autonomous so that customers, again, I want to do the job for them. We'll do all the tuning. We'll do all the management for them to be able to better detect ransomware attacks, better respond to ransomware attacks because we're seeing across the globe. And then of course being able to give them more insight into what's happening in their data environment so they can get a better security posture before any attack happens. Because let's face it, if you can set your data up more cleanly, you're going to be a lot less worried and a lot less exposed from when attack happens. So we want to be able to, again, cover those SaaS applications in addition to the public cloud. And then we want to be able to use our metadata and use our analytics and use this massive pipeline we've got to deliver value to our customers, not just charts and graphs, but actual services that enable them to focus their attention on other parts of the business. >> That's great stuff. >> And remember John, I think all this while keeping things really easy to consume, consumer grade UI, APIs, and really, the power of SaaS as a service, simplicity to continue on amongst keeping these complex technologies together. >> Anjan that's a great call out. I was going to mention ease of use and self-service. Big part of the developer and IT experience, expected, it's the table stakes. Love the analytic angle. I think that brings the scale to the table and faster time to value to get to learn best practices. But at the end of the day, automation, cross cloud protection, and security to protect and recover. This is huge and this is a big part of not only just protecting against ransomware and other things, but really being fast and being agile. So really appreciate the insights. Thanks for sharing on this segment. Really under the hood and really the value of the product. Thanks for coming on. Appreciate it. >> Thank you very much. >> Okay, there it is. You got the experts talking about under the hood, the product, the value, the future of what's going on with Druva and the future of cloud native protecting and recovering. This is what it's all about. It's not just ransomware they have to worry about. In a moment, Dave Vellante will give you some closing thoughts on the subject here. You're watching theCUBE, the leader in high tech enterprise coverage. (gentle music)

(gentle music) >> Hey, everyone. Welcome back to New York City. Lisa Martin and John Furrier here with theCUBE, covering AWS Summit NYC. This is a series of summits this year. There's about 15 of them globally. We are excited to be here with a couple of guests. We have an alumni back with us. Couple of guests from Caylent, Stephen Garden joins us, the Executive Chairman, and Valerie Henderson, Chief Revenue Officer. Guys, welcome to the program. >> Thank you. >> Thank you. Thank you for having us. >> Great to have you, welcome back. >> Appreciate it, from 2016. >> 2016, it's been a minute. >> Yep. >> But that was before Caylent. Talk to us about Caylent, what do you guys do? What do you deliver? How are you affiliated with AWS? >> Sure, so we were founded in 2015, initially as a container management product. So our roots are very deeply centered around Cloud native. We've since evolved and become a Cloud native consultancy. We're all in with AWS. We were actually just awarded AWS Premier Partner a couple of weeks ago, so we're pretty pumped about that, but we're about 250 people now, across North and South America. And our goal is really to work with customers that are looking to innovate and evolve and use AWS as a catalyst to build new products for their business. >> As a catalyst, I like that. Valerie, talk about the customer. Obviously so much tumbled in the last couple of years. Still going through it. >> Yeah, of course. >> How have customer conversations evolved and changed in the last couple of years, from your perspective? >> Yeah, I think from my perspective it is such a unique time and it's a time that is constantly changing. And I think change breeds opportunity, and I feel like customers see that, and they're leaning in. They want the opportunity to create new revenue streams, do more, more efficiently, and I think that's the key. And the questions are really asking, how can we take our data, and turn it into something that we can monetize? How can we be smarter with what we have? And I think it's an incredible time to be in the space that we're in. Every conversation I have is really forward thinking, and about the business. And I've been in this space for a while, and that was not always that case. And I think now people are shifting that IT shop to IP shop, and that's so key, from my perspective. >> Interesting, interesting shift there. Every company has to be a data company these days, to be competitive, the last couple of years it was, how did we survive? Pivot, pivot, pivot. But to be a data company, means you have to be able to extract the value and insights from that data and act on it, to your point, develop new products, new revenue streams, new opportunities. How do you enable companies, and maybe this is a question that you can both answer, to truly become data companies? >> The whole model from a service's perspective is not a do-for model, it is a do-with model. And any time we go into a customer, it's like, where are they on the curve? From monolith application, to microservices, where do they sit today? And I think when you dig in, you assess, you deeply understand where they are, you can get them to where they want to be, and build a plan. And the way our model works is, we're doing it with them, and what that means is we're enabling them, documentation, we're supporting them, that if we're not there, they're going to be able to carry it forward and continue to do more. So, that's so so important. I'd love Stephen's take on it. >> Yeah, I think the other trend that we're seeing in data more recently is that customers need to share their information with other partners, collaborate. And AWS is just the perfect platform to be able to do that, enable that sharing. And you're seeing even businesses like Snowflake build a data Cloud on top of AWS. So, I think that's a new angle that we're seeing which is really bringing together way more innovation- >> What about that data clean-room trend that's going on, Snowflake's doing a lot of that. But some of them have a little lock in spec there, versus being open, security, privacy, governance, what's the balance between open sharing and the requirements you need to be secure and compliant? >> Yeah, I think very simplistically, the information that you are using to deliver your product and service to customers generally safer, more public and available, the information that's confidential to your business behind the scenes, obviously, you use the right protocols to lock it out. But it is a very hot topic in today's world, especially with Web3 and people seeking to get their information back, so... >> So you mentioned you guys around since 2015, if you go back in time, it seems like yesterday, but Cloud time, it's like two generations ago. Why is data now more relevant? Is it because the technology's gotten better and easier, or more maturization of the client's understanding, or being full with data, having a data problem and hence an opportunity? Or is it open source has evolved? Or all three, what's your reaction to that? Why is it exploding now when it's been around for a while? >> It keeps exponentially growing, right? The more and more data. There was a stat four or five years ago about, hey, we're taking more photographs in a single year now than all of mankind, leading up to that date, but I think just the sheer quantities and the way people are managing it now, and being able to actually capture information points of everything across their entire business, just presents a much bigger opportunity to be able to take and form decisions of the back of that. >> So do you see the customers having more data full problems, that they're having more data? So that's... And in that one >> 100%. >> Of the consequences of not leveraging it? >> Yeah, it's what to do. Yeah, absolutely, and if you think about when you wake up in the morning if you ask Alexa what the weather is, and like, you're creating data, in every engagement with the world. So I think it's this explosion of it, but then it exists, and what do you do, and having a strategy. I still think one of the biggest gaps is people, and talent, and expertise to do the work, frankly. Which is, the hypothesis of Caylent existing. >> Yeah, I think a data concept and application, because what's the weather to Alexa, is an application of what's the weather, it's a request, but it's actually the data's built into the app. >> It's built in. >> So data as code is a new trend. >> Yes, yeah, yeah, and I think it's funny to answer the question. There's more data points surrounding how to leverage your data, and I'm like, it's crazy, I think you're really seeing that working- >> We have an old data warehouse, we can't get the weather data, although it's there somewhere. But that's the problem. Getting the data, in the applications, this is not... Wasn't around 10 years ago. No one was talking like that. Now it's more standard. That sounds like DevOps to me, a DevOps problem. >> Yeah, moving from the monolithic to the microservice is wild, and just the way that people are building applications today. The users, their customers are demanding more from the service, and AWS is able to deliver that. >> What are some of your customers doing with you guys, can you give some examples and scope the scale of your relationship with the customers, vis-a-vis AWS and the Cloud, how they're using you guys and the Cloud. >> Yeah, yeah, for sure, a customer of ours, Allergen, which is an incredible organization, really had a large effort to modernize. And they actually have a data lab within their company called Allergen Data Labs, and they leveraged us to truly just modernize this containerization effort. How they can do more with less, and that serverless experience. So, I think from my perspective what we're seeing is also a need to be thoughtful about DevOps retooling and tooling because talent wants to work with the best toolset, the hottest stuff on the street, and again, to keep talent is key, in any organization's success. >> Valerie, how does Caylent help with that from a talent perspective? Obviously there's talent shortage, we're also still in the great resignation. >> Oh my gosh. >> How do you help organizations bridge the gap so that they can glean insights from data and be competitive and win? >> Yeah, we actually just published a case study with Novus which was bought by SEI, which is a huge financial firm. Where they said, "Listen, it's human nature to say I have a gap, and I need to fill it, I'm going to hire somebody." That's human nature to say, okay, this is what we're going to do. But the reality is, I think companies are starting to see the advantage of using a partner and say, okay, I could hire one person or I could bring in a partner who's going to have a team of five, works incrementally for a period of time, does with, helps coach my team up, document all of that, and I think that they're seeing value from that. And ultimately, it's not that we don't want them to eventually hire. When they do hire, we want that person to come in and have the best experience. >> And sometimes the people aren't even available, right? >> Correct, yeah. >> So you have a combination of managed services, a plethora of managed services that are also involved with the customers. So, it's that integration, scale, and partnering and sharing. You mentioned sharing data earlier, how do you guys view that integration piece, 'cause if you have a modern architecture, you got to have that decomposed, decoupled but integrated approach. >> Yeah, we really believe that the whole world of project services and managed services is coming together as one. So we have a single delivery model which we're really passionate about. And we look at it as an embedded team within our customers, embedded DevOps to support them, basically on anything that could be from a modernizing a new application through to addressing a more traditional Cloud architecture framework that's in place. But yeah, the trick to it is, as Val said earlier is the do with approach, not just do for, right? I think customers need to learn about the Cloud. They need to understand the technology that they're using. They want to have that understanding. And we found a way of fitting in our services to help them accelerate that part. >> So Valerie, I got to ask you the question. So, in sports you talk about the modern era of baseball or whatever, we're in the modern era of Cloud, going next generation. We call it Super Cloud, a concept that Dave and I put out at re:Invent. If someone asks you, what does the modern era look like? As you look at your customer base and the data you guys have, how would you describe this modern era? What is it made up of? Is it outcomes versus solutions? Is it technology that's decentralized? How do you talk about it? What is the modern era, if you were- >> Not to oversimplify it, but I'm going to, the idea that somebody could come into work and all they have to think about is business outcomes and the data points that they need to achieve said business outcomes. I'm the biggest fan of measure what matters, I think it is an incredibly powerful methodology. And I think anybody who thinks about running business, they know that it's a scale. The amount of companies that are in that place is very small right now. So I think modern era is really that running an IT company to an IP company. >> So Stephen, if you unpack that, what's under the covers to make that happen? Automation, machines, what's your assessment of that outcome, which by the way was well said. Beautiful, beautiful comment. What makes that happen? >> I think it is around automation. It is around do once and then apply many times. That is key. Obviously it's a fundamental principle of the Cloud, is that consistency in that repeatability. So when you can simplify services down to a point, click, deploy, I think you're in a much better position to be able to move quickly and then not have to worry about anything under the hood and just focus, like Val said, on the business outcomes. >> That's more creative. They're focusing on the problems, to not do the rock fetches and the heavy lifting that's not differentiated. >> I find that what gives people energy generates opportunity. And I think when people hit those roadblocks of, these things don't work together. There's all these interdependencies. It's really challenging. So I love what's happening. I think there's never been a better time to be in this business. >> Not a dull moment, That's for darn sure. >> Not a dull moment. >> Valerie, talk about outcomes. You mentioned a couple of customers that you're working with, some case studies. It is all about outcomes these days. That's the conversations that we have with the entire ecosystem is all about business outcomes. What are some of those key transformative business outcomes that Caylent is helping customers to achieve? >> Yeah, to me one thing that is key is, anytime I'm meeting with a customer, I want to understand who their customers are. I'm like, who is your customer? And how can we create a better experience for that customer. Whether it's their end users or their external customers. And I think that is a huge element. What we're seeing is that sassification of, how do I make it easier for my customers to procure and engage with my platform? And a lot of what we're doing right now is helping clients with that. And it's not a flip of a switch, it's not a click of a button, it's complicated. But that is what we are here to help, help simplify, help create that understanding of what's possible. >> How do you guys talk to your customers, take a minute to give a plug for the company. What are you looking for? What's the stats? How many employees you guys hiring, and what's the pitch to customers? >> Yeah, so I think every organization is on their journey to the Cloud now. It's gotten to that point where if you're not working with a public Cloud provider, you're part of a very, very small group. We like to say that we'll meet customers where they are, and help evolve them as a business, help evolve their teams. And that's what we mean when we say do with, so it's a pretty broad spectrum. We're big in healthcare. We're big in FinTech. We've worked with a lot of startup customers. We have about 250 customers today, 250 employees. And we're scaling rapidly. We've grown that from about 50 employees a year ago. >> Oh, wow. >> Yes, when I started, we were just around 60 people and we're at 260 today. >> And why are people working with you? What are you guys, solving a problem? Are you enabling them? What's the pitch? >> Without a doubt, I love that. Being in sales my whole career, somebody asking me for a pitch is my favorite. >> Okay, let's go. >> Yeah, yeah, the true value prop of what we do is all of the above. We enable, we help customers do more faster, but again, we do not want customers to walk away from an engagement with us saying, oh no, we don't know what to do. We want them to feel empowered. I still think the biggest gap from everything being in that IP business outcome is people. And for us, we're so passionate about that, and building a company that really truly believes that. And that's part of who we are as a company and our value system. >> And the digital transformation, ultimately what they're going through, you get them there faster. They get the outcomes and they're operational. >> Absolutely, and also to be clear, when a customer has a great experience working with you, they want to tell other people about the experience. And for us, like the referrals that we get, the partnership with Amazon is so key. >> What are some reactions after you go through an engagement? We've been riffing on this concept of Super Cloud where you're starting to see people build on top of, not the AWSs, but their partners that work with them. And so the customers are getting their own Cloud experience at scale. What are some of the comments you hear from your successful customers? What are some anecdotal feedback? >> Yeah, yeah. >> I'm so glad we did this because now I'm selling more, I'm doing this, what are some of the things that they're thinking? >> Yeah, yeah, I think ultimately the consistent theme that we get is, "I'm so glad that I didn't let fear hold me back from engaging a partner," because a lack of control scares a lot of customers. It does. And I think customers that are willing to say, "Okay, I'm going to have a little faith, trust in the process." They thank us. They do, and we've seen that across the board. I think that crossing that chasm is not to be underestimated without a doubt. >> Great story, congratulations. >> Oh, thank you. >> Well, there's nothing more powerful and potent than the voice of the customer. >> Without a doubt. And really you have to listen. >> Yes, yes, definitely. Stephen, Valerie, thank you so much for joining Dave and me on the program today, talking about Caylent, what you guys are doing for customers with AWS, empowering, enabling, collaboration. I love it, thank you. >> Yeah, thank you both. >> All right, our pleasure. For John Furrier, I'm Lisa Martin. You're watching theCUBE live in New York City, we are at AWSO in NYC, John and I will be right back with our next guest. (gentle music)

(upbeat music) >> Good evening, guys. Welcome back to Las Vegas, theCUBE is here live at AWS re:Invent 2021. I'm Lisa Martin. We have two live sets, two remote sets, over 100 guests on theCUBE talking with AWS, and its massive ecosystem of partners bringing you this hybrid tech event, probably the biggest of the year, and I'm pleased to welcome Stephen Kovac next, the Chief Compliance Officer at Zscaler. Stephen, how's it going? >> Well, it's going well, Lisa. Thank you for asking, enjoying Vegas, loving the conference, unbelievable. >> Isn't it great to be back in person? >> Oh, it's so great, I've seen people. >> Conversations you can't replicate on video conferencing, you just can't. >> Can't, and you see people you haven't seen in two years, and it's like all of a sudden you're best buddies again. It's just wonderful, it's so great to back. >> It is, and AWS in typical fashion has done a great job of getting everybody in here safely. I'm not at all surprised, that's what I expected, but it's been great. And I hope that this can demonstrate to other companies, you can do this safely. >> You can, I think so. I mean, there's a lot of effort going into this, but as usual AWS does it right. So, you expect that. >> They do. Talk to me about the Zscaler-AWS partnership. What's going on? >> Well, it's a great partnership. So AWS and Zscaler have been partners since the beginning of Zscaler. We are the largest security cloud in the world. We're born and bred in the cloud security company. So literally we wrote one application that does global security, everything from firewall to proxy, secure web gateway, to DLP, to all this in one piece of software. So, in the past where people would buy appliances for all these devices and put them in their own data center, we wrote a software that allows us to put that in the cloud, run it on the cloud globally around the world. And our partnership with AWS is, we originally built that on AWS, and today still AWS is our prime partner, especially in the zero trust side of our business. So, great relationship, long-term and great I think for both of us, it's been a very, very... >> Fruitful partnership, synergistic? >> Synergistic, love that, so yes. >> You mentioned zero trust, and we have seen such massive changes to the security and the threat landscape the last 20, 22 months. Talk to me about the recent executive order calling for zero trust, how does Zscaler's partnership with AWS help you enable organizations, fed, SLED, DoD, to be able to actually bring in and apply zero trust? >> Yeah, great question. Five years ago I was tasked to bring Zscaler into the government side of the business. So I was employee one to do that. It was a great honor to do it. And the first thing we did is we partnered with AWS because we needed to get FedRAMP compliant. We knew we were going to go into DoD. So we needed to go to the Impact Level five. And eventually we'll be able to go up level six with AWS. And so it was our partnership started there. And as you've seen in five years with all the change that's happened, that obviously the breaches like SolarWinds, and the people up here talking about them all week with you I'm sure. The executive order came down from the Biden Administration, who I completely salute for being just tremendous leaders in the cybersecurity space. And the executive order, one of the big pieces of the executive order was every agency must produce a plan for zero trust. So our cloud platform that is on AWS is a zero trust platform. It is the first and only zero trust platform to get authorized by the federal government at the FedRAMP level, and now the IL five level. So, together we are literally capturing and taking over the, being the leader in the zero trust space for the federal government. And I'm going to get a sip of water, so forgive me, I've been here all week talking to a lot of people, so forgive me for that. >> That's one thing that we don't have to deal with when we're on Zoom, right, is you don't really have the risk of losing your voice. >> Stephen: There you go. >> But in terms of the executive order, something that you mentioned, SolarWinds, Colonial Pipeline, we only hear about some of the big ones. The fact that ransomware happens one attack every 10, 11 seconds, it's a matter of when we get hit, not if. >> As you know, the story coming up from me, coming up on stage with you today, I just got myself breached just this morning, just individually. So yes, it's going to get all of us. And especially, I think when you look at zero trust and ransomware and how they worked out how zero trust can prevent it, you look at the SLED market, you know, state, local governments, they don't have the dollars to go spend like DHS does, or say, some of the DoD does. So, our partnership with AWS allows us to produce a product that is very cost-effective on a per user basis, consumption model, which is what AWS has been famous for since day one, right, the consumption model, use it when you need it, don't use it when you don't. We built our software the same way. So, at some point in a year, in a school year, we'll ramp up with some schools up to a hundred thousand users in the district, and over the summer we'll ramp down to a thousand, and we just bill them for that. So it's a beautiful relationship that we partner in not just the executive order, but being a partner in SLED, fed in the sense that matches making our business together, match the government's business. And that makes us a true leader and makes us a cost-effective solution. And if you think about it just for a moment, yesterday, I told you I was testifying in front of the Senate. And one of the questions I got asked was, oh, how many security updates do you guys see a year? I said, a year, well, we do over 200,000 a day. 200,000 security updates from potential hackers every single day. And we're doing that over 200 billion transactions a day run on AWS. So it's tremendous partnership, and to be able to work like that, and at that kind of volume, and be able to go up and down with the, and you got AWS able to scope up and down, and us to be able to ride that wave with them. It's been great. >> One of the things that we always talk about when we talk AWS is they're customer focused or customer obsession that, hey, we start backwards, we work backwards from the customer. Same thing, synergistic from a cultural perspective? >> Absolutely, I mean, one of the things I always love about AWS and I've been a customer of AWS for many years, even prior to my Zscaler days, I love the way they approach things, right? If they're not trying to go out and sell it, they're trying to meet with the customer and find out what the customer needs, and then build a solution. We're the same way. I always tell, you know, when you think of our solutions, Zscaler, I always tell my sales teams, I say it takes four sales calls for people to really understand what we do. And AWS, in the beginning of AWS, it was kind of the same thing. In the old days, you know, we all just built data centers and we had all these racks, and all this expense and mesh is what you did. It was unusual back in the day, 10 years ago, and I've been to every single re:Invent. I mean, the first one there was like, you're actually going to put all your stuff in this unknown cloud thing, and it will be available when you need it? So yes, you know, the way that they did it is the same way we do it together today. And we do it together today. We partner on many deals today where we're both, our teams are in there together, selling together, whether it's the DoD, federal agencies, SLED agencies, and commercial, you know, selling it hand-in-hand because it's that same philosophy is we're going to build what a customer needs. We're not going to tell the customer what they need. We're going to hear what they need, and that's the same relationship. So I'm going to get another sip real quick. >> Go for it. One of the things that has been a theme that we've heard the last couple of days is every company needs to be a data company or private sector, public sector, and if they're not, they're probably not going to be around much longer. How do you help customers get their handle around that? Because the security threats are only increasing. I mean, it's ransomware as a service. The fact that these criminals are getting much more brazen, you just had this happen to yourself, but enabling them to become data-driven organizations and use the data, extract the value from it securely, that's hard. >> It is, I mean, if you think back in the day, I mean, companies didn't have chief compliance officers that worked in the space that we do. Their chief compliance officer back in the day was the guy that was writing your HR issues and what OSHA issues, and of course, I still deal with some of that stuff, but my true job is really around the data, right? You know, how do we build our platforms, what decisions we make on our platforms, how we're going to certify them to support that, and I mean, chief data officers, chief security officers, I mean, you go into companies today, even car dealerships today. I mean, I'm picking one, you never thought of them having a security officer, but they do, they have to, they have to. And I mean, basic school districts, I mean, I don't about you, when I was a kid and went to school, they didn't have computers, but when my kid went to school, they did, but they didn't have a security officer. Now today, every single school district has security officers. I mean, I love how you said it, that data-driven, that data thought is there. It has to be, it's a real threat. And the sad thing is of these ransomware attacks, how many don't get reported. >> Oh, right, we're only hearing about a select few. >> The numbers are something like 88% don't get reported. It's that big. So that just tells you, we hear the big ones, right, Colonial Pipeline, things like that. We don't hear about West Texas or Middle Illinois school district that paid five grand because somebody had something on the school. That's how, as you said, this ransomware as a service security, we call it a security as a service, there's SaaS, which is software as a service, we're security software as a service, and AWS is the infrastructure as a service that we run on. And that's how it works well together. >> Do you guys go into accounts together from a go-to-market perspective? >> We, do, we can always do a better job. And my good friend here at AWS, who's probably listening, we can always do better. But yeah, so it is become something that, especially in the government space we do, in federal, DoD, because the certifications are really important, certifications are important everywhere, and we have many, we talked about all the certifications we have in federal, FedRAMP and IL five, and we have a plethora of those certifications in the commercial space. But they mean in a federal space, they're really the ticket. They call them the ENERGY STAR of approval, good housekeeping piece. So, you know, having that, teaming up with AWS who we partner together and because AWS has the same certs, we can sell at the same levels. And we do a really great job of co-selling in that space together. And I think when they look at us and they say, well, you're AWS, they've got their FedRAMP high, IL five, and you're Zscaler, you got your FedRAMP high, IL five. Yes, we can do business with these guys, and that's important. >> So you guys both open doors for each other. >> We do, we do in many cases, yeah. As a matter of fact, re:Invent five years ago, a buddy of mine here opened a big, big account for us, which is today our largest account in federal came from re:Invent, where came up to me and said, hey, my customer wants to, he's looking to do something, they're an agency that has global footprint, and they're like, we want to do something as a security as a service. They don't want to ship boxes all over the place. And we just met the customer for a coffee, and next thing you know, became our, still today, our probably largest customer in federal. >> Wow, well, this is the 10th re:Invent, you said you've been to all of them. >> Stephen: I have been to all of them. I can't lie, but I can't say I did all the virtual ones. I mean, I was logged in. (laughs) >> That's okay, we'll wink on that one. But, one of the things then, we've just got about a minute left here, is in new leadership, Andy Jassy being promoted to the CEO of Amazon, we've got Adam Selipsky, heard lot of announcements and news from Adam yesterday, but some of the things that we've been talking about on theCUBE is the first 15 years of innovation at AWS, that's going to accelerate. Do you see that also, like if you look forward to the next decade, do you see things moving much faster than they did the past decade? >> I don't think they can't. I mean, I shouldn't say they have to. And the change of the guard as you might call it here, is it's always good to have a change of the guard I think. You know, the question is when's Andy going to go to space? I mean, that's the next. (Lisa laughs) I think you have the guys who got AWS to the dance, and now the dance, who's going to become the belle of the ball. And this next generation of leadership coming in is fabulous. I think they've made great decisions, and I think they're going to do really well. And we're behind them, we support it. I got a chance to meet with most of them, love a chance to meet with Andy, I haven't met with him yet. So Andy, I'd love to meet you sometime soon. But I'm very impressed with what they've done. And yes, I think it's going to be, the last 10 years of growth is going to be a year next year. I think literally, you take 10 years be compressed to a year, and then next year it will be compressed to a day. So it's moving that fast. >> Yep, get your neck brace on, prepare for that whiplash. >> Yeah, right? That's what I said to Jeff when Jeff went to space, that's how fast we're about to travel, right? But it's really relative. >> It is, there is no limit. Well, Stephen, thank you for joining me, talking about Zscaler, AWS, what you guys are doing, how you're helping to revolutionize the public sector, fed, SLED, a lot of great stuff there. Security is an ever-evolving topic, and we appreciate all of your insights. >> Well, it was wonderful to be here. Great to see you again. And great to be back with all our friends at re:Invent. >> All of our friends, exactly. >> Stephen: Thank you so much for the time today. >> My pleasure. For Stephen Kovac, I'm Lisa Martin. You're watching theCUBE, the global leader in live tech coverage. (pleasant music)

>>Okay, welcome back everyone to the cubes coverage here at AWS reinvent 2021, our annual conference here with the cube goes out the ground. We're in person live in person, also a hybrid event online as well. A lot of great content flowing day one in the books keynotes out there, big news wall-to-wall coverage I'm shot for a year. Hosts got a great segment here with AWS marketplace and revolution, how customers are buying and deploying their technologies, DB orbit, and GM radio's marketplace and control services. And Chris Casey, worldwide ed, a business development of data exchange for AWS gentlemen, welcome to the cube, John, >>Thanks for having us >>Pleasure to be here. So I'm a huge fan of the marketplace. People know that I believe that ultimately it's going to be automated at anyway, and that procurement and enterprises as they buy and as people work together and the big theme this year is kind of this whole purpose built stack, where SAS is going to be a lot of integrations where people are working together. You see multiple partners plugging in and snapping into AWS. That was a big part of Adam's keynote today. So this really kind of lays a perfect foundation for the path that you guys have been on, which is partnering, go to market buying and consuming technology. So what's the update. Give us a, uh, an overview high level, Steven of marketplace. >>Yeah, John. And again, thanks for having us. It's awesome to be here, meeting with customers and partners again for the first time in a couple of years, great to be meeting in person and interacting. So we're super excited about where we're going with the marketplace, as you all probably know, customers in every industry are really thinking about how they transform their business using modern technology. And it's not just about the technology that they're building themselves. It's also the tools that they want to get from their partners, which we're super excited to be able to offer them on marketplace. We're about to have our ten-year anniversary. We launched the first version of marketplace in April of 2012. And back then, you know, it was a very simple e-commerce website that builders could come and buy Amazon machine instances and pay by the hour running popular, open source package or operating system software, but we've come an awful long way since then and changed the surface area of the business quite a bit, um, from a product type perspective, we now offer, uh, our partners the opportunity to list and meter their SAS solutions. >>Um, adding to the army base, we allow partners to vend their container images, and we have some new updates I'll share with you in just a second on that this year in 2019 customers asked us for the same experience that they have buying software to apply to the way they licensed data. So we launched AWS data exchange in 2019, and then in 2020 last year, we, we, we recognize that customers wanted to be able to bundle professional services offerings and with the software that they buy. So we launched a professional services offering type two. And then when you start to combine that with all of the different procurement motions that we now support, it's no longer just the self-service e-commerce capabilities, but when customers want to privately negotiate deals with their vendors, they can do so with our private offer capability, which we were the first to launch in 2000, which we then complemented in 2018 with the ability for customers to negotiate with the channel partner, reseller a managed service provider of their choice. So when you start to combine all of these different product type offerings and ways, our partners can go to market through marketplace in an automated way with all of these procurement options. We now have 2000 sellers listing more than 12,000 offerings on the marketplace, which more than 325,000 customers around the world buy either directly from the seller or from the channel partner of their choice. And when you add all that up, we've seen this year alone, billions of products and services sold through the market. >>Wow. What a rocket ship from a catalog to a full-blown comprehensive consumption environment, which by the way, the market wants that fast speed, speed, time to market. Okay. So give me the update a year at reinvent. What announcement did you guys just announced that the partner summit this week? What's the, what's the news. Yeah. So there's a couple of, >>Um, we'll talk about one and then I'll hand it over to Chris to talk about the data exchange announcements. But the first announcement we made at the partner keynote yesterday was around our container offering. So in 2018, we launched the ability for partners to list container based offerings. So their software and containers, whether it be net app Druva, um, Palo Alto or others who are having their security or other software and containers that could then be deployed by customers into the AWS managed container environments. So that could be deployed into Amazon EKS, ECS, or AWS far gate, which is great for customers who run their container workloads and our managed services. But we have a lot of customers who run their own Kubernetes environments either on, um, on AWS, on premises or using another one of the, um, Kubernetes platforms that are out there like red hat open shift. >>So we're a lot of customers just said, I also want that third-party software to be easily deployable into my own Kubernetes environment. So we were super happy to announce on Monday what we call now, the AWS marketplace for containers anywhere, which allows our partners like Apollo Alto or a CrowdStrike or a Cisco to list containers on the marketplace that can be deployed into any Kubernetes environment that the customer is running, whether that be on, on AWS, on premises, into VM-ware Tansu red hat, OpenShift, rancher, um, or wherever they, wherever they're running their Kubernetes workloads. So that's super exciting. And then we have a couple of announcements on data exchange, ed that Chris talk about also >>The dictionary. I'm going to come back to the containers with some really important things I want to drill into. Go ahead. >>There's two pretty significant, which we believe at game-changing capabilities that we've recently announced with data exchange. The first one is AWS data exchange for API APIs, and really why this is quite significant is customers had told us that not a lot, not all of their data use cases were really geared towards them consuming full flat files, which is what we launched data exchange with in terms of a delivery capability two years ago. And so with AWS data exchange for APIs, customers can come and procure an API from a third party data provider and only procure the data that they need via an API request response. Um, what, why this is so significant is for data providers, they can bring their API APIs to AWS data exchange, make them really easily available for data subscribers to find and subscribe to. And then for data subscriber, they're interacting with that API in the same way that they're interacting with other AWS APIs and they can enjoy the same governance and control characteristics using services like I am in CloudTrail. >>Um, so that flexibility in a new delivery type is, is, is really meaningful for data subscribers. The second, uh, announcement that we we really went into yesterday was the preview of Amazon data exchange for Amazon Redshift. And this capability gives customers, um, data subscribers, the ability to access data in the data warehouse supported by Amazon Redshift. And the unique aspect about this is the data subscriber. Doesn't actually have to copy the data out of Amazon Redshift if they don't want to, they can query the data directly. And what's really meaningful for them. There is they know that they're actually querying the latest data that the data provider has because they're actually querying the same data warehouse table that the data provider is publishing into data. Providers really love this, especially those ones, those data providers that were already using Amazon Redshift to store their data, because now they don't have to manage the entitlements and subscription aspects of really making their data available to as many of their data consumers as possible. >>So basically what you're saying is it makes it easier for them to keep an update. They don't have to worry about merchandising that service. They just have API APIs rolled in and the other one is for developers to actually integrate new API APIs into their role and whatever services they're building. Is that right? >>Yeah. And it's, it's really the ultimate flexibility for a developer coming to AWS data exchange. If their use case warrants, them consuming a full dataset, you know, maybe they want to look at 10 years of stock history, you know, using file-based data delivery and immutable copies of those files through our S3 object, data sharing capabilities is fit for their use case. Um, but if they want to dynamically interact with data, AWS data exchange for API APIs is a brand new delivery capability that is really unlocking. And we hope we're really excited to see the innovation >>It's like you're bringing the API economy even further to the customer base on the third party. The question I have for both of you guys on the containers and the API is security because, you know, we've seen with containers, approved containers, being vetted, making sure that they're not going to have any malware in there or API is making sure everything's clean and tight. What's the, what are they? What's the security concerns. Can you share how you guys are talking about that? For sure. >>So it's probably comes as no surprise to you or folks who might be listening or tuning in that security has always been AWS is number one priority. We build it into everything we do. This offering is no different. We scan all of the container images that are published to our catalog before they're exposed to customers for any kind of known vulnerabilities. We're monitoring our catalog every single day now against new ones that might come out and customers actually tell us, it's one of the things that they like about buying software on marketplace, better than let's say other third party repositories that don't have the same level of vetting because they can kind of build that constant trust, um, into, >>And trust is a key cause you can get containers anywhere. You don't know where it's from. So you guys are actually vetting the containers, making sure they're certified. So to speak with Amazon's security check. >>We, we, we are indeed. And, uh, we have a number of security ISV who are participating in both our containers in our containers anywhere. It's one of the most high-performing categories for us. As I said before, we have vendors like CrowdStrike and Cisco and Palo Alto who are, you know, um, um, vending, various different endpoint and network security, um, uh, offerings >>It's my catalogs are for, I mean, this is what trust is all about. Making sure that you guys can put your name behind it in the marketplace. Okay. Let's take it through the consumption. What's the current state of the art with the marketplace with enterprises, you guys have a lot of programs. We're constantly hearing great things about the go to market with joint selling on the top tier. Uh, I think there's like the top tier category. And then you've got all kinds of other incentives for companies to deploy the marketplace and sell their stuff, >>Right? So we're, we're really starting to hit our stride with, uh, co-selling with our partners and some of our, um, you know, our top, most performing partners, they into every feature and capability and incentive program that we develop. Um, give us a lot of feedback on it. Just like we work backwards from customer needs to help them transform their procurement. We work backwards from our partner needs to help them optimize their go to market channel. And, uh, you know, we take feedback from our partners, uh, very seriously. And then we build things like private offers when they want to custom negotiate deals with their customers or channel partner, private offers when they want to do that with the channel partner of their choice. And we're just continuing to listen to that feedback and, and helping them grow their business. And, and, and frankly, you know, while a lot of partners love that we're able to help get them new customers. One of their favorite things about co-selling with us is that they're able to close larger contracts faster because they're doing that in concert with the AWS field teams and taking advantage of the fact that the customer's already building on AWS. >>So I know we've got a couple minutes left. I want to get this out there because I heard it I'd have to add him prior to re-invent. And he said, quote, we don't want, cus customers don't want to reinvent the wheel. And they see, that's why this whole purpose built kind of thing is getting traction. What do you guys got in the marketplace? That's what you'd call leveraging stuff has been built. So customers don't have to rebuild things. >>Yeah. I mean, if you just look back to the very beginning of marketplace, when we launched the marketplace of Amazon machine instances, it was basically pre-built armies that customers could deploy into their own accounts already running the third-party software that they wanted. And when I think about where we're going with things like procurement governance, uh, we developed a thing called a private marketplace where customers could curate the various different solutions from our catalog that they want, because they want to be able to control who in their enterprise can buy what, and that's just a whole bunch of manual work that they would have had to do and reinvent the wheel from every customer to every customer. And instead we just delivered them the capability to do that same with our managed entitlements capability, where they can share entitlements across AWS accounts, within their own organizational, without having to manually track who's used how much of what, and report that back to the seller to make sure that they're compliant with the terms and conditions. We handle all that. So our customers don't have to continue to reinvent that. >>Why? Well, because it's like open source concept. It's like you're building on things that are already built. You can build on top of it. As you guys see these recipes get, or workflows get rolled out, you put them back in the microwave. >>That's right. Always learning from customers and partners. And while we've grown quite a bit, 2000 sellers, 325,000 customers and billions of dollars of products and services sold, we still have so much more to go >>Between data exchange and what you guys got going on. It's not, it's not, it's complex as it gets more and more complex. I know you guys are abstracting away the complexity and the heavy lifting for customers. What's on the horizon for you guys. What are you tackling next? What's the next mountain you're going to climb on. >>There's still more automation we can drive into the co-selling motion. And, uh, um, uh, so that's one, there's more procurement and governance, uh, capabilities that we think we're going to be able to add to customers. Basically what they're telling us is are the chief procurement officers that we face off with. They want to be able to get the best deal at the lowest price, uh, with the best and most favorable terms and conditions. So we're trying to work backwards from that need to make sure we have the right category selection, wherever they might want it, whether it be an infrastructure provider or a line of business, um, uh, a line of business solution and make sure they're able to get exactly that >>Chris, back to you for your vision. I honestly, analytics is a big part of SAS and platform billing and metering and where the data is. Data exchange. Almost imagine that's going to have a nice headroom to it in terms of what you can do with data exchange. Yeah. >>If you look at the announcements we've recently made and sort of our vision for data exchanges to help any AWS customer find subscribe to and use third party data in the cloud. And these two recent announcements really help on that use portion where someone can actually create, you know, shorten the time to value for them using some of our analytics services like Amazon Redshift. So we'll continue to innovate there and listen to customers in terms of their feedback and how we can help them really integrate their data pipelines with the rest of the AWS ecosystem. But we're also continuing to invest in the find and subscribe to portion. Steven talked about some of the automation and we've built data exchange on top of the lot of the plumbing and building blocks that AWS marketplace already had, which was a pretty significant leg up for us, but certainly the way in which people discover and find new datasets that might help them in an analytics problem is certainly an area that, you know, we're going to continue to lean into. >>And exchange has been around for a long, long time. Now it's in the cloud generation and I think you guys have such a great job in the marketplace and this next gen has more and more platform. Specific products are coming out. Partners are snapping together, a lot more integration. So a lot more action coming on integration I can imagine. Right. That's right. Definitely. Right. Thanks for coming on the cube. Really appreciate it, Steve. A great to see you. >>Appreciate it. Thanks for having us always a pleasure. >>Great to have all the action from Amazon here, marketplace continuing to be the preferred way to consume and deploy technology, and soon to be an integration hub for this next generation cloud. I'm Jeff, where to keep your watching the queue of the leader in worldwide tech coverage. Be right back.

(gentle music) (background chattering) >> Welcome to theCUBE's continuous coverage of AWS re:Invent 2021. I'm Dave Nicholson, and we are running one of the largest, most important hybrid events in the technology business. We've got two live sets here in Las Vegas, along with our two studios back home. And I'm absolutely delighted to have two fantastic guests with me. I'm joined by Stephen Manley, Chief Technology Officer from Druva. Stephen, welcome. >> Thanks, great to be here. >> Welcome back to theCUBE. >> I know. >> CUBE alumni. >> Love theCUBE. >> Along with Jake Burns, Enterprise Strategist from AWS, which I think stands for Amazon Web Services. >> You are correct, thank you. >> Fantastic, so the first question to you Jake is, well, first welcome, again, enterprise strategist, what does that mean exactly? >> Yeah, so- >> What do you do? (laughing) >> We're a team of former CIOs and CTOs who have all spent most of our time as customers and have all had large-scale success digitally transforming our organizations using the AWS Cloud. And now we work for AWS and we advise and work with some of our largest customers, share what worked for us, what didn't, and help them with the beginning stages of their cloud journey. >> Fantastic. >> And, Dave. Dave, you got to ask him, in the last year how many customers have you met? >> Oh, in the past year, I'm averaging about 150 to 200 different customers per year. >> Nice. >> So in the past three years, it's about 550. >> Nice. So can you remember all their names? Or do you do a lot of, "Hey, buddy. Hey, Sport." >> Jake: It's a lot harder with the masks on. >> Yes. >> But I recognize faces better than I remember the names. >> And Stephen, tell us about Druva. >> Yeah, so Druva, we are a SaaS data protection company. We built the first data resiliency cloud. So think of this as you might have data in endpoints, your data center, in AWS, in SaaS applications, and we're really shifting the discussion from, it's not just about backing it up, it's not just about protecting it anymore. It's about how do you recover it? how do you make sure your data is always on, always available to you? And that's really where we're trying to take the conversation. Is making sure that your data is there when you need it. >> And to be clear, this isn't just about resiliency for data that's in the cloud? This is also- >> Everywhere. >> on-premises? IT as well? >> On-premises, you might have VMs, you might have NAS servers, you might have Oracle databases on-prem, again, you might have endpoints. You might have Salesforce data, all of it. We want to make sure all your data's available to you. >> So let's focus on the relationship between Druva and AWS for a minute. It's always interesting to hear about success stories. Let's talk about inhibitors. What are the things that keep the two of you up at night? What are some of the things that... You talked about former CIOs and CTOs, CTOs like Stephen, you're working with existing CIOs and CTOs in all sorts of organizations, what are the things that are preventing them from leveraging cloud as well as they could be? Stephen, start with you on that. >> Yeah, I'll say the first thing is everybody right now is terrified of Ransomware, right? I met a CIO last night and he said, "My entire agenda for 2021, and now 2022 is security, security, security." And everyone is just searching for solutions to say, "How can I make sure that my environment is secure? How can I make sure my data is secure? Especially from these pretty much ubiquitous Ransomware attacks, because until I get that taken care of, it's really hard for me to get on these cloud transformation journeys." And so a lot of the discussion we have with them is, again, Druva in combination with AWS can actually help solve that Ransomware challenge for you so that instead of thinking it as, "Do one, and then you can do the cloud transformation." Let's put those two together, right? But for me, that's the number one thing, is people are just worried about how they're going to deal with security. >> So they're worried, but Jake, isn't it true, we'll do a little perimysium here. (laughing) Tell me the truth. >> All right. >> Isn't that the case that some people still think that effectively their money is safer under their mattress than in a bank? In other words, "I feel safer with on-prem IT than I do having it in some cloud somewhere." Are we still facing that sort of cultural divide between reality and perception? >> Yeah, there's definitely an education, widespread education effort going on right now. Training and certification, which AWS has a lot of experience with and has fantastic courses I went through when I was a customer, my team went through when we were a customer, we were able to get up-skilled very quickly. That fear of the unknown really the way to solve it is through information, through knowing how the cloud works. And it was so funny, I was just having a conversation right before this with an executive team of one of our largest customers and they were talking about how their CSO was dead set against the cloud and then one day did a complete 180. And we're seeing this all the time. When they realize what the cloud is, all the compliance and controls that we have, all of the redundancy that we have, all the benefits of being in the cloud. Then it seems to be like, there's just a moment where it clicks and then people become strong advocates. So there is still a lot of work to do in that area, but we find that people get it very quickly. >> Yeah, Stephen, you've had a long and illustrious career, I say that seriously. >> Stephen: There you go. >> And so you're living that bridging the divide between the old world of on-premises IT and cloud. What are you seeing in that regard in terms of where people's emotions are? >> Oh yeah, and that transformation that Jake talks about, I see it all the time where I'll sit down with a customer and it is exactly that, "Well, I have this on an appliance and because that appliance is under my control, I feel safer." And then we start talking about what the real threats are, that, let's face it Ransomware can come through your environment and it gets in anywhere and it can spread everywhere. And internal threats, internal bad actors, they can get at your appliances. And it very quickly shifts that conversation from, "Oh my gosh, how am I going to maintain all this? I have to do security patching, and upgrades, and I've got to watch everything." And Druva a sort of sits and says, "One of the great things that we had because we're built natively on AWS, a lot of the problems I worried about back when I built appliances are gone. I don't have to worry about capacity planning because AWS always gives me more. I don't have to worry about provisioning new equipment because it just automatically scales for me. I don't have to worry about a lot of the networking challenges that I used to have to worry about because it's built into the environment." And so a lot of what we talked to them about is, by taking these sort of daily routine things off the table, you can actually focus on the higher level value. You can focus on making your environment more secure because you're not just doing the basic blocking and tackling 'cause that's being done for you. And that really gets people sort of across that chasm. >> So you talk about basic block and tackle, in the keynote today, it was mentioned that there are 475 different types of instances within AWS. That gave me a little jolt to the heart because I was thinking back to Steve Jobs saying, "We can only have three of everything." And so sometimes with choice and with flexibility comes complexity. How does Druva manage the potential complexity that exists in the AWS space? How do you take what's best from AWS and deliver it to Druva customers to achieve what they want to achieve? >> Yeah, I think for us, that's really the benefit of being a SaaS provider is, we've designed a system from the ground up for AWS. And so, whether you're talking about the different storage types, where you've got S3, you've got Glacier, you've got Glacier Deep Archive. You have all the different instance types. You have different container services, ECS, EKS, there's all these choices. And frankly, it's something that we've spent a lot of time working on. And honestly, tons of people like Jake inside of AWS willing to help us. We characterize our workload and then they walk us through what's sort of the best practices so that we can deliver an end to end solution for the customer. So that, for our customers, it's just one simple cost, right? How much data are you storing? That's it, right? All the things happening in the background we take care of. And we take care of because we have AWS helping us design and implement this the best possible way. >> And so Jake, with all of the customer conversations that you've had, I'm sure we can guess what some of the themes have been over the last year or two with the pandemic and with things related to security. What are some of the other conversations that you're having with customers that people might not expect? >> Yeah. >> Based on what's going on? >> I think the biggest thing that would be surprising to most people is that vast majority of our conversations are about culture and about people, not about technology. We've gotten to a point where, and I've said this for a number of years, there's never been a better time to move to cloud, but that just keeps being more and more true as time goes on, as the technology gets more mature and as we have more and more examples of people who are very successful doing it. But like you said earlier, there are still some people who are used to the old way of doing things. So it's really largely an education issue, it's a culture issue. It's getting people to wrap their heads around this new way of doing things. And once they see that they get very excited about it. We very rarely see people who are kind of neutral about it. The very, very beginning stages, sometimes they're fearful. When they learn what it is they get very excited and they get very enthusiastic. And my advice to customers is to get your team excited and enthusiastic as early as possible, and they'll solve all of those process and technology problems very quickly and very easily. >> Now what are you seeing in terms of any skill gaps or skill divides? We, coming from a background where we're bridging the divide between sort of the legacy world and cloud. You have IT practitioners that have been doing this stuff for a long time. >> Right. >> That either need to move into the future or not. >> Right. >> Or you need to hire new people. Are there any challenges there in terms of finding the skill sets you need versus training up existing people? >> Yeah, so this is something I talk about a lot, and you do have a choice between hiring and trying to use the people you have and get them up skilled. I strongly favor the second. For one, it's very difficult to hire for cloud skills because it's in such high demand right now, but you use that to your advantage. And by training your staff, it's one of the kind of carrots you can use to get them excited about it. "You learn this, you will be valuable in the marketplace." And when you frame it that way, they get very excited to learn. And when you combine the training with the firsthand experience and give them opportunities to use it, and this could be everyone in the organization, it doesn't have to be like your engineering team or your infrastructure team. I had people in the help desk that learned how to become cloud engineers. When you give them that opportunity, and you give them the tools to do it, and the opportunity to use it with the training, it tends to be a much easier recipe for success. And then your problem becomes retention. But like I say, you're going to have either the problem of hiring or, retention, or you're going to have the problem of having people who don't have enough skills. I'd rather have the problem of retention. And if you have that capability of up-skilling people, then you don't really need to worry about it because there's more people all the time that are becoming more and more skilled. The other thing is, it's a lot easier to overlay cloud skills on top of people who already know your organization and your applications, than bring in new people- >> Sure. >> who have cloud skills, try to retain them and then teach them how your organization works. So there's a lot of advantages to using the people that you have, and the training is a lot easier than people think. >> So who were the people in those organizations that are making the decision to go with Druva? >> [Stephen} Right. >> And who are the people in organizations who are then managing Druva environments moving forward? Do you need a PhD in Druva- (laughing) >> Stephen: Right. >> to be able to manage an environment like that? >> I'll tell you one of the things that I talk to a lot of customers about that are going through sort of that, "How do I up skill?" Is, the first thing we try to remind them is, don't just about what you did on-premises, and then say, "And we're going to do the exact same thing in cloud." Because that is usually a path to either frustration or failure. "I had a physical appliance, I'm going to run a virtual appliance." That's not usually the right answer. So a lot of times we spend time walking them through, "Here's how you think differently. Again, cloud is dynamically scalable. You want something that breaks apart those limits. Cloud gives you 475 options, which means you have purchasing power that you never had as a company that you can have so many different options in front of you." So think of these not as how you thought of your on-premises environment, but think of it as a new way of doing things. And so what we find is the people who tend to be most attracted to Druva are those customers who are saying, "I'm spending too much time, effort, and money on my data protection environment." Which basically is everybody. Nobody wakes up and says, "I wish I could spend more time and money doing backup." And then in terms of who runs it, what we find is it often gets absorbed in sort of a cloud administrator task, right? Where they're looking more broadly across the organization. It's not just about backup, it's backup, it's disaster recovery, it's security, it's compliance because they're looking at the data as opposed to the infrastructure at that point. And that's where they can really start to grow their careers and have a lot bigger impact inside their companies. >> So I can tell that you're an awesome guy to have at a party, because you'll talk about all the risks that we face. >> Absolutely! >> Talking about data center fire drills, you're literally talking about fires and drills at that point. >> You got it. >> But so what's on the horizon for Druva? What are the things that you... When you look out into the future, in the area of resiliency, what are some of the things that you're thinking about? >> There's a couple of things for me. I think one of them, again, Ransomware is everywhere. And so many people right now are still focused on just, "Can I get a clean copy? Can I get a safe copy?" That's built into Druva. So, we're beyond that. The real focus for me is, how do we streamline your recovery process? Because for so many customers, they make this assumption that a Ransomware recovery is just like a disaster recovery. And it's not, it's not as if you just had a system outage. Someone has invaded your environment and you need to make sure that the data, the environment is clean before you recover. You're going to want clean sandboxes to play around with things before you put it in, you're going to need to work with your legal team. So a lot of what we're working with is helping them orchestrate at larger scale. I think the other area that gets really interesting is this notion of autonomous, right? We talk about self-driving cars. Again, nobody wants to spend time tuning and managing their backup environment. So as Druva moves forward it's, "How can we just do this automatically for you?" Again, we're built in the cloud, everything scales automatically. You as a customer shouldn't have to be doing anything. You shouldn't be babysitting this. Let us take care of it for you. So for me, those are the really two big things. It's cybersecurity, that full end to end recovery, and it's around the autonomous protection. >> So Jake, a reality check, anything that he just said that sounds like... (laughing) sounds out of line based on your experience talking to customers in the last year? >> Jake: No, I agree with that. And I think we're touching on something that's really powerful here, because you kind of alluded to the choice that people have in AWS and we're creating new services all the time and new features all the time, right? So these are building blocks that companies can use. And there's a lot of builders at a lot of companies that get very excited to see all these building blocks, and it's about using the right tool for the job. So by giving you more choices, we're giving you more of an opportunity to find the exact fit for the workload you have. But if you just want it to work, then we have this partner of ecosystems. Druva being one of our... My personal favorites (laughing) >> Love you , Jake. >> that build on AWS, use these very resilient, very secure building blocks to build something that's turnkey for a customer. So I think it's a great marriage and it benefits customers ultimately. So it makes us happy. >> All right, well 2022 we expect this gentlemen here to see at least 300 customers to meet his goal. That's what we're expecting from you, Jake. >> All right, I'm on it. >> Thanks to all for joining us here at theCUBE's, continuous coverage of AWS re:Invent 2021, I almost said 2022, live from Las Vegas. Stay tuned for much more from the leader in hybrid technology event programming, theCUBE. (gentle music)

>>Well, hi everybody, John Walls here on the cube. And thank you for joining us here for this cube conversation today. And we're talking about data. Of course, it's a blessing and the respect that it's become such a valuable asset. So many companies around the world, it's also a curse, obviously, because it is certainly can be vulnerable. It is under attack and Druva is all about protecting your data and preventing those attacks. And with us to talk about that a little bit more in depth as Jaspreet Singh, who is the founder and CEO at Druva and Steven Manley, who was the company's CTO. Gentlemen, thanks for being with us here on the queue. Good to see you. >>Thank you. Thank you, John. >>So Jaspreet, let me just begin with you. Let's, let's talk about the larger picture of data these days. And, and we read, it seems as though every day about some kind of invasion, you know, where some ransomware attack it's become all too commonplace. So if you wouldn't maybe just set the stage a little bit for the state of ransomware here in 2021. >>That's right. John, I think Lansing has now a new national security threat and at the scene, uh, all around us, this, uh, almost every single day, we hear about businesses getting hit with a, a new ransomware attack, uh, ransomware 1.0 was more a malware situation impacting our data. And as you know, the pandemic transformed the entire data landscape, like the application, the terror, the entire supply chain delivery model as to be more online, more connected, which, you know, for this mortar stores, this whole approach towards a malware coming in, we're also seeing ransomware 2.0, it is all about like insider techs or, or, or in general security misconfiguration, which could lead to data being exfiltrated or traded off in the market. So in general, as data is far more connected, far more expected to be online security techs from either malware or human oriented security issues are becoming more and more dominant threat to, to our, our entire data landscape. Right? >>Yeah. So, so Steven, if you would, I'd like you to just to follow up on this, this, uh, uh, will the landscape to take one of Jaspreet's terms here about what you're seeing in terms of, of kind of these evolving threats now, um, used to be probably, I don't know, five, six years ago, it was a very different, uh, set of problems and challenges and companies maybe weren't as laser focused as they are now. Um, maybe take us through that, that process, what has happened with regard to the client base that you see and you're working with in terms of their recognition and other steps that they need to take going forward as they modernize their operations? >>Yeah. You know, I th I think there's, there's two things we see from, uh, from sort of a technical perspective. The first one is in just pre-call that ransomware 1.0, ransomware 1.0, uh, is mainstream at this point, you know, so, so you, you can go out there and you don't have to be an expert hacker there's ransomware as a service. You know, your average, your average teenager can basically download a ransomware attack kit, uh, you know, get, get a pretty lightweight cloud account and attack school districts, hospitals, municipal organizations, whatever it is, you know, with what we would consider the traditional ransomware and, and that's become ubiquitous. And that's why we see all these reports of, there are multiple ransomware attacks every minute, you know, in the United States and around the world. So, so that's, that's, that's one part which is you're going to get hit. >>Now you'll probably get heading in with the more traditional ransomware, but, you know, like any industry, the ransomware people have evolved. And so it's as just breed said, they are constantly innovating. And so what we're seeing now from, uh, from sort of a marketplace standpoint is, you know, getting smarter about the ransomware attack. So, so laying low, longer, uh, you know, sort of corrupting or attacking data a little bit more slowly. So it's harder to detect specifically attacking backup infrastructure so that you won't be able to recover exfiltrating data. So that, so that now you can have sort of two types of threats, one that your data is encrypted, and the other is if you don't pay us, we're just going to post it on the internet. So, so you've got stage one, which is ubiquitous, and you've got to protect yourself against that because anyone can be attacked at any time. And then you've got stage two where it's getting smarter and that's where organizations then have to step up their game and say, I've got to keep my backup safer. Uh, I've got to be able to detect things a little bit more easily, and I need to start really understanding my data footprint. So I understand what can be exfiltrated and what that's going to mean to me as a business. >>So, Jess, um, to that point, that Steven was just talking about how the organizations need to get smarter in terms of your communications that you're having with the folks in the C-suite, um, is that point, is that you, if they readily identified today, I mean, are, do they get it, um, are the, is the communication going out to their stakeholders, are the business priorities being aligned appropriately? I mean, what, what are organizations and specifically on that executive level, what are they doing right now? Um, in terms of, of preparation in terms of protections that, that, uh, again, are so necessary, I would think. >>Yeah, absolutely. So I think we do see customers truly making strides to solving the problem. There's not a one facet that, you know, one solution fits all problem either, right? So there's, there's, there's, there's a whole productive nature of preventing ransomware detection and response. There's a readiness aspect of it, but what happens when you do get here now that recovery element to it, how do I recover in time in shape from a attack like this, the customers are evolving. They're understanding at the same time, they actually deploying appropriate technologies to, to put all the three aspects of solving the solution. What does Stickney like any of the security challenge? This is, uh, you know, there's not a one application solve all problems. Typically the OLAP and controls built by a multiple group and multiple parties to make sure you're ready to response towards a tech like this. >>And just to jump in, because one of the things I find fascinating as we go through this, the customer conversations I have, I've I've been doing, you know, sort of data protection for a long time. We won't get into that, but, but most of my time I'd spent talking to, you know, VPs of it. Maybe I'd see a CIO. It's fascinating. Now we will have conversations with boards of directors because it becomes such a big issue. And the focus is, is, is so different, right? Because they understand that this isn't just like a usual backup and recovery, or even the traditional disaster recovery that you might do from a natural disaster or some sort of hardware outage. They're seeing that there are so many stages now to an orchestrator recovery. These customers we work with where it's, it's, it's not just about, I need a little bit to technology. They're really looking for how do I operationalize all of this? You know, because once you're up at the board of directors, this is no longer a which product is better than X, Y, or Z. It's a discussion about who can really insulate me from the risk, because these, these can be business sending events. If you're not careful, >>Right? I mean, you're ready. This is a great point. And actually, Steven, I hadn't really thought about these fiduciary responsibilities that boards have. And obviously we think about operations. We think about PNL, right? We think about all, but I hadn't really thought about how also data protection. And I want to talk about data resiliency, how those come into play, as well as those board decisions are made. So let's talk about resiliency. I want you guys to explain this concept to me. Um, so the, you know, what, what's the distinction between protection and resiliency because to me, they're, they're maybe not exactly synonymous, but they're kind of cousins in some respects. So a Jaspreet, if you will talk about resiliency and how you define that. >>Sure. So I just see what I mentioned, right? The prediction was more about how do I actually save guard my data to actually, you know, recover from an incident right there, didn't say residency is all about being ready to respond in time, right? The forward-leaning pusher of making sure, you know, am I ready to not just recover from a very, uh, you know, age, old problem of application failure or, or human errors, but also a cyber attack or a, you know, a true age incident or a cyber recovery or security incident, which I'm prepared to respond in a appropriate SLA across the board. Right. Uh, and resiliency also goes beyond, you know, just the nature of data itself, right? You're, you're talking about applications, environments ecosystem to truly understand that the enterprise operation needs it. Data needs to be holistic. We talked through how do I get my business online, faster. Right. And that's the two nature of differentiation between, uh, protection going towards resiliency. >>And then as obviously driving a lot of your product development. Right. And, and, and I know you've got the data resilience, resiliency, cloud, um, service that you're offering now. So Steven blitz blitz, let's dive into that a little bit. Um, what was the Genesis of that offering and, and what do you see as its primary advantages to your clients? >>Yeah, so, so I think, I think there's, there's really those, those tier two key words there it's resiliency and it's cloud. So just brief, kind of walked about how your resiliency is that step forward. It's that shift left, whatever term you want to use. To me, the best part about the cloud is, and like I said, I've been doing this for a long time and I've yet to meet a customer. Who's come to me and said, I really wish I could spend more money and more time on my data protection infrastructure. I love sticking together, multiple separate products. It's just a great use of my time. Right? Nobody says that what they really say is, could you just solve this problem for me? This is, this is hard capacity planning and patching and upgrades and tying together all the different components from up to seven different vendors. >>This is hard work. And I just need this to work. I need this to work seamlessly. And so we, we, we looked at that cloud part and we said, well, when you think of cloud, you think of something that's flexible. You think of something that's on demand. You think of something that does the job for you. And so, you know, when we talk about this data resiliency cloud, it's about, you know, moving onto your front foot, getting aggressive, being ready for what's coming, but having, you know, frankly, Druva do it for you as opposed to saying here's some technology, good luck. You know, Mr. And Mrs. Customer, you know, we've got this solved for you, it's our job to take care of it. >>And to add to it, you know, this entire resiliency question cannot be solved to a simple, a software is approach is a fundamental belief because the same network, the same principles of operation, the same people involved, you know, what, what those are involved around the primary application that the resiliency aspect has to be air gap appropriately, not just at the data level, but ID and operations limit as well. Right? So a notion of a cloud, almost a social distancing for your data, right? And you're in your ego to the enterprise that, Hey, if anything happens to my primary network application stack data, my second Bree cloud, my redundancy cloud is ready to respond inappropriate, define SNDs to recover my Buddhist business holistically as a combination of integrating with SecOps as a combination of truly integrating disaster recovery elements with cyber recovery elements, truly understanding application recovery from a backup and recovery point of view. So holistically understanding the notion of resiliency and simplifying it to the elements of public cloud. Yes, sir. >>How do you bend that for your clients? Because as you both pointed out, they have different needs, right? And they have, they have different obviously different that they're involved in different sectors of different operations with different priorities and all that. How is the data resiliency cloud, uh, providing them with the kind of flexibility and aid, the kind of adaptability that you need in order to conform it for what you need and not necessarily, you know, what someone else in another sector is, is all about. >>So, so for me, there's a couple of things that, that is great about, about being the data resiliency cloud. One is that we've got well over 3,500 customers, which means that no matter what segment you're looking in, you're not going to be alone, right? If you're, if you're healthcare, if you're finance, if you're a manufacturing, Druva, Druva understands, you know, what you, and many of, of your similar sort of companies look like, which enables us to work in a lot of ways and enables us to understand what trends are happening across your industry, whether it's, you know, ransomware attacks that are coming across, you know, say manufacturing space and how those look or what data growth looks like, or what type of applications are important in those industries. So it's, it's really useful for us to be able to say, we understand these different verticals because we've got such a broad customer base. >>I think the second thing that comes in then is every customer. I meet the number one question they asked me, and Amanda might not be the first one, but it's the one they want to ask. It's always, how am I doing compared to everybody else? And so it's really useful to, to be able to sit down and say, look in your industry. This is what we see as the standards right now. So this is where you fall. You're sort of maybe a stage two, everybody else's at stage three will help you move forward. You, our industry as a whole is actually ahead of many of the other industries, but this is what's coming next for it for others. And so it's really useful for those customers to understand where they sit in respect to, to sort of the broader marketplace. And so that's one of the values I think we bring is that we do have such a broad understanding of our customers because we are a service as opposed to just selling software. >>Yeah. And those customers too, um, as you've talked about, they're looking maybe at their, their, their competitive landscape and trying to decide, okay, are we keeping up with the Joneses, so to speak? Um, but all of you, all of us, we're all trying to, we're trying to keep up with the bad guys. And so in terms of that going forward, what does that challenge for you at Druva in terms of being anticipatory in terms of trying to recognize, uh, their trends and their movements and, and therefore we're thinking so that you can be that, that great, uh, protective mechanism, you can be that prophylactic measure that stands between a company and something bad from happening. >>So I I'll start. And then, uh, it's funny cause, uh, you know, just breed and I had just this morning, we were actually talking about some of the future of ransomware protection and one of the things that we are using a lot in driven, and I get every company says they're doing it is the use of AIML, especially in detecting, uh, sort of unusual trends. Um, but, but you know, but I think we're different than most because the AIML we use is again, across, you know, two and a half billion backups every year, right? Because we, we get, we get visibility across everybody. So it's not just isolated, but we're looking at things like, you know, unusual access patterns in the data and usual access patterns based on administrators, because like Jaspreet said, said at the beginning, one of the things we see the ransomware attackers doing is they're trying to get entire control of your environment because if I control your environment, if I control your phone system, your email, I can get control of your backup application and delete everything. >>So we're even doing things to sort of prevent, oh, you know, we were getting unusual administrative access patterns. Let's stop that. We're getting unusual recovery patterns. Maybe that's somebody trying to steal data out. Let's track that. So our use of AIML is across a much broader data set than anybody else. And it's looking at a lot more than just, you know, sort of data, data pattern changes took to a much broader set of things. And, and basically, again, it's, it's sort of a, a bi-weekly meeting we have where Jaspreet comes in with more ideas that basically for our, for, for our team to start to go, what else can we do? Because the landscape keeps changing. >>And on top of it, I think also if you think about data protection or even data storage was never designed from a security point of view, it was always designed from a point of view of recoverability of data tool. Application issues are basically not corruption, but security or the thinking help us also fundamentally understand how do we think about elements of zero trust all around the platform and how do you make sure to what Steven mentioned, if your IDP gets compromised, if you do have a bad actor, enter a data protection solution, make us, how do you still make sure levels of automatization immutability like multiple levels of control that it plays to make sure no bad actor take construct control and true recoverability resiliency is possible across a variety of scenarios and Trudy customer driven SLA. So both foundationally, uh, we've, we've truly built something which is now, uh, it's very deep in and focused on security. The same time as Steven mentioned to understanding of customer landscape really helps us understand bad actors thought more, better, and more faster than many of our, uh, in the industry competition. >>Well, the need is great. That's for sure. And gentlemen, I want to thank you for the time today to talk about, uh, what Druva is doing and wish you continued success down the road. Thanks to you both. >>Thank >>You. All right. We've been talking about data, keeping it safe, keeping your data safe. That's what Druva is all about. And I'm John Walls and you've been watching the cube.

>>Mhm. Mhm. >>We're here with the Cube covering Calm Vault Connections 21. We're gonna look at the data protection space and how cloud computing has advanced the way we think about backup recovery and protecting our most critical data. Ranga Rajagopalan, who is the vice president of products at Con vault and Stephen Orban, who's the General manager of AWS marketplace and control services gents. Welcome to the cube. Good to see you. >>Thank you. Always A pleasure to see you here >>steve. Thanks for having us. Very >>welcome, Stephen, let's start with you. Look the cloud has become a staple of digital infrastructure. I don't know where we'd be right now without being able to access enterprise services I. T. Services remotely. Um But specifically how our customers looking at backup and recovery in the cloud, is it a kind of a replacement for existing strategies? Is it another layer of protection? How are they thinking about that? >>Yeah. Great question. David again, thank thanks for having me. And I think you know, look if you look back to 15 years ago when the founders of AWS had the hypothesis that many enterprises governments and developers we're gonna want access to on demand pay as you go I. T. Resources in the cloud. Uh None of us would have been able to predict that it would have Matured and um you know become the staple that it has today over the last 15 years. But the reality is that a lot of these enterprise customers, many of whom have been doing their own IT infrastructure for the last 10, 20 or multiple decades do have to kind of figure out how they deal with the change management of moving to the cloud. And while a lot of our customers um will initially come to us because they're looking to save money or costs, almost all of them decided to stay and go big because of the speed at which they are able to innovate on behalf of their customers and when it comes to storage and backup, that just plays right into where they're headed. And there's a variety of different techniques that customers use, whether it be, you know, a lift and shift for a particular set of applications or a data center where they do very much. Look at how can they replace the backup and recovery that they have on premises in the cloud using solutions like, but we're partnering with console to do or completely reimagining their architecture for net new developments that they can really move quickly for their customers. Um and and completely developing something brand new, where it is really a, you know, a brand new replacement and innovation for for for what they've done in the past. >>Great, thank you, Stephen Rachael, I want to ask you about the d were digital. Look, if you're not a digital business today, you're basically out of business. So, my question to you is how have you seen customers change the way they think about data protection during what I call the forced March to digital over the last 18, 19 months or customers, you know, thinking about data protection differently today >>definitely Dave and and thank you for having me and steven. Pleasure to join you on this cube interview first going back to stevens comments can't agree more. Almost every business that we talked with today has a cloud first strategy, a cloud transformation mandate and you know, the reality is back to your digital comment. There are many different paths to the hybrid multi cloud and different customers. You know, there are different parts of the journey. So I still was saying most often customers at least in the data protection perspective start the conversation by thinking here have all these tips. Can I start using cloud as my air gap long term retention target and before they realized they start moving their workloads into the cloud and none of the backup and record yesterday's are going to change. So you need to continue protecting the clothes, which is where the cloud native data protection comes in and then they start innovating around er, can I use cloud as media sites so that you know, I don't need to meet in the other side. So this year is all around us. Cloud transformation is all around us and and the real essence of this partnership between AWS and calm vault is essentially to dr and simplify all the paths to the club regardless of whether you're going to use it as a storage started or you know, your production data center, all your dear disaster recovery site. >>Yeah, it really is about providing that optionality for customers. I talked to a lot of customers and said, hey, our business resilience strategy was really too focused on D. R. I've talked to all the customers at the other end of the spectrum said we don't even have a D. R. Strategy now, we're using the cloud for that. So it's really all over the map and you want that optionality. So steven and then go ahead. >>Please, ransomware plays a big role in many of these considerations that greatly. It's unfortunately not a question of whether you're going to be hit by ransomware, it's almost we can like, what do you do when you're hit by ransomware and the ability to use the clothes scaled immediately, bring up the resources, use the cloud backups has become a very popular choice simply because of the speed with which you can bring the business back to normal our patients. The agility and the power that cloud brings to the table. >>Yeah, ransomware is scary. You don't, you don't even need a high school diploma to be a ransomware ist you can just go on the dark web and by ransomware as a service and do bad things and hopefully you'll end up in jail. Uh Stephen we know about the success of the AWS marketplace, uh you guys are partnering here. I'm interested in how that partnership, you know, kind of where it started and how it's evolving. >>Yeah, happy to highlight on that. So, look when >>we when we started >>Aws or when the founders of aws started aws, as I said 15 years ago we we realized very early on that while we were going to be able to provide a number of tools for customers to have on demand access to compute storage, networking databases that many, particularly enterprise and government government customers still use a wide range of tools and solutions from hundreds, if not in some cases thousands of different partners. I mean I talked to enterprises who literally use thousands of of different vendors to help them deliver their solutions for their customers. So almost 10 years ago, we're almost at our 10 year anniversary for AWS marketplace, we launched the first substantiation of AWS marketplace which allowed builders and customers to find try buy and then deploy third party software solutions running on amazon machine instances also noticed as armies natively right in their AWS and cloud accounts to complement what they were doing in the cloud. And over the last nearly 10 years we've evolved quite a bit to the point where we support software and multiple different packaging types, whether it be amazon machine instances, containers, machine learning models and of course SAS and the rise of software as a service. So customers don't have to manage the software themselves. But we also support data products through the AWS Data exchange and professional services for customers who want to get services to help them integrate the software into their environments. And we now do that across a wide range of procurement options. So what used to be pay as you go amazon machine instances now includes multiple different ways to contract directly, customer can do that directly with the vendor with their channel partner or using kind of our public e commerce capabilities. And we're super excited, um, over the last couple of months we've been partnering with calm vault to get their industry leading backup and recovery solutions listed on AWS marketplace, which is available for our collective customers now. So not only do they have access to convulse awesome solutions to help them protect against ransomware as we talked about and to manage their backup and recovery environments, but they can find and deploy that directly in one click right into their AWS accounts and consolidate their building relationship right on the AWS and voice. And it's been awesome to work with with Rhonda and the product teams and convo to really, um, expose those capabilities where converts using a lot of different AWS services to provide a really great native experience for our collective customers as they migrate to the cloud. >>Yeah, the marketplace has been amazing. We've watched it evolve over the past decade and, and, and it's a, it's a key characteristic of everybody has a cloud today. We're a cloud to butt marketplaces unique uh, in that it's the power of the ecosystem versus the resources of one and Ringo. I wonder from, from your perspective, if you could talk about the partnership with AWS from your view and then specifically you've got some hard news, I wonder if you could talk about that as well. >>Absolute. So the partnership has been extended for more than 12 years. Right. So aws and Commonwealth have been bringing together solutions that help customers solve the data management challenges and everything that we've been doing has been driven by the customer demand that we seek. Right customers are moving their workloads in the cloud. They're finding new ways of deploying their workloads and protecting them. Um, you know, earlier we introduced cloud native integration with the EBS API which has driven almost 70% performance improvements in backup and restores. And when you look at huge customers like coca cola who have standardized on AWS um, combo. That is the scale that they want to operate in. You manage around 1 50,000 snapshots 1200 ec, two instances across six regions. But with just one resource dedicated for the data management strategy. Right? So that's where the real built in integration comes into play and we've been extending it to make use of the cloud efficiencies like our management and auto scale and so on. Another aspect is our commitment to a radically simple customer experience and that's, you know, I'm sure Stephen would agree it's a big month for at AWS as well. That's really together with the customer demand which brought us together to introduce com ball into the AWS marketplace exactly the way Stephen described it. Now the heart announcement is coming back up and recovery is available in native this marketplace. So the exact four steps that Stephen mentioned, find, try buy and deploy everything simplified through the marketplace So that our aws customers can start using far more back of software in less than 20 minutes. A 60 year trial version is included in the product through marketplace and you know, it's a single click buy, we use the cloud formation templates to deploy. So it becomes a super simple approach to protect the AWS workloads and we protect a lot of them. Starting from easy to rds dynamodb document DB um, you know, the containers, the list just keeps going on. So it becomes a very natural extension for our customers to make it super simple to start using convert data protection for the w >>well the con vault stack is very robust. You have extremely mature stack. I want, I'm curious as to how this sort of came about and it had to be customer driven. I'm sure where your customers saying, hey, we're moving to the cloud, we had a lot of workloads in the cloud, we're calm vault customer. That intersection between calm vault and AWS customers. So again, I presume this was customer driven. but maybe you can give us a little insight and add some color to that. >>Everything in this collaboration has been customer driven. We were earlier talking about the multiple paths to chlorine vapor example and still might probably add more color from his own experience at our jones. But I'll bring it to reference Parsons who's a civil engineering leader. They started with the cloud first mandate saying we need to start moving all our backups to the cloud but we have wanted that bad actors might find it easy to go and access the backups edible is um, Conwell came together with the security features and com well brought in its own authorization controls and now we have moved more than 14 petabytes of backup data into the club and it's so robust that not even the backup administrator and go and touch the backups without multiple levels of authorization. Right. So the customer needs, whether it is from a security perspective performance perspective or in this case from a simplicity perspective is really what is driving this. And and the need came exactly like that. There are many customers who have no standardized on it because they want to find everything through the AWS marketplace. They want to use their existing, you know, the AWS contracts and also bring data strategy as part of that so that that's the real um, driver behind this. Um, Stephen and I hope actually announced some of the customers that I actively started using it. You know, many notable customers have been behind this uh, innovation, don't even, I don't know, I wanted to add more to that. >>I would just, I would, I would just add Dave, you know, look if I look back before I joined a W S seven years ago, I was the C I O at dow jones and I was leading a a fairly big cloud migration there over a number of years. And one of the impetus is for us moving to the cloud in the first place was when Hurricane Sandy hit, we had a real disaster recovery scenario in one of our New Jersey data centers um, and we had to act pretty quickly convert was, was part of that solution. And I remember very clearly Even back then, back in 2013, they're being options available to help us accelerate are moved to the cloud and just to reiterate some of the stuff that Rhonda was talking about consoles, done a great job over the last more than a decade, taking features from things like EBS and S three and EC two and some of our networking capabilities and embedding them directly into their services so that customers are able to more quickly move their backup and recovery workloads to the cloud. So each and every one of those features was as a result of, I'm sure combo working backwards from their customer needs just as we do at >>AWS >>and we're super excited to take that to the next level to give customers the option to then also by that right on their AWS invoice on AWS marketplace. >>Yeah, I mean, we're gonna have to leave it there steven, you've mentioned several times the sort of the early days of back then we were talking about gigabytes and terabytes and now we're talking about petabytes and beyond. Guys. Thanks so much. I really appreciate your time and sharing the news with us. >>Dave. Thanks for having us. >>All right. Keep it right there more from combat connections. 21. You're watching the >>cube. Mm hmm.

(Techno music plays in intro) >> We're here with theCUBE covering Commvault Connections 21. And we're going to look at the data protection space and how cloud computing has advanced the way we think about backup, recovery and protecting our most critical data. Ranga Rajagopalan who is the Vice President of products at Commvault, and Stephen Orban who's the General Manager of AWS Marketplace & Control Services. Gents! Welcome to theCUBE. Good to see you. >> Thank you, always a pleasure to see you Dave. >> Dave, thanks for having us. Great to be here. >> You're very welcome. Stephen, let's start with you. Look, the cloud has become a staple of digital infrastructure. I don't know where we'd be right now without being able to access enterprise services, IT services remotely, Um, but specifically, how are customers looking at backup and recovery in the cloud? Is it a kind of a replacement for existing strategies? Is it another layer of protection? How are they thinking about that? >> Yeah. Great question, Dave. And again, thanks. Thanks for having me. And I think, you know, look. If you look back to 15 years ago, when the founders of AWS had the hypothesis that many enterprises, governments, and developers were going to want access to on demand, pay as you go, IT resources in the cloud. None of us would have been able to predict that it would have matured and, um, you know become the staple that it has today over the last 15 years. But the reality is that a lot of these are enterprise customers. Many of whom have been doing their own IT infrastructure for the last 10, 20 or or multiple decades do have to kind of figure out how they deal with it. The change management of moving to the cloud, and while a lot of our customers will initially come to us because they're looking to save money or costs. Almost all of them decide to stay and go big because of the speed at which they're able to innovate on behalf of their customers. And when it comes to storage and backup, that just plays right into where they're headed and there's a variety of different techniques that customers use. Whether it be, you know, a lift and shift for a particular set of applications. Or a data center or where it, where they do very much look at how can they replace the backup and recovery that they have on premises in the cloud using solutions like what we're partnering with Commvault to do. Or completely re-imagining their architecture for net new developments that they can really move quickly for, for their customers and, and completely developing something brand new, where it is really a, um, you know a brand new replacement and innovation for, for, for what they've done in the past. >> Great. Thank you, Stephen. Ranga, I want to ask you about the D word, digital. Look, if you're not a digital business today, you're basically out of business. So my question to you Ranga is, is how have you seen customers change the way they think about data protection during what I call the forced March to digital over the last 18, 19 months? Are customers thinking about data protection differently today? >> Definitely Dave, and and thank you for having me and Stephen pleasure to join you on this CUBE interview. First, going back to Stephen's comments, can't agree more. Almost every business that we talk with today has a cloud first strategy, a cloud transmission mandate. And, you know, the reality is back to your digital comment. There are many different paths to the hybrid micro cloud. And different customers. You know, there are different parts of the journey. So as Stephen was saying, most often customers, at least from a data protection perspective. Start the conversation their thinking, hey, I have all these tapes, can I start using cloud as my air gap, long-term retention target. And before they realize they start moving their workloads into the cloud, and none of the backup and recovery facilities are going to change. So you need to continue protecting the cloud, which is where the cloud meta data protection comes in. And then they start innovating around DR Can I use cloud as my DR sites so that, you know, I don't need to meet in another site. So this is all around us, cloud transmissions, all around us. And, and the real essence of this partnership between AWS and Commvault is essentially to drive, and simplify all the paths to the cloud Regardless of whether you're going to use it as a storage target or, you know, your production data center or your DR. Disaster Recovery site. >> Yeah. So really, it's about providing that optionality for customers. I talked to a lot of customers and said, hey, our business resilience strategy was really too focused on DR. I've talked to all the customers at the other end of the spectrum said, we didn't even have a DR strategy. Now we're using the cloud for that. So it's a, it's really all over the map and you want that optionality. So Stephen, >> (Ranga cuts in) >> Go ahead, please. >> And sorry. Ransomware plays a big role in many of these considerations as well, right? Like, it's unfortunately not a question of whether you're going to be hit by ransomware. It's almost become like, what do you do when you're hit by ransomware? And the ability to use the cloud scale to immediately bring up the resources. Use the cloud backers has become a very popular choice simply because of the speed with which you can bring the business back to normal operations. The agility and the power that cloud brings to the table. >> Yeah. Ransomware is scary. You don't, you don't even need a high school degree diploma to be a ransomware-ist. You could just go on the dark web and buy ransomware as a service and do bad things. And hopefully you'll end up in jail. Stephen, we know about the success of the AWS Marketplace. You guys are partnering here. I'm interested in how that partnership, you know, kind of where it started and how it's evolving. >> Yeah. And happy to highlight on that. So look, when we, when we started AWS or when the founders of AWS started AWS, as I said, 15 years ago. We realized very early on that while we were going to be able to provide a number of tools for customers to have on demand access to compute storage, networking databases, that many particularly, enterprise and government government customers still use a wide range of tools and solutions from hundreds, if not in some cases, thousands of different partners. I mean, I talked to enterprises who who literally used thousands of of different vendors to help them deliver those solutions for their customers. So almost 10 years ago, we're almost at our 10 year anniversary for AWS Marketplace. We launched the first instantiation of AWS Marketplace, which allowed builders and customers to find, try, buy, and then deploy third-party software solutions running on Amazon Machine Instances, also known as AMI's. Natively, right in their AWS and cloud accounts to compliment what they were doing in the cloud. And over the last, nearly 10 years, we've evolved quite a bit. To the point where we support software in multiple different packaging types. Whether it be Amazon Machine Instances, containers, machine learning models, and of course, SAS and the rise of software as a service, so customers don't have to manage the software themselves. But we also support a data products through the AWS data exchange and professional services for customers who want to get services to help them integrate the software into their environments. And we now do that across a wide range of procurement options. So what used to be pay as you go Amazon Machine Instances now includes multiple different ways to contract directly. The customer can do that directly with the vendor, with their channel partner or using kind of our, our public e-commerce capabilities. And we're super excited, um, over the last couple of months, we've been partnering with Commvault to get their industry leading backup and recovery solutions listed on AWS Marketplace. Which is available for our collective customers now. So not only do they have access to Commvault's awesome solutions to help them protect against ransomware, as we talked about and, and to manage their backup and recovery environments. But they can find and deploy that directly in one click right into their AWS accounts and consolidate their, their billing relationship right on the AWS invoice. And it's been awesome to work with with Ranga and the, and the product teams at Commvault to really expose those capabilities where Commvault's using a lot of different AWS services to, to provide a really great native experience for our collective customers as they migrate to the cloud. >> Yeah. The Marketplace has been amazing. We've watched it evolve over the past decade and it's just, it's a key characteristic of cloud. Everybody has a cloud today, right? Ah, we're a cloud too, but Marketplace is unique in, in, in that it's the power of the ecosystem versus the resources of one. And Ranga, I wonder if from your perspective, if you could talk about the partnership with AWS from your view, and and specifically you've got some hard news. Would, if you could, talk about that as well. >> Absolutely. So the partnership has been extending for more than 12 years, right? So AWS and Commvault have been bringing together solutions that help customers solve the data management challenges and everything that we've been doing has been driven by the customer demand that we see, right. Customers are moving their workloads to the cloud. They are finding new ways of deploying the workloads and protecting them. You know, earlier we introduced cloud native integration with the EBS AVI's which has driven almost 70% performance improvements in backup and restore. When you look at huge customers like Coca-Cola, who have standardized on AWS and Commvault, that is the scale that they want to operate on. They manage around one through 3,000 snapshots, 1200 easy, two instances across six regions, but with just one resource dedicated for the data management strategy, right? So that's where the real built-in integration comes into play. And we've been extending it to make use of the cloud efficiencies like power management and auto-scale, and so on. Another aspect is our commitment to a radically simple customer experience. And that's, you know, I'm sure Stephen would agree. It's a big mantra at AWS as well. That's really, together, the customer demand that's brought us together to introduce combo into the AWS Marketplace, exactly the way Stephen described it. Now the hot announcement is calmer, backup and recovery is available in AWS Marketplace. So the exact four steps that Stephen mentioned: find, try, buy, and deploy everything simplified to the Marketplace so that our AWS customers can start using our more backup software in less than 20 minutes. A 60 day trial version is included in the product through Marketplace. And, you know, it's a single click buy. We use the cloud formation templates to deploy. So it becomes a super simple approach to protect the AWS workloads. And we protect a lot of them starting from EC2, RDS DynamoDB, DocumentDB, you know, the, the containers, the list just keeps going on. So it becomes a very natural extension for our customers to make it super simple, to start using Commvault data protection for the AWS workloads. >> Well, the Commvault stack is very robust. You have an extremely mature stack. I want to, I'm curious as to how this sort of came about? I mean, it had to be customer driven, I'm sure. When your customers say, hey, we're moving to the cloud, we had a lot of workloads in the cloud. We're a Commvault customer, that intersection between Commvault and AWS customer. So, so again, I presume this was customer driven, but maybe you can give us a little insight and add some color to that, Ranga. >> Every everything, you know, in this collaboration has been customer driven. We were earlier talking about the multiple paths to cloud and a very good example, and Stephen might probably add more color from his own experience at Dow Jones, but I I'll, I'll bring it to reference Parsons. Who's, you know, civil engineering leader. They started with the cloud first mandate saying, we need to start moving all our backups to the cloud, but we averted that bad actors might find it easy to go and access the backups. AWS and Commvault came together with AWS security features and Commvault brought in its own authorization controls. And now we are moved more than 14 petabytes of backup data into the cloud, and it's sort of as that, not even the backup administrators can go and patch the backups without multiple levels of authorization, right? So the customer needs, whether it is from a security perspective, performance perspective, or in this case from a simplicity perspective is really what is driving us and, and the need came exactly like that. There are many customers who have now standardized on AWS, they want to find everything related to this Marketplace. They want to use their existing, you know, the AWS contracts and also bring data strategy as part of that. So that, that's the real driver behind this. Stephen and I were hoping that we could actually announce some of the customers that have actively started using it. You know, many notable customers have been behind this innovation. And Stephen I don't know if you wanted to add more to that. >> I would just, I would just add Dave, you know, like if I look back before I joined AWS seven years ago, I was the CIO at Dow Jones. And I was leading a, a fairly big cloud migration there over a number of years. And one of the impetuses for us moving to the cloud in the first place was when Hurricane Sandy hit, we had a real disaster recovery scenario in one of our New Jersey data centers. And we had to act pretty quickly. Commvault was, was part of that solution. And I remember very clearly, even back then, back in 2013, there being options available to help us accelerate our move to the cloud. And, and just to reiterate some of the stuff that Ranga was talking about, you know, Commvault's done a great job over the last, more than a decade. Taking features from things like EBS, and S3, and TC2 and some of our networking capabilities and embedding them directly into their services so that customers are able to, you know, more quickly move their backup and recovery workloads to the cloud. So each and every one of those features was, is a result of, I'm sure, Commvault working backwards from their customer needs just as we do at AWS. And we're super excited to take that to the next level, to give customers the option to then also buy that right on their AWS invoice on AWS Marketplace. >> Yeah. I mean, we're going to have to leave it there. Stephen you've mentioned this several times, there's sort of the early days of AWS. We went back then we were talking about gigabytes and terabytes, and now we're talking about petabytes and beyond. Guys thanks so much. We really appreciate your time and sharing the news with us. >> Dave, thanks for having us. >> All right, keep it right there more from Commvault Connections 21, you're watching theCUBE.

(bright upbeat music) >> Oh welcome here to theCUBE's coverage, continuing coverage of AnsibleFest 2021. It's a pleasure to have you with us today and also to join us today is Stephen Elliott, who is the Group Vice President of Management Software and DevOps at IDC. Stephen Good to see you today, thanks for being here on theCUBE. >> Hey thanks John, it's great to be here. >> You bet, good no, thank you again for the time. Well let's just jump right in, I know this is right in your sweet spot. You know, talk about IT automation. You've done a lot of research on this, but let's just talk about overall if you will. Give us that 30-foot perspective of what you're seeing in terms of your research, when we talk about IT automation these days, and configuration management. >> Sure, yeah. Yeah I know, I mean, it's been fascinating to watch with COVID the acceleration of the investments in automation across the board. And really our enterprise IT inquiry that we've taken, it really is just fascinating to see. Whether it's network automation, looking at self-service configuration, looking at provisioning, looking at a patch. I mean, you name the manual toil that enterprise IT organizations are, you know, looking to automate, and we're just finding tremendous investment themes across those areas. I think on top of that, there's been a lot of acceleration of this idea of DevOps, of driving automation across development and operations teams, and in certainly realizing that it's really hard to hire great people. And so we're seeing that companies are utilizing automation as a way to drive your career development, training across teams, and then certainly as a way to augment their teams to help these teams scale when they have difficulties hiring more and more staff. >> Yeah well let's take that first one, that last point first here, I think that's a certainly invaluable point, and that we've heard a lot about labor all over in all sectors right about, you know, finding the right talent for the task. So, in terms of this process, IT automation, and you're talking about maybe some companies being so much short handed or trying to fine-tune their labor needs or whatever. Tell me a little bit more about that in terms of automation and how this helps that process rather than hinders it. >> Yeah, you know, it's interesting, sometimes when IT executives talk about automation, they talk about staff replacement. And actually for the lean forward companies, for most companies that make these investments. That's not the case at all. It's actually an augmentation strategy where they realize, look it's really hard to find great talent. We have an opportunity to take the talent we have, apply new skills, look at automation as a way to get existing teams more productive, as well as an opportunity to learn new skills across teams. You know, whether it's development, operations, site reliability engineering, IT ops, et cetera, networking, you know, we're seeing organizations have a much more impact, you know, much more impactful opportunity to do staff development. And so this helps with scale, it also just helps give organizations, you know, the opportunity to move people across teams, particularly if you've decided that there's one type of automation that you want to utilize, one type of configuration language. It makes things very interesting when you have, you know, an operations person who might want to become a site reliability engineer, or, you know, a DevOps team that understands they have to utilize automation, maybe they want to utilize it, you know, a common framework for that. So, we're seeing executives really look at this as, this isn't about staff replacement at all, it's actually quite the opposite. It's about retention, it's about career training and development, it's about, you know, being able to share staff across teams, and then certainly, you know, this whole notion of augmentation and increasing productivity have organizations realize that, you know, with these generally net new models, you know, containers, microservices, public cloud, DevOps, software defined infrastructure, you know, agile, all these different organizational constructs, and types of technology architectures are driving up complexity. So the ability to simplify that through automation, the ability to drive higher returns on investment through automated processes and workflows, you know, it's really striking a chord with executive teams. >> And this is obviously I think just part of this natural trend, right? As the complexity, the networks and operations has increased, finding efficiencies through automation, that's just kind of this natural flow. Has it been pande-- or how has it been pandemic driven to a certain respect then? You touched on that earlier with your first comments, but what have you seen let's say over the past year at how companies have been reacting to that environment into their business operations? >> Yeah, I know it's been interesting from the C-suite down particularly, where CEOs have really started to realize that often their business architecture is in fact their technology architecture. And the pandemic has forced the C-suite to change their customer engagement models more often than not. So many, you know, B2B companies now had to become B2C. And so, you know, many companies had to pull back, or scale back their operations in the case of, you know, hotel, lodging, airlines. Where they really had to realize, wow, you know, we've got to figure out something because, you know, we're not going to fill capacity. So, you had a lot of CEOs and CIOs recognize that their technology architecture in fact can help make these adjustments. And part of that is driving automated, you know, work streams, whether it's through, you know, new digital services, whether it's through, you know, faster provisioning of infrastructure for their DevOps and development application teams, whether it's driving higher levels of system reliability, which as we all know, you know, customers are pretty impatient. So if digital services aren't working, you're going to move on to something else pretty quickly and give, you know, a competitor, you know, revenue opportunity. So, I think a lot of those swim lane, you know, a lot of those tailwinds, I should say, have really struck a chord in the C-suite and has really driven investments that are driving, you know, core modernization, application modernization, customer engagement models, and business models that, you know, were around 24 months ago. We're finding that the focus on reliability of systems, you know, across the applications to involve systems and networks that are, you know, public-private are really, you know, having that transparency. These things are the foundation. You know, you think about building a house, these are foundational capabilities that from an operations perspective, from a development perspective have really helped shape a lot of the thinking and investment themes that the C-suite now, because COVID accelerated a lot of these modernization projects have really driven, you know, positive outcomes for. >> When you talk about impatience, there's also kind of a, I guess, a queasiness you might say, or some anxiety about any kind of change, you know, and as you're talking about these automated processes, and bringing the whole new realm of opportunity at the business. And so also introduces maybe some angst, I would think a little bit, or what are you telling and what do you see in clients? And what kind of advice are you giving them in terms of their IOT automation decisions and about deploying these really massive changes in some respects to how they conduct the business? >> Yeah I know it's a great question, and we get that quite often. What we advise are a couple of starting points. You know first and foremost, most organizations are automating something somewhere. And particularly with DevOps teams, development, SREs, operations, infrastructure platform teams, networking teams. You know, these teams have a lot of opportunity to automate their toil. And so you have to start somewhere. So pick a use case that, you know you can win, you can get great benefits and a high return on that investment. And as you sort of go through that at the team or departmental level, start then to think about what are additional processes, you know, across your peer group. You know, maybe you're a networking you should be talking to operations, maybe an Ops talking to the DevOps teams and development, et cetera. And really start to highlight some additional ways that you can utilize that singular platform and reach across, you know, your peer groups to drive your more integrated, more automated processes. And these are types of use cases that run the gamut. So from a development standpoint, these would be, you know application release, it would look at CICD, you know, pipeline deployments, et cetera. Of course, you know, manual, moving from manual automated testings, or hot button issue. But from an operational perspective, many of those processes interlock, right with provisioning, with security mechanisms and processes. And then of course, you know, the involvement of the network in terms of, you know, configuration, which is a common issue. So things like configuration, provisioning, self-service, you know, the interlock of security mechanisms. A lot of these are pretty common themes regardless of the team, you know, and regardless of the outcome that's, you know, required. So I think first and foremost, start small, but think big. Secondly think about a potential platform play as it relates to automation. The third piece is make sure you get the right peer groups involved and the key stakeholders. You know, this isn't something you just flip the switch and boom, you know, you're successful. This will take a little bit of time and it's impactful in terms of the team, impactful in terms of the processes and of course, you know, the technology. So having a strong leader and, you know, set of key stakeholders who can drive this to fruition, can really, you know, not only get great wins from the business perspective, but also really drive, you know, a continuous improvement model and drive that theme of automation, you know, particularly as it relates to agile and DevOps and site reliability engineering. It can really play an important role in helping scale out those successes that many of those teams are already sort of built. So it's the extension of the investment but at the same time, it just makes for, you know, a continual cycle of improvement opportunities for these teams to drive further automation across their particular processes. >> Well, this is obviously based on a lot of the AnsibleFest coverage, I talked about that off the, on the outset of the interview. And so let's just focus on Red Hat for a little bit here. First off, give me your take, give me your 2 cents on Red Hat in terms of, you know, how they're doing, and obviously some big announcements, you know, port works and then some on the Ansible Platform. So, first off give me a little idea on Red Hat, and then let's drill down to the news they're making on their announcements. >> Sure, yeah it's interesting, you know, Red Hat Ansible is continuously doing very well in the marketplace. Both from an adoption perspective, as well as just, you know, continuing to get more net new logos. In addition to that, you know, post the Red Hat IBM acquisition, IBM continues to take advantage of Ansible across its portfolio. So, you know, we're seeing further reach into the market into accounts that are both IBM and Red Hat related. I think another piece too, we've recently did some work around, you know, business value of Red Hat Ansible Automation Platform. And a lot of those customers really talked to us about this notion of, you know, starting small, but also thinking more broadly across what type of returns they could get from the platform as well as, you know, it's not just about cost reduction, right? It's really about cost containment, it's about acceleration of your pipelines, it's about driving higher levels of system reliability. So, the other thing we found our customers are really recognizing, it's a balance of business and technical metrics that they want to sort of choose to drive and measure their success. But also at the same point, it's a recognition on the part of Red Hat and their product and development teams they'd really listen to a lot of customers, gotten, you know, features in and really started to think about this breadth of how automation can support, not just operations, but development. You know, this idea of autonomous automation, you know, being able to empower different sets of personas or customers to drive, you know, faith and trust in a product to say, hey, we want to automate a particular piece of a process. And we're just going to, you know, build up the policy, inherently use the templates and boom turn it on and, you know, set it and forget it. So that, that's, you know, a coming wave where customers are starting to, you know, work with Red Hat and particularly the Ansible Platform to understand what does that mean? You know, how do we execute that? And then, you know, as we get more comfortable with turning on that more autonomous perspective, you know, how can we then spread that idea out to different teams? So, you know, we're seeing a lot of these themes and as we talk to customers, you know, hearing a lot of good feedback with regards to, you know, Red Hat and IBM taking advantage of the technology, as well as more importantly customers getting, you know, significant value and returns from the platform itself. >> Right, well Stephen, I appreciate the insights. Certainly it's an interesting future awaiting off course the world of IT automation, a lot more intelligence, right? A lot more autonomy, a lot more challenges, but I'm sure Red Hat is very much up to that. And thank you for being with us here today on theCUBE. >> Hey thank you John it great to be here. >> You bet, Stephen Elliot joining us from IDC talking about Red Hat and Ansible and we'll continue with more coverage a little bit later on theCUBE. Thanks for joining this segment with Stephen Elliott. (bright upbeat music)

(cheery synth music) >> Hello, this is theCUBE. I'm John Furrier, your host. We're here for a KubeCon CloudNativeCon preview for the North America show in Los Angeles, here in person and a virtual event. Two of the co-chairs are with me again this year, Constance Caramanolis, principal engineer at Splunk, and of course, Stephen Augustus, head of Open Source at Cisco. Great to see you guys. Hey, thanks for coming on, virtually, for the preview. >> Great to be had! >> Constance: Thank you for having us. >> Stephen: Great to see you again John. (laughing) >> Constance: Yeah. >> So I love... well, KubeCon has gotten, It's my favorite event every year. This is where the DevOps actually, where the people are reading the tea leaves, connecting the dots, but also meeting up and doing what communities do best, which is set the agenda for the next, next generation that's happening in person. Last year, it was virtual. We had the European virtual KubeCon, CloudNativeCon. This year a mix. Give us a taste of updates that you want to share. Let's get, let's get into it. >> Sure. Uh, so I think, you know, um, I-I-I think uh, seeing this event in particular and uh, you know, one, we've got this, we've got this hopeful r-return to you know, some semblance of normalcy. I know that you know, over the last year and change, we've been uh, we've been kind of itching t-t-to see each other in person. And, and you know, and, and I-I think I say on a lot of uh, interviews that I, you know, one of my favorite parts of any conference is the, is the hallway track, right? It's really hard to, and, and we've- we've made, you know, we've made strides to replicate it, but there's- I don't think there's anything uh, you know, close t-to being in person, right? And, and getting to, to bounce i-ideas off of uh, your, your co-conspirators, (laughs) co-conspirators or compatriots. Um, so I'm- I'm really excited for that, um, I love the, I love the um, the mandates that we've put in place, uh, to make sure that people are uh, a little bit more safe. Um, and, you know, overall, like seeing uh- I-I think one of the things that gets me most excited is the, is the uh, the set of day zero events, right? Um, I-I think the, the increase in the uh, day zero events, we, we've got uh, Constance, what's the, what's the count at now? I'm, I'm looking over it and, and it's uh, it's, it's massive, right? You know, SupplyChainSecurityCon, Uh, the, you know, the Cloud Native for Eclipse Foundation, it's beyond, >> Too, hmm, too many to count right off the bat when I'm looking at it. >> Too many, too many to count! >> And it's also like, this is a reduced number because some people decide or some, not people, like projects, decide to do virtual uh, days or a non-conference outside of the normal KubeCon cycle because of... >> Yeah, well, let's get, let's get- >> that thing that should not be named. >> Let's get into some of the data. >> I want to jump into the trends. But just for the folks watching, this is a hybrid event, and- >> Yeah. >> There's going to be this day zero, which is the pre-programming. Which by the way, I think has evolved into a format that's just tremendous. You got the pregame, pre-event action. Very dynamic, very ad-hoc, ephemeral in the, in the, in the, in the, in the people getting together and making things happen. Then you got the structured event. It's uh, the 11th to the 12th on the pre-programming, day zero stuff, which you talked about, and then the 13th to the 15th, the main conference. It's in-person and virtual, so it's going to be a hybrid event, which should be dynamic because you have an in-person dynamic where it's a scarce resource of the face-to-face, working and trying to create synchronicity with the asynchronous environment on virtuals. So it should be an action packed and a must-watch event. So I'm personally excited, we'll be there in person. But I got to ask you guys, the co-chairs, how are you guys handling this? How are the papers coming, what's the call for talks? How are you structuring things? Can you just give a quick overview of what's, what's happening on the talks? >> Uh, talks, uh, I feel like it went really well this round. >> Um, really like, wide variety. I know it's pretty vague, but there's a wide variety of topics, uh, things that are getting I think, I feel like more popularity, like security is getting more popular. Uh, business value, one thing that I'm really passionate about, is getting a lot more traction. Uh, student track 101 is also, as always, I guess, as ever since it's been, since inception has been popular, um, it's definitely getting to the point where we're actually, well not to the point, but maybe it's just being more highlighted that a lot of the, like, like, some of the like great content from the day zeros are also showing up in KubeCon and then like, vice versa and they're kind of everywhere. Uh, Yeah, the talks I think was really- >> John: The sessions, the sessions are always driving it. Stephen I'm like from a, from a, from a maturisation standpoint, you have the, the, the people developing and then you got the f... the things are getting hardened. Can you talk about the trends around, what's kind of hardening out from a project basis on these sessions and what's forming relative to the trend line this year. >> Yeah. So, you know, so to Constance's point, I think that we're, we're starting to see some diversity in, or continued diversity and kind of the personas that are coming into the conference, right? So whether you're talking about that continuing 101 track or, the student track, which, you know, a lot of people have, have kind of jumped in and seeing that as an opportunity to, to, to not only start becoming part of the community, but also to immediately contribute to content. And then you've got that For me? It's, it's security, all day, right? I think, you know, I think that, you know, there's not a week, there's not a week that passes that I don't have a chat with someone around what's happening in security lately. And I think you'll see that highlighted in in all of the keynotes that we have planned there are, there's not one, not two, but three uh, keynotes around software supply chain security, and some of the different things that you have to consider as we're kind of walking into the space of you know, protecting, protecting your, your build pipeline, protecting your production artifacts, so that's something that really, you know, that goes to that, you know, that goes to my work on that, you know, in Kubernetes for SIG release, release engineering, that's, you know, something that we, we know that there are countless downstream consumers, right? So, some, you know, some that we may not have even had contact with yet from the upstream perspective, right? So it's, it's paramount for us to make sure that, you know, everything that we're pushing out to the community and to the wider world is safe to consume. So, so security is definitely top of mind for me. I would say for, you know, lots of things around you know, continue, continuing to talk about uh, GitOps observability. And I think, and I think that, you know, each of these, what's, you know, what's fun about um, each of these, uh, the, each of these topics, each of these areas is that they're all interconnected, right? So more and more you're seeing, you're seeing, oh, well, you know, the, you know, the Tekton folks are, you know, are talking to the Flux folks. And, and they're talking to the, the folks who are working on uh, Sigstore and Rekor and, and, and all of these fun tools about how to integrate into, you know, how to integrate into those respective areas. Um, so it's, it's, it's really a time of um, collaboration underscored by um, you know, protecting, protecting the community and the, and the end users. >> John: Yeah. We're seeing a lot of ah, um, you know, the security discussions. I mean, how far can you shift left before it becomes like standard, right? So like, you know, we're seeing that being built in. I got to ask you guys also on the trend of DevOps there's been a lot of conversations around Cloud Native, around obsolete management and in terms of ability, but data, the role of data has been different approaches on how people are leveraging machine learning and AI, can you, did that come up a lot in, in some of the, the discussions and the analysis? Because everyone's slapping machine learning on things these days, and there's a little bit of that going on, but it seems to be data and machine learning and horizontal scale, classic DevOps, things are happening. What's your reaction to, to some of those things that are happening? Can you guys, is there anything happening there? >> I feel like this year wasn't that big of a machine learning year in terms of submissions. >> Yes. >> I'm certain you agree with that, but it wasn't, as I think, like, security took a lot and, and, like, and this might also just be like, thinking about it holistically now, like security was, had such amazing submissions that it probably took a little bit of the spotlight off of when we were looking at the machine learning ones. Um... >> John: So security... >> Also I'm biased, so I think >> John: So security dominated more than, than everyone else did. >> Yeah. I think, you know, I think for this year, security is, security is dominating. I, you know, I think we even talked about this in the last uh, chat we had, um, the, you know, kind of from the AI side, I think you're, we're, we're running, there have been discussions around the, uh, you know, bias in, in AI models and um, you know, how we work through that, um, I'm not sure that we have any content for that this time around, but I think it, yeah, but I think, you know, as we start to talk about like how we collect data, you know, are, are we collecting the right types of data, how we serve it, especially as a, those relate to like collecting data at the edge, right? Like, how do we, how do we, how, how do we even deploy applications at the edge? We, we have a lot of potential solutions for that. But when you combine that with, well, how do we, how do we scrape information from the things that we're deploying from the edge, right? Or, or, or some, some of the things you'll see in the, in the program. >> Constance and Stephen, talk about the community vibe right now, because you know, that's the biggest part of this conference is seeing how the people come together, but it's also the vibe sets the tone. What's, what's the current vibe in the community that you're seeing and what do we expect this year at KubeCon, CloudNativeCon? >> Yeah, I'm going to say, I imagine the community's tired and it's been a long few, two years. It feels like 10 years, it feels like forever. And a lot of the in-person aspect that used to be like social validation, we just get like is lacking, so, but that being said, there's still been amazing, like collaboration from like the open, from like the Observability and Open Telemetry part. Like, I am seeing so many projects within the tag Observability collaborate together and making that a focus. And so even though we are tired, it's still, we're still doing good work. And we're still making a point of trying to keep that community tight even though it's much harder on Zoom and right, you know, it's going to try and do the awkward, like Zoom handshake. It just doesn't do the same thing there. But to Stephen's keynote, can't remember how long ago it is, about like resiliency. We are pretty resilient. And we're also, I think we're all learning to work at a slower pace because maybe we were working too fast beforehand. And I think that, I think that's a really good takeaway from all of this. So I think it's going to, for as safe as it can be to have some variation, it's probably going to just be like, it's going to be a big party because we're going to finally get to see each other after a long time then. >> John: Yeah. >> I hope we get to do that in a safe way. >> Stephen, you bring it in, Steve, you go. Oh, Steve, you always got the energy certainly on camera, but in person as well. >> (laughs) >> This in-person dynamic this year is huge. >> Yeah, we, >> Wh-what do you think is going to happen? What, give us your take. >> Yeah, so I mean, I, you know, I would echo Constance in saying that, you know, we're, we're, we're all tired, we're all very tired at this point. Um, but I, you know, but, they, they, the conference tagline for, for North America is, uh, is 'Resilience Realized', right? I think that, you know, throughout this, this year, um, the, the contributors, maintainers of, of all of these, you know, CNCF projects have made incredible strides uh, to empower the communities to, to, uh, to be together, to be family, to, to work better together, um, in spite of, you know, in spite of uh, location, location uh, boundaries, in spite of, you know, uh, uh, health concerns, like we've, we've really made the effort to um, to show up for each other. Um, so I think that, you know, what we'll see in the conference and, and, you know, one of my favorite tracks personally um, is the, the community track, um, so lots of, lots of content around, you know, a-around community building, around uh, I think more of the, the meta of, of maintaining communities, right? So the, you know, the, the, the, the code of conduct committee, as well as uh, steering committee uh, for Kubernetes got together um, last conference to, to talk about the values and principles of the community, right? And, and I think that, you know, that, that needs to continue to be highlighted, um, you know, some of the conversations that we've had around um, how you maintain groups, you know, how do you maintain groups, especially as um, especially as a, the, the, the size of the group grows, right? Once you escape that kind of like Dunbar's number uh, area, like it gets harder and harder to s have the s the same bandwidth conversations that you would in a smaller group, right? So making sure that we're continuing to, to have valuable conversations, but also be inclusive while we're doing that is, um, is something that will continue to be highlighted over the next year and change really. >> Well. I'm really impressed by what you guys do. And I know we're all tired getting, and we want to get back and, hats off to pulling it together and creating a great program because your, your group and your community is a social construct. It's, it's, we're all social animals. And this whole COVID virtual, now hybrid really is going to, going to show in real world as all playing out, and we're going to see how it evolves, and evolution is part of social communities. And I think that the progress has been made and, you know, and with the team and you guys putting together this great event. So my hat's off to you guys, thanks for, for doing that. Appreciate, great stuff. >> Thank you, thank you. >> Now, final question, um, what do you expect? Given, I mean, this is a social organization, um, things evolve, we're social organisms. We're going to be face to face. We're going to have virtual. We're going to have great talks, security obviously is prime time, Mainstream Enterprise Adoption in Kubernetes and Cloud Native. This is crunch time, so what do you guys expect for this event? Share your thoughts. >> Yeah, I-I think there's going to be lots of um, lots of fun, uh, I think uh more social conversations, less structured. Um, you know, i-if you have, if you haven't had the opportunity to kind of hang out on CNCF Slack, while one of these events are happening, we, we've spun up something of like a hallway track. Um, so, so people are hanging out, they're giving their takes during the um, you know, you know, in between uh talks, there, there was also a, you know, kind of after conference uh, hangout for, for the hallway track that we did. Um, so w we definitely want to continue some of that stuff. Um, as you know, between the last few conferences we've launched uh, Cloud Native TV um, and lots of great producers uh, and, and, and content over there. So you'll see, you'll see, kind of, us start to break the wall between um, that virtual content that we've created uh, across the last few months, as well as, you know, th s seeing that turn physical, right? Um, so how do we, you know, how, how do we, how do we manage that and h-how do we make that seamless for people who may be maybe participating virtually as opposed to physically, right. That there's going to be a bit of um, there, there's an aspect of like, you're, you're almost running two conferences, right. Simultaneously. So. >> It's a total experiment in the real world, but it's, it's all important. It's super important. Constance, your thoughts on, on the event, what people are expecting to see and surprises that might emerge, what do you, what's your thoughts? >> Um, I, well actually, see while you were saying something, I had an idea that I think we can make it more connected, So I just wrote it down, um, uh, I, I have some silly ideas when it comes to the conference stuff, which is why Stephen's laughing, although you can't see it. >> (both men laughing) >> Um, my, I, like, I'm, I'm trying to go in with no expectations, mostly because I'm so excited. I don't want to be disappointed um, and I don't want to miss out. I think, I actually think that probably a lot of the discussions are just going to be like, hi, like, it's so nice to actually meet you and just talk about random things. Maybe not as much technology discussions as maybe there would be at a normal, I like, ah, I don't want to say normal, right? Because we are in a new normal, like what KubeCon was several years ago. Um, I think that I do. I think that it would be probably a little painful, this hybrid part, since we don't know what to expect. I think there's going to be so many things that we're going to look back and be like, face palm and be like, oh, we should've thought about these things. So for anyone who's attending virtually, apologies in advance, and please give us feedback. There's so many things I know we're going to have to improve, we just, we don't know them yet. So please be patient with us and know that we wish that you could be there in person with us too. >> Um, uh, I don't know. >> Well, that's the thing, that's the thing. >> I'm just going to go in there with an open mind. Well that's the thing, it's, it's new, it's all new, virtual. So it's, it's, we're learning together. That's, I think, people put too much pressure. I think people like expecting, you know, some magic to happen, but it's all evolving. And I think the magic is the event. And I think, I think it's going to work out great. And by the way, there's no downside it's, you know, learn. >> Exactly! >> So, yeah. So, you know, so one of the things that I um, I, I have this spiel that I give to um, the release team, the Kubernetes release team, every time we start a new cycle, right? Um, you've got a set of returning contributors. You've got a set of uh, net new contributors, right? And um, and, and moving into the release team, you're kind of like thrown right into the fire of Kubernetes, right? So it's, it's, it's one of those things. I, I, I come in and, and, and, essentially say, um, be curious, question everything. Um, this is like, it's a, it's, it's very much like a human experience, right? And I think that, you know uh, to, to Constance's point, we're all here to, to learn and grow, make this a better experience for everyone. Um, so bring yourself, like bring yourself to the conference, right? I think it's, you know, in, in terms of offering feedback, we have, you know, feedback forms for every one of the, you know, every one of the, the talks that you attend, um, you can feel free to reach out to Constance, and myself and, and Jasmine, um, if you have feedback that you want to give personally, you know, there, there are, there are ways to get in touch with us. There are ways to make the event better. And I think that every time we, we uh, we incorporate, like, we incorporate a lot of this feedback into the next conference. So every time um, you provide some piece of information for us, that gives us an opportunity to make it better, right? So this conference is built, uh, this conference is built by the community, right? The, you know, it's not just a, you know, it's not a, you know, it's not a body just uh making, making decisions kind of off the cuff, it's, we are taking your ideas and we're trying to turn them into a program, right? So it's, it's the maintainers, it's the end users. It's the students, it's people who have never used Kubernetes in their lives, or never used Cloud Native technology in their lives. It's folks who are coming from the, you know, the, the corporate IT kind of classic uh, background, and, and just trying to understand how to be effective in this, in this new world for them. Um so it's like, it takes all kinds and we, we don't get it done without your feedback. So please, um, as you're coming to the conference, whether it's in-person or virtually, like, bring yourselves, be curious, ask questions, um, provide that feedback. And then um, and I think, you know, from the, you know, th-the kind of from the uh, the, yes, we need to be human, but we also need to um recognize some of the, the requirements, uh, that, that are, that we have going into this conference. So reminder that, you know, all of, all of the events are under, you know, under a code of conduct, please make sure to familiarize yourself with uh, code of conduct. I think that um, you know, I-I think that coming back into a physical space for a lot of people, the um, the, some of the social skills can, can erode over time. So please not just bring yourself, bring your best self. And, you know, be sure to review all of the policies around health and, and safety as we go into this. >> Constance, Stephen, that's great stuff. Love talking with you guys. Constance, you want to add something? Go ahead. >> I want to add one thing, also be gentle with yourself and like, be really kind to yourself and others, because this is going to be really overwhelming. I haven't been around more than 10 people at once in almost two years. And so, just remember to be kind as well, always be curious and question everything. >> Yeah. That's great stuff. Great reminder. This is what it's all about, face-to-face. Face-to-face, presence, being together, but also having the openness and the community around you. A lot of mentoring, you guys have a great community for people coming in that are new and there's great mentors, people are open and cool, great community. Thanks for coming on for this special preview for KubeCon CloudNativeCon, thank you so much. >> Thanks for having us. >> Thank you. >> Okay, this is theCUBE's coverage of Kubecon CloudNative, and we've been every year of KubeCon. It's been in fantastic growth. Going the next level again in person, a lot of security, real time adoption should be uh, should be great, virtual and in-person. I'm John Furrier, thanks for watching. (cheery synth music)

>>Hello and welcome back to the cubes coverage of dr khan 2021. I'm john for your host of the cube. Great guests here cube alumni Stephen Chin, vice president of developer relations for jay frog Stephen, great to see you again this remote this time this last time was in person. Our last physical event. We had you in the queue but great to see you. Thanks for coming in remotely. >>No, no, I'm very glad to be here. And also it was, it was awesome to be in person at our s a conference when we last talked and the last year has been super exciting with a whole bunch of crazy things like the I. P. O. And doing virtual events. So we've, we're transitioning to the new normal. We're looking forward to things getting to be hybrid. >>Great success with jay frog. We've been documenting the history of this company, very developer focused the successful I. P. O. And just the continuation that you guys have transitioned beautifully to virtual because you know, developer company, it runs virtual, but also you guys have been all about simplicity for developers and and we've been talking for many, many years with you guys on this. This is the theme that dr khan again, this is a developer conference, not so much an operator conference, but more of a deva deV developer focused. You guys have been there from the beginning, um nationally reported on it. But talk about jay Frog and the Doctor partnership and why is this event so important for you? >>Yeah. So I think um like like you said, jay Frog has and always is a developer focused company. So we we build tools and things which which focus on developer use cases, how you get your code to production and streamlining the entire devoPS pipeline. And one of the things which which we believe very strongly in and I think we're very aligned with with doctor on this is having secure clean upstream dependencies for your Docker images for other package and language dependencies and um you know, with the announcement of dr khan and dr Hubbs model changing, we wanted to make sure that we have the best integration with doctor and also the best support for our customers on with Docker hub. So one of the things we did strategically is um, we um combined our platforms so um you can get the best in class developer tools for managing images from Docker. Um everyone uses their um desktop tools for for building and managing your containers and then you can push them right to the best container registry for managing Docker Images, which is the jay frog platform. And just like Docker has free tools available for developers to use. We have a free tier which integrates nicely what their offerings and one of the things which we collaborate with them on is for anybody using our free tier in the cloud. Um there's there's no limits on the Docker images. You can pull no rate limiting, no throttling. So it just makes a clean seamless developer experience to to manage your cloud native projects and applications. >>What's the role of the container registry in cloud NATO? You brought that up? But can you just expand on that point? >>Yeah. So I think when you when you're doing deployments to production, you want to make sure both that you have the best security so that you're making sure that you're scanning and checking for vulnerabilities in your application and also that you have a complete um traceability. Basically you need a database in a log of everything you're pushing out to production. So what container registries allow you to do is um they keep all of the um releases all of the Docker images which are pushing out. You can go back and roll back to a previous version. You can see exactly what's included in those Docker images. And we jay frog, we have a product called X ray which does deep scanning of container images. So it'll go into the Docker Image, it'll go into any packages installed, it'll go into application libraries and it does kind of this onion peel apart of your entire document image to figure out exactly what you're using. Are there any vulnerabilities? And the funny thing about about Docker Images is um because of the number of libraries and packages and installed things which you haven't given Docker Image. If you just take your released Docker Image and let it sit on the shelf for a month, you have thousands of vulnerabilities, just just buy it um, by accruing from different reported zero day vulnerabilities over time. So it's extremely important that you, you know what those are, you can evaluate the risk to your organization and then mitigated as quickly as possible. If there is anything which could impact your customers, >>you bring up a great point right there and that is ultimately a developer thing that's been, that's generational, you know what generation you come from and that's always the problem getting the patches in the old days, getting a new code updated now when you have cloud native, that's more important than ever. And I also want to get your thoughts on this because you guys have been early on shift left two years ago, shift left was not it was not a new thing for you guys ever. So you got shift left building security at the point of coding, but you're bringing up a whole another thing which is okay automation. How do you make it? So the developments nothing stop what they're doing and then get back and say, okay, what's out there and my containers. So so how do you simplify that role? Because that's where the partnership, I think really people are looking to you guys and Dakar on is how do you make my life easier? Bottom line, what's it, what's it, what's it about? >>Yeah. So I I think when you when you're looking at trying to manage um large applications which are deployed to big kubernetes clusters and and how you have kind of this, this um all this infrastructure behind it. One of the one of the challenges is how do you know what you have that in production? Um So what, how do you know exactly what's released and what dependencies are out there and how easily can you trace those back? Um And one of the things which we're gonna be talking about at um swamp up next week is managing the overall devops lifecycle from code all the way through to production. Um And we we have a great platform for doing package management for doing vulnerability scanning, for doing um ci cd but you you need a bunch of other tools too. So you need um integrations like docker so you can get trusted packages into your system. You need integrations with observe ability tools like data, dog, elastic and you need it some tools for doing incident management like Patriot duty. And what we've, what we've built out um is we built out an ecosystem of partner integrations which with the J frog platform at the center lets you manage your entire and and life cycle of um devops infrastructure. And this this addresses security. It addresses the need to do quick patches and fixes and production and it kind of stitches together all the tools which all of the successful companies are using to manage their fast moving continuous release cycle, um and puts all that information together with seamless integration with even developer tools which um which folks are using on a day to day basis, like slack jeer A and M. S. Teams. >>So the bottom line then for the developer is you take the best of breed stuff and put it, make it all work together easily. That right? >>Yeah. I mean it's like it's seamless from you. You've got an incidents, you click a button, it sticks Ajira ticket in for you to resolve. Um you can tie that with the code, commits what you're doing and then directly to the security vulnerability which is reported by X ray. So it stitches all these different tools and technologies together for a for a seamless developer experience. And I think the great relationship we have with Docker um offers developers again, this this best in class container management um and trusted images combined with the world's best container registry. >>Awesome. Well let's get into that container issue products. I think that's the fascinating and super important thing that you guys solve a big problem for. So I gotta ask you, what are the security risks of using unverified and outdated Docker containers? Could you share your thoughts on what people should pay attention to because if they got unverified and outdated Docker containers, you mentioned vulnerabilities. What are those specific risks to them? >>Yeah, so I there's there's a lot of um different instances where you can see in the news or even some of the new government mandates coming out that um if you're not taking the right measures to secure your production applications and to patch critical vulnerabilities and libraries you're using, um you end up with um supply chain vulnerability risks like what happened to solar winds and what's been fueling the recent government mandates. So I think there's a there's a whole class of of different vulnerabilities which um bad actors can exploit. It can actually go quite deep with um folks um exploiting application software. Neither your your company or in other people's systems with with the move to cloud native, we also have heavily interconnected systems with a lot of different attack points from the container to the application level to the operating system level. So there's multiple different attack vectors for people to get into your software. And the best defense is an organization against security. Vulnerabilities is to know about them quickly and to mitigate them and fix them in production as quickly as possible. And this requires having a fast continuous deployment strategy for how you can update your code quickly, very quick identification of vulnerabilities with tools like X ray and other security scanning tools, um and just just good um integration with tools developers are using because at the end of the day it's the developers who both are picking the libraries and dependencies which are gonna be pushed into production and also they're the ones who have to react and and fix it when there's a uh production incident, >>you know, machine learning and automation. And it's always, I love that tech because it's always kind of cool because it's it's devops in action, but you know, it's it's not like a silver bullet, your machine, your machine learning is only as good as your your data and the code is written on staying with automation. You're not automating the right things or or wrong things. It's all it's all subjective based on what you're doing and you know Beauty's in the eye of the beholder when you do things like that. So I wanna hear your thoughts on on automation because that's really been a big part of the story here, both on simplicity and making the load lighter for developers. So when you have to go out and look at modifying code updates and looking at say um unverified containers or one that gets a little bit of a hair on it with with with more updates that are needed as we say, what do you what's the role of automation? How do you guys view that and how do you talk to the developers out there when posturing for a strategy on and a playbook for automation? >>Yeah, I think you're you're touching on one of the most critical parts of of any good devops um platform is from end to end. Everything should be automated with the right quality gates inserted at different points so that if there's a um test failure, if you have a build failure, if you have a security vulnerability, the the automatic um points in there will be triggered so that your release process will be stopped um that you have automated rollbacks in production um so that you can make sure that their issues which affect your customers, you can quickly roll back and once you get into production um having the right tools for observe ability so that you can actually sift through what is a essentially a big data problem. So with large systems you get so much data coming back from your application, from the production systems, from all these different sources that even an easy way to sift through and identify what are the messages coming back telling you that there's a problem that there's a real issue that you need to address versus what's just background noise about different different processes or different application alerts, which really don't affect the security of the functionality of your applications. So I think this this end to end automation gives you the visibility and the single pane of glass to to know how to manage and diagnose your devops infrastructure. >>You know, steve you bring up a great point. I love this conversation because it always highlights to me why I love uh Coop Con and Cloud Native con part of the C N C F and dr khan, because to me it's like a microcosm of two worlds that are living together. Right? You got I think Coop khan has proven its more operated but not like operator operator, developer operators. And you got dr khan almost pure software development, but now becoming operators. So you've got that almost those two worlds are fusing together where they are running together. You have operating concerns like well the Parachute open, will it work? And how do I roll back these roll back? These are like operating questions that now developers got to think about. So I think we're seeing this kind of confluence of true devops next level where you can't you can be just a developer and have a little bit of opposite you and not be a problem. Right? Or or get down under the under the hood and be an operator whenever you want. So they're seeing a flex. What's your thoughts on this is just more about my observation kind of real time here? >>Yeah, so um I think it's an interesting, obviously observation on the industry and I think you know, I've been doing DEVOPS for for a long time now and um I started as a developer who needed to push to production, needed to have the ability to to manage releases and packages and be able to automate everything. Um and this naturally leads you on a path of doing more operations, being able to manage your production, being able to have fewer incidents and issues. Um I think DEVOPS has evolved to become a very complicated um set of tools and problems which it solves and even kubernetes as an example. Um It's not easy to set up like setting up a kubernetes cluster and managing, it is a full time job now that said, I think what you're seeing now is more and more companies are shifting back to developers as a focus because teams and developers are the kingmakers ends with the rise of cloud computing, you don't need a full operations team, you don't need a huge infrastructure stack, you can you can easily get set up in the cloud on on amazon google or as your and start deploying today to production from from a small team straight from code to production. And I think as we evolve and as we get better tools, simpler ways of managing your deployments of managing your packages, this makes it possible for um development teams to do that entire site lifecycle from code through to production with good quality checks with um good security and also with the ability to manage simple production incidents all by themselves. So I think that's that's coming where devoPS is shifting back to development teams. >>It's great to have your leadership and your experience. All right there. That's a great call out, great observation, nice gym there. I think that's right on. I think to get your thoughts if you don't mind going next level because you're, you're nailing what I see is the successful companies having these teams that could be and and workflows and have a mix of a team. I was talking about Dana Lawson who was the VP of engineering get up and she and I were riffing on this idea that you don't have to have a monolithic team because you've got you no longer have a monolithic environment. So you have this microservices and now you can have these, I'm gonna call micro teams, but you're starting to see an SRE on the team, that's the developer. Right? So this idea of having an SRE department maybe for big companies, that could be cool if you're hyper scalar, but these development teams are having certain formations. What's your observation to your customer base in terms of how your customers are organizing? Because I think you nailed the success form of how teams are executing because it's so much more agile, you get the reliability, you need to have security baked in, you want end to end visibility because you got services starting and stopping. How are teams? How are you seeing developers? What's the state of the art in your mind for formation? >>Yeah, so I think um we we work with a lot of the biggest companies who were really at the bleeding edge of innovation and devoPS and continuous delivery. And when you look at those teams, they have, they have very, very small teams, um supporting thousands of developers teams um building and deploying applications. So um when you think of of SRE and deVOPS focus there is actually a very small number of those folks who typically support humongous organizations and I think what we're hearing from them is their increasingly getting requirements from the teams who want to be self service, right? They want to be able to take their applications, have simple platforms to deploy it themselves to manage things. Um They don't they don't want to go through heavy way processes, they wanted to be automated and lightweight and I think this is this is putting pressure on deVOPS teams to to evolve and to adopt more platforms and services which allow developers to to do things themselves. And I think over time um this doesn't this doesn't get rid of the need for for devops and for SRE roles and organizations but it it changes because now they become the enablers of success and good development teams. It's it's kind of like um like how I. T. Organizations they support you with automated rollouts with all these tools rather than in person as much as they can do with automation. Um That helps the entire organization. I think devops is becoming the same thing where they're now simplifying and automating how developers can be self service and organizations. >>And I think it's a great evolution to because that makes total sense because it is kind of like what the I. T. Used to do in the old days but its the scale is different, the services are different, the deVOPS tools are different and so they really are enabling not just the cost center there really driving value. Um and this brings up the whole next threat. I'd love to get your thoughts because you guys are, have been doing this for developers for a while. Tools versus platform because you know, this whole platform where we're a platform were control plane, there's still a need for tooling for developers. How do we thread the needle between? What's, what's good for a tool? What's good for a platform? >>Yeah, So I I think that um, you know, there's always a lot of focus and it's, it's easier if you can take an end to end platform, which solves a bunch of different use cases together. But um, I I think a lot of folks, um, when you're looking at what you need and how you want to apply, um, devops practices to your organization, you ideally you want to be able to use best in breed tools to be able to solve exactly what your use cases. And this is one of the reasons why as a company with jay frog, we we try to be as open as possible to integrations with the entire vendor ecosystem. So um, it doesn't matter what ci cd tool you're using, you could be using Jenkins circle, ci spinnaker checked on, it doesn't matter what observe ability platform you're using in production, it doesn't matter what um tools you're using for collaboration. We, we support that whole ecosystem and we make it possible for you to select the the best of breed tools and technologies that you need to be successful as an organization. And I think the risk is if, if you, if you kind of accept vendor lock in on a single platform or or a single cloud platform even um then you're, you're not getting the best in breed tools and technologies which you need to stay ahead of the curve and devops is a very, very fast moving um, um, discipline along with all the cloud native technologies which you use for application development and for production. So if you're, if you're not staying at the bleeding edge and kind of pushing things forward, then you're then you're behind and if you're behind, you're not be able to keep up with the releases, the deployments, you need to be secure. So I think what you see is the leading organizations are pushing the envelope on on security, on deployment and they're they're using the best tools in the industry to make that happen. >>Stephen great to have you on the cube. I want to just get your thoughts on jay frog and the doctor partnership to wrap this up. Could you take them in to explain what's the most important thing that developers should pay attention to when it comes to security for Docker images? >>Yeah. So I think when you're when you're developer and you're looking at your your security strategy, um you want tools that help you that come to you and that help you. So you want things which are going to give you alerts in your I. D. With things which are going to trigger your in your Ci cd and your build process. And we should make it easy for you to identify mitigate and release um things which will help you do that. So we we provide a lot of those tools with jay frog and our doctor partnership. And I think if you if you look at our push towards helping developers to become more productive, build better applications and more secure applications, this is something the entire industry needs for us to address. What's increasingly a risk to software development, which is a higher profile vulnerabilities, which are affecting the entire industry. >>Great stuff. Big fan of jay frog watching you guys be so successful, you know, making things easy for developers is uh, and simpler and reducing the steps it takes to do things as a, I say, is the classic magic formula for any company, Make it easier, reduce the steps it takes to do something and make it simple. Um, good success formula. Great stuff. Great to have you on um for a minute or two, take a minute to plug what's going on in jay frog and share what's the latest increase with the company, what you guys are doing? Obviously public company. Great place to work, getting awards for that. Give the update on jay frog, put a plug in. >>Yeah. And also dr Frog, I've been having a lot of fun working at J frog, it's very, very fast growing. We have a lot of awesome announcements at swamp up. Um like the partnerships were doing um secure release bundles for deployments and just just a range of advances. I think the number of new features and innovation we put into the product in the past six months since I. P. O. Is astounding. So we're really trying to push the edge on devops um and we're also gonna be announcing and talking about stuff that dr khan as well and continue to invest in the cloud native and the devops ecosystem with our support of the continuous delivery foundation and the C. N C F, which I'm also heavily involved in. So it's it's exciting time to be in the devoPS industry and I think you can see that we're really helping software developers to improve their art to become better, better at release. Again, managing production applications >>and the ecosystem is just flourishing. It's only the beginning and again Making bring the craft back in Agile, which is a super big theme this year. Stephen. Great, great to see you. Thanks for dropping those gems and insights here on the Cube here at Dr. 2021 virtual. Thanks for coming on. >>Yeah. Thank you john. >>Okay. Dr. 2020 coverage virtual. I'm John for your host of the Cube. Thanks for watching. Mhm. Mhm. Yeah.

>> Narrator: From around the globe, it's theCUBE with coverage of KubeCon and CloudNativeCon Europe, 2021 Virtual brought to you by Red Hat, the Cloud Native Computing Foundation and Ecosystem Partners. >> Hello, welcome back to theCUBE'S coverage of KubeCon and CloudNativeCon 2021 Virtual, I'm John Furrier your host of theCUBE. We've got two great guests here, always great to talk to the KubeCon co-chairs and we have Stephen Augustus Head of Open Source at Cisco and also the KubeCon co-chair great to have you back. And Jasmine James Manager and Engineering Effectives at Twitter, the KubeCon co-chair, she's new on the job so we're not going to grill her too hard but she's excited to share her perspective, Jasmine, Stephen great to see you. Thanks for coming on theCUBE. >> Thanks for having us. >> Thank you. >> So obviously the co-chairs you guys see everything upfront Jasmine, you're going to learn that this is a really kind of key fun position because you've got to multiple hats you got to wear, you got to put a great program together, you got to entertain and surprise and delight the attendees and also can get the right trends, pick everything right and then keep that harmonious vibe going at CNCF and KubeCon is hard so it's a hard job. So I got to ask you out of the gate, what are the top trends that you guys have selected and are pushing forward this year that we're seeing evolve and unfold here at KubeCon? >> For sure yeah. So I'm excited to see, and I would say that some of the top trends for Cloud Native right now are just changes in the ecosystem, how we think about different use cases for Cloud Native technology. So you'll see lot's of talk about new architectures being introduced into Cloud Native technologies or things like WebAssembly. WebAssembly Wasm used cases and really starting to and again, I think I mentioned this every time, but like what are the customer used cases actually really thinking about how all of these building blocks connect and create a cohesive story. So I think a lot of it is enduring and will always be a part. My favorite thing to see is pretty much always maintainer and user stories, but yeah, but architecture is Wasm and security. Security is a huge focus and it's nice to see it comes to the forefront as we talked about having these like the security day, as well as all of the talk arounds, supply chain security, it has been a really, really, really big event (laughs) I'll say. >> Yeah. Well, great shot from last year we have been we're virtual again, but we're back in, the real world is coming back in the fall, so we hopefully in North America we'll be in person. Jasmine, you're new to the job. Tell us a little about you introduce yourself to the community and tell more about who you are and why you're so excited to be the co-chair with Stephen. >> Yeah, absolutely. So I'm Jasmine James, I've been in the industry for the past five or six years previous at Delta Airlines, now at Twitter, as a part of my job at Delta we did a huge drive on adopting Kubernetes. So a lot of those experiences, I was very, very blessed to be a part of in making the adoption and really the cultural shift, easy for developers during my time there. I'm really excited to experience like Cloud Native from the co-chair perspective because historically I've been like on the consumer side going to talk, taking all those best practices, stealing everything I could into bring it back into my job. So make everyone's life easier. So it's really, really great to see all of the fantastic ideas that are being presented, all of the growth and maturity within the Cloud Native world. Similar to Stephen, I'm super excited to hear about the security stuff, especially as it relates to making it easy for developers to shift left on security versus it being such an afterthought and making it something that you don't really have to think about. Developer experience is huge for me which is why I took the job at Twitter six months ago, so I'm really excited to see what I can learn from the other co-chairs and to bring it back to my day-to-day. >> Yeah, Twitter's been very active in open source. Everyone knows that and it's a great chance to see you land there. One of the interesting trends is this year I'll see besides security is GitOps but the one that I think is relevant to your background so fresh is the end user contributions and involvement has been really exploding on the scene. It's always been there. We've covered, Envoy with Lyft but now enterprise is now mainstream enterprises have been kind of going to the open source well and bringing those goodies back to their camps and building out and bringing it back. So you starting to see that flywheel developing you've been on that side now here. Talk about that dynamic and how real that is an important and share some perspective of what's really going on around this explosion around more end user contribution, more end user involvement. >> Absolutely. So I really think that a lot of industry like players are starting to see the importance of contributing back to open source because historically we've done a lot of taking, utilizing these different components to drive the business logic and not really making an investment in the product itself. So it's really, really great to see large companies invest in open source, even have whole teams dedicated to open source and how it's consumed internally. So I really think it's going to be a big win for the companies and for the open source community because I really am a big believer in like giving back and making sure that you should give back as much as you're taking and by making it easy for companies to do the right thing and then even highlighting it as a part of CNCF, it'll be really, really great, just a drive for a great environment for everyone. So really excited to see that. >> That's really good. She has been awesome stuff. Great, great insight. Stephen, I just have you piggyback off that and comment on companies enterprises that want to get more involved with the Cloud Native community from their respective experiences, what's the playbook, is there a new on-ramps? Is there new things? Is there a best practice? What's your view? I mean, obviously everyone's growing and changing. You look at IT has changed. I mean, IT is evolving completely to CloudOps, SRE get ops day two operations. It's pretty much standard now but they need to learn and change. What's your take on this? >> Yeah, so I think that to Jasmine's point and I'm not sure how much we've discussed my background in the past, but I actually came from the corporate IT background, did Desktop Sr, Desktop helped us support all of that stuff up into operations, DevOps, SRE, production engineering. I was an SRE at a startup who used core West technologies and started using Kubernetes back when Kubernetes is that one, two, I think. And that was my first journey into Cloud Native. And I became core less is like only customer to employee convert, right? So I'm very much big on that end user story and figuring out how to get people involved because that was my story as well. So I think that, some of the work that we do or a lot of the work that we do in contributor strategy, the SIG CNCF St. Contributor Strategy is all around thinking through how to bring on new contributors to these various Cloud Native projects, Right? So we've had chats with container D and linker D and a bunch of other folks across the ecosystem, as well as the kind of that maintainer circle sessions that we hold which are kind of like a private, not recorded. So maintainers can kind of get raw and talk about what they're feeling, whether it be around bolstering contributions or whether it'd be like managing burnout, right? Or thinking about how you talk through the values and the principles for your projects. So I think that, part of that story is building for multiple use cases, right? You take Kubernetes for example, right? So Ameritas chair for sync PM over in Kubernetes, one of the sub project owners for the enhancements sub project which involves basically like figuring out how we intake new enhancements to the community but as well as like what the end user cases are all of the use cases for that, right? How do we make it easy to use the technology and how we make it more effective for people to have conversations about how they use technology, right? So I think it's kind of a continuing story and it's delightful to see all of the people getting involved in a SIG Contributor Strategy, because it means that they care about all of the folks that are coming into their projects and making it a more welcoming and easier to contribute place so. >> Yeah. That's great stuff. And one of the things you mentioned about IT in your background and the scale change from IT and just the operational change over is interesting. I was just talking with a friend and we were talking about, get Op and, SRAs and how, in colleges is that an engineering track or is it computer science and it's kind of a hybrid, right? So you're seeing essentially this new operational model at scale that's CloudOps. So you've got hybrid, you've got on-premise, you've got Cloud Native and now soon to be multi-cloud so new things come into play architecture, coding, and programmability. All these things are like projects now in CNCF. And that's a lot of vendors and contributors but as a company, the IT functions is changing fast. So that's going to require more training and more involvement and yet open source is filling the void if you look at some of the successes out there, it's interesting. Can you comment on the companies that are out there saying, "Hey, I know my IT department is going to be turning into essentially SRE operations or CloudOps at scale. How do they get there? How could they work with KubeCon and what's the key playbook? How would you answer that? >> Yeah, so I would say, first off the place to go is the one-on-one track. We specifically craft that one-on-one track to make sure that people who are new to Cloud Native get a very cohesive story around what they're trying to get into, right? At any one time. So head to the one-on-one track, please add to the one-on-one track, hang out, definitely check out all of the keynotes that again, the keynotes, we put a lot of work into making sure these keynotes tell a very nice story about all of the technology and the amount of work that our presenters put into it as well is phenomenal. It's top notch. It's top notch every time. So those will always be my suggestions. Actually go to the keynotes and definitely check out the one-on-one track. >> Awesome. Jasmine, I got to get your take on this now that you're on the KubeCon and you're co-chairing with Stephen, what's your story to the folks that are in the end user side out there that were in your old position that you were at Delta doing some great Kubernetes work but now it's going beyond Kubernetes. I was just talking with another participant in the KubeCon ecosystem is saying, "It's not just Kubernetes anymore. There's other systems that we're going to deploy our real-time metrics on and whatnot". So what's the story? What's the update? What do you see on the inside now now that you're on board and you're at a Hyperscale at Twitter, what's your advice? What's your commentary to your old friends and the end user world? >> Yeah. It's not an easy task. I think that was, you had mentioned about starting with the one-on-one is like super key. Like that's where you should start. There's so many great stories out there in previous KubeCon that have been told. I was listening to those stories and the great thing about our community is that it's authentic, right? We're telling like all of the ways we tripped up so we can prevent you from doing this same thing and having an easier path, which is really awesome. Another thing I would say is do not underestimate the cultural shift, right? There are so many tools and technologies out there, but there's also a cultural transformation that has to happen. You're shifting from, traditional IT roles to a really holistic like so many different things are changing about the way infrastructure was interacted with the way developers are developing. So don't underestimate the cultural shift and make sure you're bringing everyone to the party because there's a lot of perspectives from the development side that needs to be considered before you make the shift initially So that way you can make sure you're approaching the problem in the right way. So those would be my recommendation. >> Also, speaking of cultural shifts, Stephen I know this is a big passion of yours is diversity in the ecosystem. I think with COVID we've seen probably in the past two years a major cultural shifts on the personnel involved, the people participating, still a lot more work to get done. Where are we on diversity in the ecosystem? How would you rate the progress and the overall achievements? >> I would say doing better, but never stop what has happened in COVID I think, if you look across companies, if you look across the opportunities that have opened up for people in general, there have been plenty of doors that have shut, right? And doors that have really made the assumption that you need to be physical are in person to do good work. And I think that the Cloud Native ecosystem the work that the LF and CNCF do, and really the way that we interact in projects has kind of pushed towards this async first, this remote first work culture, right? So you see it in these large corporations that have had to change the travel policies because of COVID and really for someone who's coming off being like a field engineer and solutions architect, right? The bread and butter is hopping on and off a plane, shaking hands, going to dinner, doing the song and dance, right? With customers. And for that model to functionally shift, right? Having conversations in different ways, right? And yeah, sometimes it's a lot of Zoom calls, right? Zoom calls, webinars, all of these things but I think some of what has happened is, you take the release team, for example, the Kubernetes release team. This is our first cycle with Dave Vellante who's our 121 released team lead is based in India, right? And that's the first time that we've had APAC region release team lead and what that forced us to do, we were already working on it. But what that forced us to do is really focused on asynchronous communication. How can we get things done without having to have people in the room? And we were like, "With Dave Vellante in here, it either works or it doesn't like, we're either going to prove that what we've put in place works for asynchronous communication or it doesn't." And then, given that a project of this scale can operate just fine, right? Right just fine delivering a release with people all across the globe. It proves that we have a lot of flexibility in the way that we offer opportunities, both on the open source side, as well as on the company side. >> Yeah. And I got to say KubeCon has always been global from day one. I was in Shanghai and I was in hung, Jo, visiting Ali Baba. And who do I see in the lobby? The CNCF crew. And I'm like, "What are you guys doing here?" "Oh, we're here talking to the cloud with Alibaba." So global is huge. You guys have nailed that. So congratulations and keep that going. Jasmine, your perspective is women in tech. I mean, you're seeing more and more focus and some great doors opening. It's still not enough. We've been covering this for a long time. Still the numbers are down, but we had a great conference recently at Stanford Women in Data Science amazing conference, a lot of power players coming in, women in tech is evolving. What's your take on this still a lot more work to done. You're an inspiration. Share your story. >> Yeah. We have a long way to go. There's no question about it. I do think that there's a lot of great organizations CNCF being one of them, really doing a great job at sharing, networking opportunities, encouraging other women to contribute to open source and letting that be sort of the gateway into a tech career. My journey is starting as a systems engineer at Delta, working my way into leadership, somehow I'm not sure I ended up there but really sort of shifting and being able to lift other women up has been like so fortunate to be able to do that. Women who code being a mentor, things of that nature has been a great opportunity, but I do feel like the open source community has a long way go to be a more welcoming place for women contributors, things like code of conduct, that being very prevalent making sure that it's not daunting and scary, going into GitHub and starting to create a PR for out of fear of what someone might say about your contributions instead of it being sort of an educational experience. So I think there's a lot of opportunities but there's a lot of programs, networking opportunities out there, especially everyone being remote now that have presented themselves. So I'm very hopeful. And the CNCF, like I said is doing a great job at highlighting these women contributors that are making changes to CNCF projects in really making it something that is celebrated which is really great. >> Yeah. You know that I love Stephen and we thought this last time and the Clubhouse app has come online since we were last talking and it's all audio. So there's a lot of ideas and it's all open. So with a synchronous first you have more access but still context matters. So the language, so there's still more opportunities potentially to offend or get it right so this is now becoming a new cultural shift. You brought this up last time we chatted around the language, language is important. So I think this is something that we're keeping an eye on and trying to keep open dialogue around, "Hey it matters what you say, asynchronously or in texts." We all know that text moment where someone said, "I didn't really mean that." But it was offensive or- >> It's like you said it. (laughs) >> (murmurs) you passionate about this here. This is super important how we work. >> Yeah. So you mentioned Clubhouse and it's something that I don't like. (laughs) So no offense to anyone who is behind creating new technologies for sure. But I think that Clubhouse from, if you take platforms like that, let's generalize, you take platforms like that and you think about the unintentional exclusion that those platforms involve, right? If you think about folks with disabilities who are not necessarily able to hear a conversation, right? Or you don't provide opportunities to like caption your conversations, right? That either intentionally or unintentionally excludes a group of folks, right? So I've seen Cloud Native, I've seen Cloud Native things happen on a Clubhouse, on a Twitter Spaces. I won't personally be involved in them until I know that it's a platform that is not exclusive. So I think that it's great that we're having new opportunities to engage with folks that are not necessarily, you've got people prefer the Slack and discord vibe, you've got people who prefer the text over phone calls, so to speak thing, right? You've got people who prefer phone calls. So maybe like, maybe Clubhouse, Twitter Spaces, insert new, I guess Disco is doing a thing too- >> They call it stages. Disco has stages, which is- >> Stages. They have stages. Okay. All right. So insert, Clubhouse clone here and- >> Kube House. We've got a Kube House come on in. >> Kube House. Kube House. >> Trivial (murmurs). >> So we've got great ways to engage there for people who prefer that type of engagement and something that is explicitly different from the I'm on a Zoom call all day kind of vibe enjoy yourselves, try to make it as engaging as possible, just realize what you may unintentionally be doing by creating a community that not everyone can be a part of. >> Yeah. Technical consequences. I mean, this is key language matters to how you get involved and how you support it. I mean, the accessibility piece, I never thought about that. If you can't listen, I mean, you can't there's no content there. >> Yeah. Yeah. And that's a huge part of the Cloud Native community, right? Thinking through accessibility, internationalization, localization, to make sure that our contributions are actually accessible, right? To folks who want to get involved and not just prioritizing, let's say the U.S. or our English speaking part of the world so. >> Awesome. Jasmine, what's your take? What can we do better in the world to make the diversity and inclusion not a conversation because when it's not a conversation, then it's solved. I mean, ultimately it's got a lot more work to do but you can't be exclusive. You got to be diverse more and more output happens. What's your take on this? >> Yeah. I feel like they'll always be work to do in this space because there's so many groups of people, right? That we have to take an account for. I think that thinking through inclusion in the onset of whatever you're doing is the best way to get ahead of it. There's so many different components of it and you want to make sure that you're making a space for everyone. I also think that making sure that you have a pipeline of a network of people that represent a good subset of the world is going to be very key for shaping any program or any sort of project that anyone does in the future. But I do think it's something that we have to consistently keep at the forefront of our mind always consider. It's great that it's in so many conversations right now. It really makes me happy especially being a mom with an eight year old girl who's into computer science as well. That there'll be better opportunities and hopefully more prevalent opportunities and representation for her by the time she grows up. So really, really great. >> Get her coding early, as I always say. Jasmine great to have you and Stephen as well. Good to see you. Final question. What do you hope people walk away with this year from KubeCon? What's the final kind of objective? Jasmine, we'll start with you. >> Wow. Final objective. I think that I would want people to walk away with a sense of community. I feel like the KubeCon CNCF world is a great place to get knowledge, but also an established sense of community not stopping at just the conference and taking part of the community, giving back, contributing would be a great thing for people to walk away with. >> Awesome. Stephen? >> I'm all about community as well. So I think that one of the fun things that we've been doing, is just engaging in different ways than we have normally across the kind of the KubeCon boundaries, right? So you take CNCF Twitch, you take some of the things that I can't mention yet, but are coming out you should see around and pose KubeCon week, the way that we're engaging with people is changing and it's needed to change because of how the world is right now. So I hope that to reinforce the community point, my favorite part of any conference is the hallway track. And I think I've mentioned this last time and we're trying our best. We're trying our best to create it. We've had lots of great feedback about, whether it be people playing among us on CNCF Twitch or hanging out on Slack silly early hours, just chatting it up. And are kind of like crafted hallway track. So I think that engage, don't be afraid to say hello. I know that it's new and scary sometimes and trust me, we've literally all been here. It's going to be okay, come in, have some fun, we're all pretty friendly. We're all pretty friendly and we know and understand that the only way to make this community survive and thrive is to bring on new contributors, is to get new perspectives and continue building awesome technology. So don't be afraid. >> I love it. You guys have a global diverse and knowledgeable and open community. Congratulations. Jasmine James, Stephen Augustus, co-chairs for KubeCon here on theCUBE breaking it down, I'm John Furrier for your host, thanks for watching. (upbeat music)

overnight covid completely exposed those companies that were really not ready for the digital age there was a mad rush to the cloud in an effort to reshape the very notion of business resiliency and enable employees to remain productive so that they continue serve customers data protection was at the heart of this shift and cloud data protection has become a fundamental staple of organizations operating models hello everyone this is dave vellante and welcome to this cube conversation i'm joined by two long time friends of the cube rob emsley is the director of product marketing at dell technologies and stephen manley is the chief technology officer at dhruva guys great to have you on the program thanks for being here yeah great to be here dave this is the high point of my day dave all right i'm glad to hear it stephen it's been a while since we missing you guys so tell you face-to-face maybe it'll happen before 22. but we haven't aged a bit david ditto listen we've been talking for years about this shift to the cloud but in the past 12 months boy we've seen the pace of workloads that have moved to the cloud really accelerate so rob maybe you could start it off how do you see the market and perhaps what are some of the blind spots maybe that people need to think about when they're moving workloads so fast to the cloud yeah good question dave i mean you know we've spoken a number of times around how our focus has significantly shifted over the last couple of years i mean only a couple of years ago you know our focus was you know very much on on-premise data protection but over the last couple of years you know more workloads have shifted to the cloud you know customers have have started adopting sas applications and and all of these environments uh you know are creating data that is is so critical to these customers to protect you know so you know we've definitely found uh the more and more of our conversations have been centered around what can you do for me when it comes to protecting workloads in the cloud environment yeah now of course stephen this is kind of your wheelhouse how how are you thinking about the these market shifts yeah you know it's interesting and the data protection market heck the data market in general you know you see these these these sort of cycles happen and and for a long time we had a cycle where applications and environments were consolidating a lot it was all vms and oracle and sql and and we seem to be exploding out the other way to this there's a massive sprawl of different types of applications in different places like rob said you've got microsoft 365 and you've got salesforce and you've got workloads running in the cloud the world looks different and and you add on top of that the the new security threats as people move into the cloud i mean we you know a number of years ago we talked about how ransomware was an emerging threat we're way past emerging into you know there's a ransomware attack every six seconds and everybody wakes up terrified about it and so so so we really see the market has shifted i think in terms of what the apps are and also in terms of what the threats and the focus uh has come into play right well thanks for that there's there's some hard news which we're going to get to but but before we do rob stephen was mentioning the sas apps and we've been sort of watching that space for a while but a lot of people will ask why do i need a separate data protection layer doesn't my sas provider protect my data don't they replicate it they're they're cloud vendors why do i need to buy yet another backup product yeah there's there's a fairly common misconception dave you know that both sas application vendors and and and cloud vendors you know inherently are you know providing all of the data protection that you need um the reality is that they're not you know i think when you think about a lot of the data within those environments you know certainly they're focused on providing availability you know an availability you know is absolutely one thing that you can for the most part rely on the uh the cloud vendors uh to deliver to you but when it comes to actually um protecting yourself from you know accidental deletion you know protecting yourself from uh cyber threats and cyber crime that may infect your data you know through malicious acts you know that's really where you need to supplement the environment that the cloud providers provide you you know with you know best-in-class data protection solutions you know and this is really where you know we're really looking to introduce new innovations into the market you know to really really help customers you know with their client-based data protection yeah now you got some news here uh but let's kind of dig in if we we could to the to the innovations behind that maybe rob you could you could kick it off and then stephen will bring you in yeah so first piece of news that we're really happy to announce is the introduction of a new dell emc paraprotect backup service which is a new cloud data protection solution powered by druva you know hence you know the reason that stephen and i are here today it's designed to deliver additional protection without increasing it complexity so what powered by druva what does that mean can you add some color to that absolutely so you know when we really started looking at the expansion of our powerpatek portfolio you know we already have the ability to deliver both on-premises protection and to deliver that same software within the public cloud from a a paraprotect software delivery model but what we really didn't have within the portfolio is a cloud data protection platform and we really looked at you know what was available in the market we looked at our ability to develop that you know ourselves and we decided that the best path for our customers to bring capabilities to them as soon as we possibly could was to partner with druva you know when we really looked at the capabilities that that druva has been delivering for many years you know the capabilities that they have across many dimensions of of of cloud-based workloads and we're already engaged with them probably about six months ago you know first introduced druva as a an option uh to be resold by ourselves uh salesforce and partners and then we're pleased to to introduce uh a dell emc branded service power protect backup service okay so just one more point of clarification then stephen i want to bring you in so we're talking about this includes sas apps as well i'm talking 365 the google apps which we use extensively with crm salesforce for example what platforms are you actually you know connecting to and providing protection for yeah so the the real priority for us was to was to expand our power protect portfolio to support a variety of sas applications you mentioned you know uh real real major ones with respect to microsoft 365 um google workplace as well as um as uh as salesforce but the other thing that we also get with patek backup service is the ability to provide a cloud-based data protection service that supports endpoints such as laptops and desktops but also the ability to support hybrid workloads so for some customers the ability to use private backup service to give them support um for virtual machine backups both vmware and hyper-v but also application environments like oracle and sql and lastly but not least you know one of the things that backup service also provides when it comes to virtual machines is not only virtual machines on-premises but also virtual machines within the public cloud specifically vmware client on aws so stephen i i mean i i i remember i was talking to just several years ago and i've always liked sort of the druva model but it felt at the time you're like a little ahead of your time but boy the market has really come to you maybe you could just tell us a little bit more about the just generally cloud-based data protection and and the sort of low down on on your platform yeah and again i think you're right the market has absolutely swept in this direction like we were talking about with applications in so many places and endpoints in so many places and data centers and remote offices with data sprawled everywhere we find customers are looking for a solution that can connect to everything i i don't want seven different backup solutions one for each of those things i want one centralized solution and so kind of a data protection as a service becomes really appealing because instead of setting all of these things up on your own well it's just built in for you uh and and then the fact that it's it's as a service helps with things like the ransomware protection because it's off site in another location under another account and so we really see customers saying this is appealing because it helps keep my costs down it helps to keep my complexity down there's fewer moving parts and one of the nicest things is as i move to the cloud i get that one fixed cost right i'm not i'm not dealing with the oh wow this this bill is not what i was expecting it just comes in with with what i was what i was carrying and so it really comes down to as you go to the cloud you want a platform that's that's got everything built in uh something that and let's face it dell emc is is this this is this has always been the case you know that storage of last resort that backup that you can trust right you want something with a history like you said you've been talking to jaspreet for a while druva is a company that's got a proven track record that your data is going to be safe and it's going to be recoverable and you're going to want someone that can innovate quickly right so that as more new you know cloud applications arise you know we're there to help you protect them as they emerge so so talk a little bit more about the timing i mean we talked earlier about that okay covered really forced to shift to the cloud uh and you guys clearly have skated to the puck and you also you referenced sort of new workloads and and i'm just wondering how you see that from a you know timing standpoint and at this moment in time why this is such a you know the right fit yeah we we've seen a lot of customers over the last again 12 months or so you know one really accelerate their shift to things like sas applications microsoft 365 you know and and we're not just talking exchange online and onedrive but sharepoint online microsoft teams really going all in because they're finding that as as i'm distributed as i have a remote workforce my endpoints became more important again but also the ability to have collaboration became important and the more i depend on those tools to collaborate the more i'm depending on them to to replace what used to be in-person meetings where we could have a whiteboard and discuss things and it's it's done through collaboration online tools well i need to protect that not just because the data is important but because that's not how my business is running and so that entire environment is important and so it's really accelerated people coming and looking for solutions because they've realized how important these environments and this data is so stephen you mentioned you guys i mean i obviously have a track record but you got some vision too and i want to sort of poke at that a little bit i mean essentially is is what you're building is an abstraction layer that is essentially my data protection cloud is that how we should think about this and you've got your reference pricing i've seen your pricing it's clean it looks to me anyway like a like true cloud pricing gonna dial it up dial it down pay as you go consume it as you as you wish maybe talk about that a little bit yeah i mean i think if you think about the future of uh uh of consumption is that you know so many customers are looking for different choices than what many vendors have provided them in the past you know i think that you know the the days of of going through a you know a long procurement cycle and uh you know working through purchasing in order to get a big capital expense approved you know is it's just not the way that many of our customers are looking to operate now so i think that you know one of the things that we're looking at you know across the portfolio you know whether or not it be you know on-premises solutions or or cloud-based services is to provide all of that capability as a service you know i think that that will be you know a real future point of of arrival for us is we really rotate to offer that across all of our capabilities dave you know whether or not it be you know in the domain of storage or in the domain of data protection the concept of everything as a service is really something which is going to become more of the norm you know versus the exception so what does a customer have to do to be up and running what's that experience like is this going to log on and and everything's sort of you know there to them they what do they see what's the experience like yeah well that's one of the great things about parapatek backup service is that you know once the customer has has has worked through their you know their their uh their dell technologies you know sales uh team or their or their dell technologies partner you know they effectively you know get an activation um you know code to to sign up and and set up their credentials with powerpit backup servers and once they actually do that you know one of the things that they don't have to worry about is the deployment of the infrastructure the infrastructure is always on ready to go so what they do is they simply point powerpit backup service at the data sources that they wish to protect you know and that's one of the the great advantages around you know a sas based data protection platform you know and it's one of the things that that makes it very easy to get customers up and running with powerpath backup service so i'm guessing you have a roadmap you may be you maybe not you may be holding out on us and some of the other things that you're doing in this space but but what can you tell us about about other things you might be doing or that might be coming what can we expect well i mean you know dave that one of the things that you know we always talk about it's the power of the portfolio so so with the addition of private backup service it's not the only news that we're making with respect to cloud data protection you know i mentioned earlier that uh we have the ability to deploy our on-premises solutions in the public cloud with powerprotect data manager and our powerprotect virtual appliances you know and with this uh announcement that brings backup service into the portfolio we're also uh pleased to expand our support of the public cloud with full support of google cloud platform making powerprotect data manager available in the google marketplace and then lastly but not least you know our other cloud snapshot manager offering you know is now also fully integrated with our powerprotect virtual appliances to allow customers to store uh aws snapshots in a deduplicated fashion within aws s3 so that's an excellent capability that we've introduced to reduce the cost of storing um aws infrastructure backups for longer periods of time so really you know we've really continued to double down in bringing new cloud data protection capabilities to our customers wherever they may be yeah nice now steven you guys must be stoked have a partner like dell just massive distribution channel i wonder if you could give us any final thoughts you know thoughts on on the relationship how you see the future unfolding yeah i mean and obviously i've got you know history with with dell and emc and rob and one of the things you know i think dell's always been fabulous at is giving customers the flexibility to protect their data when they want how they want where they want with the investment protection but if it shifts over time they'll be there for them right going all the way back to the data protection suite and all those those those fantastic things we've done historically and so it's it's really it's great to to align with somebody that's got the same kind of values we do which is at druva it's that same model right wherever you want to protect your data wherever it is we're going to be there for you and so it was great that i think dell and druva both saw this demand from our customers and we said you know this is the right match right this is how we're going to help people keep their data safe as they start you know and continue and extend their journeys to the cloud and so you know dell proposes the the power protect backup service powered by druva and and everybody wins the dell's customers are safer dell completes its offering and let's face it it does help druva accelerate our momentum so this is this is this is and it's a lot of fun just hanging out with the people i used to work with especially wrong it's good seeing him again well you guys both have kind of alluded to the portfolio and the optionality that dell brings to its customers but rob you know i'll give you the final word a lot of times optionality brings complexity but this seems to be a really strong step in the direction of simplifying the world for your customers but rob i'll give you the last word yeah for sure i mean we've always said that it's not a one-size-fits-all world you know i think that you know one of the things that this um evolution of our powerpatek portfolio brings you know is an excellent added option for our customers you know many of the customers if not almost all of the customers that we currently sell to you know have a requirement for sas application protection you know many of them now especially after the last year have an added um sensitivity to endpoint protection you know so so those two things alone you know i think are are two things that all dell technology customers can really take advantage of with the introduction of private backup servers you know this is just a continued evolution of our uh capabilities to bring innovative data protection for multi-cloud workloads that last point is a great point about the endpoints because you got remote workers so exposed guys thanks so much for sharing the announcement details and the relationship and really good luck with the offering we'll be watching thanks dave thanks dave and thank you for watching this cube conversation this is dave vellante for the cube we'll see you next time you