>>Hey everyone. And welcome to the cubes. Continuous coverage of AWS reinvent 2021. I'm Lisa Martin. So excited to be here in person with thousands of folks. Everybody covered vaccinated. We are winning one of the largest industry's largest tech hybrid events with AWS and it's huge ecosystem of partners. We're going to be having two black sets. Two remote says over a hundred guests, and I am pleased to welcome two new guests to the queue. Mike Milner is here the head of product management at trend micro and Danielle Greshaw worldwide partner solution architects at AWS guys. Welcome to the program. It's nice robbing us. Isn't it nice to say, I have this background noise of actual humans, >>Such a nice buzz. Yeah, it >>Really isn't. I suppose. So the last, obviously 20, 22 months have been quite challenging for all of us, kudos to AWS for doing this in such a safe manner. But Mike, I wanted to get kind of a background in the last year and a half or so since we last spoke, what's going on at trend micro, we've seen so much change in the security landscape, the threat landscape. What are some of the things that you guys are saying? >>Yeah, good question. So, you know, some things stay the same and some things are always changing certainly lately, a big rise in ransomware, really affecting companies. This is a case where in the past, maybe we were concerned with targeted attacks, but now things like ransomware can affect anyone. So it's really broad attacks looking at any possible threat, any possible vector that can impact >>Company ransomware as a service is on the rise massively. And it's become, I've talked to some about it a lot this last year and a half or so being with it growing so rapidly, it's now a matter of when we got hit, not if so that's a really interesting topic that you bring up. Daniel want to bring you into the conversation. Talk to us about from a partnership perspective and about what you guys are doing together with. >>I mean, we've had a partnership with trend micro. I mean, I've been at AWS almost eight years, as long as I've been there. I can remember, you know, trends being a huge AWS partner. Um, and of course we've evolved over the years. And, um, definitely in the last 12 to 18 months, we've been doing a lot of joint events together trying to broaden our reach of customers, um, about talking about trends, solution. And we're going now to a lot of companies that have not used cloud before and look at a solution such as trend solution as a way in which they can move their workloads into the cloud and feel secure and safe about it. And, you know, not have to worry about, you know, ransomware or any other kinds of cyber attacks and feel good about moving into the cloud, >>Thinking to the cloud while there's still so many folks that are working from home, working from anywhere really that will be for, >>He did that, uh, journey for a lot of companies who maybe weren't thinking about it, but now are making that move a lot faster. >>The, of the challenges that you're seeing in the last 20 months as the acceleration of digital transformation cloud adoption, it was for so many businesses that weren't there. And on that journey, I'm just curious what some of the things are that you guys have observed together in this interesting time. Yeah. >>Oh for sure. Certainly, you know, trend micro has a lot of capability, a lot of products. I focus on the cloud cloud one, but really the endpoint protection users are at home. They're remote, they're accessing their infrastructure from so many different environments. Like you said, it's really set this ahead probably 10 years, really this work from home concept, >>It has to talk to me about some of the other things that are changing. And then there's the security buyer like what's going on there? What are some of the conversations that you're having challenges that they're having, but this is kind of a new, uh, persona that's been. >>Yeah, I think there is a big shift happening here as consumers. We're so used to trying things out, adopting new technology really rapidly. And I think industry is kind of catching up. Historically, this has been kind of top down decisions. Uh, a CSO or executive is making security buying decisions. Increasingly customers want to actually try things out. They want to experience the value, see how it works in their environments. And this could be coming from different business units, different parts of the organization. So we've really been focusing on adapting our products, our capability, and how we address customers to really reach these people who are making these decisions. >>And I think more and more developers are actually part of that process as well, because they're being tasked with, if you're going to build it, you also have to operate it and you also have to secure it. And so, you know, >>What are some of the challenges that the specifically that you're hearing from developers that are helping you surely advanced cloud one and the partnership? >>I mean, I would say like for what I hear from developers is mostly how can I integrate this into my existing process and make it easy, but >>It's really developers who are shaping so much of the infrastructure that needs to be protected in the past. It maybe was the other way around. That's been a massive shift in the industry. And as you say, we need to help developers be secure without them having to learn a whole new set of skills and security. We want them to be security aware, but we can't expect them all to be experts. >>I was a developer myself for like 15, 16 years. And we're terrible at security we're terrible at. So, uh, anything that any products let that, that help in that journey is key >>For sure. And it's not that you don't want to be secure it's that really your goal is providing the business value and security. It needs to be there, but it's always going to be seen as kind of a drag kind of slowing things down. So we want to build tools to help their, >>I imagine too also. So it facilitate from a cultural perspective, the developers, the security folks becoming better partners together because the security, as we talked about in the very beginning, even mentioning ransomware is a massive issue. It's, it's a global issue with say national security issue for the U S and other countries like that. But that cultural shift has got to be interesting, especially Danielle, you as a former developer, talk to me about some of the customer conversations and how are you helping those developers become comfortable with the security responsibility. >>Again, it's back to integrating it into their normal process and to the dev ops process to just have that be an extra step in there, um, where they can, they can see that it's easy and B being easy as key. And then they can just be able to roll that out with everything that they're doing. They've already kind of like made the mind shift to test their work that they do. So it's now secure it. Um, and that's just one other practice that they start doing. So, >>Yeah, and I think it really goes in the other direction as well, security teams who have the responsibility for security. They now have to understand all of the new technologies coming out of AWS, all these new tools with Kubernetes, continuous integration, continuous deployment. And that's a big ask as well. We can't expect security teams to be experts in all that. So really it's the two sides of that coin >>For sure. The results are kind of like a shared responsibility model if you think of it in >>That way. Absolutely. Absolutely. >>Talk to me, Mike, about cloud one, is this a joint solution that just built on AWS? Help me understand it and what's going on with, >>For sure. I mean, cloud one is really a platform to help cloud builders be secure. We want to make security simple, and that is those different personas. We needed it to be simple for security, let them just set their policy goals. Hey, I need to be compliant to this standard or this standard. I want to follow the well-architected framework. These are my goals. And then the development teams need to work, deliver that value that they're trying to do and tools like cloud one, our goal is to really help them deliver that value and be secure following those guard rails and those goals set by security. And we do that across containers. Workloads server lists really extending our offering as customers start using new platforms. >>What are some of the things Mike that you've seen in during the pandemic, as we've seen this massive acceleration and the rush to the cloud what's been going on with cloud one from that perspective and how has the pandemic maybe helped shape the technology and the partnership? >>Yeah, that's a great point. Um, I think of it as well as, I mean, Cloud One, we build our platform and we've been doing that now remotely for the past two years with engineers all over the world, really around the world, five major engineering sites teams working from home. And in that time we've delivered all of our security value, but we've also ourselves deployed cloud one across eight regions worldwide. And now our engineering teams are deploying worldwide and we're making our system compliant and secure. So I really feel like all this remote work has helped us gain a really deeper understanding of the problems our customers are facing. For sure. Yeah. >>I was going to say just for us, as we've done some joint events together, we've had to do all of those things remotely. So that is definitely been a challenge, but also getting good with the messaging and making sure that we are able to connect with those customers, um, online, >>Right, as we knew, things shifted dramatically overnight for everyone in every industry. And it was interesting to see how technology helped shape and paved the pathway for those folks that survived and are now thriving. Um, but I did see some, some of the recent news on cloud one or on cloud security, the data data centers in nine countries. It sounds to me like a differentiator for trend micro in terms of data, sovereignty, data data. >>It's a major issue. These days, our companies, our customers are around the world and they've got their own security requirements. And obviously cloud one is helping them be secure, but they need to trust us with our compliance and with data sovereignty. They might have a specific requirement to store data within their own jurisdiction. And we want to support that, make it easy for them, security, simplified, >>Security stupefied. I like that. If we could only simplify more things in life, guys, that would be fantastic. Talk to me about, uh, a customer example that you think really speaks volumes to the partnership and the capabilities of club one. >>Yeah, I think it's interesting to see the companies come on board using cloud one who you don't typically associate with security issues like media companies who are used to sending information out security is a major concern. We've got major brands from news to media who needs security and it's coming up in more and more industries. Every company is a software company and they need to be secure. >>Really. Every company is a data company. You think of, of the supermarket, the grocery chains here we are at AWS reinvent, the big owning Amazon owning whole foods, for example, but the data challenge that did a growth challenge is huge it's and that's where I think the security, um, focus needs to be is wherever that data is. And now it's scattered everywhere. >>Absolutely trend micro has been in this business for over 30 years, and it's amazing to see the shifts of what's important, what needs to be secured, how it needs to be secured over that long a period. And we always feel that we're leading things. And I think cloud wine is really on the forefront for how customers are building applications, delivering value to their customers and we're helping them be secure. >>Yeah. And just to Mike's point, I mean, I definitely think, you know, years ago it was always financial services company, healthcare companies who had compliance requirements, but more and more travel and hospitality, media, and entertainment. These are all companies that are looking for security solutions. >>We're seeing a lot from a data privacy perspective. We're seeing regulations pop up all over the world, California as China DRCR. Exactly. And I'm sure that's the tip of the iceberg for more data security regulations that we're going to see across the board as we humans and our technology companies are generating more and more and more data. That's the one thing that is not slowing down at all and they're not going to no pandemic. Right. So what's the vision going forward, Danielle, in terms of the partnership with trend micro? >>Um, I mean, I think again, we are always looking for joint customers who are looking for simplicity and looking for the, you know, the value proposition that cloud one has and just continuing to grow that customer base together. >>Yeah, for sure. I think it was two years ago. We were in person here at the cube in 2019. I think talking about cloud one is a new thing. Two years later, a lot has changed, but it's great to see the market validating all the effort we're putting into it. And industry looking at these big platforms that provide that broad security as the way forward. >>And then from an analyst perspective, there's a lot of value if coming down from the analyst for cybersecurity firms, because of the threats that we talked about, the net landscape changing the fact that it is so easy to launch ransomware, the fact that it is coming through every media, we're seeing a lot more value placed on cybersecurity firms from, from the industry, which has gotta be kudos to you guys and what you're doing and also help kind of guide direction in terms of the vision going forward. >>Yeah, for sure. I mean, we have threatened research. We are really into understanding what attackers are doing and they lead our direction. We're always on the forefront of protecting our customers from the leading threats >>And our partnerships, the most successful partnerships that we have, or the ones in which we're consistently innovating and trend has always been doing that with us. Any new service that we released, any, you know, as he taught, as Mike was talking about, uh, Kubernetes, et cetera, all of those new areas in which to go in the CA the partners that are able to keep up with us are the ones who are, you know, the most successful. So >>One of the things I know about many things of AWS is that it's very customer obsessed, focused on the customer. I imagine culturally Mike there's alignment there in turn Microsoft. >>Absolutely. And AWS is a great organization to work with because it shows through throughout interaction that they are customer obsessed. Absolutely. >>That's a good, that's a good thing to be obsessed about all things considered. Last question, guys, tell me what some of the things are that that attendees are going to be learning from both of you guys and from the booth at the event this week. >>So certainly from the cloud one trend micro booth right behind us. If the cameras can see it, uh, we've got demos of all the different functionality in cloud. One from containers, file storage workloads serverless, definitely come check that out to really see the breadth of the platform and what it can do to help. >>Awesome guys, thank you so much. You're now cube alumni got to give, you got branded masks, very COVID friendly. Uh, we appreciate your insights talking to us about trend micro, the AWS partnership and sharing some of those customer examples. Great work in the last 20 months. And it's great to have you here in person. Thanks for having very much for my guests. I'm Lisa Martin. You're watching the cubes, continuous coverage of AWS reinvent 2021, the cube, the global leader in live tech coverage.

>> (narrator) From around the globe. It's theCUBE. With digital coverage of AWS re:Invent 2020. Sponsored by Intel, AWS and our community partners. >> Welcome to theCUBE virtual. Our coverage of AWS re:Invent 2020 continues. I'm Lisa Martin. Got a couple of guests joining me next. Wendy Moore the VP of product marketing from Trend Micro is here and Geva Solomonovich Global Alliances CTO from Snyk. Wendy and Geva, It's great to have you both on the program today. >> Thanks for having us. Great to be here. >> Hi, thanks for having us. >> Last year we were probably all crammed in Vegas together. Here we are virtually but it's great that we're still able to connect. So lot has gone on since we were all at re:Invent in Vegas last year. Wendy, let's start with you from a security perspective there's been a growth in open source vulnerabilities that have impacted enterprises globally. Talk to me about what you're seeing there. What's going on? >> Yeah. Well. I think everybody in this audience recognizes the rapid shift to the use of open source in development teams. And what we've seen alongside that is a rapid increase in the number of vulnerabilities that are showing up in open source software. So that means that vulnerabilities that can be exploited and cause damage to your company's application, reputation and your customers, are on the increase out there. >> And a number that you sent over was two and a half X growth in open source vulnerabilities in the last year. Has that number gone up during the pandemic? >> So I'm not sure if the vulnerabilities have gone up during the pandemic, but we've definitely seen an increase in exploitation of vulnerabilities. There's so much in the news about ransomware incidents in healthcare targeting pharmaceutical organizations, and most of those are taking advantage of vulnerabilities. Not necessarily in open source, but some of it is definitely happening in open source. >> Now we've been talking about the rise in ransomware for awhile, and it's all... The numbers and types of companies and healthcare organizations like is it schools, governments, for example lot of vulnerabilities being exploited that's for sure. >> So Geva let's go over to you. Talk about from Synk's perspective. The impact on businesses and how can you guys help. >> And then I'll put in a few insights there. on the open source risk. Wendy talked about it as well. Why is it growing? One of course is open source tuition usage is growing. So of course it bulges, the amounts of vulnerabilities is growing and the amount of exploits. But when you look at it from a hacker's perspective, attacking is an ROI based activity. Hackers want to spend their hacking hours where they're more likely to get our reward, be able to get that ransom or steal the data or do whatever they can. And open source actually makes it much easier for them than a lot of these other alternatives. One, the source is open. So just finding a vulnerability is much easier than trying to find the vulnerability in proprietary code. Two, there's like a market for these exploits and companies even like need for chapter. One of the byproducts of that is you can just go and feel the vulnerabilities out there and pick the ones that you want to try to exploit. But three, which is really the most critical piece is that if you do find the juicy vulnerability in a very popular open source package, the amount of companies you can attack is not one, is thousands or tens of thousands because that's precisely what makes the popular open source packages popular. It's being used broadly and so if you spend this effort to develop an exploit and then you can send it like there just across the world to 10 thousands of companies you're more likely to be successful. And that's what's driving a lot of the hacker attention into the open source vulnerabilities and that's why the growing. >> So it's a low cost high reward for those hackers. Wendy what are some of the ways that organizations can protect themselves from this? >> Well, one of the best ways to protect themselves against exploitation of vulnerabilities and against vulnerability showing up in their code is to actually analyze their code and scan it looking for vulnerabilities. And the best possible place to do that is actually in the code repository. So before code is ever packaged up and deployed it actually gets caught really early. So it's all about shifting security left. But some of the challenges with that is that you know the code repository, Tory and the code and open source has largely been the domain of DevOps and the developers and security who is tasked with managing the risk of the organization has little to know visibility into what vulnerabilities might exist. So something that's a growing part of an enterprise risk profile the security team doesn't really see. And that's a big gap for most organizations. >> So in terms of that visibility being essential, sounds like maybe even a cultural gap there. Geva what are your recommendations? We, you know, we talk about SecOps, we talk about DevOps. Is the solution DevSecOps or SecDevOps? >> I mean, all these partners are definitely helping there but you kind of need to break it down and understand what their problems, which is what Wendy was articulating. Why you have these traditional security teams have all their traditional tools. They look at mostly and let's call it the IC type security. Then you have this entire new category of risk which is lets say open source risk, but it's just inside the code repository inside a GitHub repo or somewhere, or they completely have no visibility into. And what that causes is one has to have a conversation with the developers who are those who are convenient to pick those vulnerabilities, remove them from the code. And, but to also, just from the mind ensuring that in our location it's hard for you to protect something that you don't have visibility into which causes opensource security to be possibly under provisioned in your entire a security fence. As you're looking at the security risk. And as we are talking about solution, so one of the movements we've seen with DevOps, where you know engineering team and IT teams have come together to have a shared ownership of the results of deploying these applications. In production now you expand out into DevSecOps. It's okay to actually make this work. We need to have a shared responsibility model where both developers step up to take some ownership and the traditional security each step up to understand what the developers are doing, build tools to make it easier for them. And ultimately I think Wendy nailed it on the head. She said the best way to protect yourself is actually to remove the vulnerable line of code from your application, not wait for it to be deployed and try to put some blocks in there. >> All right. So Wendy how are Trend Micro and Snyk working together to resolve that challenge that you guys just described? >> Yeah, we'll Trend Micro and Snyk have been working together for over a year now. And we came out with an initial offering and now we're coming out with a new offering that is really focused on basically delivering that code scanning ability right in the code repository. And through Trend Micro's Cloud One platform, we are delivering this as a service to the security operations team so that they get visibility of anything that Snyk finds in the code repository. And they can take action from there. So Trend Micro's Cloud One security services platform basically equips cloud builders with a whole bunch of different types of technologies to satisfy their different infrastructure requirements. So we've got things like workload security application security, network security, a number of different take types of security tools. And this just brings another security tool to the security operations team and the DevOps team so that they can basically extend their visibility and their security controls back to the code repository. >> Geva what are some of the impacts that you're seeing. So for obviously besides wanting to find those vulnerabilities faster as when you talk about shifting left. Give me some examples of some customers that you were working with maybe in the first iteration and what the impact has been. >> The impact is the... what, sorry, can you repeat the question? >> Yeah. Impact of your technologies together? You said that there's a new offering coming up but talk to me about some of the impact that these customers are making. >> Yeah. Okay. Sorry. Thank you for repeating the question. And so this joint product is very cunning from a multiple perspective. So one, it's going to be delivered inside the Cloud One platform, which Wendy just talked about. You asked before what is the impact of COVID? And one of the big impacts has been on the financial stress. Every company in every, every vendor is having. And so just the ease of managing less vendors and less tools and less places to procurement is of high value for every organization Just in terms of efficiency of operations. And just being able to acquire this new product on an existing platform where there are already consuming security tools. That by itself is amazing value. And number two, we're taking again... We're taking a technology which is a cloud native, it's a modern technology. And that's typically has been outside of the purview of a traditional security team and making it accessible to them in a place where it's easy for them to try out and they can, you know, start small and grow from there. They don't have to make a big commitment to get going. And more importantly, it's giving them visibility into this important technology that they didn't have before. >> So Wendy this is all intended at bridging that gap? I'm just curious, like if we take a peek inside, what this enables SecOps to do what it enables DevOps to do. What were some of the feedback that you're hearing from customers about those teams coming together and actually being able to work very collaboratively with that shift left actually being able to be done? >> Yeah. I mean, you know, if you talk to... There's some organizations who do this really well. They're very mature and their security operations teams and their DevOps teams work very closely together collaboratively, excuse me. And they also understand each other's needs. So they're able to insert tools into the security pipeline that don't slow DevOps down but also meet the needs of the security team. Whereas we see some other organizations where Dev is at one side of the pipeline and you've got security at the other and they don't tend to converse or meet. And those are the organizations where there tends to be more challenges. So the idea with this new solution is it's going to give the security team visibility of basically the scale and scope of their open source situation. So that they've actually got some data to go have conversations with the DevOps teams and start going in that direction of making those teams work more seamlessly together. I mean, you used the term DevSecOps before, some organizations that's a very real situation. Others still have a long way to go. And we think this is a great first step to bring those teams together. >> Fostering long-term friendships I'm sure. Just talk to me about the go to market, Wendy. How are you guys going to market together? Trend Micro and Snyk selling direct channel? What is it like? >> So this is actually going to be a Trend Micro Cloud One offering. So we jointly developed it with Snyk but it's going to be Trend Micro who is selling it. And we go to market a number of different ways. AWS marketplace is a big channel to market for us And this will be available for purchase there. When it becomes available in January. And also, we also work very closely with channel partners as well who also participate in AWS marketplace. >> So what are some of the things that you're expecting to customers to be able to take advantage of around the time of re:Invent and into early 2021? >> Yeah. I really encourage customers to visit our page on the AWS re:Invent platform. We're going to have all kinds of exciting demos there. You can go learn more about this new offering that we're delivering jointly developed with Snyk. And you can also ask about how you can sign up for early access to this new offering. So highly encourage you to go check that out. >> Excellent, early access is always nice to be a beta tester and really get that symbiotic relationship. >> Geva last question for you is as the Global Alliances CTO I imagine your customer conversations in the last year have changed dramatically. Talk to me about some of the things that you really think like in terms of like exposing vulnerabilities. Let's talk about exposing opportunities that that Snyk is helping organizations do so that they can not just keep the lights on during this very unprecedented time but actually be winners of tomorrow. >> Yeah, I think again at the heart of the DevOps movement and why it's been successful it's reducing that feedback loop between writing some codes, getting it to production in the hands of customers, getting the feedback from them and rinse and repeat and starting that loop. And those who have it, the faster you can get to market faster and can deliver value faster ultimately are the winners. Now, one of the things we've seen with the COVID is a lot of the this outbound activity has been going down. People have been going less to events and need to look more internally and how you can become better as an organization. And you've actually seen an increase in the investment of a digital transformation and cloud journeys and stuff like that. And one of the... One of kind of the traditional inhibitors that's going fast and all in into the cloud is the loss of control of the traditional security teams on the application development. Where now people can, you know... deploy hundreds of times every application to the cloud a day. And what we've seen is that they come to Snyk or to companies like ours, so we can secure those new modern development life cycles and give the security feedback to the developers as they're building the applications and give the security teams the visibility into those pipelines and application domain. So they have a sense that they're not losing all the control they used to have. They're still getting visibility into those application development and actually allowing their organizations to go faster because of it they can sign up to and be doing the technologies and actually increase the speed of going to the cloud. >> Yeah and that's critical because as we, you mentioned as we've been talking about for months now that the acceleration of cloud adoption, the speed of digital transformation it's one of those things that's challenging to do. You've got to have visibility. Period. In order to facilitate that. And if it's another thing that you kind of were describing Geva as that visibility provides that sense of control or trust, and that's also huge for not just a business to catch vulnerabilities but for teams the DevOps teams, the SecOps teams to be working together in a highly collaborative way. Do you agree Wendy? >> Absolutely. And the beautiful thing is this sets that up This tool. So it allows them to work together very collaboratively but it also sets up that visibility. So that down the road there could be even further automation into that process. Because you know, the whole purpose of DevOps is to take the people out of it. Right. So, but in order... You need to set up those processes to begin with. So this is a first step in terms of setting up that automation and visibility amongst those two teams. >> Excellent. And can you say one more time Wendy where prospective customers can go to learn more and become a early adopter? >> Yeah, absolutely. So visit our Trend Micro page at the AWS reinvent platform. And there you'll be able to learn much more about the offering and also learn how you can access the early adopter program. >> Excellent. You guys thank you so much for joining me on the program today. Sharing what Trend Micro and Snyk are doing together and how you're helping organizations cross-functionally be successful. We appreciate your time. >> Thank you, Lisa. Appreciate it. >> Thank you so much. >> My pleasure. For my guests, I'm Lisa Martin and you're watching theCUBE virtual. (upbeat music)

>>law from Las Vegas. It's the Q covering a ws re invent 2019. Brought to you by Amazon Web service is and in along with its ecosystem partners. >>Okay, Welcome back, everyone. Cube coverage. Las Vegas live action. It was re invent 2019 3rd day of a massive show where our seventh year of the eight years of Abel documenting the history and the rise in the changing landscape of the business. I'm John for Bruce. To Minutemen, my co host. Our next guest Bill McGee, senior vice president, general manager of the Hybrid Cloud Security group within Trend Micro. So, this company, those guys now lead executive of the Cloud Hybrid. I have rid Cloud Security hybrid in there looking cute. >>And I've been to every reinvent, every single one. >>Congratulations. Thank you. >>Thank you. Nice to be >>here. So, eight years, what's changed in your mind? Real quick. >>Uh, wow. The Yeah, certainly. The amount of a dot Uh, the amount of adoption is now massive mainstream. You don't have the question. Should I go to the cloud? It's all about how and how much. Probably the biggest change we've seen is how it's really being embraced all around the world where a global company we saw initially a US on Australia type focused you K. Now it's all over the place and it's really relevant everywhere, >>you know, at least from my standpoint. And I have enough friends of mine in the security industry. When we first started coming to show, I mean security was here. Security is not only is so front and center in the discussion of cloud that they had all show for it here, so you know, it gives the 2019 view of security inside that the broader hybrid cloud discussion here, a re >>investor. Let me tell you a couple of things, kind of what we're seeing within our customer base and then what matters from a security perspective. So we see, you know, some organizations doing cloud migration moving. We're close to the cloud of various forms. Had a couple of meetings yesterday. One was college evacuating their data center. The other one was celebrating that two weeks ago they closed their data center, So that's a big step. Windows and Lennox workloads moving to the cloud and really changing existing security controls toe work better in the cloud. But certainly what a lot of these cloud builders are here for is, you know, developing cloud native applications. Originally back 78 years ago, that was on top of what's now seem like pretty simple. Service is like s three E. C two. I've got containers and server lists and other platforms that that people are using. And then the last thing. A lot of companies are establishing a cloud centre of excellence, and they're trying to optimize the use of the cloud. They still have compliance requirements that they need to achieve. So these are what we see happening and really the challenge for the customer. How do we secure all this? How do we secure the aggressive, aggressive cloud Native application development? How do we help a customer achieve compliance easily from a cloud centre of excellence? So that's where we see us fitting. And we made a big announcement a couple of weeks ago about a new platform that we've created. I would love to talk to >>love that. Let's dig into that. But first we were at reinforces Amazons First security, Carver's David Locked and I were talking about cloud security was on Prem security and then what's happening here and had a conversation with someone who was close to the C I. A. Can't say his or her name. And they said Cloud has changed the game for them because they're cost line was pretty much flat. But the demand for missions were squirrels going scaling. So we're seeing that same dynamic. You were referring to it earlier that costs and data centers is kind of flat. But the demand for application new stuff's happened, so there's a real increased her demand for APS. Sure, this is the real driver, how people are flexing and deploying technology. So the security becomes really the built in conversation, cracked comment on that dynamic. And what do you recommend? Well, so here's a couple >>of things we've seen, Really? You know, again, we've been doing private security for about a decade, and really it was primarily focused on one service of eight of us, which is easy to now that's a pretty darn big service and widely used within their customer base. There's no 170 service's, I think is the most recent number. So the developers are embracing all these new service is we acquired a new capability in October. Company called Cloud Conformity, based in Sydney, Australia, very focused on AWS, analyzes implementations against the eight of US well-architected framework. So the first step we see for customers is you gotta get visibility into use of the cloud for the security team. What service is air being used, then? Can you set up a set of security guard rails to allow those service is to be used in a secure manner. Then we help our customers turn to more detailed, specialized protection of easy to or containers or server list. So that's what we've recognized ourselves. We had to create a very modest version of what Amazon has created themselves, which is a platform that allows builders to connect to and choose what security service is they want. >>Road is your service bases and all the service's air. You guys now pick and choose the wall. Yeah, there's a main ones. What does highlight? So >>there's Yeah, I'll give you the ones where we provide a very large breath of protection. So in the what we're calling Cloud one conformity service. So that's this technology we acquired a couple months ago. It cuts across about 70 service is right now and gives you visibility of potential security configuration errors that you have in your environment now if it's in a deaf team, maybe not such a big deal. But if it's in production, that is a big deal. Even better, you can scan your cloud formacion templates on the way to being live. Then we have a set of specialized protection that you know will run on a workload and protect it protected containerized environment. A library that can sit within a server lis application. That's kind of how we look at it. All right, >>So, Bill, one of things of going to the more and more cloud for customers is that there's that shared responsibility. Modern. We know that security is everyone's responsibility. It needs to be built in from the ground up. How are your customers doing with that shift? And are they understanding what they need to do? There have been some pretty visible, like a weight. I really had to configure that. I've thought about that Amazons trying to close the gap on song. But for some of those, >>we've seen a big positive change over the years. Initially I would say that there was what I would call a naive perception that the cloud with magic and it was perfectly secure and that I don't have to worry about it, right. Amazon data did the industry a real favor by establishing the shared responsibility model and making crystal clear what they've got covered that you don't need to worry about anymore as a customer. And then what are the capabilities you still need? Toe worry about? They've delivered a set of security tools that help their customers, and then they rely on partners like us. Thio deliver a set of more in depth tools. Thio, you know, specialized market. >>You actually used a word that we've been talking about a lot this week. Naive. Yeah. So we said, there's, you know, the one letter difference between being cloud native meeting Cloud naive there. Yeah. What does it mean to be cloud native in the security world? >>Well, I would say what allows you to be so first, the most important thing in every customer's mind. I don't care how good the security capabilities you're helping with me with. If you're going to slow down the improvements that I've just made to my development lifecycle. I'm not interested. So that is the most important thing is, are you able to inject your security technology and allow the customer to deliver at the rate that they're currently or continuing to improve? That is by far the most important thing. Then it's our your controls, fitting into an environment in a way that that are as easy as possible for the customer. One part that's been very critical for us. We've been a lead adopter of the AWS marketplace, allowing customers too procure security technology easily. They don't actually have to talk to us to buy our product. That's pretty revolutionary >>about the number of breaches that I'm going on, What's changed with you guys over the year because new vectors air coming out at this more surface area. Obviously, it's been discussed. What's changed most in your I'll >>tell you what we're worried about and what we expect to see, although I would say the evidence. It's early, uh, the reality in our traditional data centers. They were so porous at runtime in terms of the infrastructure and vulnerabilities that it was relatively easy for Attackers to get in the cloud has actually improved the level of security because of automation, less configuration errors. Unfortunately, what we expect his Attackers >>to move to. >>The developers moved to the depth pipeline, injecting code not a run time, but injecting it earlier in the life cycle. We've seen evidence of container images up on Dr Hub getting infected and then developers just pulling in without thinking about it. That's where Attackers are going to move to the depth pipeline. And we need to move some of our security technology to the dead pipeline toe, help customers defend themselves. >>What about International Geo Geo issues around compliance. How is that changing the game or slowing it down? Or I'm sailing it or you talk about that dynamic with regions? Are you >>sure you know us is the most innovative market and the most risk taking market, and therefore people moved to the cloud quite bravely over this over this decade. Some of the markets So, for example, were Japanese headquarters company. In general, Japanese companies, you know, really taken to a lot of considerations before they make that type of big bet. But now we're seeing it. We're seeing auto manufacturers embrace the cloud. So I think those it was a struggle for us in the early days. How regional the adoption of Cloud was. That's not the case anymore. It's really a relevant conversation in every one of our markets. >>Bill. Thank you for coming on the Cuban Sharing your insights Hybrid Cloud Security Got to ask you to end the segment. Yeah, What is going on for you This year? I'll see hybrids in your title. Operating models. Cloud center, gravity clouds going to the edge or data center. Just operate model. What's on your mind this year? What are you trying to do? Accomplish what you excited >>about? What? We're really excited about what this product announcement we made, called Cloud One. And what Cloud one is, is a set of Security Service's, which customers can access through common common access common building infrastructure, common cloud account management and choose what to use. You know, Andy put it pretty well in his keynote where you know he talked about He doesn't think of aws, a Swiss Army knife. He thinks of it as a specialized set of tools that builders get to adopt. We want to create a set of security tools in a similar way where customers can choose which of these specialized security service is that they want to adopt >>Bill. Great pleasure to meet you and have this conversation pro and then security area entrepreneur sold his company to Trend Micro. This is the hybrid world. It's all about the cloud operating model. So about agility and getting things done with application developers. This cube bringing all the data from reinvent stables for more coverage after this short break.

>>LA from Las Vegas. It's the cube covering AWS reinvent 2019 brought to you by Amazon web services and along with its ecosystem partners. >>Okay. Welcome back everyone. Cube coverage, Las Vegas live action ADA was reinvent 2019 third day of a massive show where our seventh year of the eight years of Ava when documenting the history and the rise and the changing landscape of the business. I'm Jon Favreau, Stu Miniman, my cohost, our next guest, bill McGee, senior vice president, general manager of the hybrid cloud security group within trend micro sold this company, those guys now lead executive of the cloud and hybrid hybrid cloud security. You've got hybrid in there looking through the queue and I've been to every re-invent every single one. Congratulations. Welcome to the cube. Nice to be here. So eight years. What's changed in your mind real quick? >>Ah, wow. The um, yeah, certainly the amount of adop uh, the amount of adoption is now massive mainstream. You don't have the question, should I go to the cloud? It's all about how and how much. Probably the biggest change we've seen is how it's really being embraced all around the world. We're a global company. We saw initially a U S on Australia type focused UK. Now it's all over the place and so really relevant everywhere. Oh Phil. I, you know, at least from my standpoint, and I have enough friends of mine in the security industry when we first started coming to the show, I mean security was here, security is not only is so front and center in the discussion of cloud that they had a whole show for it here. So, you know, give us the 2019 view of security inside that the, the broader hybrid cloud discussion here at Reinventure. >>Let me tell you a couple of things. Kind of what we're seeing within our customer base and then what matters from a security perspective. So we see some organizations doing cloud migration, moving workloads to the cloud. A various farms had a couple of meetings yesterday. One was call it evacuating their data center. The other one was celebrating that two weeks ago they closed their data center. So that's a big step. Windows and Linux workloads moving to the cloud and really changing existing security controls to work better in the cloud. But certainly what a lot of these cloud builders are here for is, uh, you know, developing cloud native applications. And originally, you know, back seven, eight years ago, that was on top of what's now seemed like pretty simple services like S three. Now you've got containers and serverless and other platforms that people are using. >>And then the last thing, a lot of companies are establishing a cloud center of excellence and they're trying to optimize their use of the cloud. They still have compliance requirements that they need to achieve. So these are what we see happening and really the challenge for the customer, okay, how do we secure all this? How do we secure the aggressive, aggressive cloud native application development? How do we help a customer achieve compliance easily from a cloud center of excellence? So that's where we see fitting. And we made a big announcement a couple of weeks ago about a new platform that we've created and you know, I'd love to talk to. >>Yeah, let's dig into that. Let's dig into that. But first when we were at was Amazon's first security conference, Dave latte and I were talking about wow, cloud security versus on prem security. And then what's happening here is I had a conversation with someone who was close to the CIA, can't say his or her name and that, and they said cloud has changed the game for them because their cost line was pretty much flat, but the demand for missions, which we're growing scaling. So we're seeing that same dynamic you were referring to it earlier, that cost in data centers is kind of flat, but the demand for application new stuff's happened. So there's a real increased her demand for apps. This is the real driver of how people are flexing and deploying technology. So the security becomes really the built in conversation. Correct. Comment on that dynamic. And what do you recommend while, so here's a couple of things >>as we've seen really. Uh, you know, again, we've been doing cloud security for about a decade and really it was primarily focused on one service of AWS, which is. Now that's a pretty darn big service. And, uh, you know, widely used within their customer base. There's now 170 services I think is the, you know, the most recent number. Um, so developers are embracing all these new services. We acquired a new capability in October company called cloud conformity based in Sydney, Australia. Very focused on AWS analyzes implementations against the AWS well architected framework. So the first step we see for customers is you got to get visibility into your use of the cloud for the security team. What services are being used? Then can you set up a set of security guard rails to allow those services to be used in a secure manner? Then we help our customers turn to more detailed specialized protection of or containers or serverless. So that's what we've recognized ourselves. We had to create a very modest version of what Amazon has created themselves, which is a platform that allows builders to connect to and choose what security services they want >>to help. Lota how broad is your service base? Is it all the services? Are you guys now pick and choose? I can't. It's hard to do all, but yeah, there's the main ones. What are the highlights? >>Yeah, I'll give you the ones where we provide, uh, a very large breadth of protection. So in the, what we're calling cloud one conformity service, so that's this, uh, technology we acquired a couple months ago. Um, it cuts across about 70 services right now and gives you visibility of potential security configuration errors that you have in your environment. Now, if it's in a dev team, maybe not such a big deal, but if it's in production, it is a big deal. Even better, you can scan your cloud formation templates on the way to, to, to being live. Then we have a set of specialized protection that will, you know, will run on a workload and protect it, protect a containerized environment, a library that can sit within a serverless application. So that's kinda how we look at it. >>They'll want, one of the things of going to the more and more cloud for customers is that there's that shared responsibility model. We know that security is everyone's responsibility. It needs to be built in from the ground up. How are your customers doing with that shift and how are they understanding what they need to do? There've been some pretty visible like, Oh wait, I really had to configure that. I'm not about that. And Amazon's trying to close the gap on some, bring us through some of those. >>We've seen a big positive change over the years. Initially I would say that there was what I would call a naive perception that the cloud was magic and it was perfectly secure and that I don't have to worry about it. Right. Amazon did a, did the industry a real favor by establishing the shared responsibility model and making crystal clear what they've got covered that you don't need to worry about anymore as a customer and then what are the capabilities you still need to worry about? They've delivered a set of security tools that help their customers and then they rely on partners like us to deliver a set of more in depth tools to a, you know, specialized markets. >>You actually used a word that we've been talking about a lot this week. Naive. So we said there's, you know, the one letter difference between being cloud native, I mean cloud naive there. What does it mean to be cloud native in the security world? >>Well, I would say what allows you to be so first the most important thing in every customer's mind. I don't care how good the security capabilities you're helping me with. If you're going to slow down the improvements that I've just made to my development life cycle, I'm not interested. So that is the most important thing is are you able to inject your security technology and allow the customer to deliver at the rate that they're currently or continuing to improve? That is by far the most important thing. Then it's are your controls fitting into an environment in a way that that are as easy as possible for the customer? One part that's been very critical for us. We've been a lead adopter of the AWS marketplace allowing customers to procure security technology easily. They don't actually have to talk to us to buy our product. That's pretty revolutionary. >>Talking about the number of breaches that have gone on and what's changed with you guys over the year because new vectors are coming out, there's more surface area. Obviously it's been been discussed what's changed most in years? I'll tell you what we're worried about and what we expect to see. Although I would say the evidence, it's early. Uh, the reality in our traditional data centers, they were so porous at runtime in terms of the infrastructure and vulnerabilities that it was relatively easy for attackers to get in. The cloud has actually improved the level of security because of automation, less configuration errors. Unfortunately, what we expect as attackers to move to the developers move to the dev pipeline, injecting code, not at runtime, but injecting it earlier in the life cycle. We've seen evidence of container images, uh, up on Docker hub getting infected and then developers just pulling in without thinking about it. >>That's where attackers are going to move to the dev pipeline and we need to move some of our security technology to the dev pipeline to help customers defend themselves. What about international geo geo issues around compliance? How is that changing the game or slowing it down or I'd say doubling it or can you talk about that dynamic? Because I'm sure with regions, I'm sure you know, the U S is the most innovative market and the most risk taking market and therefore people move to the cloud quite bravely. Uh, you know, over this over this decade. Um, and some of the markets, so for example, we're Japanese headquartered company, um, in general Japanese companies, you know, really, uh, take into a lot of considerations before they make that type of big bet. But now we're seeing it, we're seeing auto manufacturers, uh, embrace the cloud. So I think those, it was a struggle for us in the early days, how regional the adoption of cloud was. >>That's not the case anymore. It's really a relevant conversation in every one of our markets. Bill, thank you for coming on the Cuban sharing your insights on hybrid cloud security. I got to ask you to end the segment. Yeah. What is going on for you this year? I see hybrids in your title. That's obviously the, the operating model is clouds and are gravity clouds going to the edge or data center and just operating model. What's on your mind this year? What are you trying to do and accomplish? What's, what are you excited about? What we're really excited about was this a product announcement that we made called cloud one and what cloud one is, is a set of security services which customers can access through, you know, common, uh, common access, common billing infrastructure, common cloud account management, and choose what to use. You know, Andy put it pretty well in his keynote where, you know, he talked about, he doesn't think of AWS as, as a Swiss army knife. >>He thinks of it as a specialized set of tools that builders get to adopt. We want to create a set of security tools in a similar way where customers can choose which of these specialized security services that they want to adopt. Bill, great pleasure to meet you and have this conversation pro and then security area entrepreneur sold this company to trend micro. This is the hybrid world is all about the cloud operating model. So all about agility and getting things done with application developers, just cube bringing you all the data from re-invent. Stay with us for more coverage after this short break.

>> Announcer: From Hell's Kitchen in New York City, it's the Cube on the ground at Serverlessconf Brought to you by SiliconAngle Media. >> Hi, I'm Stu Miniman with the Cube, here at Serverlessconf in Hell's Kitchen, New York City. Our first time doing the Cube here. Happy to welcome back to the program, a multi-time guest, Mark Nunnikhoven who is the Vice President of Cloud Research at Trend Micro. Mark, great to see you. >> Thanks for having me. Great to see you Stu. >> Alright, so Mark repeat after me. >> Stu and Mark: Security is everybody's responsibility. >> Yeah. >> So you did a keynote talking about security, and I love, unfortunately I didn't get to see it in person, but I feel like I was there 'cause we had the Twitter's and the commentary. >> Yeah. >> And stuff like that. So security, it's a non-issue right? Serverless it's all set, containers and everything before it, everything's secure right? >> Yeah. As you know from looking at the headlines, we do security really well in the IT community. So you can sleep well at night. We don't have to worry about anything. No, unfortunately it continues to be a challenge, and the point of the keynote yesterday was, sort of, give the state of the nation, how we're doing in the Serverless environment. And the good news is we're doing well in security for Serverless designs, but the bad news is not through any individual or purpose action. Simply by just building in these methods, we get a huge amount of security advantages. >> Yeah. >> But we can do better. >> Alright so Mark, what can we learn? It's funny, we see these repetitive things go on in the industry. It's like "Oh well, I'm just going to use Sass." "I don't need to worry about security, right?" "Oh, I'm going to go public Cloud, they'll take care of it for me." >> Yeah. >> Now containers, Serverless it feels like we have the same trope over, and over, and over again, right? >> We do, very very much so. And one of the things I called out yesterday was actually highlighting how the OWASP Top 10, which is the 10 most common vulnerabilities in web applications, have not really changed since 2010. Yet we didn't have even the concept of Serverless in 2010, but we're still making the same mistakes. SQL injection, still the top mistake that we've been making for the last decade. >> Alright, so we're talking about security. Let's step back for a second. So I believe a lot of the people watching these interviews are going to be like "Serverless, I don't get it." I love the, the Cloud Guru folks have the t-shirt, the update of the Cloud one. There is no Cloud, it's just somebody else owns the computer now. I forget the full thing. >> Somebody else's informal execution environment that last's for milliseconds, something along that. >> So what from your standpoint, you've been talking to a lot of customers >> Yeah. >> that you're speaking at this conference. You know, the what and the why of Serverless? >> Yeah, so Serverless is really that sort of, I won't say conclusion, but the logical next step of Cloud where you start to realize, when you move out of your own data center where you were doing everything, and you move into the Cloud and go, well half of the responsibility is on Amazon, or Google, or Microsoft, or whoever. And then you go, well hold on a second, why am I even managing Windows or Linux? What advantage is that to me? I make widgets, or I sell shirts or whatever. And so you move up into something like containers, and you ask the same question. Go, well why am I even running those? Serverless is that last step on the current line of going, I don't have to run any of this stuff. I can just write code that's directly tied to my business. >> Yeah, and I like how you said it's the next step. I think back to science, and it was like when we found the atom. Everybody was super excited, and then oh, there were protons and neutrons, and they were like oh my gosh, and electrons and everything. And then they're like "Oh and then there's the quark." >> Yeah. >> Everything like that. So the digger, the further down we deep, but what is the value of that? So we went from the server, to virtualized environments, to microservices, to containers. Why is that important? What's the business outcome that people are getting when they get excited and start playing with Serverless? >> For sure, so there's really two main points for me. One is that you have a direct tie between IT and the business, both from performance as well as cost. So now you can actually say that application had cost me $1.10 per transaction, and I normally make $9 on each transaction. So this is good, let's continue to invest there. So there's finally a breakdown between the separation, and you get that unity with the business and IT. And the second is accessibility. Because there's far less infrastructure and plumbing to worry about, you have people who aren't traditionally viewed as developers, more of the business analysts, starting to actually write solutions that are far more directly in line with what you want to do as a business. >> Alright, one of the things I liked seeing in the keynotes was can we do today and what can't we do today? So web applications, great, IOT, things like the Amazon Button, or the Amazon Alexa. >> Yeah. >> All leverage that. What are some of the cool applications that you've seen leveraging Serverless today? >> Yeah, so a lot of cool robots. A friend of mine, Ben Kehoe from iRobot gave a great talk on it. A lot of their stuff leverages that, and I'm a nerd, I love robots. >> Who doesn't like robots? >> Exactly, right? >> We welcome our robot overlords here at the Cube. >> Absolutely. And if they're listening, when they process this, thank you for your service. But yeah, there's a lot of great things where we're crossing out of the digital world into the real world. Because we can connect these things up with the advantage of Serverless. We don't have to build out a huge infrastructure. If you need smart lighting, if you need smart appliances, all of the IOT world, it's all Serverless. >> Yeah. So I'm going to bring up this word >> Yeah. >> That has some weight to it enterprise. >> Uh oh, let me brace. Yeah. >> So companies, we're talking, the Cloud is being used for whole businesses and everything like that. Is Serverless for, it's web, and robots, and cool toys, and everything like this. What are you seeing? What are the limitations, and does this become a predominant operating model in the future? >> Yeah, there's a lot of hesitancy in the enterprise because they're not familiar with it. >> Yeah. >> But realistically, any enterprise today should have a very simple, sort of, fall down model. When they're building something new, start at Serverless. If that doesn't meet your needs, put it in a container. If that doesn't meet your needs, build a server. Again, you want to do less work. The challenge, again, is comfort level. Serverless breaks a lot of our tooling. >> Yeah. >> So you need to learn a lot of stuff, but it's definitely where enterprises should be looking today if they want to get ahead. >> Okay, and Mark what advice do you give to companies today as they think about security across some of these various environments? >> Well you led the cheer at the start. Security is everybody's responsibility. From a security practitioners side, point of view, we've done ourselves a disservice in isolating ourselves in teams and not talking to people. We need to be educators within our organizations to help people understand what they can do. It goes all the way back to the Mythical Man-Month. It's easier to squash a bug before you ever write it, rather than when it's deployed to millions of people. Same thing for security, the earlier you're on it, the more people are looking at it, the better off you're going to be. >> Alright Mark, I want to give you the final word. Take aways, the event isn't done, but for people that aren't familiar where do they get started? Where should they dig in for Serverless? >> Yeah, there's a ton of great content here. So this is the fifth Serverless event. A lot of the old talks are up on YouTube, and Cloud Guru's done a fantastic job on pulling this community together. Check out all that stuff. The major providers, all of them are here. All of them have excellent entry level projects to help you get rolling and really that's the best way to start. Fire up the console, start building something. Why not? >> Alright Mark, really appreciate you joining. Thank for sharing with the community here, our community. Look forward to seeing you at many more events, and thank you so much for watching the Cube. (upbeat music)

(upbeat techno music) >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're at the RSA conference in downtown San Francsisco. 40,000 security professionals talking about how to keep the bad guys out, especially with IOT and 5G coming right around the corner. Joined by the many time CUBE alumnae, always great to catch up with Mark. Mark Nunnikhoven from Trend Micro, what's your title now? >> VP... >> Cloud research? >> VP Cloud research, that's good. >> Welcome! >> Thank you for having me, I appreciate it. >> So it's always good to see that the booth, you guys always have kind of the craziest, wackiest booths. I was wondering though, if you fell out of the rocket ship and that's how you busted your arm. >> That's definitely a better story, so I think we can go with that, or a transporter malfunction, something like that will be a much better story than the sad truth. >> Okay. >> So you've been coming to this show for a while, we see you at all the AWS events, how is the kind of evolution of cloud and the ongoing expansion of cloud kind of change the game in the world of security? >> Yeah, I think cloud has enabled us to do a lot of things that we've been trying to do for a long time, and you know, so we've talked about enabling granular security throughout the enterprise for years, and it's always been hard because we've had a lot of different vendors, a lot of different systems. When we moved to cloud, it's getting a lot more homogenized, and everything's accessible via an API. So we're seeing a lot of maturity in that space where people are embracing that fact, and starting to enable some things that we've been trying to do, like that solid identity in axis management, you know, that's been really difficult in the enterprise, it's far simpler in a cloud space. >> That's interesting, because the other fact is all these things are now all connected via APIs, right? And there are a whole lot of SAS applications in the enterprise >> Yeah! >> So the attack surface is growing significantly and as was pointed out in the keynote this morning, a lot of people work from home, they plug in their desks, you know, it's just, it's growing very very quickly. >> It is! >> So how do you look at some of these challenges? >> Yeah, and it's funny because it is significant and you look at IOT alone, right? There's billions and billions of devices that are being connected and the devices themselves aren't necessarily so much of a threat, though we did see that this year with the Miray bot net and you know some massive d-dos attacks, but it's the data that's going in the back end that's more of a danger to consumers. And we see that with sas services as well. As a security practitioner, you lose the ability to apply the traditional controls that we're used to. And now you're relying on your service provider to do that for you. But it's still your data. So you're sort of forced to construct this balance of, you know, making sure you're leveraging the controls and options the provider has, but also looking out for things like, you know, people effecting the data going in, and sort of manipulating and gaming the system more, and I think you mentioned they said that this morning too. >> Right, the other thing they said this morning is that every company has at least one person that's trying to connect with a Nigerian prince. >> Yeah! >> Who's going to click on these? >> Well he needs money! He needs money, right? >> Yeah, got to give him a little money. >> Yeah! >> I mean it's funny, as far as we've evolved, you know, every, you know, my wife will say "Oh, I got this weird email", so like don't click it, don't click it! >> Mark: Yeah! >> It's the same old techniques! >> It is, and, you know, I've been doing a lot of research in serverless security lately, and that's driven me to a really weird question. Because it's a collection of services where you don't have the ability to apply any controls directly. And it's sort of started me down this path of what is security mean? And it ties to what you were saying in that at the end of the day, users need to be able to use these systems. And sort of a pet peeve of mine is we tell people not to click on these links, but that's the sole purpose of a link is to be clicked on. So we need to find a better balance of educating people and giving them the context in which to make these decisions and having better reputation systems and better automated controls, so that they don't have the option of clicking or not clicking, they just never see bad links in the first place. >> Right, that's a good strategy. The other theme that's coming in, over and over, is really collaboration within the ecosystem here. To share facts, share knowledge, share data, so that you can pick up patterns faster, you can see notes, really the same thing over and over and over. And really, being the kind of co-op-itician, which is what makes Silicon Valley Silicon Valley. >> It is. And it's nice to see it increasing, I think it's gaining pace. And we're not just seeing it with the vendors, we're also seeing it where competitors in different industries are getting together. So a lot of financial CSOs are collaborating because they have a common enemy. And they realize they can't beat them alone, so if they're sharing threat intelligence amongst themselves, that they all sort of win because if one of them goes down, you know that attack's coming to the next door, right? >> Jeff: Right. >> You know, the next day. And we're doing the same thing in the vendor space, we're being more open to collaboration, and we're sharing research analysis, you know. A lot of vendors are launching bug bounty programs. You know, responsible disclosure is becoming a little more standardized. So not only within the community of vendors, but also within the research community. I think the more we talk, the better off we are because we see it in the underground where criminals are selling services to each other. They go "don't worry about setting up a bot net, Jeff I'll rent you one," so that miray bot net of IOT devices, we found that available for sale, you could lease it for 7500 US would get you almost a gigabyte of d-dos attack. And, you know, that's a really low barrier of entry for criminals, >> Jeff: Yeah. >> We need to make sure that we're making it easy for defenders to defend against that kind of thing. >> Still my favorite is the fake ransomware, where I didn't actually put ransomware in your machine but I told you I did, so go ahead and send the money to the Nigerian guy, and I promise I won't turn it on. >> Well, so that one's one of my favorites, but also sort of the super evil one that we saw this year was okay, I've encrypted your files, and I'll give you the key not for money, but if you encrypt two of your friends. So the pyramid scheme in spreading the attack. And that one was just super evil, cause it's mainly the social side, like, what kind of guy are you? Are you going to encrypt, like, you know? >> Which friends get it, right? >> Exactly, you know. >> Ones at the bottom of the list from Facebook. >> Yeah, but ransomware is a great example of attackers realizing that they can do this at scale, they can be insanely profitable, because even if you don't think you have a lot of valuable data, you probably got personal photos and videos that are really important to you, and if you're not taking basic preventative steps like backing up or patching your systems, then they're going to be able to get 500 bucks out of you, and that doesn't sound like much, but when you multiply that times, you know, 50, 60,000 people, because they just need to click a button or add people to a list, that's a huge amount of cash that's flowing in their coffers. >> Right. The other big change in scale that keeps getting talked about here is government, you know, kind of backed. >> Cyber... >> The nation state? >> Yeah, the nation state, thank you. Totally changing the game again, and as we talked about off air, it's good to know who you're fighting with. At least you can see 'em, but at the same time the scale of resources that they can bring to bare significantly bigger. >> Yeah, and that's the challenge. If you're not a nation state against a nation state, you know, it's David versus Goliath, without a good ending. Yeah, without the rock. You just got a piece of cloth, you're like "I hope I can throw somethin' at ya!" You know, but there is some advantage in knowing your adversary, especially when you're talking about, you know, nation state versus nation state, because everybody's got signature moves, they've got go-to work, you know, and you can kind of track them over time. And we've seen that with some research available, which is a great example of, you know, community participation, places like Mandy sharing information, you know, we do it at Trend Micro, bunch of the community players share like "hey, we found this ABT, we're associating it with, you know, probably a nation state, we're not sure who," but even the government, GHS just had a great release on grizzly stat, which was a very good campaign done, but very detailed analysis. Which we didn't see that three years ago, so helping people out to understand what they're up against, and if you're, you know, a smaller enterprise, or even a larger enterprise, you might not have the resources, but you can still take steps to make it harder. >> Right. >> And that's sort of the name of the game. Make it harder so that you get a better chance at protecting your data and at least being aware when you have been breached. >> Alright Mark, I'm going to give you the last word before we sign off here. What are your kind of priorities for 2017? You know, we talk a year from now, what are we going to talk about that you guys worked on this year? >> Yeah, hopefully, you know, a lot of the same, we're still pushing hard in cloud security around servers and containers, but a lot of my personal research has been pushing more towards teams and security professionals, and what we need to do to adjust to be educators in the space as opposed to being a silo team that's just telling you, saying "hey, you really should do this better." And I think that's a space that as an industry, we're ranking up to, that we have the expertise and we need to make sure the rest of business gets it too. >> I love it. We're hearing about big data all the time, it's a team sport, security is a team sport too. >> It is. It's a great way to put it. >> Alright, Mark Nunnikhoven, I'm Jeff Frick. You're watching theCUBE. We're at RSA, downtown San Francisco. Thanks for watching. (upbeat techno music) (gentle techno music)

(light music) (airy white noise rumbling) >> Hey everyone, welcome back to Las Vegas. It's theCUBE. We're here, day four of our coverage of AWS re:Invent 22. There's been about, we've heard, north of 55,000 folks here in person. We're seeing only a fraction of that but it's packed in the expo center. We're at the Venetian Expo, Lisa Martin, Dave Vellante. Dave, we've had such great conversations as we always do on theCUBE. With the AWS ecosystem, we're going to be talking with another partner on that ecosystem and what they're doing to innovate together next. >> Well, we know security is the number one topic on IT practitioners, mine, CIOs, CISOs. We also know that they don't have the bench strength, that's why they look to manage service providers, manage service security providers. It's a growing topic, we've talked about it. We talked about it at re:Inforce earlier this year. I think it was July, actually, and August, believe it or not, not everybody was at the Cape. It was pretty well attended conference and that's their security focus conference, exclusive on security. But there's a lot of security here too. >> Lot of security, we're going to be talking about that next. We have two guests from Capgemini joining us. Mike Wasielewski, the head of cloud security, and NextGen secure architectures, welcome Mike. Anne Saunders also joins us, the Director of Cybersecurity Technology Partnerships at Capgemini, welcome Anne. >> Thank you. >> Dave: Hey guys. >> So, day four of the show, how you feeling? >> Anne: Pretty good. >> Mike: It's a long show. >> It is a long, and it's still jamming in here. Normally on the last day, it dwindles down. Not here. >> No, the foot traffic around the booth and around the totality of this expo floor has been amazing, I think. >> It really has. Anne, I want to start with you. Capgemini making some moves in the waves in the cloud and cloud security spaces. Talk to us about what Cap's got going on there. >> Well, we actually have a variety of things going on. Very much partner driven. The SOC Essentials offering that Mike's going to talk about shortly is the kind of the starter offer where we're going to build from and build out from. SOC Essentials is definitely critical for establishing that foundation. A lot of good stuff coming along with partners. Since I manage the partners, I'm kind of keen on who we get involved with and how we work with them to build out value and focus on our overall cloud security strategy. Mike, you want to talk about SOC Essentials? >> Yeah, well, no, I mean, I think at Capgemini, we really say cybersecurity is part of our DNA and so as we look at what we do in the cloud, you'll find that security has always been an underpinning to a lot of what we deliver, whether it's on the DevSecOps services, migration services, stuff like that. But what we're really trying to do is be intentional about how we approach the security piece of the cloud in different ways, right? Traditional infrastructure, you mentioned the totality of security vendors here and at re:Inforce. We're really seeing that you have to approach it differently. So we're bringing together the right partners. We're using what's part of our DNA to really be able to drive the next generation of security inside those clouds for our clients and customers. So as Anne was talking about, we have a new service called the Capgemini Cloud SOC Essentials, and we've really brought our partners to bear, in this case Trend Micro, really bringing a lot of their intelligence and building off of what they do so that we can help customers. Services can be pretty expensive, right, when you go for the high end, or if you have to try to run one yourself, there's a lot of time, I think you mentioned earlier, right, the people's benches. It's really hard to have a really good cybersecurity people in those smaller businesses. So what we're trying to do is we're really trying to help companies, whether you're the really big buyers of the world or some of the smaller ones, right? We want to be able to give you the visibility and ability to deliver to your customers securely. So that's how we're approaching security now and we're cloud SOC Essentials, the new thing that we're announcing while we were here is really driving out of. >> When I came out of re:Invent, when you do these events, you get this Kool-Aid injection and after a while you're like hm, what did I learn? And one of the things that struck me in talking to people is you've got the shared responsibility model that the cloud has sort of created and I know there's complexities across cloud but let's just keep it at cloud generically for a moment. And then you've got the CISO, the AppDev, AppSecDev group is being asked to do a lot. They're kind of being dragged into security that's really not their wheelhouse and then you've got audit which is like the last line of defense. And so one of the things that struck me at re:Inforce is like, okay, Amazon, great job for their portion of the shared responsibility model but I didn't hear a lot in terms of making the CISO's life easier and I'm guessing that's where you guys come in. I wonder if you could talk about that trend, that conceptual layers that I just laid out and where you guys fit. >> Mike: Sure, so I think first and foremost, I always go back to a quote from, I think it's attributed to Peter Drucker, whether that's right or wrong, who knows? But culture eats strategy for breakfast, right? And I think what we've seen in our conversations with whether you're talking to the CISO, the application team, the AppDev team, wherever throughout the organization, we really see that culture is what's going to drive success or failure of security in the org, and so what we do is we really do bring that totality of perspective. We're not just cloud, not just security, not just AppDev. We can really bring across the totality of the Capgemini estate. So that when we go, and you're right, a CISO says, I'm having a hard time getting the app people to deliver what I need. If you just come from a security perspective, you're right, that's what's going to happen. So what we try to do is so, we've got a great DevSecOps service, for example in the cloud where we do that. We bring all the perspectives together, how do we align KPIs? That's a big problem, I think, for what you're seeing, making CISO's lives easier, is about making sure that the app team KPIs are aligned with the CISO's but also the CISO's KPIs are aligned with the app teams. And by doing that, we have had really great success in a number of organizations by giving them the tools then and the people on our side to be able to make those alignments at the business level, to drive the right business outcome, to drive the right security outcome, the right application outcome. That's where I think we've really come to play. >> Absolutely, and I will say from a partnering perspective, what's key in supporting that strategy is we will learn from our partners, we lean on our partners to understand what the trends they're seeing and where they're having an impact with regards to supporting the CISO and supporting the overall security strategy within a company. I mean, they're on the cutting edge. We do a lot to track their technology roadmaps. We do a lot to track how they build their buyer personas and what issues they're dealing with and what issues they're prepared to deal with regards to where they're investing and who's investing in them. A lot of strategy around which partner to bring in and support, how we're going to address the challenges, the CISO and the IT teams are having to kind of support that overall. Security is a part of everything, DNA kind of strategy. >> Yeah, do you have a favorite example, Anne, of a partner that came in with Capgemini, helped a customer really be able to do what Capgemini is doing and that is, have cybersecurity be actually part of their DNA when there's so many challenges, the skills gap. Any favorite example that really you think articulates how you're able to enable organizations to achieve just that? >> Anne: Well, actually the SOC Essentials offering that we're rolling out is a prime example of that. I mean, we work very, very closely with Trend on all fronts with regards to developing it. It's one of those completely collaborative from day one to going to the customer and that it's almost that seamless connectivity and just partnering at such a strategic level is a great example of how it's done right, and when it's done right, how successful it can be. >> Dave: Why Trend Micro? Because I mean, I'm sure you've seen, I think that's Optiv, has the eye test with all the tools and you talk to CISOs, they're like really trying to consolidate those tools. So I presume there's a portfolio play there, but tell us, tell the audience a little bit more about why Trend Micro and I mean your branding with them, why those guys? >> Well, it goes towards the technology, of course, and all the development they've done and their position within AWS and how they address assuring security for our clients who are moving onto and running their estates on AWS. There's such a long heritage with regards to their technology platform and what they've developed, that deep experience, that kind of the strength of the technology because of the longevity they've had and where they sit within their domain. I try to call partners out by their domain and their area of expertise is part of the reason, I mean. >> Yeah, I think another big part of it is Gartner is expecting, I think they published this out in the next three years, we expect to see another consolidation both inside of the enterprises as well as, I look back a couple years, when Palo Alto went on a very nice spending spree, right? And put together a lot of really great companies that built their Prisma platform. So what I think one of the reasons we picked Trend in this particular case is as we look forward for our customers and our clients, not just having point solutions, right? This isn't just about endpoint protection, this isn't just about security posture management. This is really who can take the totality of the customer's problems and deliver on the right outcomes from a single platform, and so when we look at companies like Trend, like Palo, some of the bigger partners for us, that's where we try to focus. They're definitely best in breed and we bring those to our customers too for certain things. But as we look to the future, I think really finding those partners that are going to be able to solve a swath of problems at the right price point for their customers, that is where I think we see the industry moving. >> Dave: And maybe be around as an independent company. Was that a factor as well? I mean, you see Thoma Bravo buying up all his hiring companies and right, so, and maybe they're trying to create something that could be competitive, but you're saying Trend Micros there, so. >> Well I think as Anne mentioned, the 30 year heritage, I think, of Trend Micro really driving this and I've done work with them in various past things. There's also a big part of just the people you like, the people that are good to work with, that are really trying to be customer obsessed, going back right, at an AWS event, the ones that get the cloud tend to be able to follow those Amazon LPs as well, right, just kind of naturally, and so I think when you look at the Trend Micros of the world, that's where that kind of cloud native piece comes out and I like working with that. >> In this environment, the macro environment, lets talk a bit, earning season, it's really mixed. I mean you're seeing some really good earnings, some mixed earnings, some good earnings with cautious guidance. So nobody really (indistinct), and it was for a period time there was a thinking that security was non-discretionary and it's clearly non-discretionary, but the CISO, she or he, doesn't have unlimited budgets, right? So what are you seeing in terms of how are customers dealing with this challenging macro environment? Is it through tools consolidation? Is that a play that's going on? What are you seeing in the customer base? >> Anne: I see ways, and we're working through this right now where we're actually weaving cybersecurity in at the very beginning of how we're designing offers across our entire offer portfolio, not just the cybersecurity business. So taking that approach in the long run will help contain costs and our hope, and we're already seeing it, is it's actually helping change the perception that security's that cost center and that final obstacle you have to get over and it's going to throw your margins off and all that sort of stuff. >> Dave: I like that, its at least is like a security cover charge. You're not getting in unless we do the security thing. >> Exactly, a security cover charge, that's what you should call it. >> Yeah. >> Like it. >> Another piece though, you mentioned earlier about making CISO's life easier, right? And I think, as Anne did a really absolutely true about building it in, not to the security stack but application developers, they want visibility they want observability, they want to do it right. They want CI/CD pipeline that can give them confidence in their security. So should the CISO have a budget issue, right? And they can't necessarily afford, but the application team as they're looking at what products they want to purchase, can I get a SaaS or a DaaS, right? The static or dynamic application security testing in my product up front and if the app team buys into that methodology, the CISO convinces them, yes, this is important. Now I've got two budgets to pull from, and in the end I end up with a cheaper, a lower cost of a service. So I think that's another way that we see with like DevSecOps and a few other services, that building in on day one that you mentioned. >> Lisa: Yeah. >> Getting both teams involved. >> Dave: That's interesting, Mike, because that's the alignment that you were talking about earlier in the KPIs and you're not a tech vendor saying, buy my product, you guys have deep consultancy backgrounds. >> Anne: And the customer appreciates that. >> Yeah. >> Anne: They see us as looking out for their best interest when we're trying to support them and help them and bringing it to the table at the very beginning as something that is there and we're conscientious of, just helps them in the long run and I think, they're seeing that, they appreciate that. >> Dave: Yeah, you can bring best practice around measurements, alignment, business process, stuff like that. Maybe even some industry expertise which you're not typically going to get from a product company. >> Well, one thing you just mentioned that I love talking about with Capgemini is the industry expertise, right? So when you look at systems integrators, there are a lot of really, really good ones. To say otherwise would be foolish. But Capgemini with our acquisition of Altran, a couple years ago, I think think it was, right? How many other GSIs or SIs are actually building silicon for IoT chips? So IoT's huge right now, the intelligent industry moving forward is going to drive a lot of those business outcomes that people are looking for. Who else can say we've built an autonomous vehicle, Capgemini can. Who can say that we've built the IoT devices from the ground up? We know not just how to integrate them into AWS, into the IoT services in the cloud, but to build and have that secure development for the firmware and all and that's where I think our customers really look to us as being those industry experts and being able to bring that totality of our business to bear for what they need to do to achieve their objectives to deliver to their customer. >> Dave: That's interesting. I mean, using silicon as a differentiator to drive a lot of business outcomes and security. >> Mike: Absolutely. >> I mean you see what Amazon's doing in silicon, Look at Apple. Look at what Tesla's doing with silicon. >> Dave: That's where you're seeing a lot of people start focusing 'cause not everybody can do it. >> Yeah. >> It's hard. >> Right. >> It's hard. >> And you'll see some interesting announcements from us and some interesting information and trends that we'll be driving because of where we're placed and what we have going around security and intelligent industry overall. We have a lot of investment going on there right now and again, from the partner perspective, it's an ecosystem of key partners that collectively work together to kind of create a seamless security posture for an intelligent industry initiative with these companies that we're working with. >> So last question, probably toughest question, and that's to give us a 30 second like elevator pitch or a billboard and I'm going to ask you, Anne, specifically about the SOC Essentials program powered by Trend Micro. Why should organizations look to that? >> Organizations should move to it or work with us on it because we have the expertise, we have the width and breadth to help them fill the gaps, be those eyes, be that team, the police behind it all, so to speak, and be the team behind them to make sure we're giving them the right information they need to actually act effectively on maintaining their security posture. >> Nice and then last question for you, Mike is that billboard, why should organizations in any industry work with Capgemini to help become an intelligent industrial player. >> Mike: Sure, so if you look at our board up top, right, we've got our tagline that says, "get the future you want." And that's what you're going to get with Capgemini. It's not just about selling a service, it's not just about what partners' right in reselling. We don't want that to be why you come to us. You, as a company have a vision and we will help you achieve that vision in a way that nobody else can because of our depth, because of the breadth that we have that's very hard to replicate. >> Awesome guys, that was great answers. Mike, Anne, thank you for spending some time with Dave and me on the program today talking about what's new with Capgemini. We'll be following this space. >> All right, thank you very much. >> For our guests and for Dave Vellante, I'm Lisa Martin, you're watching theCUBE, the leader in live enterprise and emerging tech coverage. (gentle light music)

>>from >>around the globe. It's the Cube with digital coverage of AWS reinvent 2020. Special coverage sponsored by AWS Global Partner Network >>Right. Welcome, everyone to the Cube. Live covering aws reinvent 2020. I'm your host, Rebecca Knight. Today we're joined by Joshua Virgin. He is the general manager at AWS Outpost. Thanks so much for coming on the Cube. Joshua, >>thank you for having me. It's great to be here. >>Well, it's great to have you So tell our viewers a little bit about aws out AWS Outpost. >>Sure, it's the one of my favorite subjects, obviously. So outpost is a service from AWS that allows you to use the same tools technology ap ice. You know, programming interfaces that you do in the cloud, but install this and run it on your own premises or in a co location facility. So it really extends the reach of A W S two far more locations than you could otherwise use it. >>So what are some of the advancements this year? >>It's been an amazingly you know, busy year, even under unprecedented kind of circumstances, where we've tried to turn the crank really hard and deliver value for our customers. We increase the number of countries you could order outposts in up to 51 countries. You can now connect outpost all 22 AWS regions and or govcloud regions everything outside of China. On we delivered 15 new services or incremental features, including S three on outpost, which was the top thing that customers asked for. But also our application load balancer, elastic cash are relational database service RDS. You know, there's probably more that I'm missing here, but, you know, and we're definitely not slowing down in that regard. 2021 will probably be an even bigger year. >>So tell us a little bit about the response from customers since the launch of a W s outpost last year. What are you hearing? >>Yeah, I mean, we're hearing a lot. I think we've been pleasantly surprised by the breadth and the depth of the customer use cases. One >>of the >>biggest things we heard from people was, you know, the the outposts are great, but it's a it's a full rack of compute or many racks of compute in some cases in storage, you know, their locations that people wanted to put it in that were smaller where their space constrained. Maybe a restaurant or a factory floor or ah, you know, small medical facility. You know, a telco like a cell site. And and so what we did, based on that is something that we actually just announced and Andy's keynote just a few days ago here, which is the new small form factor outposts that are one you and to you size servers. It's about the size of one or two pizza boxes stacked on top of each other. So that's even going to make outposts available toe even Mawr use cases. Uh, you know, early on we kind of said to ourselves that it's important to kind of give people that consistent experience wherever they might need the compute and storage and the other services. And so I've been I've been really pleasantly surprised, as I mentioned earlier by how many people have talked to us. We have customers like Philips Healthcare. They are. They're bringing their medical imaging solution toe outposts, and it allows them to kind of modernize the way they deliver services, the hospitals and medical research centers around the world, something that really wouldn't be possible without having A W s everywhere, >>and that is much, much needed today. Um, tell us a little bit about Maura. About this year in particular. You said it yourself at the beginning of our conversation. This is an unprecedented year for so many different reasons. How has the cove in 19 pandemic affected AWS outpost and how your team interacts with customers and get your job done? >>Yeah, we I >>think we have >>some unique, you know, challenges in that regard. Obviously, as I mentioned earlier, a W s outposts are installed in a co location, facility or on a customer's own premises in a data center. You know, other things like that. So obviously we have to get our technicians out there toe, roll them in and hook them up to your network and, you know, to get them powered up. So that means that we are complying with, uh, covert restrictions. And as I mentioned 51 different countries. So there was even an install earlier this year at a mining location, you know, far outside the U. S. Where we had to get technicians working with, uh, local technicians from the customer following Kobe guidelines wearing protective gear and actually installing the outpost. You know, using kind of satellite connectivity and phones, toe phone home and talk to us during the installation, of course, because it's not hooked up yet. So those were just kind of examples of the lengths to which will go to make sure that, of course, we're safe. The customers were safe, but that they can kind of continue to modernize their application portfolio and get benefits from the outpost. >>And what are you hearing from clients and customers in terms of how they're thinking about their technology needs now and in the coming year? >>Yeah, that's a That's a great question. I mean, it really varies by market segment. So you have customers like Cisco and Ericsson and Telefonica. They're gonna be using Outpost Thio kind of run their five g packet core technology. It it's got to be run at the edge right there. Telcos. They need to minimize Leighton, see single digit milliseconds, or you might have a customer like Lockheed Martin, And what they've told us is they have projects that are subject to government contracts and regulations. And not only do they have, of course, compliance regimes like Fed ramp that they need to be aware of. But there's data residency requirements. So whether they're deploying in the United States or, you know, with our allies all around the world, the compute in the storage that they need to run in specific locations. So now outposts are going to be a key advancement and kind of a key differentiator for them in how they deliver services to their customers and still meet those data residency or compliance requirements. >>Joshua, tell our viewers more about AWS Outpost ready? >>Oh, that zits. Another thing. I'm really glad you mentioned. So the Outpost Ready program. These are solutions from our a Pienaar Amazon AWS partner Network that are validated in following our best practices on AWS outposts. They're certified toe work and you know they're generally available to customers. And so it's a program where, you know, I SVs and saz providers can ensure that the technology that they provide this third party technology is going to work in the outpost environment. And and there's there's something about outpost that I think makes this, uh, differentiator and uniquely valuable. When I mentioned kind of that consistent hybrid experience. When you think about how outposts are deployed, you know, in a customer's data center, Mike. Maybe alongside other technology they're already using. And so customers say, Look, these AWS services are great, but I already use a variety of, you know, third party technology, maybe from Veritas or Trend Micro Palo Alto Networks. Con vault sigh since pager duty Pure storage Netapp. You know, the list is actually pretty extensive of what people are already using. And so they said, you know, I do plan on using AWS services, but I also don't want to give up. You know what what my team is already familiar with, So can you make sure that's gonna work for me, whether I'm using it in the region or on the AWS outposts? And so the interest and kind of demand for this both from customers and the enthusiasm from the partners has been off the charts. We started the program in just September, which is not that long ago, and we had 32 partners, and as of today we have an additional, uh, additional 25 partners, right? It's 57 partners, total 64 certified solutions so that that's a lot of momentum in just kind of, ah, short amount of time. And I'm really happy that we can deliver that to the customers >>so it doesn't. It's already showing tremendous momentum. How do you think about it in terms of the primary benefits that it gives to customers and how it helps customers and partners? >>Yeah, I think, you know, in order to qualify, the solution has to be tested and validated upon against a bunch of criteria that we have very specific technical criteria, security requirements operational and you know, they're they're supported for customers with clear deployment guidelines. So you know, the customers can kind of think of this as a guarantee that we're not just saying maybe this could work, but but this will work. If you're already using it, it's going to continue to work in a way that's familiar to you and and again, that's important. That consistent hybrid experience, whether you're using a solution from a third party or from AWS, whether you're using it in the region or on a local zone or in a wavelength zone, some of our other, you know, kind of innovative infrastructure deployments or using it on outpost, no matter where you're using it, it has to work the same way. And so this is something that customers have said. I want to be able to get up and running quickly. We had a customer riot games. They're the maker of league of Legends. But also when they were launching their new game, Valerie Int, in June of 2020 they deployed outpost in four different locations to kind of ensure a level playing field in terms of latency. What they told us, you know, very much like this service ready program is they were able to get up and running in just a matter of days once the outpost was deployed. And it's because we gave them those same a p I s that same tooling. So I think that's really important for people. And, you know, I hope we can continue to deliver on that promise. >>So the closest out here, I want you to look into your crystal ball and think ahead 12 and 24 months when you know, fingers crossed things are back to somewhat more normal. What? What's in store for AWS Outpost? >>Yeah, I mean, we're going to deliver on what we announced here at reinvent, which is the new small form factor outposts on. I think what we're going to continue to do is listen to customers. We developed outpost from the very beginning because customers said Could could you deploy outposts in our in our data center or Sorry, can you deploy eight of us? And our data center didn't have a name back then. And so that's really the hallmark of AWS, you know, somewhere around 90% of our road maps or based on what customers tell us they want, then the other 10% is when we kind of look around the corner and hopefully delight people with something they didn't even know they needed. And I really hope for my team. And that that's what 2021 2022 brings is, you know, more countries, more services, more value, more compliance certifications. You know, all the things that people tell us they want. We're going to keep turning the crank as hard as we can and delivering that as quickly as possible >>with the trademark Amazon customer delight. >>Yes, absolutely >>excellent. Well, Joshua Virgin. Thank you so much for coming on the Cube. It was a pleasure having you. >>That was a pleasure talking to you. Thank you very much. >>I'm Rebecca night for more of the cubes. Coverage of AWS reinvent 2020. Stay tuned. >>Yeah.

>> Narrator: From theCUBE Studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is theCUBE conversation. >> Hi everybody, this is Dave Vellante and welcome to this week's CUBE insights powered by ETR. In this breaking analysis, we're going to bring in Sagar Kadakia who's the Director of Research at ETR. He's been away for the last couple of weeks, he's really digging into the latest data set, ETR of course it was in it's quiet period. And today, what we want to do is give you three of the macro takeaways from that last two-week analysis and drill into to some of the sectors. So Sagar, that's for coming on, great to see you again. Let's get right into it. >> Let's do it, thanks for having me. >> You've been crazy busy, we started the year at a plus 4%, consensus IT spend. We reported for several weeks and ended up at minus 4%. We're now at minus 5%, after you've gone through and done some additional analysis. So bring us up to date the IT spend projection. >> Yeah no problem, and that's our first macro takeaway, is we're seeing declines in IT budget, a decline of 5%. And remember, coming into the year as you mentioned, consensus assessments were right around that 4% number. And so we've seen this kind of 900 basis point shift downward so that's kind of where we are today, if we kind of look at that chart that we've been tracking for the last few weeks. And then for those that have seen this chart before, you've kind of seen where we've been kind of going the last two, three weeks. And for those that haven't seen the chart, I'll kind of go through it now. So, as many of you know, kind of launched its COVID-19 drill down survey to measure the impact that the virus was going to have on total spend this year and so we kind of launched that drill down on March 11th and so if you kind of look at that blue line there, what you're looking at, is we asked individuals, estimate what percentage impact you think the virus is going to have on your budget versus your original expectations. And since we launched this on March 11th, on that blue line that you're looking at, we got a lot of positivity in the beginning. And so if you look at the blue line all the way through, you follow that, you get about zero percent growth. Now the issue is, as I just mentioned is, we launched on the 11th, and there wasn't a tremendous amount of information available as to how severe the virus was, and so we kind of did this in Venn analysis and we talked about this last time, on the last breaking analysis, where it's probably more appropriate to look at a start date closer to 3/17 or 3/23 when the market really understood the severity of COVID-19. NYC became the epicenter. And if we look at just those customers who indicated a spend impact after that date, you can see it's coming out to about four or 5% decline. And so that's kind of one of our big macro takeaways, and the other thing on this chart, kind of focus on is, and even though we're not looking at, some of the vendors here, is when you think about declines, it's not across the full IT stack, and I think that's really important for the audience to understand. We're seeing focused declines among on-prem legacy pure plays. You're still seeing CIO spend on cloud and SaaS. In fact, they're doubling down there. And so when you kind of think about how things are going to shape up the next three, six, nine months, there's going to be a lot of bifurcation. And we think cloud and SaaS are going to be well positioned with a lot of legacy and on-prem. That's where you're going to see a majority of those declines that you're seeing here kind of play out. >> I've made the case, statement many times that cloud is good, or downturns have been to cloud. You saw this in 2008, 2009 with the shift from CapEx to OpEx. We came out of 2009 into the decade of cloud. And very clearly we're seeing some similar things here as people shift to that work-from-home. We had one CIO on the recent Venns that I want to just delete my data centers. Unfortunately, he's not going to be able to do that overnight, but I think, as Eric Bradley pointed out last week, a lot of customers who weren't even thinking about cloud, or really were sort of reticent to go all in, really have flipped and changed their tune. Let's talk about some of the industries that are impacted by this COVID-19 and the stay-at-home. This slide really kind of underscores that. Why don't you take us through it? >> Yeah, no problem. So on the last slide, you were looking at kind of our COVID-19 drill-down study. On this slide, what we're now going to focus on is a study that we did in tandem, which is called our Technology Spending Intentions Survey. And specifically we conducted this in April. What we did is we asked CIOs to update their 2020 spending intentions versus how they spent in '19. So this survey was originally posed in January and then we're essentially asking for a three-month update now. So we're trying to get an understanding of how much has changed in the last three months because of COVID-19. And when we asked these CIOs, we give them essentially a list of 400 vendors. And they're able to then indicate which ones they're flattening on, decreasing on, maybe accelerating on. And so what you're looking at here is we've aggregated that data by industry. And if you look at the X-axis here, you're going to look at spend intensity versus three months ago. And the Y-axis will be spend intensity versus a year ago. And so what you're seeing here is over the last three months, look at how much verticals, like retail/consumer, airlines, delivery services, financials/insurance, IT/TelCo, services/consulting. Those have really seen some of the largest pullbacks in spend versus three months ago. And those are also some of the industries that have indicated the largest pullback in demand from consumers and businesses. And so this is where we think a lot of the declines that we showed you earlier really kind of focus on some of these verticals. And that's how, when you kind of think about which organization are going to be hurt, which ones might see the most impact, three, six months from now, this is a really good chart to view. >> Yeah, a couple of points I would make on this data. Retail and consumer, again, even that's bifurcated. Obviously the physical stores getting crushed. You see Amazon now trading at all-time highs. Target announced today, I think they said a 200% increase in online shopping, which, of course, is fulfilled. 85% of Target's demand is fulfilled by their stores. So that's kind of mixed. You're going to see an accelerated move toward digital transformation there. Airlines, it's really unclear what's going to happen there. IT/TelCo, on one of the last Venns we talked about MPLS, people trying to get off of MPLS, really moving toward a SD-WAN. Healthcare, pharma, healthcare doesn't have time to do anything right now. No time to take a breather. Financials is interesting. I mean, they're down right now, but they still have a lot of cash. Liquidity is good. And then energy, I mean oil, I've just never seen anything like it. We're concerned obviously about credit risk there and oil companies being able to pay off their debts. So it's really not a pretty picture, is it? >> Yeah, and if focus on energy, even though you're not seeing a huge pullback versus three months ago in energy, it's really important to understand when we did this survey in January, energy was all the way on the left side of that chart. And so it already looked really bad coming into the year. So it got worse. But because of the severity versus last year, like they're just not seeing that much more of a negative impact now. This was before, this survey closed before everything happened the last few days with oil prices. So it is very possible that that data is going to get worse. And we'll know if it gets really-- >> We're not laughing a lot these days, but if you haven't filled up your car in a while, I mean it's, Anyway, let's go into the security piece. We talked about, you guys were really the first to report this work-from-home pivot. Others have sort of more recently coming to that conclusion. And it wasn't just Zoom and WebEx and video collaboration, Teams, et cetera. It really was all kinds of infrastructure, including security. So we can bring up the next chart, guys. Let's sort of get into this. We're going to talk about the sector and some of the vendors in here. Let's go. >> Yeah, no problem, so if we kind of step away from the macro and really start getting into the sectors and vendors in here. If we start with security, what we're really saying is that, look, a remote workforce is really kind of revealing best-in-breed. And we think it's going to lead to the permanent changes. So what you're looking at here is these are the net scores for each individual vendor currently versus three months ago as well as a year ago levels. The yellow bars will be what's currently. And the way to think about net score is just kind of spend intensity. And so the higher your net score, the more spend intensity, the more spend velocity you're seeing from enterprise customers. And what we're really seeing here, if you kind of look at the vendors on the left, you're seeing a lot of acceleration among secure web gateway end point, mobile security, cloud SaaS application security, identity, and these make sense. As we mentioned earlier, as you really accelerate your cloud and SaaS spend, you're going to want to use vendors that best protect those areas. And so if you look to the left here, Okta and Zscaler, Cloudflare, CrowdStrike, some of these really look best positioned moving forward. Palo Alto looks good longer term. Splunk at this point also looked good longer term. And then the other thing to kind of hit on here is the other side in terms of, we talked about the bifurcation that we expect. We're seeing significant declines in net scores among a lot of these legacy vendors. Check points come down quite a bit. Juniper, Trend Micro, Broadcom, Barracuda Networks, SonicWALL, and so you can see the disparity here. It's pretty clear on the image. But we think there's some pretty clear winners and losers here. And I think we may see permanent changes moving forward. >> Yeah, so Twistlock, of course, is now owned by Palo Alto. CrowdStrike, they're a hot company in the sector. Okta, I have the Chief Product Officer coming on shortly here for part of my CXO series. We've talked about Palo Alto and how they sort of fell behind a little bit in the cloud. But you talk to customers, they really see Palo Alto as in the mix. Zscaler came up in the Venn as, to your point, securing gateways and doing a really good job in that space. And so I think the fragmentation, the fragmentation probably continues, but there's also bifurcation, as you pointed out. Let's talk about cloud. As you've said and I said, downturns have been good to cloud. People are obviously looking more toward cloud, whether it's SaaS or cloud type of consumption. Let's bring up the next slide, which looks at the big three, Azure, AWS, and GCP. First of all, all three have very strong net scores. Up in the 60% plus range. But you have Azure pulling away. I'd love to hear your thoughts on that. >> Yeah, that's right, and we've kind of been using this analogy of kind of a horse race. Just kind of as context, coming into January you see really GCP accelerating. And so one of the things we said in January was it's becoming more of a three-horse race. Even though GCP doesn't have the same type of market share as the other two, you are seeing the spend intensity increase. And now what you're seeing is Azure pulling away a little bit because of, we think, COVID-19. When you look at Azure's data set, it really looks robust and healthy across all verticals, across most regions. And that is what you're seeing here where it's continuing to kind of accelerate. It looks good. AWS, GCP, it also looks good here, but you're not seeing the same uniform strength. There's a couple verticals for AWS where we're seeing a little bit of a pullback in spend, like retail and industrials. For GCP we're seeing a pullback in mid-size and small enterprises. So that's causing a couple of cracks here and there. Even though they look overall healthy, but we did want to kind of indicate here on cloud where, look one vendor looks like they're pulling away when it comes to spend velocity. >> It's going to be interesting to see. I mean, we reported on the sort of deltas between Azure and AWS and the cloud, the quality of the cloud. I think we're going to carefully watch the quarterly reports. You always have to kind of squint through the Azure numbers to see what's in there. But there's no question that Microsoft, across the board, is really very, very strong. All right, let's talk about collaboration, productivity, video conferencing. I mean, we've certainly seen upticks. But as shown on this slide, you guys, if you could bring the next slide up. You know, it's not all rosy. Talk about this a little bit. >> Yeah, I think, look, there's been a lot of coverage around which vendors look best. And so I kind of want to take the opposite view on this chart for the audience, and say hey look, which vendors are not benefiting? And this is kind of like a hodgepodge sector of productivity and collaboration, video conferencing. What we're saying is it's now of never, so to speak. And you're looking at replacement rates. So if you look at, if you see something on this chart that says 20% replacement, that means one out of five customers indicated for that vendor in our survey, indicated a replacement for them, which is not good. And so you're seeing vendors here like Dropbox, Box and Slack having elevated or accelerating replacement levels. And these vendors, pitch themselves as collaboration tools. And if they're not doing well now and they're seeing elevated replacements, especially as everyone is working from home, that doesn't bode well for the future. >> I think people who know me know I'm not a huge fan of Box and Slack. They drive me crazy. And so this is interesting to see. I mean, we're a Zoom shop, so obviously you Zoom, you like Zoom. I had my first experience very recently with Microsoft teams. I was quite impressed. I thought it was easy to use. Skype, hell was just terrible. And so, much, much improved. Very interesting cut on that one. So again, it's a bifurcated story. Let's drill into teams a little bit. Guys, have you bring up the next slide, Movements reporting. And you guys are really again, first on this, how strong Microsoft is across the board. But really going after it and collaboration. >> On that previous slide you saw that, Dropbox and Slack, we're all seeing replacements. So again, a lot of customers like where was all that spend going? Well, it's going to Microsoft Teams. It's going to One Drive. This is a Slack drilled out, or sorry, a Slack and teams drill down. That we did, earlier this year. And what we're trying to do is measure, how these products were going to do in the next 12 months. And so what you're looking at here is Fortune 500 organizations. What we did is we asked them how much of your organization, is using Microsoft Teams today. What percentage of your organization is going to be using Microsoft Teams 12 months from now? That's going to be in the yellow bars. And you can see the big upticks in 12 months. And we took some mid point averages. Look at how much Microsoft Teams is going to grow, within Fortune 500 accounts in the next 12 months. And if we look at Slack on the next slide, you're really now seeing the exact opposite. Same question, how many folks in your Fortune 500 organization are using Slack today? And what does that look like in 12 months? And the mid point average is actually coming down. And so, it's like Slack is a seat-based model. And so when you have less users that's going to generate less revenue. And so again, this is amongst the existing Fortune 500 customers. This doesn't include new Fortune 500, but this spells problems for Slack, when you kind of think about the next six to 12 months ahead. >> Well it's one thing if you're competing with Microsoft and your AWS. I've not really not worried about AWS, Microsoft, take a note AWS. If you're one of these collaboration platforms, Microsoft, we've seen over the years, first of all, they got great developer affinity. They know how to bundle different products together. Now they got the cloud working so they got their flywheel effect in the cloud. There's just not a ton of room. The thing is they have such a huge software estate, such a giant customer install base and it's just makes it easy for them. The products are good enough or in some cases really good. So that's going to be something to watch, because there's a lot of high valuations going on right now in their collaboration space. >> That's right. And I think, it really hits on the previous slide, or the previous slides on collaboration that we saw, was when you think again about the declines, a lot of that is impacting some of these pure plays. So in security you saw a lot of the legacy names getting in. On the collaboration side, you saw a lot of these pure plays your getting in. And so this is kind of, again when you think about where budgets are going and which vendors are being impacted, it's really concentrated into some specific areas. >> So now, one of the hardest hit areas, and you guys reported on this earlier, was the IT consulting and outsourcing IT. You guys have you bring up that the chart, it's pretty ugly. Maybe you can explain what you're seeing here and why you think that is. >> Yeah, no problem. So again, this is from our technology spending intention survey. We're measuring spend velocity here. Spend intensity, and you can see across, these are just a handful of IT consulting firms. If you look at the blue bars to the yellow bar. So the blue bar is, 2020 spending intent that we captured in January and now we're asking for updated 2020 spending intentions. You can see the deceleration in just the last three months. If you look at our COVID-19 drill down side that we conducted, one of the questions in there we asked was, are you freezing new IT projects or deployments? Almost, 1/4 percentage of customers said they are. And so, that is going to spell problems for this space. When you think about, look, if you're going into uncertain times an easy way to reduce your budget is by, spending less with consulting vendors since you know, you can just less than the number of deliverables, these individuals get paid based on. How many deliverables they can complete. So this is another area that when you kind of think about where the declines are coming from, this is certainly an area to look at. >> A lot of the customers we've talked to have said, we've basically shut down spending on some of the large projects. We're still focusing on some digital transformation, but that's maybe a longer term priority. And then the IBM piece of this chart, guys, if you could bring it back is interesting to me because look, they paid 34 billion for Red Hat. I've always said a key to the Red Hat acquisition was being able to point it at the large consulting base and modernize those applications. IBM actually had a pretty good quarter in services. Although they did mention that respect especially in software that in the month of the quarter software spending shutdown. I don't think we got visibility that this piece of the business, but this could be, somewhat of a concern going forward. I think that's going to be one of the areas that gets slow rolled coming back, Sagar. I don't think it's going to come back tomorrow. So please your thoughts. >> Just to kind of quickly wrap up IBM. So yeah, one of the things we kind of saw in the data was not only eroding spending intention data on a lot of their SaaS portfolio but also eroding market share. And we saw big down takes on Red Hat products and IT services. Even in cloud. And I know they indicated pretty healthy numbers on Red Hat and cloud. But again, we're asking about 2020, forward-looking spending intentions. And of course they pulled their guidance. So we don't know how that's going to look. But in our data, things are really coming down versus three months ago. And so I think just overall, that is a data set that we're quite negative one. >> I think IBM has that sense. Like I said, March was not good for software. That's when the big deals come through. You're right. Red Hat, I think route 20% in the quarter and is now accredited from a cashflow basis, which is one of their targets. I think they beat their target there. Still good cashflow. But I think there's just so much uncertainty, And IBM have to be prepared for that and I'm sure will. That we're at minus 5% now. We're seeing cloud SaaS, we're seeing a bifurcation. We talked about some of the areas that are in trouble. That's kind of part one. Next week we'll be talking about part two. What can we expect? >> Yeah, we'll start going through networking, CDN, ITSM, IT workflows, database, data warehousing, and we'll kind of go through that as well. But again, you're going to see a lot of what we talked about today. Just the bifurcation span where, vendors that are more next gen, more work-from-home friendly like all of the SaaS guys, they're doing really well. And on the on-prem and the legacy, you're just seeing elevated replacements, elevated decreased rates. This is the most bifurcated, I've seen this data set and I've been doing this at ETR for, almost seven, probably going on eight years now. So I think that kind of says something about the environment that we're in and what to kind of expect in the next three to six months. >> And it's kind of like the stock market is right now. You're actually seeing, some great momentum in certain stocks and terrible in others. Those were great balance sheets and maybe COVID is a tailwind for them. Others, tons of uncertainty, a lot of concern. I know in poking around the data set, like you said, some of the analytics, the data warehouses, you see Snowflake, UiPath, Automation Anywhere. A lot of the automation, RPA, momentum is there. Security, we talked about that. There's some real bright spots there but a lot of the on-prem stuff. We'll see product cycles affect that, in the second half of of 2020. We'll continue to report on this Sagar. Thank you so much for we're coming on and we'll definitely see you next week. >> Thanks for having me again, Dave. Looking forward. >> All right, and thank you for watching, this CUBE insights powered by ETR. We will see you next time. Don't forget, all these episodes are available as podcasts, wherever you listen. Go to etr.plus, checkout what's happening there. Siliconangle.com has all the news I publish in there weekly. I also publish on wikibond.com. Thanks for watching this breaking analysis. This is Dave Vellante and Sagar Kadakia, we'll see you next time. (upbeat music)

from the cube studios in Palo Alto in Boston connecting with thought leaders all around the world this is a cube conversation CIOs and CISOs of industries that have been hard hit see significant near term and many permanent shifts to their IT and security strategies this was the consensus of four technology executives at leading companies that are feeling the brunt of the corona virus pandemic welcome to this week's cube insights powered by ETR my name is Dave Volante and in this breaking analysis we want to accomplish three things first we want to tap into a new piece of research from ETR it involves an intimate focus group like set up via an open discussion with leading technology executives we interviewed Eric Bradley the managing director of et ours then program and we'll bring him into this discussion the next thing we want to do is we want to drill in to the various sector commentaries from the four leaders third we're gonna comment an hour take try to add some color and then share with you some of the specific vendor commentary that was called out by the executives let's start by looking at what et our event is et our van is a roundtable discussion it applies a tried-and-true methodology similar to a focus group or in-depth interviews what we sometimes in the research business call ID is ETR invites execs in from its community to participate in a private but open conversation et our clients get to listen in the names of the execs and their companies are transparent but the cube is only allowed to refer to them generically as shown on this slide now we can validate these participants they are legit CIOs and CISOs some and very well-known firms now what I want to do is summarize the CIO and seaso sentiment from this then discussion the overall budget impact for these four organizations is very very severe essentially large project projects are being put on hold although digital transformation initiatives remain a priority there were really four significant areas of emphasis that were cited by these execs cloud-first on-prem is losing out to cloud SAS and of course remote access solutions in fact the best comment on the panel was as a service is saving our SAS traditional networking is shifting to SD win especially rigid MPLS networks securing endpoints and zero trust solutions are the winners and there are a number of vendors rising to the occasion that will talk about it let's see how Eric Bradley of ETR summarizes the venn to summarize what we're seeing here was the real winners and losers are clear not everyone was prepared to have it work from home strategy not everyone was prepared to send their workers out there VPN wasn't didn't have enough bandwidth so there was a real quick uptick in spending but longer-term we're starting to see that these changes will be become more permanent so the real winners and losers right now we're going to see on the losers side traditional networking the MPLS networking isn't a lot of trouble according to all the data and the commentary that we see it's expensive it's difficult to ramp up bandwidth as quickly as you need and it doesn't support remote ok what I want to do now is I want to take a look at some of the verbatim comments and I'll just I'll read them from this slide all spending is shut down 70% of big projects are cut all next-gen projects have been shelled the relationship with our SAS vendor has been a miracle we're accelerating from MPLS to sd when on top of secure gateway technologies these will win this was interesting our business continuity plans were way too DR focused essentially we weren't prepared now let's unpack the cloud first commentary and give you some additional color I feel like all we do around here sometimes is talk about the cloud but it's clear from the data in the ETR data set surveys and the venn that in other data from the cube that that the cloud is only going to be accelerated we said this in 2008 in the 2009 downturns have been good to cloud one of the execs literally said I would like to see my data centers completely deleted Wow let's listen to Erik Bradley's take on this comment I was also shocked about that comment that gentleman also stated that his executives outside of the eyeteeth area the CEO the CFO had never ever ever wanted to discuss cloud they did not want to discuss work from home they did not want to discuss remote access he said that conversation has changed immediately so we've been talking a lot about those aspects of people and process and technology that might be permanent post kovat and clearly you see c-level execs as having a bit of an awakening for things like cloud and work from home not that they didn't see them before but these things are gonna accelerate in our view I want to spend a minute talking about networks SAS and bring cloud again into the discussion I gotta say the panel members really trashed MPLS networks in a big way let me explain MPLS stands for multi-protocol label switching you find this type of infrastructure in big telecom networks and it's there to route traffic and pls is used to create dedicated and and essentially reliable connections it enables things like VPNs quality a service management traffic engineering or shaping but well MPLS is definitely cheaper than t1 it's more expensive than Ethernet now I came into prominence well before the cloud and these execs see it is as outdated and inflexible and this is where SD wind comes into play software-defined wide area networks they're gaining popularity especially with the Sassa fication of applications and of course the general trend toward cloud here's Eric Bradley again explaining what the panel members said from his perspectives winners there or in the SD web space it's gonna be impossible to ignore that going forward and some of our CIO and even CISO panelists said that change will be also we're seeing at the same time what they were calling a on on SAS and cloud now we know these trends obviously were already happening but there be they're being exacerbated they're happening even more quickly and more strong and I don't see that changing anytime soon that of course is at the expense of network sorry data centers whether it be your own or hosted which has huge ramifications on from on from Hardware even the firewall providers so and it really seems as if as networking refresh starts to come up and it's coming up with a lot of large in writes when your network refresh comes up people are going to do an RFP for SD web they are sick and tired of paying MPLS network vendors and they really want to look at something else that was even prior to this situation now what we're hearing is this is a permanent change I particularly had one person say I wanted to find this quote real quickly by then but basically they were basically saying that from a permanency perspective the freedom from MPLS will reduce our network spend by over half while more than doubling or tripling or bandwidth now the challenge of course is customers have multiple MPLS contracts with several different vendors and often they just rubber-stamp the renewal but what customers are gonna start doing is layering in SD win and letting those agreements expire ok I want to talk about secure endpoints in this notion of zero trust solutions as I've said in the cube many many times the idea of digging a moat around the castle doesn't protect your queen anymore because the Queen ie the data has left the castle so companies that can secure gateways and secure endpoints they are going to have more momentum during and post kovat now in the panel Z scalar came up a lot in this context as well as fortunate who as I've reported has done a good job in getting its cloud products to market and of course the et our data shows that fortunate and Z scalar both have strong net scores or spending momentum and fort net especially has really strong pervasiveness in the et our dataset as I've reported previously I've also analyzed that there's been evaluation divergence between Palo Alto Networks and fortunate and house II scalar as well is a disruptor in this space I want you to listen to what Eric Bradley said specifically about Z scalar in Palo Alto Networks roll the clip yes it is and I'm glad you brought up Z scalar to very recently by client request we did a very in-depth research on Z scale and versus Palo Alto charisma access and they were very interested this is before all this happened you know does Palo Alto have a chance of catching up taking share from Z scalar and I've had the pleasure myself personally hosting J the CEO of Z scalar at an event here at City and I have nothing but incredible respect for the company but what we found out through this research is Z scalar at the moment their technology is still ahead according to their and there is no doubt however there doesn't seem to be any real secret sauce that will stop palo alto from inching up so if I had to choose that in a year from now Palo Alto might have had a better chance so in this panel as you brought up Z scalar was mentioned numerous times as just the wave of the future along with Cosby brokers right whether you're talking about a net scope or a force point they're all those people that also play in The Cosby space to secure your access zero Trust is no longer a marketing hype term it is real and it is becoming more real by the week now I personally agree with Eric that palo alto is is definitely going to be in the mix customers that we've talked to they want to work with palo alto networks but there's a sea change going on and it's being driven by sass and cloud and now accelerating because a co vid of course that the trend of remote workers is we think here to stay now i want to end by talking about some specific vendor mentions in addition to the ones we've talked about already and this chart shows some of the vendors and their logos that were called out as either being really really helpful during the this pandemic or super important to the CIOs and CISOs these executives really stressed how thankful they are to these companies and that the fact that these companies have worked very closely with them they've been flexible on pricing and payments and they also specifically mentioned how off-put they were by you know this notion of ambulance-chasing for example trials that required them to make some kind of commitment or swipe a credit card they just don't have time for that right now and then of the patience for it now let me call out a few of the companies that were cited in a positive light look at microsoft is all for the ETR data set in so many sectors Microsoft teams security solutions cloud really came up a lot on on this ven IBM was mentioned as being a great partner as what's oracle many many times we talked about fortunate and Z scalar already Cisco was called out as a strategic vendor was very helpful both the networking and with Cisco teams for collaboration CrowdStrike came up a number of times from CISOs as did Trend Micro and carbon black got a mention that's the VMware acquisition insecurity of course MobileIron that makes sense as well because they're securing and managing remote worker devices now finally interesting Lee Salesforce was brought up many times as a critical vendor one exec said that before coronavirus multiple workers could share a Salesforce license by you know sharing passwords but with the spike and work from home they had to purchase more licenses now one last thing that I want to bring up is start ups I got this question the other day from a client who said how a start-ups fair you might think that in this climate especially among for hard-hit customers that there might be risk-averse as it pertains to using startups once cio however said the following paraphrasing you always hear about the guy that says we'll pick three companies in the upper right hand corner the Gartner Magic Quadrant will test them out and this C so said that one of the things that he's always done is picked two from the upper right and one from the lower left one of the emerging techs and he gives them a shot let's listen to how Eric Bradley describes this dynamic roll the clip it's a great comment and honestly if you're in charge of procurement you'd be stupid not to do that not only just to see what the technology is but now I can play you off the big guys because I have negotiating leverage and I could say oh well I could always just take their contract so it's silly not to do it from a business perspective so it's really interesting and somewhat non-intuitive these comments on startups which of course means despite all the consolidation and acquisitions that you see in the industry you know there's still gonna be a lot of fragmentations a fragmentation especially as I've said many many times in the security space people still want best to breed and innovation and if it can drive business value they're gonna they're gonna go for it ok so look I realize that these are narrow comments from for CIOs and CISOs but they give us some added texture and flavor and color to the core ETR data set and we're going to continue to report on these trends and share more details as they become available both from the ETR data set and from other vents and remember we're gonna be digging into the latest ETR survey over the over the coming weeks as ETR exits its self-imposed quiet period so you can always check out ETR dot plus I publish weekly on wiki bang calm and on Silicon angle calm and of course our YouTube library has all these videos that's youtube.com slash silicon angle by the way these segments are also available as podcasts you can DM me or tweet me at devil ante and please by all means comment on my LinkedIn posts or email me at David Galante at Silicon angle com always appreciate the feedback thanks for watching everybody this is breaking analysis brought to you by the cube powered by ETR this is Dave Volante and we'll see you next time thanks for watching [Music]

>> From theCUBE studios in Palo Alto and Boston, connecting with thought leaders all around the world, this is a CUBE Conversation. >> Hello, everybody, this is Dave Vellante, and welcome to this breaking analysis. I'm here with Erik Bradley, who's the managing director of ETR and runs their VENN program. Erik, good to see you. >> Very nice to see you too, Dave. Hope you're doing well. >> Yeah, I'm doing okay, hanging in there. You know, you guys in New York are fighting the battle, looks like we're making some progress here, so all the best to you and your family and the wider community. I'm really excited to have you on today because I had the pleasure of sitting in on a CIO/CISO panel last week and we're going to explain sort of what that's all about but one of the things that ETR does that I really like is they go deeper with anecdotal information, and it's almost like in depth interviews in these round tables. So they compliment their quarterly surveys and their other drilldown surveys with other anecdotal information from people in their communities, so it's a tried and true survey practice that adds some color to the data set. So guys, if you'd bring up the agenda, I want to share with the audience what we're going to talk about today. So, we'll talk a little bit about, you know, we just did intros. I wanted to ask Erik what ETR VENN is and then we will go through some of the guests, but if we go back to Erik, explain a little bit about VENN and the whole process, and how you guys do that? >> Yes, sure we should hire you for marketing, you just did a great job actually describing that, but about three years ago, what we decided was, ETR does an amazing job collecting the data. It can tell you what's happening, who it's happening to, and when it's happening, but it can't always tell you why it's happening. So leveraging a lot of my background in 20 plus years in journalism and the institution of Wall Street research, we decided to take the ETR community, the people that actually take the surveys and start doing interviews with them, and start doing events with them. And in enable to doing that, we're basically just trying to complement the survey findings and the data. So what we always say is that ETR will give you the quantitative answer and VENN will give you the qualitative answer. >> Now guys, let's bring up the agenda slide again, let's take a look at the folks that participated in the round table, now, for ETR's clients, they actually know the names and the titles and well the company that these guys work for. We've anonymized it for the public, but you had a CIO of a global auto supplier, a CISO of a diversified holdings firm who actually had some hospitality exposure, but also some government contract manufacturing exposure, a chief architect of a software ISV, and a VP and CISO of a global hospitality resort chain. So you had three out of the four, Erik were really in industries that are getting hit hard, obviously you know the software company, may be a little bit better but, maybe you could add some color to that? >> Well actually the software company unfortunately was getting hit hard as well because they're a software ISV that actually plays into the manufacturing space as well so this particular panel of CIOs and CISOs were actually in a very hard hit industries and are going to make sure we do two more follow ups with different industry verticals to make sure we're getting a little bit of a wider berth and collect all of that information in a better way. But coming back to this particular call the whole reason we did this and as you know you spoke to my colleague and friend Sagar Kadakia who is the director of research for ETR. And we were nimble enough to actually change our survey while it was in the field to start collecting data on what the real time impact was on the COVID-19 pandemic. We were able to take that information, extrapolate it and then say, okay, let's start reaching out to these people and dig deeper, find out why it's happening and even more so is it permanent? And which vendors are going to win and which vendors might lose from it? So that was the whole reason we set up a series of calls, we've only conducted one so far, we have another one this coming Tuesday as well with four entirely new panelists that are going to be from different industry verticals 'cause as you astutely pointed out, these verticals were very hard hit and not all of them are as hard as others, so it's important to get a wider cross-section. >> So guys, let's take a look at some of the budget impacts, the anecdotal sort of evidence that we gathered here, so let me just scan through it and then Erik, I'll ask you to comment. So, I mean like Erik said, some hard hit industries. All major projects, anything sort of next-gen have been essentially shelved, that was the ISV and then another one we cut at least 70% of the big projects moving forward, he mentioned ServiceNow actually called him out, but ServiceNow is a SaaS company, probably you know weather the storm here, but he did say, we've put that on hold. The best comment you know As-a-Service has Saved our Saas, (laughs) that one's great. And then we're going to get into some of the networking commentary, some really interesting things about how to support the work from home, you know we're kind of shifting from a hardened top into users, remote workers and then a lot of commentary on security, so you know that's sort of a high level scan and there's just so much information here, Erik but maybe you could sort of summarize on some of those, that commentary? >> Yeah, we should definitely dig in to each of those sectors a little more, but to summarize what we're seeing here was the real winners and losers are clear. Not everyone was prepared to have a work from home strategy. Not everyone was prepared to send their workers out, their VPN didn't have enough bandwidth so there was a real quick uptake in spending, but longer term we're starting to see that these changes will become more permeant. So the real winners and losers right now, we're going to see on the losers side traditional networking, the MPLS networking is in a lot of trouble according to all the data and the commentary that we're seeing, it's expensive, it's difficult to ramp up bandwidth as quickly as you need and it doesn't support remote. So we're seeing that lose out and the winners there are in the SD-WAN space, it's going to be impossible to ignore that going forward and some of our CIO and even CISO panelists said that change will be permanent. Also we're seeing at the same time, what they were calling a run SaaS and cloud, now we know these trends obviously were already happening but they're being exacerbated, they're happening even more quickly and more strong and I don't see that changing any time soon. That of course is at the expense of data centers, whether it be your own or hosted. Which has huge ramifications on on-prem hardware, even the firewall providers. So what we're seeing here is obviously we know things are going to be impacted by this situation, we didn't necessarily expect all of our community members and IT decision makers to talk about them being possibly permanent, so that on a high level was something that was extremely interesting. And the last one that I would bring up is that as we make this shift towards working from home, towards remote access, you also have to align yourself with the security that can support that. And one of the things that we're seeing in our data side on ETR, is a widening bifurcation between the next-gen security vendors and the more traditional security or the legacy security players, that bifurcation just keeps getting wider and wider and this situation could be the last straw. >> So I want to follow up on a couple of those things, you talked about sort of the network shift and toward SD-WAN, what people have described to me is that they've got a hardened top, it's a hierarchal network, it's very well understood, and it's safe right, and now all of a sudden you got all these remote workers and so you've got to completely sort of rethink your whole network architecture, the other thing I want to grill into is your cloud commentary. There's a comment that I saw Erik, that really stood out, one of the folks said, I would like to see the data centers be completely deleted, if you will or closed down, I mean I think we're going to see you know, a lot more of this, obviously. Not only from the standpoint of, and you heard this a lot the kind of pay by the drink, but just generally getting rid of all that sort of so called non-differentiated heavy lifting as we often hear about. >> That is a extreme comment, I don't think everyone feels that way, but yes, the comment was made and we've heard that comment from other people as you and I both know the larger the enterprise the harder that is to go completely SaaS, but yeah, when a situation like this happens and seeing the inflexibility of their on-prem infrastructure, yes it becomes something that really has to be addressed and it can become a permanent change, I was also shocked about that comment. That gentleman also stated that his executives outside of the IT area, the CEO, the CFO had never ever, ever wanted to discuss cloud, they did not want to discuss work from home, they did not want to discuss remote access. He said that conversation has changed immediately and to the credit of the actual IT companies out there, the technology companies, they're doing everything they can with this opportunity to make that happen. >> Yeah and so, right, I mean the whole work from home conversation that's to your point earlier, Erik, big chunks of COVID, you know the post COVID world are going to remain permanent, guys bring up the SaaS slide if you will, the SaaS commentary "As-a-Service-Saved our SaaS" as the wittiest quip award according to ETR, you know but you had, it was very interesting to hear folks, in fact I think somebody even called out, hey you know we expected Oracle to be auditing us but they're actually being very supportive as is IBM, SalesForce was an interesting comment Erik, one of the folks said they would share accounts you know on-prem but when they all do the work from home they had to actually buy some more. You also got Cisco with big props, Microsoft was called out, a lot of organizations actually allowing them to defer payments, so the SaaS vendors actually got very high marks, didn't they? >> They really did and even I wrote that summary and it was difficult to write that about Oracle because we all know that they're infamous for auditing their own customers in 2009, right after we we came out of the financial crisis. They have notoriously been a bad act, I don't know if they found religion and they decided to be nice to their customers, but every single person mentioned them as one of the vendors that was actually helping. That was very shocking. And then we all know that when bad situations happen people become opportunistic and right now it's really seeming that the SaaS vendors understand that they need a longterm relationship with these customers and they're being altruistic instead which is really nice to see. >> Yeah, I think the, I think anybody with a cloud realizes that hey, we have an opportunity here, the lifetime value of that customer whereas maybe in 2009 when Oracle didn't have a cloud they had to get people in a headlock to try to preserve their you know income statement. If we, let's go to the networking drilldown guys, that next slide, because Fortinet, some of the things that we've been reporting on is the sort of divergence in valuations between Fortinet and Palo Alto before this whole thing hit. Fortinet has done a really good job with it's cloud offerings, Palo Alto struggled a little bit with trying to figure out the sales compensation, is maybe a little bit behind, although both companies got strong props and I've talked to a number of customers and Palo Alto's going to be in the mix, but Fortinet from a cloud standpoint seems to be doing quite well, obviously networking, you know Cisco is the big gorilla there, but so and we also got call outs from guys like Trend Micro, which was interesting from some of the folks so your thoughts on this Erik? >> Yeah, I'll start in the networking side because this is something that I really, I've dug into quite amount in not only this panel but a lot of interviews and it really seems as if as networking refresh starts to come up and it's coming up with a lot of large importers, when your network refresh comes up, people are going to do an RFP for SD-WAN. They are sick and tired of paying MPLS network vendors and they really want to look at something else. That was even prior to this situation. Now what we're hearing is this is a permanent change, I particularly had one person say, I wanted to find this quote real quickly if I can, but basically they were basically saying that from a permanency perspective, the freedom from MPLS will reduce our network spend by over half, while more than doubling or tripling our bandwidth. You can't ignore that, you're going to save me money and triple my bandwidth. And hey, by the way, my refresh is due, it's something that's coming and it's going to happen. And yes you mentioned a few, right, there's Viptela, there's VeloCloud, there's some big players like Cisco. But Palo Alto just acquired CloudGenix in the midst of all of this. They just went and got an SD-WAN player themselves and they just keep acquiring a portfolio to shift from their on-prem to next-gen. It's going to take some time, 'cause 70% plus of their revenue is still on-prem hardware, but I do believe that their portfolio that they're creating is the way the world is moving and that's just one comment on the traditional networking versus the next-gen SD-WAN. >> And the customers have indicated you know it's not easy just to get off of their MPLS networks. I mean it takes time, it's like slowly pulling off the bandaid, but like many things COVID-19 is sort of accelerating that, we haven't talked about digital transformation, that came up. As a maybe more strategic initiative, but one that you know very clearly has legs. >> You know David, it's very simple, you just said it, people, when things are going well and they're comfortable they don't change and that's the same for an enterprise or a company, hey everything's great, our revenue's fine, why would we do this? We'll worry about that next year. Then something like this happens and you realize wow, we've been dragging our feet. That digital transformation that we've been talking about and we've been a little bit slow to accept, we need to accept it, we need to move now. And yes, it was another one of the major themes and it sounds silly for researchers like you and I, because we know this is a theme, we know cloud adoption is there, we know digital transformation is there, but there are still a lot of people that haven't moved as quickly as they should and this is going to be that final catalyst to get them there without a doubt. Quickly on your point of Fortinet, I was actually very impressed with the commentary that came from that because Fortinet is sometimes one of those names that you think of that maybe plays in a smaller pool or isn't as big as some of the 800 pound gorillas out there, but in other interviews besides this I heard the phrase point of 40 everything, so through our R&D and through acquisitions, Fortinet has really expanded their portfolio. And right now is their time to shine because when you have smaller satellite you know offices and branches that you need to connect, they're really, really good at it. And you don't always want to call a Palo Alto and pay that price, when you have smaller branch offices and I actually I was glad you brought up Fortinet because it's not a name that we get to herald that often and it was deserving from this panel. >> Yeah and you know companies that can secure gateways, secure endpoints are obviously going to have momentum, Zscaler came up, you know I think that's and I tell you looking at I've done a couple of breaking analysis on security, and Fortinet has been strong in two dimensions, you know ETR as our audience is I think getting to know, we really look at two key metrics, one is a net score which is a measure of spending momentum and the other is market share, which is a measure of pervasiveness, and companies like Fortinet in security, you know show up on both of those dimensions so it's notable. >> Yes, it certainly is, it is and I'm glad you brought up Zscaler too, very recently by strong request we did a very in depth research on Zscaler versus Palo Alto Prisma access. And they were very interested and this was before all this happened. You know does Palo Alto have a chance of catching up, taking share from Zscaler? And I've had the pleasure myself personally hosting Jay, the CEO of Zscaler at an event in New York City. And I have nothing but incredible respect for the company. But what we found out through this research is Zscaler at the moment their technology is still ahead according to their answers there is no doubt, however there doesn't seem to be any real secret sauce that will stop Palo Alto from catching up. So we do believe that parody of a feature set will shrink over time and then it'll come down to Palo Alto who obviously has a wider end-user interface. Now, what's happening today might change that because if I had to make a decision right now for my company on secure web gateway, I'm still probably going to got to Zscaler, it's the name. If I had to choose that in a year from now, Palo Alto might have had a better chance, so in this panel as you brought up, Zscaler was mentioned numerous times as just the wave of the future along with CASB Brokers, right, whether you're talking about a Netskope or Forcepoint, all those people that also play in the CASB space, to secure your access, zero trust is no longer a marketing hype term, it is real and it is becoming more real by the week. >> And so I want to kind of end on one of the other comments that really struck me because we're constantly talking about okay, do you go with a portfolio of a suite of services or do you go with best of breed, what about startups? Are startups more risky in a crisis like this? And one of your panelists, I just loved his comment, he said, one of the things that I've always done, he said, you always hear about the guy, oh we're going to to the garden, we're going to check out the magic water, we'll pick out three guys in the upper right hand corner and test them out, he says, one of the things that I've always liked to do, is I'll pick two from the upper right, and I'll take one from the lower left, one of the emerging techs and I'll give them a shot, they won't win every time but then he called out FireEye as one of the organizations that he found early that gave them competitive advantage. >> Right. >> Love that comment. >> It's a great comment and honestly if you're in charge of procurement, you'd be stupid not to do that. Not only just to see what the technology is, but now I can play you off the big guys because I have negotiation leverage and I can say, oh well I can always just take their contract. So it's silly not to do it from a business perspective, but from a technology perspective what we kept hearing from these people with the smaller vendors and my partner Peter Steube, my colleague and I we did the host together, we asked this question, really believing that the financial insecurity of the moment in the times would make smaller vendors not viable. We heard the exact opposite, what our panelists said was no, I'd be happy to work with a smaller vendor right now because they're going to give me pricing flexibility, they're going to work with me right now, I don't need to pay them upfront because we're seeing a permanent shift from CAPEX to OPEX and the smaller vendors are willing to work with me and I can pay them later. So we were actually surprised to hear that and glad to hear it because to connect to your other point, the other person who was talking about security in a platform approach versus best of breed, he said listen, platform approaches you're already with the vendor you can bundle a little bit, but the problem is if you're just going to acquire a new technology every time there's a new threat, the bad guys are just going to switch the threat and you can't acquire indefinitely so therefore best of breed with security will always beat platform and that's kind of a message to Palo Alto and Cisco in my opinion because they seem to be the ones fighting that out, even Microsoft now trying to say that they're a platform approach in security. >> Wow and it says to me the security business is going to as we predicted is going to stay fragmented because you're still going to get that best of breed, you know just like cloud is going to be fragmented and it's you know multiple vendors, ever since I've been in this business people are trying to consolidate the number of vendors but technology moves so quickly, it gives competitive advantage, Erik, awesome thank you so much for joining us, I'm looking forward to next Tuesday with the next VENN and love to have you back and talk about it any time, you're a great guest, thanks so much. >> Certainly! I'll do my best to get a better AV connection the next time guys, I apologize for that, but it was great talking to you guys. >> Hey, we're all learning you know, so thank you everybody for watching, this Dave Vellante for theCUBE and we'll see you next time. (upbeat music)

>> From theCUBE Studios in Palo Alto, in Boston connecting with alt leaders all around the world, This is a CUBE conversation. >> Hello everybody, this is Dave Vellante and welcome to this Breaking Analysis. I'm here with Erik Bradley, who's the managing director of ETR and runs their VEN program. Erik good to see you. >> Very nice to see you too Dave. Hope you're doing well. >> Yeah, I'm doing okay hanging in there. You know, you guys in New York are fighting the battle. Looks like we're making some progress here so, you know, all the best, you and your family and the wider community. I'm really excited to have you on today because I had the pleasure of sitting in on a CIO/ CISO panel last week. And we're going to explain sort of what that's all about, but one of the things ETR does that I really like is they go deeper with anecdotal information and it's almost like in-depth interviews in these round tables. So they compliment their quarterly surveys, and their other drill down surveys, with other anecdotal information for people in their community. So it's a tried and true survey practice that adds some color to the dataset. So guys if you bring up the agenda, I want to share with the audience what we're going to talk about today. So, we'll talk a little bit about, you know we just did intros, I want to ask Erik, what ETR VENN is and then we'll go through some of the guests, but if we go back to Erik, explain a little bit about VENN and the whole process and how you guys do that. >> Yeah sure, we should hire you for marketing. You just did a great job, actually, describing that, but about three years ago what we decided was, ETR does an amazing job collecting the data. It can tell you what's happening, who it's happening to and when it's happening. But it can't always tell you why it's happened. So leveraging a lot of my background in twenty-plus years in journalism and institutional Wall Street research, we decided to take the ETR community, the people that actually take the surveys, and start doing interviews with them and start doing events with them. And enable to doing that, we're basically just trying to compliment the survey findings and the data. So what we always say is that ETR will always give you the quantitative answer and VENN will give you the qualitative answer. >> Now guys, let's bring up the agenda slide again, let's take a look at the folks that participated in the round table. Now, for ETR's clients, they actually know the names and the titles and well the company that these guys work for. We've anonymized it for the public. But you had a CIO of a Global Auto Supplier, a CISO of a Diversified Holdings Firm, who actually had some hospitality exposure but also some government contract manufacturing exposure. Chief Architect of a Software ISV and a VP and CISO of a Global Hospitality Resort Chain. So you had three out of the for, Erik, were really in industries that are getting hit hard. Obviously the software company maybe a little bit better. But maybe you can add some color to that. >> Well actually the software company, unfortunately, was getting hit hard as well because they're a software ISV that actually plays into the manufacturing space as well. So, this particular panel of CIOs and CISOs were actually in a very hard hit industries. And are going to make sure we do two more follow-ups with different industry verticals to make sure we're getting a little bit of a wider berth and collect all of that information in a better way. But coming back to this particular call, the whole reason we did this, and as you know, you spoke to my colleague and friend, Sagar Kadakia, who is the Director of Research for ETR, and we were nimble enough to actually change our survey while it was in the field, to start collecting data on what the real-time impact was on the COVID-19 pandemic. We were able to take that information, extrapolate it, and then say okay let's start reading out to these people and dig deeper. Find out why it's happening and even more so, is it permanent? And which vendors are going to win and which vendors might lose from it. So that was the whole reason we set up the series of calls. We've only conducted on so far. We have another one this coming Tuesday as well with four entirely new panelists that are going to be from different industry verticals because, as you astutely pointed out, these verticals were very hard hit and not all of them are as hard as others. So it's important to get a wider cross-section. >> So, guys let's take a look at some of the budget impacts the anecdotal evidence that we gathered here. So let me just scan through it and then Erik, I'll ask you to comment. So, you know, like Erik said, some hard hit industries. All major projects, anything sort of next-generation, have been essentially shelved. That was the ISV. And then another one, we cut at least 70% of the big projects moving forward. He mentioned ServiceNow actually calls them out, but the ServiceNow is a SaaS company they'll probably, you know, weather the storm here. But he did say we've put that on hold. The best comment, you know, "As-a-service has Saved our SaaS." (Erik laughs) That one's great. And then we're going to get into some of the networking commentary. Some really interesting things about how to support the work from home. You know, kind of shifting from a hardened top into remote workers. And then a lot of commentary on security. So, you know, that's sort of a high level scan and there's just so much information here Erik, but maybe you could sort of summarize on some of that commentary. >> Yeah, we should definitely dig into each of those sectors a little more, but to summarize what we're seeing here was the real winners and losers are clear. Not everyone was prepared to have a work from home strategy. Not everyone was prepared to send their workers out. Their VPN wasn't, they didn't have enough bandwidth. So there was a real quick uptick in spending, but longer term we're starting to see that these changes will become more permanent. So the real winners and losers right now, we're going to see on the loser's side traditional networking. The MPLS networking is in a lot of trouble according to all the data and the commentary that we're seeing. It's expensive, it's difficult to ramp to up bandwidth as quickly as you need and it doesn't support remote. So we're seeing that lose out and the winners there are in the SD-WAN space. It's going to be impossible to ignore that going forward and some of our CIO and CISO panelists said that change will be permanent. Also, we're seeing, at the same time, what they were calling a "SaaS and Cloud". Now, we know these trends obviously were already happening but they're being exacerbated. They're happening even more quickly and more strong. And I don't see that changing any time soon. That, of course, is at the expense of network, I'm sorry, data centers. Whether it be your own or hosted. Which has huge ramifications on on-prem hardware. Even the firewall providers. So what we're seeing here is obviously we know things are going to be impacted by this situation. We didn't necessarily expect all of our community members and IT decision-makers to talk about them being possibly permanent. So that on a high level was something that was extremely interesting. And the last one that I would bring up is that as we make this shift towards working from home, towards remote access, you also have to align yourself with the security that can support that. And one of the things that we're seeing in our data side on ETR, is a widening bifurcation between the next-generation security vendors and the more traditional security or the legacy security players. That bifurcation just keeps getting wider and wider and this situation could be the last straw. >> So I want to follow up on a couple of those things. You're talking about sort of the network shift you know, towards the SD-WAN. What people have described to me is that they got a, you know, a hardened top. It's a hierarchical network. It's very well understood and it's safe, right? And now all of a sudden you got all those remote workers and so you've got to completely soft of rethink your whole network architecture. The other thing I want to drill into is your Cloud commentary. There's a comment that I saw, Erik, that really stood out. One of the folks said, "I would like to see the data centers "be completely deleted, if you will, or closed down." I think we're going to see, you know, a lot more of this obviously. Not only from the standpoint of, and you heard this a lot, the kind of paid by the drink. But just generally getting rid of all that sort of so-called non-differentiated heavy-lifting as we often hear about. >> That is a extreme comment. I don't think everyone feels that way. But, yes, the comment was made and we've heard the comment from other people. As you and I both know, the larger the enterprise the harder that is to go completely SaaS. But yeah, when a situation like this has and see the inflexibility of their on-prem infrastructure, yes it becomes something that really has to be addressed and it can become a permanent change. I was also shocked about that comment. That gentleman also stated that his executives outside of the ITs area, the CEO, the CFO, had never ever, ever wanted to discuss Cloud. They did not want to discuss work from home. They did not want to discuss remote access. He said that conversation has changed immediately and to the credit of the actual IT companies out there, the technology companies, they're doing everything they can with this opportunity to make that happen. >> Yeah, and so you're right the whole work from home conversation. To your point earlier, Erik, big chunks of COVID, the post-COVID world are going to remain permanent. Guys bring up the SaaS slide if you will. The SaaS commentary, "As-a-Service Saved our SaaS." "The wittiest quip award" going to the ETR. You know, but you had, what's very interesting to hear folks, in fact I think somebody even called out, "Hey," you know, "we expected Oracle to," you know, "be auditing us but they're actually being supportive "as is IBM." Salesforce was an interesting common, Erik. One of the folks said they would share accounts on-prem, but when they all do the work from home they had to actually buy some more. You also got Cisco with big props. Microsoft was called out. A lot of organizations actually allowing them to defer payments. So the SaaS vendors actually got very high marks didn't they? >> They really did and even I wrote that summary and it was difficult to write that about Oracle because we all know that they're infamous for auditing their own customers in 2009 right after we came out of financial crisis. They have notoriously been a-- I don't know if they found religion and they decided to be nice to their customers, but every-single person mentioned them as one of the vendors that was actually helping. That was very shocking. And we all know that when bad situations happen people become opportunistic. And right now it's really seeming that the SaaS vendors understand that they need a longterm relationship with these customers and they're being altruistic instead. Which is really nice. >> Yeah I think that anybody with a Cloud realizes that hey, we have an opportunity here that the lifetime value of that customer, whereas maybe in 2009 when Oracle didn't have a Cloud, they had to get people in a headlock to try to persevere their, you know, income statement. Let's go to the networking drill down guys, that next slide because Fortinet, some of the things we've been reporting on is the sort of divergence in evaluations between Fortinet and Palo Alto before this whole thing hit, Fortinet has done a really good job with its Cloud offerings. Palo Alto struggles a little bit with trying to figure out the sales compensation, is maybe a little bit behind. Although both companies got strong props and I've talked to a number of customers, Palo Alto is going to be in the mix. Fortinet, from a Cloud standpoint, seems to be doing quite well? Obviously networking, Cisco is the big gorilla there. But we also got call outs from guys like Trend Micro which was interesting, from some of the folks. So, your thoughts on this Erik. >> Yeah, I'll start on the networking side because this is something that I've really, I've dug into quite amount, in not only this panel, but a lot of interviews and it really seems as if as networking refresh starts to come up, and it's coming up with a lot of large enterprises, when your network refresh comes up people are going to do an RFP for SD-WAN. They are sick and tired of paying MPLS network vendors and they really want to look at something else. That was even prior to this situation. Now what we're hearing is this is a permanent change. I particularly had one person say, I wanted to find this quote real quickly if I can, but basically they basically saying that, "From a permanency perspective, the freedom from MTLS "will reduce our networks spend by over half "while more than doubling or tripling our bandwidth." You can't ignore that. You're going to save me money and triple my bandwidth, and hey by the way, my refresh is due. It's something that's coming and it's going to happen. And yes, you mentioned the few right? There's Viptela, there's Velocloud, there's some big players like Cisco. The Palo Alto just acquired CloudGenix in the midst of all of this. They just went and got an SD-WAN player themselves. And they just keep acquiring a portfolio to shift from their on-prem to next-generation. It's going to take some time, because 70% plus of their revenues is still on-prem hardware, but I do believe that their portfolio that they're creating is the way the world is moving. And that's just one comment on the traditional networking versus the next-generation SD-WAN. >> And the customers have indicated, you know it's not easy just to get off of their MPLS network. I mean it takes time, it's like slowly pulling of the bandaid. But, like many things, COVID-19 is sort of accelerating that. We haven't talked about digital transformation. That came up as a maybe more strategic initiative. But one that very clearly has legs. >> You know, David, it's very simple. You just said it. People, when things are going well and they're comfortable, they don't change. And that's the same for an enterpriser company. Hey, everything's great, our revenue's fine. Why would we do this? We'll worry about that next year. Then something like this happens and you realize wow, we've been dragging our feet. That digital transformation that we've been talking about, and we've been a little bit slow to accept, we need to accept it, we need to move now. And yes, it was another one of the major themes and it sounds silly for researchers like you and I because we know this is a theme. We know Clouded option is there, we know digital transformation is there. But, there are still a lot of people that haven't moved as quickly as they should and this is going to be that final catalyst to get them there, without a doubt. Quickly on your point of Fortinet, I was actually very impressed with the commentary that came from that because Fortinet is sometimes one of those names that you think of that maybe plays in a smaller pool or isn't as big as some of the 800 pound gorillas out there. But in other other interviews besides this I've heard the phrase coined of "Forti-everything". So through RND and through acquisition, Fortinet has really expanded the portfolio and right now is their time to shine because when you have smaller satellite, you know, offices and branches that you need to connect, they're really, really good at it. And you don't always want to call a Palo Alto and pay that price when you have smaller branch offices. And I actually, I was glad you brought up Fortinet because it's not a name that we get to herald that often and it was deserving from this panel. >> Yeah and, you know, companies that can secure gateways, secure endpoints, obviously going to have momentum. Zscaler came up, you know I think that, and I'll tell ya, looking at, I've done a couple of breaking analysis on security and Fortinet has been strong in two dimensions. You know ETR is, as our audience is I think getting to know. We really look at two key metrics. One is net score, which is a measure of spending momentum, and the other is market share, which is a measure of pervasiveness. And companies like Fortinet, in security, show up on both of those dimensions so it's notable. >> Yes, it certainly is, it is. And I'm glad you brought up Zscaler too. Very recently by client request, we did a very in-depth research on Zscaler versus Palo Alto Prisma Access and they were very interested. This was before all this happened, you know. Does Palo Alto have a chance of catching up, taking share from Zscaler. And I've had the pleasure, myself, personally hosting Jay the CEO of Zscaler at an event in New York City. And I have nothing but incredible respect for the company. But what we found out through this research is Zscaler, at the moment, their technology is still ahead, according to their answers. There's no doubt. However, there doesn't seem to be any real secret sauce that will stop Palo Alto from catching up. So we do believe the parody of feature set will shrink over time. And then it will come down to Palo Alto obviously has a wider and user base. Now, what's happening today might change that. Because if I had to make a decision right now, for my company on secure web gateway, I'm still probably going to go to Zscaler. It's the name. If I had to choose that in a year from now, Palo Alto might have had a better chance. So in this panel, as you brought up, Zscaler was mentioned numerous times as just the wave of the future. Along with CASB brokers right? Whether you're talking about a Netskoper or Forcepointer. All those people that also play in CASB space to secure your access. Zero trust is no longer a marketing-hype term. It is real and it is becoming more real by the week. >> And so, I want to kind of end on one of the other comments that really struck me because we're constantly talking about okay, do you go with a portfolio of a suite of services or do you go with best of breed? What about startups? Are startups more risky in a crisis like this? And one of your panelists, I just love this comment, he said, "One of things that I've always done," he said, "You always hear about the guy, "oh we're going to go to the gardener, we're going to "check out the magic water, we'll pick out three guys "in the upper right hand corner and test them out." He says, "One of the things I always like to do, "I'll pick two from the upper right "and I'll take one from the lower left." One of the emerging, text, "And I'll give em a shot." It won't win every time, but then he called out FireEye as one of the organizations that he found early that gave them competitive advantage. >> Right. >> Love that comment. >> It's a great comment. And honestly if you're in charge of procurement you'd be stupid not to do that. Not only just to see what the technology is, but now I can play you off the big guys because I have negotiating leverage and I can say oh, well I could always just take their contract. So it's silly not to do it from a business perspective. But from technology perspective, what we kept hearing from these people with the smaller vendors. My partner Peter Steube, my colleague and I, we did the host together, we asked this question really believing that the financial insecurity of the moment and the times would make smaller vendors not viable. We heard the exact opposite. What our panelists said was, "No, I'd be happy "to work with a smaller vendor right now "because they're going to give me pricing flexibility, "they're going to work with me right now. "I don't need to pay them upfront "because we're seeing a permanent shift from CapEx to OpEX, "and the smaller vendors are willing to work with me and I can pay them later." So we were actually surprised to hear that and glad to hear it because, to connect to your other point, the other person who was talking about security and the platform approach versus best of breed, he said "Listen, platform approaches you're already "with the vendor, you can bundle a little bit. "But the problem is, if you're just going to acquire "a new technology every time there's a new threat, "the bad guys are just going to switch the threat. "And you can't acquire indefinitely. "So therefore, best of breed with security "will always beat platform." And that's kind of a message to Palo Alto and Cisco, in my opinion, because they seem to be the ones fighting that out. Even Microsoft now, trying to say they're a platform approach in security. >> Well and this says to me the security business, as we predicted, is going to stay fragmented because you're still going to get that best of breed. You know, just like Cloud is going to be fragmented and it's, you know, multiple vendors. Ever since I've been in this business people are trying to consolidate the number of vendors, but technology moves so quickly, it gives competitive advantage. Erik, awesome! Thank you so much for joining us. I'm looking forward to next Tuesday with the next vendor and love to have you back and talk about it anytime. You're a great guest, thanks so much. >> Certainly, I'll do my best to get a better AV connection the next time guys, I apologize for that. But it was great talking to you tonight. >> Hey we're all learning, you know so, thank you everybody for watching, this is Dave Vellante for theCUBE and we'll see you next time. (upbeat music)

>> Live from Bahrain, it's theCUBE. Covering AWS Summit Bahrain. Brought to you by Amazon Web Services. >> Hey, welcome back everyone, we're here live in Bahrain in the Middle East. This is theCUBE's exclusive coverage, here for the first time, covering Amazon Web Services, AWS' Public Sector, and the breaking news around their new region that they announced a while ago, going to be deployed here in the early 2019 time frame. An Amazon region really is the power source of digital. It has a track record of creating so much value and innovation. And I'm here with Teresa Carlson, who's the head-- she's the chief of public sectors, she's the head of Amazon Web Services' Public Sector globally, except for China but that's a different territory. Teresa Carlson, it's great to see you. >> It's so great to have you here with us, oh my goodness. >> So I got to say, you told me a few years ago we're going to really go international, we're doubling down outside North America, we're going to have regions, Andy Jassy, the CEO of AWS, said the same. This is the strategy of Amazon. But the Middle East was your baby. This was something that you did spend a lot of time on, and a lot of decisions. Everyone wants to know why Bahrain? Why did you choose this region? And what do you see happening? And how's it going? >> Well, you know, it's interesting because, well I have had a lot of people say why Bahrain as the first region that you've put in the Middle East? Because it doesn't seem like the first place somebody would choose. And the thing that kept coming back to me is Jeff has always said we're willing to be misunderstood for long periods of time. And I think this is probably one of those times where people just didn't quite understand why Bahrain. Well, here's why. I met the Crown Prince, we talked about digital innovation and the economy here and he immediately got that they needed to go through a digital transformation. They are not a country that has a lot of oil. They are a smaller country and they really are a working class country that is looking for how do they have sustainment? And they've done things in the past around financial services that really got them going. They would spear head things. And I think he saw the opportunity that this could help them jump-start the economy and they could kind of be a hub for innovation. So they created the right policies around Cloud First. They created the right telecommunications policy. They were one of the first to deregulate. They had good pricing for utilities. They were friendly toward businesses. And they had a culture that we felt could fit well with us, as well as our partner community. >> Couple of observations, being the first time here, so thank you for inviting us and allowing us to cover you here. One, they're a learning culture, they speak multiple languages, why not add programming to it, software? Two, they like to move fast. They just built a track in 14 months, they're not afraid to go faster. >> They go fast. >> That's Amazon. Amazon, you guys move at a speed of a whole 'nother cadence. And then, my observation again, compared to other areas as I look around is that the percentage of the population of Bahrainians is large, is a lot of people live here, that are native, and they're talented. >> Well, one of the things you said that I think is key is that they move fast, they're used to being frugal on how they do things and they're very scrappy. And that really fits with their culture because, again, they have to do things different than some of the other minimalist countries who are-- they're not quite as rich. But they have this culture of really moving fast and they took down blockers like crazy. I mean, as we came in and were making a decision on-- >> What were some of those blockers? Like, stumbling blocks, are they more hurdles? What were they? >> They were stumbling blocks but they were-- we had to really come in and talk about why telecommunications, policies and pricing had to change because in an old-school model of Telco, there's a lot of big charges. And when you have a digital economy coming in, if you think about, you have a few transactions for a lot of money in an old-school. In a new-school world, you have millions of transactions for a little bit, 'cause you've got to be able to transact a lot, and that's why your telecommunications industry's got to be set up as well as you want it deregulated. They'd already deregulated it so they worked with us to open it up, to set the policies, and now Batelco, who is one of our major telecommunications partners here, is doing manage services on AWS, they've gotten all kinds of people trained. And it's just an example of how they look at an opportunity and say we have got to innovate and make changes if we want to have a sustainment in the 21st century economy. >> And you guys are bringing a lot of goodness to the table, they're quick learners, they're smart, they've got their entrepreneurial vibe. They're not afraid to put some funds of funds together and get some professional investment going on. So that's going to level up the entrepreneurship base. The question is when will the region be ready? How's that going? It's under construction. We've been hearing it's been impacting and, frankly, bringing in to this country an agenda item of sustainability and sustainable energy. Well, why would they need sustainable energy if they've got oil? >> Well they-- (laughs) [John] - Why burn it if you can sell it? That's what the British Prime Minister-- >> Well they do and they've had a new find but I think they have to get to the new oil that they've found but they're not-- I think, what I understand, they're not banking on that, they're going to bank on a digital economy. So they know this is kind of a guaranteed way to really grow what they're doing and bringing out outside others. There's two big elements they're doing. One is they're creating policies for data that allows other countries to put their data here safely and with the right laws. That is game changing. So that's one big thing they're doing. The second thing is they have the spirit of teaching and training so they're getting other countries to come in and talk to them about what they're doing. And remember, John, they're already moving the government to the Cloud and they don't even have their Cloud here yet. So they've done all their homework and they're already moving more work loads into the Cloud that they don't feel need to be here. But they've looked at security design, compliance practices, and they're like, we're moving, we're not waiting. >> They're Cloud First. >> They're Cloud First. >> Okay, so when do you expect the construction to be ready? Ballpark, I know you can't probably give an exact date but when-- >> We expect it'll be ready by Q1 of 2019 and we're excited. It's going to be one of the most innovative regions. And by the way, I dunno if you saw, I had a big star on the map today in my presentation. We have literally, at AWS, had a big hole in the world with no region in the Middle East or Africa, and now we are going to have this region so it is exciting, and I know that the region itself is really anxious to get going. >> Well not only are you an amazing executive, I've seen you work, I've seen what you've done, checking the boxes, doing the hard work, getting down and dirty and doing hustling and scrapping, but you also made some good strategic bets. This one really is successful because I think, two things, you bring a region to the area for AWS but you guys are doing it in a way that's partnering with the government, you're actually-- as industry contributing. I think that's a case there that's going to probably be recognized down the road when people figure that out. But that's going to be a great one. But the cultural win, for you, is pretty amazing and I have to say, yesterday I went to the women breakfast that you hosted and I've never been at a women breakfast, and I've been to a lot of them because I like to be involved, where I got kicked out of a table because they need the space, so it was so crowded. Sorry guys, you're out, I got booted. I didn't leave the room, I had to just move, because they had workshops. Take a minute to explain the women breakfast you had because I think that was extraordinary and a proof point that the narrative of the region, women don't go to school, all this nonsense that's out there, take a minute to clarify this, this is a cultural shift. There might be some cultural things going on. >> Well, the women are here, #SmartIsBeautiful. They are amazing. And they are very educated and in fact, 53% of the government work force here are females at high level jobs too, they're not just low level. And I actually met with the King this week who told me that he was able-- he has the first Supreme Court Justice, that's a female, in the Middle East. And he said it was against culture but he did it because he said this woman was so amazing and she was so talented and she fit the role, she had the job description down. And he said it's gone great, so the women here are smart, they're talented, they're educated, and they actually get degrees in Computer Science. Here in Bahrain, 60% of the Computer Science students are females. Now, what is not happening, is their not always getting out and getting these jobs. And the second thing is, right now, we're still working with them to teach the right skills. A lot of skills are actually outdated tech skills and I know, John, you see this too, even in the US. You have universities that are still teaching the wrong skills for Cloud, so we are working with them at the university and the high school level that actually teach and certify on the right skills. But the women are talented, they're amazing. There are some cultural things that we're going to work together on but there's really no reason we can't have an amazing and talented workforce of women here in the Middle East. >> We had Mohammed on, who's the chief executive of the IGA, the Information e-Government Authority. He told me that any citizen can get a certification for free in this country. >> Yes! Oh my gosh, so I've never seen this. So our partner here, Tamkeen, who's like The Labour Fund, about a year and a half ago, agreed that any citizen that got a certification on AWS, it would be 100% paid for. And then we just announced today that they're actually also going to pay 100% of Bahraini companies that want to move to the Cloud. They're serious about this, they are serious. And they are being a role model and, again John, why are they doing it? They are doing it because they realize that they want to be a true digital economy and grow their businesses here and create new. They got to move faster because they're smaller. They've got to be scrappier, they got to move faster, they got to do things a little bit different. >> The other thing I want to point out, you can't really see it on the camera, but behind us you have, essentially, a mix of commercial and public sector. The show here is so, so crowded, couldn't get into the keynote speech, overflow of room was packed, this is attracting everyone from the Gulf region here. Not just public sector, but commercial businesses. This is not a one time thing, this is a-- the pent-up demand is here. What do you expect is going to happen when the region gets here built out? >> Well, if you look at all the partners around, I mean you have Trend Micro over here, and others, many of them have come because they're excited about us putting a region here. And Andy Jassy and I both have had many of our partners say when are you going to have a region in the Middle East? So we expect a lot more partners are going to come. Just like you they're going to see the value of being here. But, additionally, I don't know what we're going to do for our conference, our summit, because we've already out-grown this space and you're right, we have delegates here from Jordan, the UAE, Saudi Arabia, of course Bahrain, Kuwait, the US. So many different groups are being represented here and I think also South Africa, we have some folks from South Africa. >> Well theCUBE is here, we're making great observations and great commentary. I got to say that you're even attracting amazing talent from the US, besides theCUBE. General Keith Alexander was here. >> Yes he was. >> John Wood from Telos, and all these partners, all visionaries who see the opportunity. This is important, you're not being misunderstood by the people who know Amazon. >> No, I agree. And you made a point earlier that I think is important. Even though I'm kind of here for this conference, leading it, this is not a public sector conference, it's a AWS Summit. It has tons of commercial, tons of public sector. The thing that's a little bit different when you get to some of these countries is they are more government lead, so that is the reason it's important to have this relationship with government if you really want to, but you don't want to surprise them. And you want to work with them to help make sure that they and the country are successful. >> Well Teresa, it's been fun to observe and watch your successes continue to raise the bar here in your job. This is a whole 'nother level when you talk about really filling a hole, you see a hole, you fill it. >> Yep, find a whole, fill it (laughs). >> I heard someone say that once in a motivation speech. Oh, that was you, "You see a hole you fill it. "Oh, we got to hole in the Middle East, fill it!" You have a region here, you've got great success in Washington, DC, CIA, other governments. Congratulations, and thanks for all your support-- >> Thank you John for being here, thank you. >> Thank you, live coverage here. We are here in Bahrain in the Middle East of CUBE's first time. I'm John Furrier, your host here, covering the exclusive Amazon Web Services Summit, and covering the historic launch of the new region in the Middle East. This should change the game, this is going to be a digital hub. It's going to have impact to entrepreneurship, economics and society. We'll be covering it at theCUBE. Stay with us for more after this short break. (jubilant music)

>> Announcer: Please welcome Vice President of Worldwide Marketing, Amazon Web Services, Ariel Kelman. (applause) (techno music) >> Good afternoon, everyone. Thank you for coming. I hope you guys are having a great day here. It is my pleasure to introduce to come up on stage here, the CEO of Amazon Web Services, Andy Jassy. (applause) (techno music) >> Okay. Let's get started. I have a bunch of questions here for you, Andy. >> Just like one of our meetings, Ariel. >> Just like one of our meetings. So, I thought I'd start with a little bit of a state of the state on AWS. Can you give us your quick take? >> Yeah, well, first of all, thank you, everyone, for being here. We really appreciate it. We know how busy you guys are. So, hope you're having a good day. You know, the business is growing really quickly. In the last financials, we released, in Q four of '16, AWS is a 14 billion dollar revenue run rate business, growing 47% year over year. We have millions of active customers, and we consider an active customer as a non-Amazon entity that's used the platform in the last 30 days. And it's really a very broad, diverse customer set, in every imaginable size of customer and every imaginable vertical business segment. And I won't repeat all the customers that I know Werner went through earlier in the keynote, but here are just some of the more recent ones that you've seen, you know NELL is moving their their digital and their connected devices, meters, real estate to AWS. McDonalds is re-inventing their digital platform on top of AWS. FINRA is moving all in to AWS, yeah. You see at Reinvent, Workday announced AWS was its preferred cloud provider, and to start building on top of AWS further. Today, in press releases, you saw both Dunkin Donuts and Here, the geo-spatial map company announced they'd chosen AWS as their provider. You know and then I think if you look at our business, we have a really large non-US or global customer base and business that continues to expand very dramatically. And we're also aggressively increasing the number of geographic regions in which we have infrastructure. So last year in 2016, on top of the broad footprint we had, we added Korea, India, and Canada, and the UK. We've announced that we have regions coming, another one in China, in Ningxia, as well as in France, as well as in Sweden. So we're not close to being done expanding geographically. And then of course, we continue to iterate and innovate really quickly on behalf of all of you, of our customers. I mean, just last year alone, we launched what we considered over 1,000 significant services and features. So on average, our customers wake up every day and have three new capabilities they can choose to use or not use, but at their disposal. You've seen it already this year, if you look at Chime, which is our new unified communication service. It makes meetings much easier to conduct, be productive with. You saw Connect, which is our new global call center routing service. If you look even today, you look at Redshift Spectrum, which makes it easy to query all your data, not just locally on disk in your data warehouse but across all of S3, or DAX, which puts a cash in front of DynamoDB, we use the same interface, or all the new features in our machine learning services. We're not close to being done delivering and iterating on your behalf. And I think if you look at that collection of things, it's part of why, as Gartner looks out at the infrastructure space, they estimate the AWS is several times the size business of the next 14 providers combined. It's a pretty significant market segment leadership position. >> You talked a lot about adopts in there, a lot of customers moving to AWS, migrating large numbers of workloads, some going all in on AWS. And with that as kind of backdrop, do you still see a role for hybrid as being something that's important for customers? >> Yeah, it's funny. The quick answer is yes. I think the, you know, if you think about a few years ago, a lot of the rage was this debate about private cloud versus what people call public cloud. And we don't really see that debate very often anymore. I think relatively few companies have had success with private clouds, and most are pretty substantially moving in the direction of building on top of clouds like AWS. But, while you increasingly see more and more companies every month announcing that they're going all in to the cloud, we will see most enterprises operate in some form of hybrid mode for the next number of years. And I think in the early days of AWS and the cloud, I think people got confused about this, where they thought that they had to make this binary decision to either be all in on the public cloud and AWS or not at all. And of course that's not the case. It's not a binary decision. And what we know many of our enterprise customers want is they want to be able to run the data centers that they're not ready to retire yet as seamlessly as they can alongside of AWS. And it's why we've built a lot of the capabilities we've built the last several years. These are things like PPC, which is our virtual private cloud, which allows you to cordon off a portion of our network, deploy resources into it and connect to it through VPN or Direct Connect, which is a private connection between your data centers and our regions or our storage gateway, which is a virtual storage appliance, or Identity Federation, or a whole bunch of capabilities like that. But what we've seen, even though the vast majority of the big hybrid implementations today are built on top of AWS, as more and more of the mainstream enterprises are now at the point where they're really building substantial cloud adoption plans, they've come back to us and they've said, well, you know, actually you guys have made us make kind of a binary decision. And that's because the vast majority of the world is virtualized on top of VMWare. And because VMWare and AWS, prior to a few months ago, had really done nothing to try and make it easy to use the VMWare tools that people have been using for many years seamlessly with AWS, customers were having to make a binary choice. Either they stick with the VMWare tools they've used for a while but have a really tough time integrating with AWS, or they move to AWS and they have to leave behind the VMWare tools they've been using. And it really was the impetus for VMWare and AWS to have a number of deep conversations about it, which led to the announcement we made late last fall of VMWare and AWS, which is going to allow customers who have been using the VMWare tools to manage their infrastructure for a long time to seamlessly be able to run those on top of AWS. And they get to do so as they move workloads back and forth and they evolve their hybrid implementation without having to buy any new hardware, which is a big deal for companies. Very few companies are looking to find ways to buy more hardware these days. And customers have been very excited about this prospect. We've announced that it's going to be ready in the middle of this year. You see companies like Amadeus and Merck and Western Digital and the state of Louisiana, a number of others, we've a very large, private beta and preview happening right now. And people are pretty excited about that prospect. So we will allow customers to run in the mode that they want to run, and I think you'll see a huge transition over the next five to 10 years. >> So in addition to hybrid, another question we get a lot from enterprises around the concept of lock-in and how they should think about their relationship with the vendor and how they should think about whether to spread the workloads across multiple infrastructure providers. How do you think about that? >> Well, it's a question we get a lot. And Oracle has sure made people care about that issue. You know, I think people are very sensitive about being locked in, given the experience that they've had over the last 10 to 15 years. And I think the reality is when you look at the cloud, it really is nothing like being locked into something like Oracle. The APIs look pretty similar between the various providers. We build an open standard, it's like Linux and MySQL and Postgres. All the migration tools that we build allow you to migrate in or out of AWS. It's up to customers based on how they want to run their workload. So it is much easier to move away from something like the cloud than it is from some of the old software services that has created some of this phobia. But I think when you look at most CIOs, enterprise CIOs particularly, as they think about moving to the cloud, many of them started off thinking that they, you know, very well might split their workloads across multiple cloud providers. And I think when push comes to shove, very few decide to do so. Most predominately pick an infrastructure provider to run their workloads. And the reason that they don't split it across, you know, pretty evenly across clouds is a few reasons. Number one, if you do so, you have to standardize in the lowest common denominator. And these platforms are in radically different stages at this point. And if you look at something like AWS, it has a lot more functionality than anybody else by a large margin. And we're also iterating more quickly than you'll find from the other providers. And most folks don't want to tie the hands of their developers behind their backs in the name of having the ability of splitting it across multiple clouds, cause they actually are, in most of their spaces, competitive, and they have a lot of ideas that they want to actually build and invent on behalf of their customers. So, you know, they don't want to actually limit their functionality. It turns out the second reason is that they don't want to force their development teams to have to learn multiple platforms. And most development teams, if any of you have managed multiple stacks across different technologies, and many of us have had that experience, it's a pain in the butt. And trying to make a shift from what you've been doing for the last 30 years on premises to the cloud is hard enough. But then forcing teams to have to get good at running across two or three platforms is something most teams don't relish, and it's wasteful of people's time, it's wasteful of natural resources. That's the second thing. And then the third reason is that you effectively diminish your buying power because all of these cloud providers have volume discounts, and then you're splitting what you buy across multiple providers, which gives you a lower amount you buy from everybody at a worse price. So when most CIOs and enterprises look at this carefully, they don't actually end up splitting it relatively evenly. They predominately pick a cloud provider. Some will just pick one. Others will pick one and then do a little bit with a second, just so they know they can run with a second provider, in case that relationship with the one they choose to predominately run with goes sideways in some fashion. But when you really look at it, CIOs are not making that decision to split it up relatively evenly because it makes their development teams much less capable and much less agile. >> Okay, let's shift gears a little bit, talk about a subject that's on the minds of not just enterprises but startups and government organizations and pretty much every organization we talk to. And that's AI and machine learning. Reinvent, we introduced our Amazon AI services and just this morning Werner announced the general availability of Amazon Lex. So where are we overall on machine learning? >> Well it's a hugely exciting opportunity for customers, and I think, we believe it's exciting for us as well. And it's still in the relatively early stages, if you look at how people are using it, but it's something that we passionately believe is going to make a huge difference in the world and a huge difference with customers, and that we're investing a pretty gigantic amount of resource and capability for our customers. And I think the way that we think about, at a high level, the machine learning and deep learning spaces are, you know, there's kind of three macro layers of the stack. I think at that bottom layer, it's generally for the expert machine learning practitioners, of which there are relatively few in the world. It's a scarce resource relative to what I think will be the case in five, 10 years from now. And these are folks who are comfortable working with deep learning engines, know how to build models, know how to tune those models, know how to do inference, know how to get that data from the models into production apps. And for that group of people, if you look at the vast majority of machine learning and deep learning that's being done in the cloud today, it's being done on top of AWS, are P2 instances, which are optimized for deep learning and our deep learning AMIs, that package, effectively the deep learning engines and libraries inside those AMIs. And you see companies like Netflix, Nvidia, and Pinterest and Stanford and a whole bunch of others that are doing significant amounts of machine learning on top of those optimized instances for machine learning and the deep learning AMIs. And I think that you can expect, over time, that we'll continue to build additional capabilities and tools for those expert practitioners. I think we will support and do support every single one of the deep learning engines on top of AWS, and we have a significant amount of those workloads with all those engines running on top of AWS today. We also are making, I would say, a disproportionate investment of our own resources and the MXNet community just because if you look at running deep learning models once you get beyond a few GPUs, it's pretty difficult to have those scale as you get into the hundreds of GPUs. And most of the deep learning engines don't scale very well horizontally. And so what we've found through a lot of extensive testing, cause remember, Amazon has thousands of deep learning experts inside the company that have built very sophisticated deep learning capabilities, like the ones you see in Alexa, we have found that MXNet scales the best and almost linearly, as we continue to add nodes, as we continue to horizontally scale. So we have a lot of investment at that bottom layer of the stack. Now, if you think about most companies with developers, it's still largely inaccessible to them to do the type of machine learning and deep learning that they'd really like to do. And that's because the tools, I think, are still too primitive. And there's a number of services out there, we built one ourselves in Amazon Machine Learning that we have a lot of customers use, and yet I would argue that all of those services, including our own, are still more difficult than they should be for everyday developers to be able to build machine learning and access machine learning and deep learning. And if you look at the history of what AWS has done, in every part of our business, and a lot of what's driven us, is trying to democratize technologies that were really only available and accessible before to a select, small number of companies. And so we're doing a lot of work at what I would call that middle layer of the stack to get rid of a lot of the muck associated with having to do, you know, building the models, tuning the models, doing the inference, figuring how to get the data into production apps, a lot of those capabilities at that middle layer that we think are really essential to allow deep learning and machine learning to reach its full potential. And then at the top layer of the stack, we think of those as solutions. And those are things like, pass me an image and I'll tell you what that image is, or show me this face, does it match faces in this group of faces, or pass me a string of text and I'll give you an mpg file, or give me some words and what your intent is and then I'll be able to return answers that allow people to build conversational apps like the Lex technology. And we have a whole bunch of other services coming in that area, atop of Lex and Polly and Recognition, and you can imagine some of those that we've had to use in Amazon over the years that we'll continue to make available for you, our customers. So very significant level of investment at all three layers of that stack. We think it's relatively early days in the space but have a lot of passion and excitement for that. >> Okay, now for ML and AI, we're seeing customers wanting to load in tons of data, both to train the models and to actually process data once they've built their models. And then outside of ML and AI, we're seeing just as much demand to move in data for analytics and traditional workloads. So as people are looking to move more and more data to the cloud, how are we thinking about making it easier to get data in? >> It's a great question. And I think it's actually an often overlooked question because a lot of what gets attention with customers is all the really interesting services that allow you to do everything from compute and storage and database and messaging and analytics and machine learning and AI. But at the end of the day, if you have a significant amount of data already somewhere else, you have to get it into the cloud to be able to take advantage of all these capabilities that you don't have on premises. And so we have spent a disproportionate amount of focus over the last few years trying to build capabilities for our customers to make this easier. And we have a set of capabilities that really is not close to matched anywhere else, in part because we have so many customers who are asking for help in this area that it's, you know, that's really what drives what we build. So of course, you could use the good old-fashioned wire to send data over the internet. Increasingly, we find customers that are trying to move large amounts of data into S3, is using our S3 transfer acceleration service, which basically uses our points of presence, or POPs, all over the world to expedite delivery into S3. You know, a few years ago, we were talking to a number of companies that were looking to make big shifts to the cloud, and they said, well, I need to move lots of data that just isn't viable for me to move it over the wire, given the connection we can assign to it. It's why we built Snowball. And so we launched Snowball a couple years ago, which is really, it's a 50 terabyte appliance that is encrypted, the data's encrypted three different ways, and you ingest the data from your data center into Snowball, it has a Kindle connected to it, it allows you to, you know, that makes sure that you send it to the right place, and you can also track the progress of your high-speed ingestion into our data centers. And when we first launched Snowball, we launched it at Reinvent a couple years ago, I could not believe that we were going to order as many Snowballs to start with as the team wanted to order. And in fact, I reproached the team and I said, this is way too much, why don't we first see if people actually use any of these Snowballs. And so the team thankfully didn't listen very carefully to that, and they really only pared back a little bit. And then it turned out that we, almost from the get-go, had ordered 10X too few. And so this has been something that people have used in a very broad, pervasive way all over the world. And last year, at the beginning of the year, as we were asking people what else they would like us to build in Snowball, customers told us a few things that were pretty interesting to us. First, one that wasn't that surprising was they said, well, it would be great if they were bigger, you know, if instead of 50 terabytes it was more data I could store on each device. Then they said, you know, one of the problems is when I load the data onto a Snowball and send it to you, I have to still keep my local copy on premises until it's ingested, cause I can't risk losing that data. So they said it would be great if you could find a way to provide clustering, so that I don't have to keep that copy on premises. That was pretty interesting. And then they said, you know, there's some of that data that I'd actually like to be loading synchronously to S3, and then, or some things back from S3 to that data that I may want to compare against. That was interesting, having that endpoint. And then they said, well, we'd really love it if there was some compute on those Snowballs so I can do analytics on some relatively short-term signals that I want to take action on right away. Those were really the pieces of feedback that informed Snowball Edge, which is the next version of Snowball that we launched, announced at Reinvent this past November. So it has, it's a hundred-terabyte appliance, still the same level of encryption, and it has clustering so that you don't have to keep that copy of the data local. It allows you to have an endpoint to S3 to synchronously load data back and forth, and then it has a compute inside of it. And so it allows customers to use these on premises. I'll give you a good example. GE is using these for their wind turbines. And they collect all kinds of data from those turbines, but there's certain short-term signals they want to do analytics on in as close to real time as they can, and take action on those. And so they use that compute to do the analytics and then when they fill up that Snowball Edge, they detach it and send it back to AWS to do broad-scale analytics in the cloud and then just start using an additional Snowball Edge to capture that short-term data and be able to do those analytics. So Snowball Edge is, you know, we just launched it a couple months ago, again, amazed at the type of response, how many customers are starting to deploy those all over the place. I think if you have exabytes of data that you need to move, it's not so easy. An exabyte of data, if you wanted to move from on premises to AWS, would require 10,000 Snowball Edges. Those customers don't want to really manage a fleet of 10,000 Snowball Edges if they don't have to. And so, we tried to figure out how to solve that problem, and it's why we launched Snowmobile back at Reinvent in November, which effectively, it's a hundred-petabyte container on a 45-foot trailer that we will take a truck and bring out to your facility. It comes with its own power and its own network fiber that we plug in to your data center. And if you want to move an exabyte of data over a 10 gigabit per second connection, it would take you 26 years. But using 10 Snowmobiles, it would take you six months. So really different level of scale. And you'd be surprised how many companies have exabytes of data at this point that they want to move to the cloud to get all those analytics and machine learning capabilities running on top of them. Then for streaming data, as we have more and more companies that are doing real-time analytics of streaming data, we have Kinesis, where we built something called the Kinesis Firehose that makes it really simple to stream all your real-time data. We have a storage gateway for companies that want to keep certain data hot, locally, and then asynchronously be loading the rest of their data to AWS to be able to use in different formats, should they need it as backup or should they choose to make a transition. So it's a very broad set of storage capabilities. And then of course, if you've moved a lot of data into the cloud or into anything, you realize that one of the hardest parts that people often leave to the end is ETL. And so we have announced an ETL service called Glue, which we announced at Reinvent, which is going to make it much easier to move your data, be able to find your data and map your data to different locations and do ETL, which of course is hugely important as you're moving large amounts. >> So we've talked a lot about moving things to the cloud, moving applications, moving data. But let's shift gears a little bit and talk about something not on the cloud, connected devices. >> Yeah. >> Where do they fit in and how do you think about edge? >> Well, you know, I've been working on AWS since the start of AWS, and we've been in the market for a little over 11 years at this point. And we have encountered, as I'm sure all of you have, many buzzwords. And of all the buzzwords that everybody has talked about, I think I can make a pretty strong argument that the one that has delivered fastest on its promise has been IOT and connected devices. Just amazing to me how much is happening at the edge today and how fast that's changing with device manufacturers. And I think that if you look out 10 years from now, when you talk about hybrid, I think most companies, majority on premise piece of hybrid will not be servers, it will be connected devices. There are going to be billions of devices all over the place, in your home, in your office, in factories, in oil fields, in agricultural fields, on ships, in cars, in planes, everywhere. You're going to have these assets that sit at the edge that companies are going to want to be able to collect data on, do analytics on, and then take action. And if you think about it, most of these devices, by their very nature, have relatively little CPU and have relatively little disk, which makes the cloud disproportionately important for them to supplement them. It's why you see most of the big, successful IOT applications today are using AWS to supplement them. Illumina has hooked up their genome sequencing to AWS to do analytics, or you can look at Major League Baseball Statcast is an IOT application built on top of AWS, or John Deer has over 200,000 telematically enabled tractors that are collecting real-time planting conditions and information that they're doing analytics on and sending it back to farmers so they can figure out where and how to optimally plant. Tata Motors manages their truck fleet this way. Phillips has their smart lighting project. I mean, there're innumerable amounts of these IOT applications built on top of AWS where the cloud is supplementing the device's capability. But when you think about these becoming more mission-critical applications for companies, there are going to be certain functions and certain conditions by which they're not going to want to connect back to the cloud. They're not going to want to take the time for that round trip. They're not going to have connectivity in some cases to be able to make a round trip to the cloud. And what they really want is customers really want the same capabilities they have on AWS, with AWS IOT, but on the devices themselves. And if you've ever tried to develop on these embedded devices, it's not for mere mortals. It's pretty delicate and it's pretty scary and there's a lot of archaic protocols associated with it, pretty tough to do it all and to do it without taking down your application. And so what we did was we built something called Greengrass, and we announced it at Reinvent. And Greengrass is really like a software module that you can effectively have inside your device. And it allows developers to write lambda functions, it's got lambda inside of it, and it allows customers to write lambda functions, some of which they want to run in the cloud, some of which they want to run on the device itself through Greengrass. So they have a common programming model to build those functions, to take the signals they see and take the actions they want to take against that, which is really going to help, I think, across all these IOT devices to be able to be much more flexible and allow the devices and the analytics and the actions you take to be much smarter, more intelligent. It's also why we built Snowball Edge. Snowball Edge, if you think about it, is really a purpose-built Greengrass device. We have Greengrass, it's inside of the Snowball Edge, and you know, the GE wind turbine example is a good example of that. And so it's to us, I think it's the future of what the on-premises piece of hybrid's going to be. I think there're going to be billions of devices all over the place and people are going to want to interact with them with a common programming model like they use in AWS and the cloud, and we're continuing to invest very significantly to make that easier and easier for companies. >> We've talked about several feature directions. We talked about AI, machine learning, the edge. What are some of the other areas of investment that this group should care about? >> Well there's a lot. (laughs) That's not a suit question, Ariel. But there's a lot. I think, I'll name a few. I think first of all, as I alluded to earlier, we are not close to being done expanding geographically. I think virtually every tier-one country will have an AWS region over time. I think many of the emerging countries will as well. I think the database space is an area that is radically changing. It's happening at a faster pace than I think people sometimes realize. And I think it's good news for all of you. I think the database space over the last few decades has been a lonely place for customers. I think that they have felt particularly locked into companies that are expensive and proprietary and have high degrees of lock-in and aren't so customer-friendly. And I think customers are sick of it. And we have a relational database service that we launched many years ago and has many flavors that you can run. You can run MySQL, you can run Postgres, you can run MariaDB, you can run SQLServer, you can run Oracle. And what a lot of our customers kept saying to us was, could you please figure out a way to have a database capability that has the performance characteristics of the commercial-grade databases but the customer-friendly and pricing model of the more open engines like the MySQL and Postgres and MariaDB. What you do on your own, we do a lot of it at Amazon, but it's hard, I mean, it takes a lot of work and a lot of tuning. And our customers really wanted us to solve that problem for them. And it's why we spent several years building Aurora, which is our own database engine that we built, but that's fully compatible with MySQL and with Postgres. It's at least as fault tolerant and durable and performant as the commercial-grade databases, but it's a tenth of the cost of those. And it's also nice because if it turns out that you use Aurora and you decide for whatever reason you don't want to use Aurora anymore, because it's fully compatible with MySQL and Postgres, you just dump it to the community versions of those, and off you are. So there's really hardly any transition there. So that is the fastest-growing service in the history of AWS. I'm amazed at how quickly it's grown. I think you may have heard earlier, we've had 23,000 database migrations just in the last year or so. There's a lot of pent-up demand to have database freedom. And we're here to help you have it. You know, I think on the analytic side, it's just never been easier and less expensive to collect, store, analyze, and share data than it is today. Part of that has to do with the economics of the cloud. But a lot of it has to do with the really broad analytics capability that we provide you. And it's a much broader capability than you'll find elsewhere. And you know, you can manage Hadoop and Spark and Presto and Hive and Pig and Yarn on top of AWS, or we have a managed elastic search service, and you know, of course we have a very high scale, very high performing data warehouse in Redshift, that just got even more performant with Spectrum, which now can query across all of your S3 data, and of course you have Athena, where you can query S3 directly. We have a service that allows you to do real-time analytics of streaming data in Kinesis. We have a business intelligence service in QuickSight. We have a number of machine learning capabilities I talked about earlier. It's a very broad array. And what we find is that it's a new day in analytics for companies. A lot of the data that companies felt like they had to throw away before, either because it was too expensive to hold or they didn't really have the tools accessible to them to get the learning from that data, it's a totally different day today. And so we have a pretty big investment in that space, I mentioned Glue earlier to do ETL on all that data. We have a lot more coming in that space. I think compute, super interesting, you know, I think you will find, I think we will find that companies will use full instances for many, many years and we have, you know, more than double the number of instances than you'll find elsewhere in every imaginable shape and size. But I would also say that the trend we see is that more and more companies are using smaller units of compute, and it's why you see containers becoming so popular. We have a really big business in ECS. And we will continue to build out the capability there. We have companies really running virtually every type of container and orchestration and management service on top of AWS at this point. And then of course, a couple years ago, we pioneered the event-driven serverless capability in compute that we call Lambda, which I'm just again, blown away by how many customers are using that for everything, in every way. So I think the basic unit of compute is continuing to get smaller. I think that's really good for customers. I think the ability to be serverless is a very exciting proposition that we're continuing to to fulfill that vision that we laid out a couple years ago. And then, probably, the last thing I'd point out right now is, I think it's really interesting to see how the basic procurement of software is changing. In significant part driven by what we've been doing with our Marketplace. If you think about it, in the old world, if you were a company that was buying software, you'd have to go find bunch of the companies that you should consider, you'd have to have a lot of conversations, you'd have to talk to a lot of salespeople. Those companies, by the way, have to have a big sales team, an expensive marketing budget to go find those companies and then go sell those companies and then both companies engage in this long tap-dance around doing an agreement and the legal terms and the legal teams and it's just, the process is very arduous. Then after you buy it, you have to figure out how you're going to actually package it, how you're deploy to infrastructure and get it done, and it's just, I think in general, both consumers of software and sellers of software really don't like the process that's existed over the last few decades. And then you look at AWS Marketplace, and we have 35 hundred product listings in there from 12 hundred technology providers. If you look at the number of hours, that software that's been running EC2 just in the last month alone, it's several hundred million hours, EC2 hours, of that software being run on top of our Marketplace. And it's just completely changing how software is bought and procured. I think that if you talk to a lot of the big sellers of software, like Splunk or Trend Micro, there's a whole number of them, they'll tell you it totally changes their ability to be able to sell. You know, one of the things that really helped AWS in the early days and still continues to help us, is that we have a self-service model where we don't actually have to have a lot of people talk to every customer to get started. I think if you're a seller of software, that's very appealing, to allow people to find your software and be able to buy it. And if you're a consumer, to be able to buy it quickly, again, without the hassle of all those conversations and the overhead associated with that, very appealing. And I think it's why the marketplace has just exploded and taken off like it has. It's also really good, by the way, for systems integrators, who are often packaging things on top of that software to their clients. This makes it much easier to build kind of smaller catalogs of software products for their customers. I think when you layer on top of that the capabilities that we've announced to make it easier for SASS providers to meter and to do billing and to do identity is just, it's a very different world. And so I think that also is very exciting, both for companies and customers as well as software providers. >> We certainly touched on a lot here. And we have a lot going on, and you know, while we have customers asking us a lot about how they can use all these new services and new features, we also tend to get a lot of questions from customers on how we innovate so quickly, and they can think about applying some of those lessons learned to their own businesses. >> So you're asking how we're able to innovate quickly? >> Mmm hmm. >> I think there's a few things that have helped us, and it's different for every company. But some of these might be helpful. I'll point to a few. I think the first thing is, I think we disproportionately index on hiring builders. And we think of builders as people who are inventors, people who look at different customer experiences really critically, are honest about what's flawed about them, and then seek to reinvent them. And then people who understand that launch is the starting line and not the finish line. There's very little that any of us ever built that's a home run right out of the gate. And so most things that succeed take a lot of listening to customers and a lot of experimentation and a lot of iterating before you get to an equation that really works. So the first thing is who we hire. I think the second thing is how we organize. And we have, at Amazon, long tried to organize into as small and separable and autonomous teams as we can, that have all the resources in those teams to own their own destiny. And so for instance, the technologists and the product managers are part of the same team. And a lot of that is because we don't want the finger pointing that goes back and forth between the teams, and if they're on the same team, they focus all their energy on owning it together and understanding what customers need from them, spending a disproportionate amount of time with customers, and then they get to own their own roadmaps. One of the reasons we don't publish a 12 to 18 month roadmap is we want those teams to have the freedom, in talking to customers and listening to what you tell us matters, to re-prioritize if there are certain things that we assumed mattered more than it turns out it does. So, you know I think that the way that we organize is the second piece. I think a third piece is all of our teams get to use the same AWS building blocks that all of you get to use, which allow you to move much more quickly. And I think one of the least told stories about Amazon over the last five years, in part because people have gotten interested in AWS, is people have missed how fast our consumer business at Amazon has iterated. Look at the amount of invention in Amazon's consumer business. And they'll tell you that a big piece of that is their ability to use the AWS building blocks like they do. I think a fourth thing is many big companies, as they get larger, what starts to happen is what people call the institutional no, which is that leaders walk into meetings on new ideas looking to find ways to say no, and not because they're ill intended but just because they get more conservative or they have a lot on their plate or things are really managed very centrally, so it's hard to imagine adding more to what you're already doing. At Amazon, it's really the opposite, and in part because of the way we're organized in such a decoupled, decentralized fashion, and in part because it's just part of our DNA. When the leaders walk into a meeting, they are looking for ways to say yes. And we don't say yes to everything, we have a lot of proposals. But we say yes to a lot more than I think virtually any other company on the planet. And when we're having conversations with builders who are proposing new ideas, we're in a mode where we're trying to problem-solve with them to get to yes, which I think is really different. And then I think the last thing is that we have mechanisms inside the company that allow us to make fast decisions. And if you want a little bit more detail, you should read our founder and CEO Jeff Bezos's shareholder letter, which just was released. He talks about the fast decision-making that happens inside the company. It's really true. We make fast decisions and we're willing to fail. And you know, we sometimes talk about how we're working on several of our next biggest failures, and we hope that most of the things we're doing aren't going to fail, but we know, if you're going to push the envelope and if you're going to experiment at the rate that we're trying to experiment, to find more pillars that allow us to do more for customers and allow us to be more relevant, you are going to fail sometimes. And you have to accept that, and you have to have a way of evaluating people that recognizes the inputs, meaning the things that they actually delivered as opposed to the outputs, cause on new ventures, you don't know what the outputs are going to be, you don't know consumers or customers are going to respond to the new thing you're trying to build. So you have to be able to reward employees on the inputs, you have to have a way for them to continue to progress and grow in their career even if they work on something didn't work. And you have to have a way of thinking about, when things don't work, how do I take the technology that I built as part of that, that really actually does work, but I didn't get it right in the form factor, and use it for other things. And I think that when you think about a culture like Amazon, that disproportionately hires builders, organizes into these separable, autonomous teams, and allows them to use building blocks to move fast, and has a leadership team that's looking to say yes to ideas and is willing to fail, you end up finding not only do you do more inventing but you get the people at every level of the organization spending their free cycles thinking about new ideas because it actually pays to think of new ideas cause you get a shot to try it. And so that has really helped us and I think most of our customers who have made significant shifts to AWS and the cloud would argue that that's one of the big transformational things they've seen in their companies as well. >> Okay. I want to go a little bit deeper on the subject of culture. What are some of the things that are most unique about the AWS culture that companies should know about when they're looking to partner with us? >> Well, I think if you're making a decision on a predominant infrastructure provider, it's really important that you decide that the culture of the company you're going to partner with is a fit for yours. And you know, it's a super important decision that you don't want to have to redo multiple times cause it's wasted effort. And I think that, look, I've been at Amazon for almost 20 years at this point, so I have obviously drank the Kool Aid. But there are a few things that I think are truly unique about Amazon's culture. I'll talk about three of them. The first is I think that we are unusually customer-oriented. And I think a lot of companies talk about being customer-oriented, but few actually are. I think most of the big technology companies truthfully are competitor-focused. They kind of look at what competitors are doing and then they try to one-up one another. You have one or two of them that I would say are product-focused, where they say, hey, it's great, you Mr. and Mrs. Customer have ideas on a product, but leave that to the experts, and you know, you'll like the products we're going to build. And those strategies can be good ones and successful ones, they're just not ours. We are driven by what customers tell us matters to them. We don't build technology for technology's sake, we don't become, you know, smitten by any one technology. We're trying to solve real problems for our customers. 90% of what we build is driven by what you tell us matters. And the other 10% is listening to you, and even if you can't articulate exactly what you want, trying to read between the lines and invent on your behalf. So that's the first thing. Second thing is that we are pioneers. We really like to invent, as I was talking about earlier. And I think most big technology companies at this point have either lost their will or their DNA to invent. Most of them acquire it or fast follow. And again, that can be a successful strategy. It's just not ours. I think in this day and age, where we're going through as big a shift as we are in the cloud, which is the biggest technology shift in our lifetime, as dynamic as it is, being able to partner with a company that has the most functionality, it's iterating the fastest, has the most customers, has the largest ecosystem of partners, has SIs and ISPs, that has had a vision for how all these pieces fit together from the start, instead of trying to patch them together in a following act, you have a big advantage. I think that the third thing is that we're unusually long-term oriented. And I think that you won't ever see us show up at your door the last day of a quarter, the last day of a year, trying to harass you into doing some kind of deal with us, not to be heard from again for a couple years when we either audit you or try to re-up you for a deal. That's just not the way that we will ever operate. We are trying to build a business, a set of relationships, that will outlast all of us here. And I think something that always ties it together well is this trusted advisor capability that we have inside our support function, which is, you know, we look at dozens of programmatic ways that our customers are using the platform and reach out to you if you're doing something we think's suboptimal. And one of the things we do is if you're not fully utilizing resources, or hardly, or not using them at all, we'll reach out and say, hey, you should stop paying for this. And over the last couple of years, we've sent out a couple million of these notifications that have led to actual annualized savings for customers of 350 million dollars. So I ask you, how many of your technology partners reach out to you and say stop spending money with us? To the tune of 350 million dollars lost revenue per year. Not too many. And I think when we first started doing it, people though it was gimmicky, but if you understand what I just talked about with regard to our culture, it makes perfect sense. We don't want to make money from customers unless you're getting value. We want to reinvent an experience that we think has been broken for the prior few decades. And then we're trying to build a relationship with you that outlasts all of us, and we think the best way to do that is to provide value and do right by customers over a long period of time. >> Okay, keeping going on the culture subject, what about some of the quirky things about Amazon's culture that people might find interesting or useful? >> Well there are a lot of quirky parts to our culture. And I think any, you know lots of companies who have strong culture will argue they have quirky pieces but I think there's a few I might point to. You know, I think the first would be the first several years I was with the company, I guess the first six years or so I was at the company, like most companies, all the information that was presented was via PowerPoint. And we would find that it was a very inefficient way to consume information. You know, you were often shaded by the charisma of the presenter, sometimes you would overweight what the presenters said based on whether they were a good presenter. And vice versa. You would very rarely have a deep conversation, cause you have no room on PowerPoint slides to have any depth. You would interrupt the presenter constantly with questions that they hadn't really thought through cause they didn't think they were going to have to present that level of depth. You constantly have the, you know, you'd ask the question, oh, I'm going to get to that in five slides, you want to do that now or you want to do that in five slides, you know, it was just maddening. And we would often find that most of the meetings required multiple meetings. And so we made a decision as a company to effectively ban PowerPoints as a communication vehicle inside the company. Really the only time I do PowerPoints is at Reinvent. And maybe that shows. And what we found is that it's a much more substantive and effective and time-efficient way to have conversations because there is no way to fake depth in a six-page narrative. So what we went to from PowerPoint was six-page narrative. You can write, have as much as you want in the appendix, but you have to assume nobody will read the appendices. Everything you have to communicate has to be done in six pages. You can't fake depth in a six-page narrative. And so what we do is we all get to the room, we spend 20 minutes or so reading the document so it's fresh in everybody's head. And then where we start the conversation is a radically different spot than when you're hearing a presentation one kind of shallow slide at a time. We all start the conversation with a fair bit of depth on the topic, and we can really hone in on the three or four issues that typically matter in each of these conversations. So we get to the heart of the matter and we can have one meeting on the topic instead of three or four. So that has been really, I mean it's unusual and it takes some time getting used to but it is a much more effective way to pay attention to the detail and have a substantive conversation. You know, I think a second thing, if you look at our working backwards process, we don't write a lot of code for any of our services until we write and refine and decide we have crisp press release and frequently asked question, or FAQ, for that product. And in the press release, what we're trying to do is make sure that we're building a product that has benefits that will really matter. How many times have we all gotten to the end of products and by the time we get there, we kind of think about what we're launching and think, this is not that interesting. Like, people are not going to find this that compelling. And it's because you just haven't thought through and argued and debated and made sure that you drew the line in the right spot on a set of benefits that will really matter to customers. So that's why we use the press release. The FAQ is to really have the arguments up front about how you're building the product. So what technology are you using? What's the architecture? What's the customer experience? What's the UI look like? What's the pricing dimensions? Are you going to charge for it or not? All of those decisions, what are people going to be most excited about, what are people going to be most disappointed by. All those conversations, if you have them up front, even if it takes you a few times to go through it, you can just let the teams build, and you don't have to check in with them except on the dates. And so we find that if we take the time up front we not only get the products right more often but the teams also deliver much more quickly and with much less churn. And then the third thing I'd say that's kind of quirky is it is an unusually truth-seeking culture at Amazon. I think we have a leadership principle that we say have backbone, disagree, and commit. And what it means is that we really expect people to speak up if they believe that we're headed down a path that's wrong for customers, no matter who is advancing it, what level in the company, everybody is empowered and expected to speak up. And then once we have the debate, then we all have to pull the same way, even if it's a different way than you were advocating. And I think, you always hear the old adage of where, two people look at a ceiling and one person says it's 14 feet and the other person says, it's 10 feet, and they say, okay let's compromise, it's 12 feet. And of course, it's not 12 feet, there is an answer. And not all things that we all consider has that black and white answer, but most things have an answer that really is more right if you actually assess it and debate it. And so we have an environment that really empowers people to challenge one another and I think it's part of why we end up getting to better answers, cause we have that level of openness and rigor. >> Okay, well Andy, we have time for one more question. >> Okay. >> So other than some of the things you've talked about, like customer focus, innovation, and long-term orientation, what is the single most important lesson that you've learned that is really relevant to this audience and this time we're living in? >> There's a lot. But I'll pick one. I would say I'll tell a short story that I think captures it. In the early days at Amazon, our sole business was what we called an owned inventory retail business, which meant we bought the inventory from distributors or publishers or manufacturers, stored it in our own fulfillment centers and shipped it to customers. And around the year 1999 or 2000, this third party seller model started becoming very popular. You know, these were companies like Half.com and eBay and folks like that. And we had a really animated debate inside the company about whether we should allow third party sellers to sell on the Amazon site. And the concerns internally were, first of all, we just had this fundamental belief that other sellers weren't going to care as much about the customer experience as we did cause it was such a central part of everything we did DNA-wise. And then also we had this entire business and all this machinery that was built around owned inventory business, with all these relationships with publishers and distributors and manufacturers, who we didn't think would necessarily like third party sellers selling right alongside us having bought their products. And so we really debated this, and we ultimately decided that we were going to allow third party sellers to sell in our marketplace. And we made that decision in part because it was better for customers, it allowed them to have lower prices, so more price variety and better selection. But also in significant part because we realized you can't fight gravity. If something is going to happen, whether you want it to happen or not, it is going to happen. And you are much better off cannibalizing yourself or being ahead of whatever direction the world is headed than you are at howling at the wind or wishing it away or trying to put up blockers and find a way to delay moving to the model that is really most successful and has the most amount of benefits for the customers in question. And that turned out to be a really important lesson for Amazon as a company and for me, personally, as well. You know, in the early days of doing Marketplace, we had all kinds of folks, even after we made the decision, that despite the have backbone, disagree and commit weren't really sure that they believed that it was going to be a successful decision. And it took several months, but thankfully we really were vigilant about it, and today in roughly half of the units we sell in our retail business are third party seller units. Been really good for our customers. And really good for our business as well. And I think the same thing is really applicable to the space we're talking about today, to the cloud, as you think about this gigantic shift that's going on right now, moving to the cloud, which is, you know, I think in the early days of the cloud, the first, I'll call it six, seven, eight years, I think collectively we consumed so much energy with all these arguments about are people going to move to the cloud, what are they going to move to the cloud, will they move mission-critical applications to the cloud, will the enterprise adopt it, will public sector adopt it, what about private cloud, you know, we just consumed a huge amount of energy and it was, you can see both in the results in what's happening in businesses like ours, it was a form of fighting gravity. And today we don't really have if conversations anymore with our customers. They're all when and how and what order conversations. And I would say that this going to be a much better world for all of us, because we will be able to build in a much more cost effective fashion, we will be able to build much more quickly, we'll be able to take our scarce resource of engineers and not spend their resource on the undifferentiated heavy lifting of infrastructure and instead on what truly differentiates your business. And you'll have a global presence, so that you have lower latency and a better end user customer experience being deployed with your applications and infrastructure all over the world. And you'll be able to meet the data sovereignty requirements of various locales. So I think it's a great world that we're entering right now, I think we're at a time where there's a lot less confusion about where the world is headed, and I think it's an unprecedented opportunity for you to reinvent your businesses, reinvent your applications, and build capabilities for your customers and for your business that weren't easily possible before. And I hope you take advantage of it, and we'll be right here every step of the way to help you. Thank you very much. I appreciate it. (applause) >> Thank you, Andy. And thank you, everyone. I appreciate your time today. >> Thank you. (applause) (upbeat music)

(energetic techno) >> Hey, welcome back everybody, Jeff Frick here with the cube. We're at the RSA conference in downtown San Francisco, Moscone Center. 40 thousand people talking about security, especially with things like IoT, and 5G coming, just right around the corner, so it's important, and we're excited to be joined by industry veteran, George Gerchow. He's VP Security and Compliances at Sumo Logic. George, welcome. >> Thanks, great to be here! Having a fantastic show so far, so thank you. >> So it's funny, before you came on, you knew our last guest, and he even commented. (George laughs) He has a big role, there's 40 thousand people, but this is like, all the world's security experts at one building. >> They're all right here, right now. So if you wanted to plan a massive terrorist attack? >> Don't say that! >> (laughs) We'll be right here, right now! >> Well, and they have a lot of security, it's funny you're laughing, but there's guard dogs, and I got my bag checked a bunch of times. I guess it makes sense. >> (laughs) It absolutely makes sense, but yes, everyone's here, all the who's who, and it was great to see Tom before me. >> And the uh, and the challenges just keep continuing right? With IoT, it's coming right around the corner. Connected devices, sensors. It's funny, in your goodie bag here at RSA, they even give you a little, the little thing to hide the camera on your, on your laptop, right? >> Yeah, they really do, I mean, everything's connected, right? I mean, there is no more hard-shell, soft-center perimeter to security anymore, it's all out there. It's a hostile world, and uh, you just got to do your best to protect yourself. >> Alright, well, hopefully you guys are all staying on the light side, and don't go to the dark side. >> (laughs) Yeah, absolutely. >> So we were talking a lot about threats, and threat intelligence. >> Yeah. >> Can you give us a kind of an update on what you're working on, you know, kind of what your top-of-the-mind of this area? >> Yeah, yeah, absolutely. And so you know, at Sumo Logic, we have a security analytics platform, built that scale, multi-tenant, in the cloud, native-born. Part of my job responsibility is to secure that platform. But one of the things that we were missing, quite honestly, was threat intelligence feeds coming into that platform to be able to do deeper forensics on malicious IPs, indicators of compromise around URLs and domain names, so now we're offering to our customers integrated threat intelligence, intersecurity analytics, for free, (chuckles) and now it's here at RSA to be able to do deeper forensics around some of those indicators of compromise and the bad guys that you were talking about. >> (chuckles) So now that with the, with the security analytics, hopefully you guys can see things faster, you can pick up patterns quicker, you know, you can use real-time streaming things like Spark to actually get ahead of the curve instead of the, what we always hear, spend 250 days since you knew, (chuckles) that you were, uh, compromised. >> Yeah, you're exactly right, it's getting to the root cause much faster, you know? Because you have so many different things that focus on a security team. Like, my team alone is constantly getting things flagged up all the time that we may or may not want to pay attention to. But those things that are really critical, that needle in the haystack that you have to dive into that's a potential threat or vulnerability right away, we want to surface those up very very quickly. So we drink our own champagne, we're running it internally, and now we're offering it externally to our customers as well, too. >> And you just can't do that without machines and automation, right? It's just not possible to keep up with the volume of activity, and to find that needle within just a mass of things that you guys are keeping an eye on. >> You're exactly right. Especially being in the cloud, right? Think about the dynamic, you know, things are taking place, you know, IPs constantly changing. What's my system today might be your system tomorrow. >> Right. >> So having that, more real-time, deeper visibility, into what's taking place on those high threat items, that's even more critical once you're moving out to the cloud for sure. >> Right, and you guys have been involved in the AWS biz, I think we interviewed Sumo Logic like, AWS summit 2013. >> Yep, right. >> In this very building. >> Right! We're native-born, and AWS, >> There you go. >> So great memory! >> So how, so how does kind of the cloud impact, to just more of a general security point of view? People's expectations of behavior of their applications and their data? >> Oh my gosh. >> And it's just like, it's like the dial tone, right? It's almost like (mumbles). >> Right. >> It's just supposed to be there, flex up, flex down as ever I need it. Obviously you got to worry about keeping that real, keeping it safe. How has that impacted the way, uh, that customers expect security? >> Right, so, well, customers now, it's actually behaving a different way too. They're so scared, some of them, of "oh my gosh, my data is leaving beyond my control." but the reality is, I can use some of that scale, and some of those automated systems in the cloud to make the data more secure, once it moves out there. I can leverage the power of code to really lock down how that data is protected against both inside sources and external sources. So it's really, to us, it's been an advantage point. Being native-born, understanding how the cloud works and how to secure data in the cloud, and then now, sharing that with our customers, has really put us ahead of the curve. Like the industry's just now catching up to where we're at. You said 2013, we were here talking about cloud, and now here we are, right? >> Right, right. >> Where other people were like, we're never going to move our stuff out there. Well, guess what? >> Right. >> You're moving out there now. (chuckles) >> And you guys can leverage cloud yourself in terms of your own applications, right? To grow and scale, I mean. >> Absolutely. >> It was amazing, AWS reinvented the Tuesday Night with James Hamilton, which uh, >> Right, yes. >> You probably went through, it's like a rock-star show. But when he goes through the scale of the way, of the infrastructure that AWS can deploy because they have such mass scale, I mean to try to compete with that as an individual company? Pretty tough. >> It's not going to happen, you know? And it's the same thing with us, you know. So if you're really going to do security analytics at scale, well, it's about scale, multiple data sources. I want to be able to go from 10 terabytes to 20 terabytes overnight, and then start looking for the security threats. Well, that's what we do. We built our platform in the cloud to scale at that rate, but now we're just heavily focused on security content and solving problems as people start moving their workloads out to the cloud. We've been there for a while, so we're helping people. And look, we're learning like everyone else every day. Things change, as you've mentioned before. But we have a pretty good approach as to how we lock down our own environment, and we're just sharing it externally now. >> So the other big theme that we keep hearing over and over at the show is collaboration, and companies, kind of coop-petition, which is the Silicon Valley way, has always been, >> Absolutely, no question. >> You know, to share threat information with your, partners in the industry, to try to help get a leg up on the, on the bad guys. Have you seen that kind of collaboration. kind of environment, change over the last several years? >> I am so glad you brought that up, because it is an ecosystem. Like for us, we're taking the threat feeds from Crowdstrike, who's, you know, one of the leaders in the threat feed space. We're also partnering up with WinLogin at this show to really start locking down people's credentials when they come in. And then also great partners like Trend Micro. It takes an ecosystem, there is no silver bullet. There is no one company, one solution that solves a problem. It takes a collaboration of vendors and partners to really be able to get this done, and I feel it and live it internally. >> Right, right. Alright, I'm going to give you last word, George. >> Alright. >> So it's February. What are your top priorities for 2017? What are we going to be talking about a year from now at this show? >> Okay, so one of the top priorities for me is definitely the DDoS attacks in the cloud? You know, so people being able to launch a DDoS attack within AWS at AWS, and have an AWS eat itself. (both chuckle) Like, literally, this keeps me up at night, you know? So, that's one of my -- >> Where's Scott? >> Top priorities. >> Scott, did you hear that? (both laugh) >> Alright, it could happen, so anyway, that's one of the things I'm focused on right now. >> Alright, excellent. >> Sure. >> Well, I know you got to run to the booth, it's a busy show, >> Great show. >> I know you probably have meetings with 39,995 of these other people. (George laughs) He's George Gerchow, I'm Jeff Frick, you're watching The Cube. Thanks for watching. >> Thanks guys, 'preciate it, thanks Jeff. (energetic techno) (sedate synths)