(upbeat music) >> Welcome to theCUBE's coverage of VMworld 2021. I'm Lisa Martin. I've got a CUBE alum with me next. Ajay Patel is here, the SVP and GM of Modern Apps and Management at VMware. Ajay, welcome back to the program, it's great to see you. >> Well thank you for having me. It's always great to be here. >> Glad that you're doing well. I want to dig into your role as SVP and GM with Modern Apps and Management. Talk to me about some of the dynamics of your role and then we'll get into the vision and the strategy that VMware has. >> Makes sense. VMware has created a business group called Modern Apps and Management, with the single mission of helping our customers accelerate their digital transformation through software. And we're finding them leveraging both the edge and the multiple clouds they deploy on. So our mission here is helping, them be the cloud diagnostic manager for application development and management through our portfolio of Tazu and VRealize solutions allowing customers to both build and operate applications at speed across these edge data center and cloud deployments And the big thing we hear is all the day two challenges, right of managing costs, risks, security, performance. That's really the essence of what the business group is about. How do we speed idea to production and allow you to operate at scale. >> When we think of speed, we can't help, but think of the acceleration that we've seen in the last 18 months, businesses transforming digitally to first survive the dynamics of the market. But talk to me about how the, the pandemic has influenced catalyzed VMware's vision here. >> You can see in every industry, this need for speed has really accelerated. What used to be weeks and months of planning and execution has materialized into getting something out in production in days. One of great example I can remember is one of my financial services customer that was responsible for getting all the COVID payments out to the small businesses and being able to get that application from idea to production matter of 10 days, it was just truly impressive to see the teams come together, to come up with the idea, put the software together and getting production so that we could start delivering the financial funds the companies needed, to keep them viable. So great social impact and great results in matter of days. >> And again, that acceleration that we've seen there, there's been a lot of silver linings, I think, but I want to get in next to some of the industry trends that are influencing app modernization. What are you seeing in the customer environment? What are some of those key trends that are driving adoption? >> I mean, this move to cloud is here to stay and most of customers have a cloud first strategy, and we rebranded this from VMware the cloud smart strategy, but it's not just about one particular flavor of cloud. We're putting the best workload on the best cloud. But the reality is when I speak to many of the customers is they're way behind on the bar of digital plats. And it's, that's because the simple idea of, you know, lift and shift or completely rewrite. So there's no one fits all and they're struggling with hardware capability, their the development teams, their IT assets, the applications are modernized across these three things. So we see modernization kind of fall in three categories, infrastructure modernization, the practice of development or devops modernization, and the application transform itself. And we are starting to find out that customers are struggling with all three. Well, they want to leverage the best of cloud. They just don't have the skills or the expertise to do that effectively. >> And how does VMware help address that skills gap. >> Yeah, so the way we've looked at it is we put a lot of effort around education. So on the everyone knows containers and Kubernetes is the future. They're looking to build these modern microservices, architectures and applications. A lot of investment in just kind of putting the effort to help customers learn these new tools, techniques, and create best practices. So theCUBE academy and the effort and the investment putting in just enabling the ecosystem now with the skills and capabilities is one big effort that VMware is putting. But more importantly, on the product side, we're delivering solutions that help customers both build design, deliver and operate these applications on Kubernetes across the cloud of choice. I'm most excited about our announcement around this product. We're just launching called Tanzu application platform. It is what we call an application aware platform. It's about making it easy for developers to take the ideas and get into production. It kind of bridging that gap that exists between development and operations. We hear a lot about dev ops, as you know, how do you bring that to life? How do you make that real? That's what Tanzu application platform is about. >> I'm curious of your customer conversations, how they've changed in the last year or so in terms of, app modernization, things like security being board level conversations, are you noticing that that is rising up the chain that app modernization is now a business critical initiative for our businesses? >> So it's what I'm finding is it's the means. It's not that if you think about the board level conversations about digital transformation you know, I'm a financial services company. I need to provide mobile FinTech. I'm competing with this new age application and you're delivering the same service that they offered digitally now, right. Like from a retail bank. I can't go to the store, the retail branch anymore, right. I need to provide the same capability for payments processing all online through my mobile phone. So it's really the digitalization of the traditional processes that we're finding most exciting. In order to do that, we're finding that no applications are in cloud right. They had to take the existing financial applications and put a mobile frontend to it, or put some new business logic or drive some transformation there. So it's really a transformation around existing application to deliver a business outcome. And we're focusing it through our Tanzu lab services, our capabilities of Tanzu application platform, all the way to the operations and management of getting these products in production or these applications in production. So it's the full life cycle from idea to production is what customers are looking for. They're looking to compress the cycle time as you and I spoke about, through this agility they're looking for. >> Right, definitely a compressed cycle time. Talk to me about some of the other announcements that are being made at VMworld with respect to Tanzu and helping customers on the app modernization front, and that aligned to the vision and mission that you talked about. >> Wonderful, I would say they're kind of, I put them in three buckets. One is what are we doing to help developers get access to the new technology. Back to the skills learning part of it, most excited about Tanzu of community edition and Tanzu mission control starter pack. This is really about getting Kubernetes stood up in your favorite deployment of choice and get started building your application very quickly. We're also announcing Tanzu application platform that I spoke about, we're going to beta 2 for that platform, which makes it really easy for developers to get access to Kubernetes capability. It makes development easy. We're also announcing marketplace enhancements, allowing us to take the best of breed IC solutions and making them available to help you build applications faster. So one set of announcements around building applications, delivering value, getting them down to market very quickly. On the management side, we're really excited about the broad portfolio management we've assembled. We're probably in the customer's a way to build a cloud operating model. And in the cloud operating model, it's about how do I do VMs and containers? How do I provide a consistent management control plane so I can deliver applications on the cloud of my choice? How do I provide intrinsic observability, intrinsic security so I can operate at scale. So this combination of development tooling, platform operations, and day two operations, along with enhancements in our cost management solution with CloudHealth or being able to take our universal capabilities for consumption, driving insight and observity that really makes it a powerful story for customers, either on the build or develop or deploy side of the equation. >> You mentioned a couple of things are interesting. Consistency being key from a management perspective, especially given this accelerated time in which we're living, but also you mentioned security. We've seen so much movement on the security front in the last year and a half with the massive rise in ransomware attacks, ransomware now becoming a household word. Talk to me about the security factor and how you're helping customers from a risk mitigation perspective, because now it's not, if we get attacked, it's when. >> And I think it's really starts with, we have this notion of a secure software supply chain. We think of software as a production factory from idea to production. And if you don't start with known good hard attacks to start with, trying to wire in security after attack is just too difficult. So we started with secure content, curated images content catalogs that customers are setting up as best practices. We started with application accelerators. These are best practice that codifies with the right guard rails in place. And then we automate that supply chain so that you have checks in every process, every step of the way, whether it's in the build process and the deploy process or in runtime production. And you had to do this at the application layer because there is no kind of firewall or edge you can protect the application is highly distributed. So things like application security and API security, another area we announced a new offering at VM world around API security, but everything starts with an API endpoint when you have a security. So security is kind of woven in into the design build, deploy and in the runtime operation. And we're kind of wire this in intrinsically to the platform with best of breed security partners now extending in evolving their solution on top of us. >> What's been some of the customer feedback from some of the new technologies that you announced. I'm curious, I imagine knowing how VMware is very customer centric, customers were essential in the development and iteration of the technologies, but just give me some of the idea on customer feedback of this direction that you're going. >> Yeah, there's a great, exciting example where we're working with the army to create a software factory. you would've never imagined right, The US army being a software digital enterprise, we're partnering with what we call the US army futures command in a joint effort to help them build the first ever software development factory where army personnel are actually becoming true cloud native developers, where you're putting the soldiers to do cloud native development, everything in the terms of practice of building software, but also using the Tanzu portfolio in delivering best-in-class capability. This is going to rival some of the top tech companies in Silicon valley. This is a five-year prototype project in which we're picking cohorts of soldiers, making them software developers and helping them build great capability through both combination of classroom based training, but also strong technical foundation and expertise provided by our lab. So this is an example where, you know, the industry is working with the customer to co-innovate, how we build software, but also driving the expertise of these personnel hierarchs. As a soldier, you know, what you need, what if you could start delivering solutions for rest of your members in a productive way. So very exciting, It's an example where we've leapfrogging and delivering the kind of the Silicon valley type innovation to our standard practice. It's traditionally been a procurement driven model. We're trying to speed that and drive it into a more agile delivery factory concept as well. So one of the most exciting projects that I've run into the last six months. >> The army software factory, I love that my dad was an army medic and combat medic in Vietnam. And I'm sure probably wouldn't have been apt to become a software developer. But tell me a little bit about, it's a very cool project and so essential. Talk to me a little bit about the impetus of the army software factory. How did that come about? >> You know, this came back with strong sponsorship from the top. I had an opportunity to be at the opening of the campus in partnership with the local Austin college. And as General Milley and team spoke about it, they just said the next battleground is going to be a digital backup power hub. It's something we're going to have to put our troops in place and have modernized, not just the army, but modernize the way we deliver it through software. It's it speaks so much to the digital transformation we're talking about right. At the very heart of it is about using software to enable whether it's medics, whether it's supplies, either in a real time intelligence on the battlefield to know what's happening. And we're starting to see user technology is going to drive dramatically hopefully the next war, we don't have to fight it more of a defensive mode, but that capability alone is going to be significant. So it's really exciting to see how technology has become pervasive in all aspects, in every format including the US army. And this partnership is a great example of thought leadership from the army command to deliver software as the innovation factory, for the army itself. >> Right, and for the army to rival Silicon valley tech companies, that's pretty impressive. >> Pretty ambitious right. In partnership with one of the local colleges. So that's also starting to show in terms of how to bring new talent out, that shortage of skills we talked about. It's a critical way to kind of invest in the future in our people, right? As we, as we build out this capability. >> That's excellent that investment in the future and helping fill those skills gaps across industries is so needed. Talk to me about some of the things that you're excited about this year's VMworld is again virtual, but what are some of the things that you think are really fantastic for customers and prospects to learn? >> I think as Raghu said, we're in the third act of VM-ware, but more interestingly, but the third act of where the cloud is, the cloud has matured cloud 2.0 was really about shifting and using a public cloud for the IS capabilities. Cloud 3.0 is about to use the cloud of choice for the best application. We are going to increasingly see this distributed nature of application. I asked most customers, where does your application run? It's hard to answer that, right? It's on your mobile device, it's in your storefront, it's in your data center, it's in a particular cloud. And so an application is a collection of services. So what I'm most excited about is all business capables being published as an API, had an opportunity to be part of a company called Sonos and then Apogee. And we talked about API management years ago. I see increasingly this need for being able to expose a business capability as an API, being able to compose these new applications rapidly, being able to secure them, being able to observe what's going on in production and then adjust and automate, you can scale up scale down or deploy the application where it's most needed in minutes. That's a dynamic future that we see, and we're excited that VM was right at the heart of it. Where that in our cloud agnostic software player, that can help you, whether it's your development challenges, your deployment challenges, or your management challenges, in the future of multi-cloud, that's what I'm most excited about, we're set up to help our customers on this cloud journey, regardless of where they're going and what solution they're looking to build. >> Ajay, what are some of the key business outcomes that the cloud is going to deliver across industries as things progress forward? >> I think we're finding the consistent message I hear from our customers is leverage the power of cloud to transform my business. So it's about business outcomes. It's less about technology. It's what outcomes we're driving. Second it's about speed and agility. How do I respond, adjust kind of dynamic contiuness. How do I innovate continuously? How do I adjust to what the business needs? And third thing we're seeing more and more is I need to be able to management costs and I get some predictability and able to optimize how I run my business. what they're finding with the cloud is the costs are running out of control, they need a way, a better way of knowing the value that they're getting and using the best cloud for the right technology. Whether may be a private cloud in some cases, a public cloud or an edge cloud. So they want to able to going to select and move and have that portability. Being able to make those choices optimization is something they're demanding from us. And so we're most excited about this need to have a flexible infrastructure and a cloud agnostic infrastructure that helps them deliver these kinds of business outcomes. >> You mentioned a couple of customer examples and financial services. You mentioned the army software factory. In terms of looking at where we are in 2021. Are there any industries in particular, maybe essential services that you think are really prime targets for the technologies, the new announcements that you're making at VM world. >> You know, what we are trying to see is this is a broad change that's happening. If you're in retail, you know, you're kind of running a hybrid world of digital and physical. So we're seeing this blending of physical and digital reality coming together. You know, FedEx is a great customer of ours and you see them as spoken as example of it, you know, they're continue to both drive operational change in terms of being delivering the packages to you on time at a lower cost, but on the other side, they're also competing with their primary partners and retailers and in some cases, right, from a distribution perspective for Amazon, with Amazon prime. So in every industry, you're starting to see the lines are blurring between traditional partners and competitors. And in doing so, they're looking for a way to innovate, innovate at speed and leverage technology. So I don't think there is a specific industry that's not being disrupted whether it's FinTech, whether it's retail, whether it's transportation logistics, or healthcare telemedicine, right? The way you do pharmaceutical, how you deliver medicine, it's all changing. It's all being driven by data. And so we see a broad application of our technology, but financial services, healthcare, telco, government tend to be a kind of traditional industries that are with us but I think the reaches are pretty broad. >> Yeah, it is all changing. Everything is becoming more and more data-driven and many businesses are becoming data companies or if they're not, they need to otherwise their competition, as you mentioned, is going to be right in the rear view mirror, ready to take their place. But that's something that we see that isn't being talked about. I don't think enough, as some of the great innovations coming as a result of the situation that we're in. We're seeing big transformations in industries where we're all benefiting. I think we need to get that, that word out there a little bit more so we can start showing more of those silver linings. >> Sure. And I think what's happening here is it's about connecting the people to the services at the end of the day, these applications are means for delivering value. And so how do we connect us as consumers or us employees or us as partners to the business to the operator with both digitally and in a physical way. And we bring that in a seamless experience. So we're seeing more and more experience matters, you know, service quality and delivery matter. It's less about the technologies back again to the outcomes. And so very much focused in building that the platform that our customers can use to leverage the best of the cloud, the best of their people, the best of the innovation they have within the organization. >> You're right. It's all about outcomes. Ajay, thank you for joining me today, talking about some of the new things that the mission of your organization, the vision, some of the new products and technologies that are being announced at VM world, we appreciate your time and hopefully next year we'll see you in person. >> Thank you again and look forward to the next VMWorld in person. >> Likewise for Ajay Patel. You're very welcome for Ajay Patel. I'm Lisa Martin, and you're watching theCUBEs coverage of VMWorld of 2021. (soft music)

(upbeat electronic music) >> Hello, everyone. Welcome to theCUBE's presentation of the AWS Startup Showcase. The Next Big Thing in AI, Security, and Life Sciences. In this segment, we feature Orca Security as a notable trend setter within, of course, the security track. I'm your host, Dave Vellante. And today we're joined by Gil Geron. Who's the co-founder and Chief Product Officer at Orca Security. And we're going to discuss how to eliminate cloud security blind spots. Orca has a really novel approach to cybersecurity problems, without using agents. So welcome Gil to today's sessions. Thanks for coming on. >> Thank you for having me. >> You're very welcome. So Gil, you're a disruptor in security and cloud security specifically and you've created an agentless way of securing cloud assets. You call this side scanning. We're going to get into that and probe that a little bit into the how and the why agentless is the future of cloud security. But I want to start at the beginning. What were the main gaps that you saw in cloud security that spawned Orca Security? >> I think that the main gaps that we saw when we started Orca were pretty similar in nature to gaps that we saw in legacy, infrastructures, in more traditional data centers. But when you look at the cloud when you look at the nature of the cloud the ephemeral nature, the technical possibilities and disruptive way of working with a data center, we saw that the usage of traditional approaches like agents in these environments is lacking, it actually not only working as well as it was in the legacy world, it's also, it's providing less value. And in addition, we saw that the friction between the security team and the IT, the engineering, the DevOps in the cloud is much worse or how does that it was, and we wanted to find a way, we want for them to work together to bridge that gap and to actually allow them to leverage the cloud technology as it was intended to gain superior security than what was possible in the on-prem world. >> Excellent, let's talk a little bit more about agentless. I mean, maybe we could talk a little bit about why agentless is so compelling. I mean, it's kind of obvious it's less intrusive. You've got fewer processes to manage, but how did you create your agentless approach to cloud security? >> Yes, so I think the basis of it all is around our mission and what we try to provide. We want to provide seamless security because we believe it will allow the business to grow faster. It will allow the business to adopt technology faster and to be more dynamic and achieve goals faster. And so we've looked on what are the problems or what are the issues that slow you down? And one of them, of course, is the fact that you need to install agents that they cause performance impact, that they are technically segregated from one another, meaning you need to install multiple agents and they need to somehow not interfere with one another. And we saw this friction causes organization to slow down their move to the cloud or slow down the adoption of technology. In the cloud, it's not only having servers, right? You have containers, you have manage services, you have so many different options and opportunities. And so you need a different approach on how to secure that. And so when we understood that this is the challenge, we decided to attack it in three, using three periods; one, trying to provide complete security and complete coverage with no friction, trying to provide comprehensive security, which is taking an holistic approach, a platform approach and combining the data in order to provide you visibility into all of your security assets, and last but not least of course, is context awareness, meaning being able to understand and find these the 1% that matter in the environment. So you can actually improve your security posture and improve your security overall. And to do so, you had to have a technique that does not involve agents. And so what we've done, we've find a way that utilizes the cloud architecture in order to scan the cloud itself, basically when you integrate Orca, you are able within minutes to understand, to read, and to view all of the risks. We are leveraging a technique that we are calling side scanning that uses the API. So it uses the infrastructure of the cloud itself to read the block storage device of every compute instance and every instance, in the environment, and then we can deduce the actual risk of every asset. >> So that's a clever name, side scanning. Tell us a little bit more about that. Maybe you could double click on, on how it works. You've mentioned it's looking into block storage and leveraging the API is a very, very clever actually quite innovative. But help us understand in more detail how it works and why it's better than traditional tools that we might find in this space. >> Yes, so the way that it works is that by reading the block storage device, we are able to actually deduce what is running on your computer, meaning what kind of waste packages applications are running. And then by con combining the context, meaning understanding that what kind of services you have connected to the internet, what is the attack surface for these services? What will be the business impact? Will there be any access to PII or any access to the crown jewels of the organization? You can not only understand the risks. You can also understand the impact and then understand what should be our focus in terms of security of the environment. Different factories, the fact that we are doing it using the infrastructure itself, we are not installing any agents, we are not running any packet. You do not need to change anything in your architecture or design of how you use the cloud in order to utilize Orca Orca is working in a pure SaaS way. And so it means that there is no impact, not on cost and not on performance of your environment while using Orca. And so it reduces any friction that might happen with other parties of the organization when you enjoy the security or improve your security in the cloud. >> Yeah, and no process management intrusion. Now, I presume Gil that you eat your own cooking, meaning you're using your own product. First of all, is that true? And if so, how has your use of Orca as a chief product officer help you scale Orca as a company? >> So it's a great question. I think that something that we understood early on is that there is a, quite a significant difference between the way you architect your security in cloud and also the way that things reach production, meaning there's a difference, that there's a gap between how you imagined, like in everything in life how you imagine things will be and how they are in real life in production. And so, even though we have amazing customers that are extremely proficient in security and have thought of a lot of ways of how to secure the environment. Ans so, we of course, we are trying to secure environment as much as possible. We are using Orca because we understand that no one is perfect. We are not perfect. We might, the engineers might, my engineers might make mistakes like every organization. And so we are using Orca because we want to have complete coverage. We want to understand if we are doing any mistake. And sometimes the gap between the architecture and the hole in the security or the gap that you have in your security could take years to happen. And you need a tool that will constantly monitor your environment. And so that's why we are using Orca all around from day one not to find bugs or to do QA, we're doing it because we need security to our cloud environment that will provide these values. And so we've also passed the compliance auditing like SOC 2 and ISO using Orca and it expedited and allowed us to do these processes extremely fast because of having all of these guardrails and metrics has. >> Yeah, so, okay. So you recognized that you potentially had and did have that same problem as your customer has been. Has it helped you scale as a company obviously but how has it helped you scale as a company? >> So it helped us scale as a company by increasing the trust, the level of trust customer having Orca. It allowed us to adopt technology faster, meaning we need much less diligence or exploration of how to use technology because we have these guardrails. So we can use the richness of the technology that we have in the cloud without the need to stop, to install agents, to try to re architecture the way that we are using the technology. And we simply use it. We simply use the technology that the cloud offer as it is. And so it allows you a rapid scalability. >> Allows you allows you to move at the speed of cloud. Now, so I'm going to ask you as a co-founder, you got to wear many hats first of a co-founder and the leadership component there. And also the chief product officer, you got to go out, you got to get early customers, but but even more importantly you have to keep those customers retention. So maybe you can describe how customers have been using Orca. Did they, what was their aha moment that you've seen customers react to when you showcase the new product? And then how have you been able to keep them as loyal partners? >> So I think that we are very fortunate, we have a lot of, we are blessed with our customers. Many of our customers are vocal customers about what they like about Orca. And I think that something that comes along a lot of times is that this is a solution they have been waiting for. I can't express how many times I hear that I could go on a call and a customer says, "I must say, I must share. "This is a solution I've been looking for." And I think that in that respect, Orca is creating a new standard of what is expected from a security solution because we are transforming the security all in the company from an inhibitor to an enabler. You can use the technology. You can use new tools. You can use the cloud as it was intended. And so (coughs) we have customers like one of these cases is a customer that they have a lot of data and they're all super scared about using S3 buckets. We call over all of these incidents of these three buckets being breached or people connecting to an s3 bucket and downloading the data. So they had a policy saying, "S3 bucket should not be used. "We do not allow any use of S3 bucket." And obviously you do need to use S3 bucket. It's a powerful technology. And so the engineering team in that customer environment, simply installed a VM, installed an FTP server, and very easy to use password to that FTP server. And obviously two years later, someone also put all of the customer databases on that FTP server, open to the internet, open to everyone. And so I think it was for him and for us as well. It was a hard moment. First of all, he planned that no data will be leaked but actually what happened is way worse. The data was open to the to do to the world in a technology that exists for a very long time. And it's probably being scanned by attackers all the time. But after that, he not only allowed them to use S3 bucket because he knew that now he can monitor. Now, you can understand that they are using the technology as intended, now that they are using it securely. It's not open to everyone it's open in the right way. And there was no PII on that S3 bucket. And so I think the way he described it is that, now when he's coming to a meeting about things that needs to be improved, people are waiting for this meeting because he actually knows more than what they know, what they know about the environment. And I see it really so many times where a simple mistake or something that looks benign when you look at the environment in a holistic way, when you are looking on the context, you understand that there is a huge gap. That should be the breech. And another cool example was a case where a customer allowed an access from a third party service that everyone trusts to the crown jewels of the environment. And he did it in a very traditional way. He allowed a certain IP to be open to that environment. So overall it sounds like the correct way to go. You allow only a specific IP to access the environment but what he failed to to notice is that everyone in the world can register for free for this third-party service and access the environment from this IP. And so, even though it looks like you have access from a trusted service, a trusted third party service, when it's a Saas service, it's actually, it can mean that everyone can use it in order to access the environment and using Orca, you saw immediately the access, you saw immediately the risk. And I see it time after time that people are simply using Orca to monitor, to guardrail, to make sure that the environment stays safe throughout time and to communicate better in the organization to explain the risk in a very easy way. And the, I would say the statistics show that within few weeks, more than 85% of the different alerts and risks are being fixed, and think it comes to show how effective it is and how effective it is in improving your posture, because people are taking action. >> Those are two great examples, and of course they have often said that the shared responsibility model is often misunderstood. And those two examples underscore thinking that, "oh I hear all this, see all this press about S3, but it's up to the customer to secure the endpoint components et cetera. Configure it properly is what I'm saying. So what an unintended consequence, but but Orca plays a role in helping the customer with their portion of that shared responsibility. Obviously AWS is taking care of this. Now, as part of this program we ask a little bit of a challenging question to everybody because look it as a startup, you want to do well you want to grow a company. You want to have your employees, you know grow and help your customers. And that's great and grow revenues, et cetera but we feel like there's more. And so we're going to ask you because the theme here is all about cloud scale. What is your defining contribution to the future of cloud at scale, Gil? >> So I think that cloud is allowed the revolution to the data centers, okay? The way that you are building services, the way that you are allowing technology to be more adaptive, dynamic, ephemeral, accurate, and you see that it is being adopted across all vendors all type of industries across the world. I think that Orca is the first company that allows you to use this technology to secure your infrastructure in a way that was not possible in the on-prem world, meaning that when you're using the cloud technology and you're using technologies like Orca, you're actually gaining superior security that what was possible in the pre cloud world. And I think that, to that respect, Orca is going hand in hand with the evolution and actually revolutionizes the way that you expect to consume security, the way that you expect to get value, from security solutions across the world. >> Thank You for that Gil. And so we're at the end of our time, but we'll give you a chance for final wrap up. Bring us home with your summary, please. >> So I think that Orca is building the cloud security solution that actually works with its innovative aid agentless approach to cyber security to gain complete coverage, comprehensive solution and to gain, to understand the complete context of the 1% that matters in your security challenges across your data centers in the cloud. We are bridging the gap between the security teams, the business needs to grow and to do so in the paste of the cloud, I think the approach of being able to install within minutes, a security solution in getting complete understanding of your risk which is goes hand in hand in the way you expect and adopt cloud technology. >> That's great Gil. Thanks so much for coming on. You guys doing awesome work. Really appreciate you participating in the program. >> Thank you very much. >> And thank you for watching this AWS Startup Showcase. We're covering the next big thing in AI, Security, and Life Science on theCUBE. Keep it right there for more great content. (upbeat music)

>>and hello, we're back. I've got my panel and we are doing things real time here. So sorry for the delay a few minutes late. So the way let's talk about things, the reason we're here and we're going around the room and introduce everybody. Got three special guests here. I got my evil or my john and the normal And we're going to talk about get ops I called it future office just because I want to think about what's the next thing for that at the end, we're gonna talk about what our ideas for what's next for getups, right? Um, because we're all starting to just get into get ups now. But of course a lot of us are always thinking about what's next? What's better? How can we make this thing better? So we're going to take your questions. That's the reason we're here, is to take your questions and answer them. Or at least the best we can for the next hour. And all right, so let's go around the room and introduce yourself. My name is Brett. I am streaming from Brett from that. From Brett. From Virginia Beach in Virginia beach, Virginia, United States. Um, and I talk about things on the internet, I sell courses on you, to me that talk about Docker and kubernetes Ive or introduce yourself. >>How's it going? Everyone, I'm a software engineer at axel Springer, currently based in Berlin and I happen to be Brett Brett's teaching assistant. >>All right, that's right. We're in, we're in our courses together almost every day. Mm john >>hey everyone, my name is john Harris, I used to work at Dhaka um, I now work at VM ware is a star field engineer. Um, so yeah, >>and normal >>awesome by the way, you are streaming from Brett Brett, >>I answered from breath to breath. >>Um I'm normal method. I'm a distinguished engineer with booz allen and I'm also a doctor captain and it's good to see either in person and it's good to see you again john it's been a little while. >>It has the pre covid times, right? You're up here in Seattle. >>Yeah. It feels, it feels like an eternity ago. >>Yeah, john shirt looks red and reminds me of the Austin T shirt. So I was like, yeah, so we all, we all have like this old limited edition doctor on E. >>T. That's a, that's a classic. >>Yeah, I scored that one last year. Sometimes with these old conference church, you have to like go into people's closets. I'm not saying I did that. Um, but you know, you have to go steal stuff, you to find ways to get the swag >>post post covid. If you ever come to my place, I'm going to have to lock the closets. That >>that's right, That's right. >>So the second I think it was the second floor of the doctor HQ in SAn Francisco was where they kept all the T shirts, just boxes and boxes and boxes floor to ceiling. So every time I went to HQ you just you just as many as you can fit in your luggage. I think I have about 10 of these. You >>bring an extra piece of luggage just for your your shirt shirt grab. Um All right, so I'm going to start scanning questions uh so that you don't have to you can you help you all are welcome to do that. And I'm going to start us off with the topic. Um So let's just define the parameters. Like we can talk about anything devops and here we can go down and plenty of rabbit holes. But the kind of, the goal here is to talk about get ups and get ups if you haven't heard about it is essentially uh using versioning systems like get like we've all been getting used to as developers to track your infrastructure changes, not just your code changes and then automate that with a bunch of tooling so that the robots take over. And essentially you have get as a central source of truth and then get log as a central source of history and then there's a bunch of magic little bits in the middle and then supposedly everything is wonderful. It's all automatic. The reality is is what it's often quite messy, quite tricky to get everything working. And uh the edges of this are not perfect. Um so it is a relatively new thing. It's probably three, maybe four years old as an official thing from. We've uh so we're gonna get into it and I'll let's go around the room and the same word we did before and um not to push on that, put you on the spot or anything. But what is, what is one of the things you either like or either hate about getups um that you've enjoyed either using it or you know, whatever for me. I really, I really love that I can point people to a repo that basically is hopefully if they look at the log a tracking, simplistic tracking of what might have changed in that part of the world or the environment. I remember many years past where, you know, I've had executive or some mid level manager wants to see what the changes were or someone outside my team went to see what we just changed. It was okay, they need access to this system into that dashboard and that spreadsheet and then this thing and it was always so complicated and now in a world where if we're using get up orbit bucket or whatever where you can just say, hey go look at that repo if there was three commits today, probably three changes happened. That's I love that particular part about it. Of course it's always more complicated than that. But um Ive or I know you've been getting into this stuff recently. So um any thoughts? Yeah, I think >>my favorite part about get ops is >>reproducibility. Um >>you know the ability to just test something and get it up and running >>and then just tear it down. >>Uh not >>being worried that how did I configure it the first time? I think that's my favorite part about >>it. I'm changing your background as we do this. >>I was going to say, did you just do it get ups pushed to like change his >>background, just a dialogue that different for that green screen equals false? Uh Change the background. Yeah, I mean, um and I mean I think last year was really my first year of actually using it on anything significant, like a real project. Um so I'm still, I still feel like I'm very new to john you anything. >>Yeah, it's weird getups is that thing which kind of crystallizes maybe better than anything else, the grizzled veteran life cycle of emotions with the technology because I think it's easy to get super excited about something new. And when I first looked into get up, so I think this is even before it was probably called getups, we were looking at like how to use guest source of truth, like everything sounds great, right? You're like, wait, get everyone knows, get gets the source of truth, There's a load of robust tooling. This just makes a sense. If everything dies, we can just apply the get again, that would be great. Um and then you go through like the trough of despair, right? We're like, oh no, none of this works. The application is super stateless if this doesn't work and what do we do with secrets and how do we do this? Like how do we get people access in the right place and then you realize everything is terrible again and then everything it equalizes and you're kind of, I think, you know, it sounds great on paper and they were absolutely fantastic things about it, but I think just having that measured approach to it, like it's, you know, I think when you put it best in the beginning where you do a and then there's a magic and then you get C. Right, like it's the magic, which is >>the magic is the mystery, >>right? >>Magic can be good and bad and in text so >>very much so yeah, so um concurrence with with john and ever uh in terms of what I like about it is the potential to apply it to moving security to left and getting closer to a more stable infrastructures code with respect to the whole entire environment. Um And uh and that reconciliation loop, it reminds me of what, what is old is new again? Right? Well, quote unquote old um in terms of like chef and puppet and that the reconciliation loop applied in a in a more uh in a cleaner interface and and into the infrastructure that we're kind of used to already, once you start really digging into kubernetes what I don't like and just this is in concurrence with the other Panelist is it's relatively new. It has um, so it has a learning curve and it's still being, you know, it's a very active um environment and community and that means that things are changing and constantly and there's like new ways and new patterns as people are exploring how to use it. And I think that trough of despair is typically figuring out incrementally what it actually is doing for you and what it's not going to solve for you, right, john, so like that's that trough of despair for a bit and then you realize, okay, this is where it fits potentially in my architecture and like anything, you have to make that trade off and you have to make that decision and accept the trade offs for that. But I think it has a lot of promise for, for compliance and security and all that good stuff. >>Yeah. It's like it's like the potentials, there's still a lot more potential than there is uh reality right now. I think it's like I feel like we're very early days and the idea of especially when you start getting into tooling that doesn't appreciate getups like you're using to get up to and use something else and that tool has no awareness of the concept so it doesn't flow well with all of the things you're trying to do and get um uh things that aren't state based and all that. So this is going to lead me to our first question from Camden asking dumb questions by the way. No dumb questions here. Um How is get apps? Not just another name for C. D. Anybody want to take that as an answer as a question. How is get up is not just another name for C. D. I have things but we can talk about it. I >>feel like we need victor foster kids. Yeah, sure you would have opinions. Yeah, >>I think it's a very yeah. One person replied said it's a very specific it's an opinionated version of cd. That's a great that's a great answer like that. Yeah. >>It's like an implement. Its it's an implementation of deployment if you want it if you want to use it for that. All right. I realize now it's kind of hard in terms of a physical panel and a virtual panel to figure out who on the panel is gonna, you know, ready to jump in to answer a question. But I'll take it. So um I'll um I'll do my best inner victor and say, you know, it's it's an implementation of C. D. And it's it's a choice right? It's one can just still do docker build and darker pushes and doctor pulls and that's fine. Or use other technologies to deploy containers and pods and change your, your kubernetes infrastructure. But get apps is a different implementation, a different method of doing that same thing at the end of the day. Yeah, >>I like it. I like >>it and I think that goes back to your point about, you know, it's kind of early days still, I think to me what I like about getups in that respect is it's nice to see kubernetes become a platform where people are experimenting with different ways of doing things, right? And so I think that encourages like lots of different patterns and overall that's going to be a good thing for the community because then more, you know, and not everything needs to settle in terms of only one way of doing things, but a lot of different ways of doing things helps people fit, you know, the tooling to their needs, or helps fit kubernetes to their needs, etcetera. Yeah, >>um I agree with that, the, so I'm gonna, since we're getting a load of good questions, so um one of the, one of the, one of the, I want to add to that real quick that one of the uh from the, we've people themselves, because I've had some on the show and one of things that I look at it is distinguishing is with continuous deployment tools, I sort of think that it's almost like previous generation and uh continuous deployment tools can be anything like we would consider Jenkins cd, right, if you if you had an association to a server and do a doctor pull and you know, dr up or dr composed up rather, or if it did a cube control apply uh from you know inside an ssh tunnel or something like that was considered considered C. D. Well get ops is much more rigid I think in terms of um you you need to apply, you have a specific repo that's all about your deployments and because of what tool you're using and that one your commit to a specific repo or in a specific branch that repo depends on how you're setting it up. That is what kicks off a workflow. And then secondly there's an understanding of state. So a lot of these tools now I have uh reconciliation where they they look at the cluster and if things are changing they will actually go back and to get and the robots will take over and will commit that. Hey this thing has changed um and you maybe you human didn't change it, something else might have changed it. So I think that's where getups is approaching it, is that ah we we need to we need to consider more than just a couple of commands that be runnin in a script. Like there needs to be more than that for a getups repo to happen anyway, that's just kind of the the take back to take away I took from a previous conversation with some people um >>we've I don't think that lost, its the last piece is really important, right? I think like for me, C d like Ci cd, they're more philosophical ideas, write a set of principles, right? Like getting an idea or a code change to environments promoting it. It's very kind of pipeline driven um and it's very imperative driven, right? Like our existing CD tools are a lot of the ways that people think about Cd, it would be triggered by an event, maybe a code push and then these other things are happening in sequence until they either fail or pass, right? And then we're done. Getups is very much sitting on the, you know, the reconciliation side, it's changing to a pull based model of reconciliation, right? Like it's very declarative, it's just looking at the state and it's automatically pulling changes when they happen, rather than this imperative trigger driven model. That's not to say that there aren't city tools which we're doing pull based or you can do pull based or get ups is doing anything creatively revolutionary here, but I think that's one of the main things that the ideas that are being introduced into those, like existing C kind of tools and pipelines, um certainly the pull based model and the reconciliation model, which, you know, has a lot in common with kubernetes and how those kind of controllers work, but I think that's the key idea. Yeah. >>Um This is a pretty specific one Tory asks, does anyone have opinions about get ops in a mono repo this is like this is getting into religion a little bit. How many repos are too many repose? How um any thoughts on that? Anyone before I rant, >>go >>for it, go for it? >>Yeah. How I'm using it right now in a monitor repo uh So I'm using GIT hub. Right, so you have what? The workflow and then inside a workflow? Yeah, mo file, I'll >>track the >>actual changes to the workflow itself, as well as a folder, which is basically some sort of service in Amman Arepa, so if any of those things changes, it'll trigger the actual pipeline to run. So that's like the simplest thing that I could figure out how to, you know, get it set up using um get hubs, uh workflow path future. Yeah. And it's worked for me for writing, you know? That's Yeah. >>Yeah, the a lot of these things too, like the mono repo discussion will, it's very tool specific. Each tool has various levels of support for branch branching and different repos and subdirectories are are looking at the defense and to see if there's changes in that specific directory. Yeah. Sorry, um john you're going to say something, >>I was just going to say, I've never really done it, but I imagine the same kind of downsides of mono repo to multiple report would exist there. I mean, you've got the blast radius issues, you've got, you know, how big is the mono repo? Do we have to pull does the tool have to pull that or cashier every time it needs to determine def so what is the support for being able to just look at directories versus you know, I think we can get way down into a deeper conversation. Maybe we'll save it for later on in the conversation about what we're doing. Get up, how do we structure our get reposed? We have super granular repo per environment, Perper out reaper, per cluster repo per whatever or do we have directories per environment or branches per environment? How how is everything organized? I think it's you know, it's going to be one of those, there's never one size fits all. I'll give the class of consultant like it depends answer. Right? >>Yeah, for sure. It's very similar to the code struggle because it depends. >>Right? >>Uh Yeah, it's similar to the to the code problem of teams trying to figure out how many repose for their code. Should they micro service, should they? Semi micro service, macro service. Like I mean, you know because too many repose means you're doing a bunch of repo management, a bunch of changes on your local system, you're constantly get pulling all these different things and uh but if you have one big repo then it's it's a it's a huge monolithic thing that you usually have to deal with. Path based issues of tools that only need to look at a specific directory and um yeah, it's a it's a culture, I feel like yeah, like I keep going back to this, it's a culture thing. Does your what is your team prefer? What do you like? What um what's painful for everyone and who's what's the loudest pain that you need to deal with? Is it is it repo management? That's the pain um or is it uh you know, is that that everyone's in one place and it's really hard to keep too many cooks out of the kitchen, which is a mono repo problem, you know? Um How do we handle security? So this is a great one from Tory again. Another great question back to back. And that's the first time we've done that um security as it pertains to get up to anyone who can commit can change the infrastructure. Yes. >>Yes. So the tooling that you have for your GIT repo and the authentication, authorization and permissions that you apply to the GIT repo using a get server like GIT hub or get lab or whatever your flavor of the day is is going to be how security is handled with respect to changes in your get ups configuration repository. So um that is completely specific to your implementation of that or ones implementation of of how they're handling that. Get repositories that the get ups tooling is looking at. To reconcile changes with respect to the permissions of the for lack of better term robot itself. Right? They get up tooling like flux or Argosy. D Um one kid would would create a user or a service account or uh other kind of authentication measures to limit the permissions for that service account that the Gaddafi's tooling needs to be able to read the repose and and send commits etcetera. So that is well within the realm of what you have already for your for your get your get um repo. Yeah. >>Yeah. A related question is from a g what they like about get apps if done nicely for a newbie it's you can get stuff done easily if you what they dislike about it is when you have too many get repose it becomes just too complicated and I agree. Um was making a joke with a team the other week that you know the developer used to just make one commit and they would pass pass it on to a QA team that would then eventually emerging in the master. But they made the commits to these feature branches or whatever. But now they make a commit, they make a pR there for their code then they go make a PR in the helm chart to update the thing to do that and then they go make a PR in the get ups repeal for Argo. And so we talked about that they're probably like four or five P. R. Is just to get their code in the production. But we were talking about the negative of that but the reality was It's just five or 4 or five prs like it wasn't five different systems that had five different methodologies and tooling and that. So I looked at it I was like well yeah that's kind of a pain in the get sense but you're also dealing with one type. It's a repetitive action but it's it's the one thing I don't have to go to five different systems with five different ways of doing it. And once in the web and one's on the client wants a command line that I don't remember. Um Yeah so it's got pros and cons I think when you >>I think when you get to the scale where those kind of issues are a problem then you're probably at the scale where you can afford to invest some time into automation into that. Right? Like what I've when I've seen this in larger customers or larger organizations if there ever at that stage where okay apps are coming up all the time. You know, there's a 10 X 100 X developer to operations folks who may be creating get repose setting up permissions then that stuff gets automated, right? Like, you know, maybe ticket based systems or whatever. Developers say I need a new app. It templates things or more often using the same model, right of reconciliation and operators and the horrific abuse of cogs that we're seeing in the communities community right now. Um You know, developers can create a crd which just says, hey, I'm creating a new app is called app A and then a controller will pick up that app a definition. It will go create a get a repo Programmatically it will add the right definitely will look up and held up the developers and the permissions that need to be able to get to that repo it will create and template automatically some name space and the clusters that it needs in the environments that it needs, depending on, you know, some metadata it might read. So I think, you know, those are definite problems and they're definitely like a teething, growing pain thing. But once you get to that scale, you kind of need to step back and say, well look, we just need to invest in time into the operational aspect of this and automating this pain away, I think. Yeah, >>yeah. And that ultimately ends in Yeah. Custom tooling, which it's hard to avoid it at scale. I mean, there's there's two, there's almost two conversations here, right. There is what I call the Solo admin Solo devops, I bought that domain Solo devops dot com because, you know, whenever I'm talking to dr khan in the real world, it's like I asked people to raise hands, I don't know how we can raise hands here, but I would ask people to raise hands and see how many of you here are. The sole person responsible for deploying the app that your team makes and like a quarter of the room would raise their hand. So I call that solo devops like those, that person can't make all the custom tooling in the world. So they really need dr like solutions where it's opinionated, the workflow is sort of built in and they don't have to wrangle things together with a bunch of glue, you know, in other words bash. Um and so this kind of comes to a conversation uh starting this question from lee he's asking how do you combine get ops with ci cd, especially the continuous bit. How do you avoid having a human uh sort of the complaint the team I was working with has, how do you avoid a human editing and get committing for every single deploy? They've settled on customized templates and a script for routine updates. So as a seed for this conference, this question I'm gonna ask you all uh instead of that specific question cause it's a little open ended. Um Tell me whether you agree with this. I I kind of look at the image, the image artifact because the doctor image or container image in general is an artifact that I I view it that way and that thing going into the registry with the right label or right part of the label. Um That tag rather not the label but the tag that to me is like one of the great demarche points of, we're kind of done with Ci and we're now into the deployment phase and it doesn't necessarily mean the tooling is a clear cut there, but that artifact being shipped in a specific way or promoted as we sometimes say. Um what do you think? Does anyone have opinions on that? I don't even know if that's the right opinion to have so mhm. >>So um I think what you're, what you're getting at is that get ups, models can trigger off of different events um to trigger the reconciliation loop. And one way to do that is if the image, if it notices a image change in the registry, the other is if there's a commit event on a specific rebo and branch and it's up to, you are up to the person that's implementing their get ups model, what event to trigger there, that reconciliation loop off of, You can do both, you can do one or the other. It also depends on the Templeton engine that you're using on top of um on top of kubernetes, such as helm or um you know, the other ones that are out there or if you're not even doing that, then, you know straight. Yeah, mo um so it kind of just depends, but those are the typically the two options one has and a combination of of those to trigger that event. You can also just trigger it manually, right? You can go into the command line and force a a, you know, a really like a scan or a new reconciliation loop to occur. So it kind of just, I don't want to say this, but it depends on what you're trying to do and what makes sense in your pipeline. Right? So if you're if you're set up where you are tag, if you're doing it based off of image tags, then you probably want to use get ups in a way that you're using the image tags. Right. And the pattern that you've established there, if you're not really doing that and you're more around, like, different branches are mapped to different environments, then triggered off of the correct branch. And that's where the permissions also come into play. Where if you don't want someone to touch production and you've got your getups for your production cluster based off of like uh you know, a main branch, then whoever can push a change to that main branch has the authority to push that change to production. Right? So that's your authentication and permissions um system same for the registry itself. Right. So >>Yeah. Yeah. Sorry, anyone else have any thoughts on that? I was about to go to the next topic, >>I was going to say. I think certain tools dictate the approach, like, if you're using Argosy d it's I think I'm correct me if I'm wrong, but I think the only way to use it right now is just through image modification. Like, the manifest changes, it looks at a specific directory and anything changes then it will do its thing. And uh Synchronize the cost there with whatever's and get >>Yeah, flux has both. Yeah, and flux has both. So it it kind of depends. I think you can make our go do that too, but uh this is back to what we were saying in the beginning, uh you know, these things are changing, right? So that might be what it is right now in terms of triggering the reconciliation loops and get ups, tooling, but there might be other events in the future that might trigger it, and it's not completely stand alone because you still need you're tooling to do any kind of testing or whatever you have in terms of like the specific pipeline. So oftentimes you're bolting in getups into some other part of broader Cfd solution. That makes sense. Yeah, >>we've got a lot of questions about secrets or people that are asking about secrets. >>So my my tongue and cheek answered the secrets question was, what's the best practices for kubernetes? Secrets? That's the same thing for secrets with good apps? Uh getups is not last time I checked and last time I was running this stuff get ups is not has nothing to do with secrets in that sense. It's just there to get your stuff running on communities. So, um there's probably a really good session on secrets at dr concept. I >>would agree with you, I agree with you. Yeah, I mean, get off stools, I mean every every project of mine handles secrets differently. Uh huh. And I think I'm not sure if it was even when I was talking to but talking to someone recently that I'm very bullish on get up actions, I love get up actions, it's not great for deployments yet, but we do have this new thing and get hub environments, I think it's called. So it allows me at least the store secrets per environment, which it didn't have the concept of that before, which you know, if you if any of you running kubernetes out there, you typically end up when you start running kubernetes, you end up with more than one kubernetes, like you're going to end up with a lot of clusters at some point, at least many multiple, more than two. Um and so if you're trying to store secret somewhere, you do have and there's a discussion happening in chat right now where people are talking about um sealed secrets which if you haven't heard of that, go look that up and just be versed on what sealed secrets is because it's a it's a fantastic concept for how to store secrets in the public. Um I love it because I'm a big P. K. I nerd but um it's not the only way and it doesn't fit all models. So I have clients that use A W. S. Secrets because they're in A W. S. And then they just have to use the kubernetes external secret. But again like like like normal sand, you know, it's that doesn't really affect get ops, get ops is just applying whatever helm charts or jahmal or images that you're, you're you're deploying, get off. It was more about the approach of when the changes happen and whether it's a push or pull model like we're talking about and you know, >>I would say there's a bunch of prerequisites to get ups secrets being one of them because the risk of you putting a secret into your git repo if you haven't figured out your community secrets architecture and start diving into getups is high and removing secrets from get repose is you know, could be its own industry, right. It's >>a thing, >>how do >>I hide this? How do I obscure this commit that's already now on a dozen machines. >>So there are some prerequisites in terms of when you're ready to adopt get up. So I think is the right way of saying the answer to that secrets being one of them. >>I think the secrets was the thing that made me, you know, like two or three years ago made me kind of see the ah ha moment when it came to get ups which, which was that the premier thing that everyone used to say about get up about why it was great. Was its the single source of truth. There's no state anywhere else. You just need to look at git. Um and then secrets may be realized along with a bunch of other things down the line that is not true and will never be true. So as soon as you can lose the dogmatism about everything is going to be and get it's fantastic. As long as you've understood everything is not going to get. There are things which will absolutely never be and get some tools just don't deal with that. They need to earn their own state, especially in communities, some controls on their own state. You know, cuz sealed secrets and and other projects like SOps and I think there are two or three others. That's a great way of dealing with secrets if you want to keep them in get. But you know, projects like vault more kind of like what I would say, production grade secret strategies. Right? And if you're in AWS or a cloud, you're more likely to be using their secrets. Your secret policy is maybe not dictated by you in large organizations might be dictated by CSO or security or Great. Like I think once if you, if you're trying to adopt getups or you're thinking about it, get the dogmatism of get as a single point of truth out of your mind and think about getups more as a philosophy and a set of best practice principles, then you will be in much better stead, >>right? Yeah. >>People are asking more questions in chat like infrastructure as code plus C d essentially get ups or C I rather, um, these are all great questions and a part of the debate, I'm actually just going to throw up on screen. I'm gonna put this in chat, but this is, this is to me the source, Right? So we worked with when they coined the term. We, a lot of us have been trying to get, if we talk about the history for a minute and then tell me if I'm getting this right. Um, a lot of us were trying to automate all these different parts of the puzzle, but a lot of them, they, some things might have been infrastructure as code. Some things weren't, some things were sort of like settings is coded, like you're going to Jenkins and type in secrets and settings or type in a certain thing in the settings of Jenkins and then that it wasn't really in get and so what we was trying to go for was a way to have almost like eventually a two way state understanding where get might change your infrastructure but then your infrastructure might also change and needs to be reflected in the get if the get is trying to be the single source of truth. Um and like you're saying the reality is that you're never gonna have one repo that has all of your infrastructure in it, like you would have to have, you have to have all your terra form, anything else you're spinning up. Right. Um but anyway, I'm gonna put this link in chat. So this guide actually, uh one of things they talk about is what it's not, so it's, it's kind of great to read through the different requirements and like what I was saying well ago um mhm. Having having ci having infrastructure as code and then trying a little bit of continuous deployment out, it's probably a prerequisite. Forget ops so it's hard to just jump into that when you don't already have infrastructure as code because a machine doing stuff on your behalf, it means that you have to have things documented and somewhere and get repo but let me put this in the in the >>chitty chat, I would like to know if the other panelists agree, but I think get apps is a okay. I would say it's a moderate level, it's not a beginner level communities thing, it's like a moderate level advanced, a little bit more advanced level. Um One can start off using it but you definitely have to have some pre recs in place or some understanding of like a pattern in place. Um So what do the other folks think about that opinion? >>I think if you're if you're trying to use get out before, you know what problem you have, you're probably gonna be in trouble. Right. It's like having a solution to it probably don't have yet. Mhm. Right. I mean if if you're just evil or and you're just typing, keep control apply, you're one person right, Get off. It doesn't seem like a big a big jump, like, I mean it doesn't like why would I do that? I'm just, I'm just gonna inside, it's the type of get commit right, I'm typing Q control apply. But I think one of the rules from we've is none of your developers and none of your admins can have cute control access to the cluster because if you can't, if you do have access and you can just apply something, then that's just infrastructure as code. That's just continuous deployment, that's, that's not really get ops um, getups implies that the only way things get into the cluster is through the get up, get automation that you're using with, you know, flux Argo, we haven't talked about, what's the other one that Victor Farsi talks about, by the way people are asking about victor, because victor would love to talk about this stuff, but he's in my next life, so come back in an hour and a half or whatever and victor is going to be talking about sys, admin list with me. Um >>you gotta ask him nothing but get up questions in the next, >>confuse them, confuse them. But anyway, that, that, that's um, it's hard, it's hard to understand and without having tried it, I think conceptually it's a little challenging >>one thing with getups, especially based off the we've works blog post that you just put up on there. It's an opinionated way of doing something. Uh you know, it's an opinionated way of of delivering changes to an environment to your kubernetes environment. So it's opinionated were often not used to seeing things that are very opinionated in this sense, in the in the ecosystem, but get apps is a opinionated thing. It's it's one way of doing it. Um there are ways to change it and like there are options um like what we were talking about in terms of the events that trigger, but the way that it's structured is an opinion opinionated way both from like a tooling perspective, like using get etcetera, but also from a devops cultural perspective, right? Like you were talking about not having anyone access cube control and changing the cluster directly. That's a philosophical opinion that get ups forces you to adopt otherwise. It kind of breaks the model and um I just I want everyone to just understand that. That is very opinion, anything in that sense. Yeah, >>polygamy is another thing. Infrastructure as code. Um someone's mentioning plummy and chat, I just had actually my life show self plug bread that live go there. I'm on Youtube every week. I did the same thing. These these are my friends um and had palami on two weeks ago uh last week, remember uh and it was in the last couple of weeks and we talked about their infrastructure as code solution. Were actually writing code instead of um oh that's an interesting take on uh developer team sort of owning coding the infrastructure through code rather than Yamil as a data language. I don't really have an opinion on it yet because I haven't used it in production or anything in the real real world, but um, I'm not sure how much they are applying trying to go towards the get up stuff. I will do a plug for Solomon hikes. Who has a, the beginning of the day, it's already happened so you can go back and watch it. It's a, it's a, what's it called? Q. Rethinking application delivery with Q. And build kit. So go look this up. This is the found co founder of Dr and former CTO Solomon hikes at the beginning of the day. He has a tool called dagger. I'm not sure why the title of the talk is delivering with Q. And built it, but the tool is showing off in there for an hour is called dagger. And it's, it's an interesting idea on how to apply a lot of this opinionated automated stuff to uh, to deployment and it's get off space and you use Q language. It's a graph language. I watched most of it and it was a really interesting take. I'm excited to see if that takes off and if they try that because it's another way that you can get a little bit more advanced with your you're get deployments and without having to just stick everything in Yemen, which is kind of what we're in today with helm charts and what not. All right. More questions about secrets, I think. I think we're not going to have a whole lot of more, a lot more about secrets basically. Uh put secrets in your cluster to start with and kubernetes in encrypted, you know, thing. And then, you know, as it gets harder, then you have to find another solution when you have five clusters, you don't wanna have to do it five times. That's when you have to go for Walton A W. S secrets and all >>that. Right? I'm gonna post it note. Yeah. Crm into the cluster. Just kidding. >>Yes, there are recordings of this. Yes, they will be later. Uh, because we're that these are all gonna be on youtube later. Um, yeah, detects secrets cushion saying detect secrets or get Guardian are absolute requirements. I think it's in reference to your secrets comment earlier. Um, Camels asking about Cuban is dropping support for Docker that this is not the place to ask for that, but it, it is uh, basically it's a Nonevent Marantz has actually just created that same plug in available in a different repos. So if you want to keep using Docker and kubernetes, you know, you can do it like it's no big deal. Most of us aren't using doctor in our communities anyway, so we're using like container D or whatever is provided to us by our provider. Um yeah, thank you so much for all these comments. These are great people helping each other and chat. I feel like we're just here to make sure the chats available so people can help each other. >>I feel like I want to pick up on something when you mentioned pollux me, I think there's a um we're talking about getups but I think in the original like the origination of that I guess was deploying applications to clusters right, picking up deployment manifest. But I think with the gloomy and I obviously terra form and things have been around a long time, folks are starting to apply this I think I found one earlier which was like um kub stack the Terror Forms get ups framework. Um but also with the advent of things like cluster A. P. I. Um in the Cuban at the space where you can declare actively build the infrastructure for your clusters and build the cluster right? We're not just talking about deploying applications, the cluster A. P. I will talk to a W. S. Spin up, VPc spin up machines, you know, we'll do the same kind of things that terra form does and and those other tools do I think applying getups principles to the infrastructure spin up right, the proper infrastructure as code stuff, constantly applying Terror form um you know, plans and whatever, constantly applying cluster Api resources spinning up stuff in those clouds. That's a super interesting. Um you know, extension of this area, I'd be curious to see if what the folks think about that. >>Yeah, that's why I picked this topic is one of my three. Uh I got I got to pick the topics. I was like the three things that there like the most bleeding edge exciting. Most people haven't, we haven't basically we haven't figured all this out yet. We as an industry, so um it's I think we're gonna see more ideas on it. Um what's the one with the popsicle as the as the icon victor talks about all the time? It's not it's another getups like tool, but it's um it's getups for you use this kubernetes limit and then we have to look it up, >>You're talking about cross plane. >>So >>my >>wife is over here with the sound effects and the first sound effect of the day that she chooses to use is one. >>All right, can we pick it? Let's let's find another question bret >>I'm searching >>so many of them. All right, so uh I think one really quick one is getups only for kubernetes, I think the main to tooling to tools that we're talking about, our Argosy D and flux and they're mostly geared toward kubernetes deployments but there's a, it seems like they're organized in a way that there's a clean abstraction in with respect to the agent that's doing the deployment and the tooling that that can interact with. So I would imagine that in the future and this might be true already right now that get ups could be applied to other types of deployments at some point in the future. But right now it's mostly focused and treats kubernetes as a first class citizen or the tooling on top of kubernetes, let's say something like how as a first class citizen? Yeah, to Brett, >>to me the field, back to you bret the thing I was looking for is cross plane. So that's another tool. Um Victor has been uh sharing a lot about it in Youtube cross plane and that is basically runs inside a kubernetes, but it handles your other infrastructure besides your app. It allows you to like get ops, you're a W. S stuff by using the kubernetes state engine as a, as a way to manage that. And I have not used it yet, but he does some really great demos on Youtube. So people are liking this idea of get off, so they're trying to figure out how do we, how do we manage state? How do we uh because the probably terra form is that, well, there's many problems, but it's always a lot of problems, but in the get outs world it's not quite the right fit yet, It might be, but you still, it's still largely as expected for people to, you know, like type the command, um, and it keeps state locally the ss, clouds and all that. And but the other thing is I'm I'm now realizing that when I saw the demo from Solomon, I'm going back to the Solomon hikes thing. He was using the demo and he was showing it apply deploying something on S three buckets, employing internet wifi and deploying it on google other things beyond kubernetes and saying that it's all getups approach. So I think we're just at the very beginning of seeing because it all started with kubernetes and now there's a swarm one, you can look up swarm, get office and there's a swarm, I can't take the name of it. Swarm sink I think is what's called swarm sink on git hub, which allows you to do swarm based getups like things. And now we're seeing these other tools coming out. They're saying we're going to try to do the get ups concepts, but not for kubernetes specifically and that's I think, you know, infrastructure as code started with certain areas of the world and then now then now we all just assume that you're going to have an infrastructure as code way of doing whatever that is and I think get off is going to have that same approach where pretty soon, you know, we'll have get apps for all the clouds stuff and it won't just be flexor Argo. And then that's the weird thing is will flex and Argo support all those things or will it just be focused on kubernetes apps? You know, community stuff? >>There's also, I think this is what you're alluding to. There is a trend of using um kubernetes and see rDS to provision and control things that are outside of communities like the cloud service providers services as if they were first class entities within kubernetes so that you can use the kubernetes um focus tooling for things that are not communities through the kubernetes interface communities. Yeah, >>yeah, even criticism. >>Yeah, yeah, I'm just going to say that sounds like cross plane. >>Yeah, yeah, I mean, I think that's that's uh there were, you know, for the last couple of years, it's been flux and are going back and forth. Um they're like frenemies, you know, and they've been going back and forth with iterating on these ideas of how do we manage this complicated thing? That is many kubernetes clusters? Um because like Argo, I don't know if the flux V two can do this, but Argo can manage multiple clusters now from one cluster, so your, you can manage other clusters, technically external things from a single entity. Um Originally flux couldn't do that, but I'm going to say that V two can, I don't actually >>know. Um I think all that is gonna, I think that's going to consolidate in the future. All right. In terms of like the common feature set, what Iver and john what do you think? >>I mean, I think it's already begun, right, I think haven't, didn't they collaborate on a common engine? I don't know whether it's finished yet, but I think they're working towards a common getups engine and then they're just going to layer on features on top. But I think, I mean, I think that's interesting, right, because where it runs and where it interacts with, if we're talking about a pull based model, it shouldn't, it's decentralized to a certain extent, right? We need get and we need the agent which is pulling if we're saying there's something else which is orchestrating something that we start to like fuzzy the model even right. Like is this state living somewhere else, then I think that's just interesting as well. I thought flux was completely decentralized, but I know you install our go somewhere like the cargo has a server as well, but it's been a while since I've looked in depth at them. But I think the, you know, does that muddy the agent only pull model? >>I'm reading a >>Yeah, I would say that there's like a process of natural selection going on as as the C. N. C. F. Landscape evolves and grows bigger and a lot of divide and conquer right now. But I think as certain things kind of get more prominent >>and popular, I think >>it starts to trend and it inspires other things and then it starts to aggregate and you know, kind of get back into like a unified kind of like core. Maybe like for instance, cross plane, I feel like it shouldn't even really exist. It should be, it like it's a communities add on, but it should be built in, it should be built into kubernetes, like why doesn't this exist already >>for like controlling a cloud? >>Yeah, like just, you know, having this interface with the cloud provider and be able to Yeah, >>exactly. Yeah, and it kinda, you're right. That kinda happens because you do, I mean when you start talking about storage providers and networking providers was very specific implementations of operators or just individual controllers that do operate and control other resources in the cloud, but certainly not universally right. Not every feature of AWS is available to kubernetes out of the box. Um and you know, it, one of the challenges across plane is you gotta have kubernetes before you can deploy kubernetes. Like there's a chicken and egg issue there where if you're going to use, if you're going to use our cross plane for your other infrastructure, but it's gotta, but it has to run on kubernetes who creates that first kubernetes in order for you to put that on there. And victor talks about one of his videos, the same problem with flux and Argo where like Argo, you can't deploy Argo itself with getups. There has to be that initial, I did a thing with, I'm a human and I typed in some commands on a server and things happened but they don't really have an easy deployment method for getting our go up and running using simply nothing but a get push to an existing system. There's something like that. So it's a it's an interesting problem of day one infrastructure which is again only day one, I think data is way more interesting and hard, but um how can we spend these things up if they're all depending on each other and who is the first one to get started? >>I mean it's true of everything though, I mean at the end of that you need some kind of big bang kind of function too, you know, I started running start everything I >>think without going over that, sorry, without going off on a tangent. I was, I was gonna say there's a, if folks have heard of kind which is kubernetes and Docker, which is a mini kubernetes cluster, you can run in a Docker container or each container will run as a as a node. Um you know, that's been a really good way to spin up things like clusters. KPI because they boot strap a local kind, install the manifests, it will go and spin up a fully sized cluster, it will transfer its resources over there and then it will die itself. Right? So that, that's kind of bootstrapping itself. And I think a couple of folks in the community, Jason to Tiberius, I think he works for Quinyx metal um has, has experimented with like an even more minimal just Api server, so we're really just leveraging the kubernetes ideas of like a reconciliation loop and a controller. We just need something to bootstrap with those C R D s and get something going and then go away again. So I think that's gonna be a pattern that comes up kind of more and more >>Yeah, for sure. Um, and uh, the next, next quick answer to the question, Angel asked what your thoughts on getups being a niche to get or versus others vcs tools? Well, if I knew anyone who is using anything other than get, I would say no, you know, get ops is a horrible name. It should just be CVS office, but that doesn't or vcs ops or whatever like that, but that doesn't roll off the tongue. So someone had to come up with the get ups phrase. Um but absolutely, it's all about version control solutions used for infrastructure, not code. Um might get doctor asks a great question, we're not gonna have time for it, but maybe people can reply and chat with what they think but about infrastructure and code, the lines being blurred and that do develop, how much of infrastructure does developer do developers need to know? Essentially, they're having to know all the things. Um so unfortunately we've had way more questions like every panel here today with all the great community, we've got way more questions we can handle in this time. So we're gonna have to wrap it up and say goodbye. Go to the next live panel. I believe the next one is um on developer, developer specific setups that's gonna be peter running that panel. Something about development in containers and I'm sure it's gonna be great. Just like this one. So let's go around the room where can people find you on the internet? I'm at Brett fisher on twitter. That's where you can usually find me most days you are? >>Yeah, I'm on twitter to um, I'll put it in the chat. It's kind of confusing because the TSR seven. >>Okay. Yeah, that's right. You can't just say it. You can also look at the blow of the video and like our faces are there and if you click on them, it tells you our twitter in Arlington and stuff, john >>John Harris 85, pretty much everywhere. Get hub Twitter slack, etc. >>Yeah >>and normal, normal faults or just, you know, living on Youtube live with Brett. >>Yeah, we're all on the twitter so go check us out there and thank you so much for joining. Uh thank you so much to you all for being here. I really appreciate you taking time in your busy schedule to join me for a little chit chat. Um Yes, all the, all the cheers, yes. >>And I think this kid apps loop has been declarative lee reconciled. >>Yeah, there we go. And with that ladies and gentlemen, uh bid you would do, we will see you in the next, next round coming up next with Peter >>bye.

>> Announcer: From around the Globe, it's theCUBE with coverage of Kube Con and Cloud Native Con Europe 2021 virtual brought to you by Red Hat, the cloud native computing foundation and ecosystem partners. >> Hello, and welcome back to theCUBE's coverage of Kube Con and Cloud Native Con 2021 virtual. I'm John Furrier, host of theCUBE, here with a great guest, I'm excited to talk to. His company, that he was part of founding CTO, was bought by Red Hat. Ali Golshan, Senior Director of Global Software Engineer at Red Hat, formerly CTO of StackRox. Ali thanks for coming on, I appreciate it. Thanks for joining us. >> Thanks for having me excited to be here. >> So big acquisition in January, where we covered it on SiliconANGLE, You guys, security company, venture backed amplify Sequoya and on and on. Big part of Red Hat story in their security as developers want to shift left as they say and as more and more modern applications are being developed. So congratulations. So real quick, just quick highlight of what you guys do as a company and inside Red Hat. >> Sure, so the company's premise was built around how do you bring security the entire application life cycle. So StackRox focuses on sort of three big areas that we talk about. One is, how do you secure the supply chain? The second part of it is, how do you secure infrastructure and foster management and then the third part is now, how do you protect the workload that run on top of that infrastructure. So this is the part that aligned really well with Red Hat which is, Red Hat had wanted to take a lot of what we do around infrastructure, foster management configuration management and developer tools integrated into a lot of the things they do and obviously the workload protection part was a very seamless part of integrating us into the OpenShift part because we were built around cloud native constructs and obviously Red Hat having some of the foremost experts around cloud native sort of created a really great asset. >> Yeah, you guys got a great story. Obviously cloud native applications are rocking and rolling. You guys were in early serverless emerges, Kubernetes and then security in what I call the real time developer workflow. Ones that are building really fast, pushing code. Now it's called day two operations. So cloud native did two operations kind of encapsulates this new environment. You guys were right in the sweet spot of that. So this became quite the big deal, Red Hat saw an opportunity to bring you in. What was the motivation when you guys did the deal Was it like, "wow" this is a good fit. How did you react? What was the vibe at the StackRox when this was all going down? >> Yeah, so I think there's really three areas you look for, anytime a company comes up and sort of starts knocking on your door. One is really, is the team going to be the right fit? Is the culture going to be the right environment for the people? For us, that was a big part of what we were taking into consideration. We found Red Hat's general culture, how they approach people and sort of the overall approach the community was very much aligned with what we were trying to do. The second part of it was really the product fit. So we had from very early on started to focus purely on the Kubernetes components and doing everything we could, we call it sort of our product approach built in versus bolted on and this is sort of a philosophy that Red Hat had adopted for a long time and it's a part of a lot of their developer tools, part of their shift left story as well as part of OpenShift. And then the third part of it was really the larger strategy of how do you go to market. So we were hitting that point where we were in triple digit customers and we were thinking about scalability and how to scale the company. And that was the part that also fit really well which was obviously, RedHat more and more hearing from their customers about the importance and the criticality of security. So that last part happened to be one part. We ended up spending a lot of time on it, ended up being sort of three out of three matches that made this acquisition happen. >> Well congratulations, always great to see startups in the right position. Good hustle, great product, great market. You guys did a great job, congratulations. >> Thank you. >> Now, the big news here at KubeCon as Linux foundation open-source, you guys are announcing that you're open-sourcing at StackRox, this is huge news, obviously, you now work for an open-source company and so that was probably a part of it. Take us through the news, this is the top story here for this segment tickets through open-source. Take us through the news. >> Yeah, so traditionally StackRox was a proprietary tool. We do have open-source tooling but the entire platform in itself was a proprietary tool. This has been a number of discussions that we've had with the Red Hat team from the very beginning. And it sort of aligns around a couple of core philosophies. One is obviously Red Hat at its core being an open-source company and being very much plugged into the community and working with users and developers and engineers to be able to sort of get feedback and build better products. But I think the other part of it is that, I think a lot of us from a historic standpoint have viewed security to be a proprietary thing as we've always viewed the sort of magic algorithms or black boxes or some magic under the hood that really moved the needle. And that happens not to be the case anymore also because StackRox's philosophy was really built around Kubernetes and Built-in, we feel like one of the really great messages around wide open-source of security product is to build that trust with the community being able to expose, here's how the product works, here's how it integrates here are the actions it takes here's the ramifications or repercussions of some of the decisions you may make in the product. Those all I feel make for very good stories of how you build connection, trust and communication with the community and actually get feedback on it. And obviously at its core, the company being very much focused on Kubernetes developer tools, service manage, these are all open-source toolings obviously. So, for us it was very important to sort of talk the talk and walk the walk and this is sort of an easy decision at the end of the day for us to take the platform open-source. And we're excited about it because I think most still want a productized supported commercial product. So while it's great to have some of the tip of the spear customers look at it and adopt the open-source and be able to drive it themselves. We're still hearing from a lot of the customers that what they do want is really that support and that continuous management, maintenance and improvement around the product. So we're actually pretty excited. We think it's only going to increase our velocity and momentum into the community. >> Well, I got some questions on how it's going to work but I do want to get your comment because I think this is a pretty big deal. I had a conversation about 10 years ago with Doug Cutting, who was the founder of Hadoop, And he was telling me a story about a company he worked for, you know all this coding, they went under and the IP was gone, the software was gone and it was a story to highlight that proprietary software sometimes can never see the light of day and it doesn't continue. Here, you guys are going to continue the story, continue the code. How does that feel? What's your expectations? How's that going to work? I'm assuming that's what you're going to open it up which means that anyone can download the code. Is that right? Take us through how to first of all, do you agree with that this is going to stay alive and how's it going to work? >> Yeah, I mean, I think as a founder one of the most fulfilling things to have is something you build that becomes sustainable and stands the test of time. And I think, especially in today's world open-source is a tool that is in demand and only in a market that's growing is really a great way to do that. Especially if you have a sort of an established user base and the customer base. And then to sort of back that on top of thousands of customers and users that come with Red Hat in itself, gives us a lot of confidence that that's going to continue and only grow further. So the decision wasn't a difficult one, although transparently, I feel like even if we had pushed back I think Red Hat was pretty determined about open-source and we get anyway, but it's to say that we actually were in agreement to be able to go down that path. I do think that there's a lot of details to be worked out because obviously there's sort of a lot of the nuances in how you build product and manage it and maintain it and then, how do you introduce community feedback and community collaboration as part of open-source projects is another big part of it. I think the part we're really excited about is, is that it's very important to have really good community engagement, maintenance and response. And for us, even though we actually discussed this particular strategy during StackRox, one of the hindering aspects of that was really the resources required to be able to manage and maintain such a massive open-source project. So having Red Hat behind us and having a lot of this experience was very relevant. I think, as a, as a startup to start proprietary and suddenly open it and try to change your entire business model or go to market strategy commercialization, changed the entire culture of the company can sometimes create a lot of headwind. And as a startup, like sort of I feel like every year just trying not to die until you create that escape velocity. So those were I think some of the risk items that Red Hat was able to remove for us and as a result made the decision that much easier. >> Yeah, and you got the mothership with Red Hat they've done it before, they've been doing it for generations. You guys, you're in the startup, things are going crazy. It's like whitewater rafting, it's like everything's happening so fast. And now you got the community behind you cause you're going to have the CNC if you get Kubecon. I mean, it's a pretty great community, the support is amazing. I think the only thing the engineers might want to worry about is go back into the code base and clean things up a bit, as you start to see the code I'm like, wait a minute, their names are on it. So, it's always always a fun time and all serious now this is a big story on the DevSecOps. And I want to get your thoughts on this because kubernetes is still emerging, and DevOps is awesome, we've been covering that in for all of the life of theCUBE for the 11 years now and the greatness of DevOps but now DevSecOps is critical and Kubernetes native security is what people are looking at. When you look at that trend only continuing, what's your focus? What do you see? Now that you're in Red Hat as the CTO, former CTO of StackRox and now part of the Red Hat it's going to get bigger and stronger Kubernetes native and shifting left-hand or DevSecOps. What's your focus? >> Yeah, so I would say our focus is really around two big buckets. One is, Kubernetes native, sort of a different way to think about it as we think about our roadmap planning and go-to-market strategy is it's mutually exclusive with being in infrastructure native, that's how we think about it and as a startup we really have to focus on an area and Kubernetes was a great place for us to focus on because it was becoming the dominant orchestration engine. Now that we have the resources and the power of Red Hat behind us, the way we're thinking about this is infrastructure native. So, thinking about cloud native infrastructure where you're using composable, reusable, constructs and objects, how do you build potential offerings or features or security components that don't rely on third party tools or components anymore? How do you leverage the existing infrastructure itself to be able to conduct some of these traditional use cases? And one example we use for this particular scenario is networking. Networking, the way firewalling in segmentation was typically done was, people would tweak IP tables or they would install, for example, a proxy or a container that would terminate MTLS or become inline and it would create all sorts of sort of operational and risk overhead for users and for customers. And one of the things we're really proud of as sort of the company that pioneered this notion of cloud native security is if you just leverage network policies in Kubernetes, you don't have to be inline you don't have to have additional privileges, you don't have to create additional risks or operational overhead for users. So we're taking those sort of core philosophies and extending them. The same way we did to Kubernetes all the way through service manager, we're doing the same sorts of things Istio being able to do a lot of the things people are traditionally doing through for example, proxies through layer six and seven, we want to do through Istio. And then the same way for example, we introduced a product called GoDBledger which was an open-source tool, which would basically look at a yaml on helm charts and give you best practices responses. And it's something you we want for example to your get repositories. We want to take those sort of principles, enabling developers, giving them feedback, allowing them not to break their existing workflows and leveraging components in existing infrastructure to be able to sort of push security into cloud native. And really the two pillars we look at are ensuring we can get users and customers up and running as quickly as possible and reduce as much as possible operational overhead for them over time. So we feel these two are really at the core of open-sourcing in building into the infrastructure, which has sort of given us momentum over the last six years and we feel pretty confident with Red Hat's help we can even expand that further. >> Yeah, I mean, you bring up a good point and it's certainly as you get more scale with Red Hat and then the customer base, not only in dealing with the threat detection around containers and cloud native applications, you got to kind of build into the life cycle and you've got to figure out, okay, it's not just Kubernetes anymore, it's something else. And you've got advanced cluster security with Red Hat they got OpenShift cloud platform, you're going to have managed services so this means you're going to have scale, right? So, how do you view that? Because now you're going to have, you guys at the center of the advanced cluster security paradigm for Red Hat. That's a big deal for them and they've got a lot of R and D and a lot of, I wouldn't say R and D, but they got emerging technologies developing around that. We covered that in depth. So when you start to get into advanced cluster, it's compliance too, it's not just threat detection. You got insights telemetry, data acquisition, so you have to kind of be part of that now. How do you guys feel about that? Are you up for the task? >> Yeah, I hope so it's early days but we feel pretty confident about it, we have a very good team. So as part of the advanced cluster security we work also very closely with the advanced cluster management team in Red Hat because it's not just about security, it's about, how do you operationalize it, how do you manage it and maintain it and to your point sort of run it longterm at scale. The compliance part of it is a very important part. I still feel like that's in its infancy and these are a lot of conversations we're having internally at Red Hat, which is, we all feel that compliance is going to sort of more from the standard benchmarks you have from CIS or particular compliance requirements like the power, of PCI or Nest into how do you create more flexible and composable policies through a unified language that allows you to be able to create more custom or more useful things specific to your business? So this is actually, an area we're doing a lot of collaboration with the advanced cluster management team which is in that, how do you sort of bring to light a really easy way for customers to be able to describe and sort of abstract policies and then at the same time be able to actually and enforce them. So we think that's really the next key point of what we have to accomplish to be able to sort of not only gain scale, but to be able to take this notion of, not only detection in response but be able to actually build in what we call declarative security into your infrastructure. And what that means is, is to be able to really dictate how you want your applications, your services, your infrastructure to be configured and run and then anything that is sort of conflicting with that is auto responded to and I think that's really the larger vision that with Red Hat, we're trying to accomplish. >> And that's a nice posture to have you build it in, get it built in, you have the declarative models then you kind of go from there and then let the automation kick in. You got insights coming in from Red Hat. So all these things are kind of evolving. It's still early days and I think it was a nice move by Red Hat, so congratulations. Final question for you is, as you prepare to go to the next generation KubeCon is also seeing a lot more end user participation, people, you know, cloud native is going mainstream, when I say mainstream, seeing beyond the hyperscalers in the early adopters, Kubernetes and other infrastructure control planes are coming in you start to see the platforms emerge. Nobody wants another security tool, they want platforms that enable applications handle tools. As it gets more complicated, what's going to be the easy button in security cloud native? What's the approach? What's your vision on what's next? >> Yeah so, I don't know if there is an easy button in security and I think part of it is that there's just such a fragmentation and use cases and sort of designs and infrastructure that doesn't exist, especially if you're dealing with such a complex stack. And not only just a complex stack but a potentially use cases that not only span runtime but they deal with you deployment annual development life cycle. So the way we think about it is more sort of this notion that has been around for a long time which is the shared responsibility model. Security is not security's job anymore. Especially, because security teams probably cannot really keep up with the learning curve. Like they have to understand containers then they have to understand Kubernetes and Istio and Envoy and cloud platforms and APIs. and there's just too much happening. So the way we think about it is if you deal with security a in a declarative version and if you can state things in a way where how infrastructure is ran is properly configured. So it's more about safety than security. Then what you can do is push a lot of these best practices back as part of your gift process. Involve developers, engineers, the right product security team that are responsible for day-to-day managing and maintaining this. And the example we think about is, is like CVEs. There are plenty of, for example, vulnerability tools but the CVEs are still an unsolved problem because, where are they, what is the impact? Are they actually running? Are they being exploited in the wild? And all these things have different ramifications as you span it across the life cycle. So for us, it's understanding context, understanding assets ensuring how the infrastructure has to handle that asset and then ensuring that the route for that response is sent to the right team, so they can address it properly. And I think that's really our larger vision is how can you automate this entire life cycle? So, the information is routed to the right teams, the right teams are appending it to the application and in the future, our goal is not to just pardon the workload or the compute environment, but use this information to action pardon application themselves and that creates that additional agility and scalability. >> Yeah it's in the lifecycle of that built in right from the beginning, more productivity, more security and then, letting everything take over on the automation side. Ali congratulations on the acquisition deal with Red Hat, buyout that was great for them and for you guys. Take a minute to just quickly answer final final question for the folks watching here. The big news is you're open-sourcing StackRox, so that's a big news here at KubeCon. What can people do to get involved? Well, just share a quick quick commercial for what people can do to get involved? What are you guys looking for? Take a pledge to the community? >> Yeah, I mean, what we're looking for is more involvement in direct feedback from our community, from our users, from our customers. So there's a number, obviously the StackRox platform itself being open-source, we have other open-source tools like the KubeLinter. What we're looking for is feedback from users as to what are the pain points that they're trying to solve for. And then give us feedback as to how we're not addressing those or how can we better design our systems? I mean, this is the sort of feedback we're looking for and naturally with more resources, we can be a lot faster in response. So send us feedback good or bad. We would love to hear it from our users and our customers and get a better sense of what they're looking for. >> Innovation out in the open love it, got to love open-source going next gen, Ali Golshan Senior Director of Global Software Engineering the new title at Red Hat former CTO and founder of StackRox which spread had acquired in January, 2021. Ali thanks for coming on congratulations. >> Thanks for having, >> Okay, so keeps coverage of Kube Con cloud native Con 2021. I'm John Furrie, your host. Thanks for watching. (soft music)

>> Announcer: From around the Globe, it's theCUBE with coverage of Kube Con and Cloud Native Con Europe 2021 virtual brought to you by Red Hat, the cloud native computing foundation and ecosystem partners. >> Hello, and welcome back to theCUBE's coverage of Kube Con and Cloud Native Con 2021 virtual. I'm John Furrier, host of theCUBE, here with a great guest, I'm excited to talk to. His company, that he was part of founding CTO, was bought by Red Hat. Ali Golshan, Senior Director of Global Software Engineer at Red Hat, formerly CTO of StackRox. Ali thanks for coming on, I appreciate it. Thanks for joining us. >> Thanks for having me excited to be here. >> So big acquisition in January, where we covered it on SiliconANGLE, You guys, security company, venture backed amplify Sequoya and on and on. Big part of Red Hat story in their security as developers want to shift left as they say and as more and more modern applications are being developed. So congratulations. So real quick, just quick highlight of what you guys do as a company and inside Red Hat. >> Sure, so the company's premise was built around how do you bring security the entire application life cycle. So StackRox focuses on sort of three big areas that we talk about. One is, how do you secure the supply chain? The second part of it is, how do you secure infrastructure and foster management and then the third part is now, how do you protect the workload that run on top of that infrastructure. So this is the part that aligned really well with Red Hat which is, Red Hat had wanted to take a lot of what we do around infrastructure, foster management configuration management and developer tools integrated into a lot of the things they do and obviously the workload protection part was a very seamless part of integrating us into the OpeShift part because we were built around cloud native constructs and obviously Red Hat having some of the foremost experts around cloud native sort of created a really great asset. >> Yeah, you guys got a great story. Obviously cloud native applications are rocking and rolling. You guys were in early serverless emerges, Kubernetes and then security in what I call the real time developer workflow. Ones that are building really fast, pushing code. Now it's called day two operations. So cloud native did two operations kind of encapsulates this new environment. You guys were right in the sweet spot of that. So this became quite the big deal, Red Hat saw an opportunity to bring you in. What was the motivation when you guys did the deal Was it like, "wow" this is a good fit. How did you react? What was the vibe at the StackRox when this was all going down? >> Yeah, so I think there's really three areas you look for, anytime a company comes up and sort of starts knocking on your door. One is really, is the team going to be the right fit? Is the culture going to be the right environment for the people? For us, that was a big part of what we were taking into consideration. We found Red Hat's general culture, how they approach people and sort of the overall approach the community was very much aligned with what we were trying to do. The second part of it was really the product fit. So we had from very early on started to focus purely on the Kubernetes components and doing everything we could, we call it sort of our product approach built in versus built it on and this is sort of a philosophy that Red Hat had adopted for a long time and it's a part of a lot of their developer tools, part of their shift left story as well as part of OpenShift. And then the third part of it was really the larger strategy of how do you go to market. So we were hitting that point where we were in triple digit customers and we were thinking about scalability and how to scale the company. And that was the part that also fit really well which was obviously, RedHat more and more hearing from their customers about the importance and the criticality of security. So that last part happened to be one part. We ended up spending a lot of time on it, ended up being sort of the outer three matches that made this acquisition happen. >> Well congratulations, always great to see startups in the right position. Good hustle, great product, great market. You guys did a great job, congratulations. >> Thank you. >> Now, the big news here at KubeCon as Linux foundation open-source, you guys are announcing that you're open-sourcing at StackRox, this is huge news, obviously, you now work for an open-source company and so that was probably a part of it. Take us through the news, this is the top story here for this segment tickets through open-source. Take us through the news. >> Yeah, so traditionally StackRox was a proprietary tool. We do have open-source tooling but the entire platform in itself was a proprietary tool. This has been a number of discussions that we've had with the Red Hat team from the very beginning. And it sort of aligns around a couple of core philosophies. One is obviously Red Hat at its core being an open-source company and being very much plugged into the community and working with users and developers and engineers to be able to sort of get feedback and build better products. But I think the other part of it is that, I think a lot of us from a historic standpoint have viewed security to be a proprietary thing as we've always viewed the sort of magic algorithms or black boxes or some magic under the hood that really moved the needle. And that happens not to be the case anymore also because StackRox's philosophy was really built around Kubernetes and Built-in, we feel like one of the really great messages around wide open-source of security product is to build that trust with the community being able to expose, here's how the product works, here's how it integrates here are the actions it takes here's the ramifications or repercussions of some of the decisions you may make in the product. Those all I feel make for very good stories of how you build connection, trust and communication with the community and actually get feedback on it. And obviously at its core, the company being very much focused on Kubernetes developer tools, service manage, these are all open-source toolings obviously. So, for us it was very important to sort of talk the talk and walk the walk and this is sort of an easy decision at the end of the day for us to take the platform open-source. And we're excited about it because I think most still want a productized supported commercial product. So while it's great to have some of the tip of the spear customers look at it and adopt the open-source and be able to drive it themselves. We're still hearing from a lot of the customers that what they do want is really that support and that continuous management, maintenance and improvement around the product. So we're actually pretty excited. We think it's only going to increase our velocity and momentum into the community. >> Well, I got some questions on how it's going to work but I do want to get your comment because I think this is a pretty big deal. I had a conversation about 10 years ago with Doug Cutting, who was the founder of Hadoop, And he was telling me a story about a company he worked for, you know all this coding, they went under and the IP was gone, the software was gone and it was a story to highlight that proprietary software sometimes can never see the light of day and it doesn't continue. Here, you guys are going to continue the story, continue the code. How does that feel? What's your expectations? How's that going to work? I'm assuming that's what you're going to open it up which means that anyone can download the code. Is that right? Take us through how to first of all, do you agree with that this is going to stay alive and how's it going to work? >> Yeah, I mean, I think as a founder one of the most fulfilling things to have is something you build that becomes sustainable and stands the test of time. And I think, especially in today's world open-source is a tool that is in demand and only in a market that's growing is really a great way to do that. Especially if you have a sort of an established user base and the customer base. And then to sort of back that on top of thousands of customers and users that come with Red Hat in itself, gives us a lot of confidence that that's going to continue and only grow further. So the decision wasn't a difficult one, although transparently, I feel like even if we had pushed back I think Red Hat was pretty determined about open-source and we get anyway, but it's to say that we actually were in agreement to be able to go down that path. I do think that there's a lot of details to be worked out because obviously there's sort of a lot of the nuances in how you build product and manage it and maintain it and then, how do you introduce community feedback and community collaboration as part of open-source projects is another big part of it. I think the part we're really excited about is, is that it's very important to have really good community engagement, maintenance and response. And for us, even though we actually discussed this particular strategy during StackRox, one of the hindering aspects of that was really the resources required to be able to manage and maintain such a massive open-source project. So having Red Hat behind us and having a lot of this experience was very relevant. I think, as a, as a startup to start proprietary and suddenly open it and try to change your entire business model or go to market strategy commercialization, changed the entire culture of the company can sometimes create a lot of headwind. And as a startup, like sort of I feel like every year just trying not to die until you create that escape velocity. So those were I think some of the risk items that Red Hat was able to remove for us and as a result made the decision that much easier. >> Yeah, and you got the mothership with Red Hat they've done it before, they've been doing it for generations. You guys, you're in the startup, things are going crazy. It's like whitewater rafting, it's like everything's happening so fast. And now you got the community behind you cause you're going to have the CNC if you get Kubecon. I mean, it's a pretty great community, the support is amazing. I think the only thing the engineers might want to worry about is go back into the code base and clean things up a bit, as you start to see the code I'm like, wait a minute, their names are on it. So, it's always always a fun time and all serious now this is a big story on the DevSecOps. And I want to get your thoughts on this because kubernetes is still emerging, and DevOps is awesome, we've been covering that in for all of the life of theCUBE for the 11 years now and the greatness of DevOps but now DevSecOps is critical and Kubernetes native security is what people are looking at. When you look at that trend only continuing, what's your focus? What do you see? Now that you're in Red Hat as the CTO, former CTO of StackRox and now part of the Red Hat it's going to get bigger and stronger Kubernetes native and shifting left-hand or DevSecOps. What's your focus? >> Yeah, so I would say our focus is really around two big buckets. One is, Kubernetes native, sort of a different way to think about it as we think about our roadmap planning and go-to-market strategy is it's mutually exclusive with being in infrastructure native, that's how we think about it and as a startup we really have to focus on an area and Kubernetes was a great place for us to focus on because it was becoming the dominant orchestration engine. Now that we have the resources and the power of Red Hat behind us, the way we're thinking about this is infrastructure native. So, thinking about cloud native infrastructure where you're using composable, reusable, constructs and objects, how do you build potential offerings or features or security components that don't rely on third party tools or components anymore? How do you leverage the existing infrastructure itself to be able to conduct some of these traditional use cases? And one example we use for this particular scenario is networking. Networking, the way firewalling in segmentation was typically done was, people would tweak IP tables or they would install, for example, a proxy or a container that would terminate MTLS or become inline and it would create all sorts of sort of operational and risk overhead for users and for customers. And one of the things we're really proud of as sort of the company that pioneered this notion of cloud native security is if you just leverage network policies in Kubernetes, you don't have to be inline you don't have to have additional privileges, you don't have to create additional risks or operational overhead for users. So we're taking those sort of core philosophies and extending them. The same way we did to Kubernetes all the way through service manager, we're doing the same sorts of things Istio being able to do a lot of the things people are traditionally doing through for example, proxies through layer six and seven, we want to do through Istio. And then the same way for example, we introduced a product called GoDBledger which was an open-source tool, which would basically look at a yaml on helm charts and give you best practices responses. And it's something you we want for example to your get repositories. We want to take those sort of principles, enabling developers, giving them feedback, allowing them not to break their existing workflows and leveraging components in existing infrastructure to be able to sort of push security into cloud native. And really the two pillars we look at are ensuring we can get users and customers up and running as quickly as possible and reduce as much as possible operational overhead for them over time. So we feel these two are really at the core of open-sourcing in building into the infrastructure, which has sort of given us momentum over the last six years and we feel pretty confident with Red Hat's help we can even expand that further. >> Yeah, I mean, you bring up a good point and it's certainly as you get more scale with Red Hat and then the customer base, not only in dealing with the threat detection around containers and cloud native applications, you got to kind of build into the life cycle and you've got to figure out, okay, it's not just Kubernetes anymore, it's something else. And you've got advanced cluster security with Red Hat they got OpenShift cloud platform, you're going to have managed services so this means you're going to have scale, right? So, how do you view that? Because now you're going to have, you guys at the center of the advanced cluster security paradigm for Red Hat. That's a big deal for them and they've got a lot of R and D and a lot of, I wouldn't say R and D, but they got emerging technologies developing around that. We covered that in depth. So when you start to get into advanced cluster, it's compliance too, it's not just threat detection. You got insights telemetry, data acquisition, so you have to kind of be part of that now. How do you guys feel about that? Are you up for the task? >> Yeah, I hope so it's early days but we feel pretty confident about it, we have a very good team. So as part of the advanced cluster security we work also very closely with the advanced cluster management team in Red Hat because it's not just about security, it's about, how do you operationalize it, how do you manage it and maintain it and to your point sort of run it longterm at scale. The compliance part of it is a very important part. I still feel like that's in its infancy and these are a lot of conversations we're having internally at Red Hat, which is, we all feel that compliance is going to sort of more from the standard benchmarks you have from CIS or particular compliance requirements like the power, of PCI or Nest into how do you create more flexible and composable policies through a unified language that allows you to be able to create more custom or more useful things specific to your business? So this is actually, an area we're doing a lot of collaboration with the advanced cluster management team which is in that, how do you sort of bring to light a really easy way for customers to be able to describe and sort of abstract policies and then at the same time be able to actually and enforce them. So we think that's really the next key point of what we have to accomplish to be able to sort of not only gain scale, but to be able to take this notion of, not only detection in response but be able to actually build in what we call declarative security into your infrastructure. And what that means is, is to be able to really dictate how you want your applications, your services, your infrastructure to be configured and run and then anything that is sort of conflicting with that is auto responded to and I think that's really the larger vision that with Red Hat, we're trying to accomplish. >> And that's a nice posture to have you build it in, get it built in, you have the declarative models then you kind of go from there and then let the automation kick in. You got insights coming in from Red Hat. So all these things are kind of evolving. It's still early days and I think it was a nice move by Red Hat, so congratulations. Final question for you is, as you prepare to go to the next generation KubeCon is also seeing a lot more end user participation, people, you know, cloud native is going mainstream, when I say mainstream, seeing beyond the hyperscalers in the early adopters, Kubernetes and other infrastructure control planes are coming in you start to see the platforms emerge. Nobody wants another security tool, they want platforms that enable applications handle tools. As it gets more complicated, what's going to be the easy button in security cloud native? What's the approach? What's your vision on what's next? >> Yeah so, I don't know if there is an easy button in security and I think part of it is that there's just such a fragmentation and use cases and sort of designs and infrastructure that doesn't exist, especially if you're dealing with such a complex stack. And not only just a complex stack but a potentially use cases that not only span runtime but they deal with you deployment annual development life cycle. So the way we think about it is more sort of this notion that has been around for a long time which is the shared responsibility model. Security is not security's job anymore. Especially, because security teams probably cannot really keep up with the learning curve. Like they have to understand containers then they have to understand Kubernetes and Istio and Envoy and cloud platforms and APIs. and there's just too much happening. So the way we think about it is if you deal with security a in a declarative version and if you can state things in a way where how infrastructure is ran is properly configured. So it's more about safety than security. Then what you can do is push a lot of these best practices back as part of your gift process. Involve developers, engineers, the right product security team that are responsible for day-to-day managing and maintaining this. And the example we think about is, is like CVEs. There are plenty of, for example, vulnerability tools but the CVEs are still an unsolved problem because, where are they, what is the impact? Are they actually running? Are they being exploited in the wild? And all these things have different ramifications as you span it across the life cycle. So for us, it's understanding context, understanding assets ensuring how the infrastructure has to handle that asset and then ensuring that the route for that response is sent to the right team, so they can address it properly. And I think that's really our larger vision is how can you automate this entire life cycle? So, the information is routed to the right teams, the right teams are appending it to the application and in the future, our goal is not to just pardon the workload or the compute environment, but use this information to action pardon application themselves and that creates that additional agility and scalability. >> Yeah it's in the lifecycle of that built in right from the beginning, more productivity, more security and then, letting everything take over on the automation side. Ali congratulations on the acquisition deal with Red Hat, buyout that was great for them and for you guys. Take a minute to just quickly answer final final question for the folks watching here. The big news is you're open-sourcing StackRox, so that's a big news here at KubeCon. What can people do to get involved? Well, just share a quick quick commercial for what people can do to get involved? What are you guys looking for? Take a pledge to the community? >> Yeah, I mean, what we're looking for is more involvement in direct feedback from our community, from our users, from our customers. So there's a number, obviously the StackRox platform itself being open-source, we have other open-source tools like the KubeLinter. What we're looking for is feedback from users as to what are the pain points that they're trying to solve for. And then give us feedback as to how we're not addressing those or how can we better design our systems? I mean, this is the sort of feedback we're looking for and naturally with more resources, we can be a lot faster in response. So send us feedback good or bad. We would love to hear it from our users and our customers and get a better sense of what they're looking for. >> Innovation out in the open love it, got to love open-source going next gen, Ali Golshan Senior Director of Global Software Engineering the new title at Red Hat former CTO and founder of StackRox which spread had acquired in January, 2021. Ali thanks for coming on congratulations. >> Thanks for having, >> Okay, so keeps coverage of Kube Con cloud native Con 2021. I'm John Furrie, your host. Thanks for watching. (soft music)

>> Announcer: From Las Vegas, it's theCUBE. Covering Qualys Security Conference 2019. Brought to you by Qualys. >> Hey, welcome back everybody. Jeff Frick here with theCUBE. We're at the Bellagio Hotel in Las Vegas, at the Qualys Security Conference. This conference has been going on for 19 years. It's our first time to be here. We're excited to be here, but it's amazing that they've just been clipping along through wave after wave after wave. They've got some new announcements today and we're excited to get the full rundown here. Our next guest is Chris Carlson, the VP of Strategy from Qualys. Chris, great to meet you. >> Great, thanks, great to be here. >> Yeah, so you just got out of your session. How did your session go? >> Yeah, it was fantastic. In fact, that's the great thing about a Qualys Security Conference, because we have the ability to not only interact with our customers and partners, but actually showcase what's new, but also what we're working on coming in the future. >> Jeff: Right. >> And that's really important for us at Qualys because we get the feedback from the customers early, and we can work very closely with them to find the right set of solutions and the right products for their use in their environment and programs. >> Now, the security landscape has changed quite a bit over the last two decades, and Phillipe's keynote, I mean he is right on the edge in terms of really appreciating cloud and the benefits of cloud. You guys have a lot of great integration partners. You know, did you have to re-architect this thing, at some point down the road? I mean it's pretty amazing that you've been at it for two decades and still really sitting in a good spot here as kind of the cloud and IOT and 5G and this next big wave of innovation starts to hit. >> Well that's right, and I think that's why it starts with that vision, but it's not just a vision of where the market is going, but the vision of where technology is going. So when Qualys started, they started in the cloud, and they started with the cloud delivered architecture. And that was really, maybe early for a lot of first customers. 20 years ago security was maybe not as much, and put security in the cloud, that's where all the bad guys are. But it's really that architecture vision technology that allowed us to not only innovate quickly on a platform, but as our customers grew, as our customers moved to the cloud, as our customers moved to IOT and OT and mobile computing and those aspects, we're already there. >> Jeff: Right, right. >> We're already there. So and that is what really the advantage for us is, we don't have to re-architect our platform, we can layer on new capabilities and new services, new products leveraging the existing architecture that we've developed in the cloud. >> Yeah, it's really little bit of good fortune, a little bit of luck, a little bit of smarts, right. >> I think it's maybe a lot of experience and smarts from that. >> Well, it's just funny right, 'cause we had John Chambers on not that long ago, and his kind of computing waves, he was using kind of 10 year waves as kind of the starting points. And Phillipe's were a little bit longer, but it's the same kind of story with mainframes and minis and client server and now cloud, but as he said, and as you've reinforced, if you don't architect it to be able to do that at the beginning, you can't necessary repurpose it for this new application. It's really architecture-specific, and without that kind of vision, you're not going to be able to take advantage. >> That's right. >> Of these kind of new waves. >> Exactly, and I think that architecture breaks down into different levels. So one is systems architecture, but there's also the design architecture. So the technologies that we're using on our platform today aren't the same 20 years ago. We've swapped out those technologies. We use new modern technologies. Technically, like Kafka streaming blasts to do real-time event streaming. Cassandra for object data store. Those did not exist five or six years ago. But from our architecture that we're collecting lightweight data from our customers, and analyzing it in our cloud platform. Doesn't matter if we have one million events, a billion events, a hundred billion events, the platform can scale the process of those. >> Right. The other piece clearly that you've mentioned two or three vocabulary words right there is the open source component. You know, the open source has grown dramatically since the early days of Linux, both in terms of market acceptance as well as kind of new opportunities for things like Kafka to be able to grab that type of , integrate it into your product set and really drive a whole bunch of extra value. >> Yeah, that's right. I think we benefit as Qualys is using some of these open source technologies and we do contribute back, because we work with those teams. If there's any defects or performance enhancements, we do that. But while we've benefited from some of the open source technologies, our customers have benefited as well. Now they've benefited from new technology architectures, but in some cases they've benefited from new security problems. So if you get commercial off-the-shelf software, the vendor produces a security patch, they test that patch and they can apply the patch. In many cases with some open source software it's not like that. The customer has to get the software, compile it, make sure it works. Maybe it doesn't fix the vulnerability, and that's why in that case for them open-source technology can improve some of their IT systems and their business initiatives, but it puts a challenge on security to keep up with all the security risks that are happening across the board. >> Right. So one of the big announcements today was the VMDR. >> That's right. >> Tell us all about it. >> Great, so VMDR stands for Vulnerability Management Detection and Response, and that really is a capability that we've actually had in the platform itself, but the feedback from our customers were that internally their own people, their own process and their own tools created these artificial silos that prevented them from actually doing security detection and remediation at scale quickly. We have all these capabilities in the Qualys platform anyway, but with this new VMDR bundle we're bringing it together with new automation, new workflow, new orchestration, new user interfaces that actually reduce the time to remediate down to near zero in some cases. So, we had an example of a live attack that happened two years ago, WannaCry with EternalBlue, and many companies did nothing for two months. So they had the right tools, but maybe the data silos to go from one application to another application, to one team to another team just increased that length of when they could remediate. Our customers that had Qualys already had that data within the Qualys platform. We can tell them what assets they have, what the vulnerabilities were, that WannaCry was a big thing happening. And then with our patch management they can click one button and then just fix those assets easily. >> Jeff: Right, right. >> That was two years ago. Now this summer something called Blue Key. So Blue Key and Deja Blue is another attack that's happening, is going on right now. People don't know about it. Well, maybe not you. (laughing) Maybe if you're a Windows. >> I got nothing, I got nothing. >> Maybe if he has a Windows Operating System he's being attacked right now, I don't know about that. But a lot of our customers here, they're struggling with that every day. Not that Qualys can't tell them where it is, but they have to rely on another team to actually fix it. And that's what's so exciting about VMDR, Vulnerability Management Detection and Response, is the D and the R, the detection and the response allow them to remediate in a full life-cycle very quickly, very effectively, and with a high confidence that it has actually corrected those issues. >> Yeah, it's really interesting. You know, kind of the application versus platform conversation. You guys are integration partners with ServiceNow. Fred Luddy's been on many, many times, and tells a great story. You know, he wanted to build a platform, but you can't go to market with a platform. You got to go to market with an application, hopefully get some traction, and over time he started adding more applications, and it was pretty interesting listening to you guys. >> Well, I was actually going to stop you right there if you don't mind. >> No. >> The marketing people go to market with the platform. The marketing people say, "Hey version one is a platform." >> To their customers? But nobody's got a line-item to buy a new platform today, right. >> Exactly, and that's sort of the disconnect. >> Right. >> Really with normal enterprise sales models and technology. The marketing sales disconnect versus the technical reality that customers depend on for their environment. >> But if you do it right, then you can build that application stack, and I think in their earnings call, your guys last earnings call, you defined seven specific applications that sit on this platform that enabled in you to bundle and have kind of multi-application integration in the new VDMR. >> Yes, that's right, and I think that the difference with Qualys is they knew that the architecture was important. So our vulnerability management was an application on the architecture when it first launched 20 years ago. >> Right. >> And that really helped us going forward. So from the earnings call it's seven product capabilities on our lightweight agent, but the entire Qualys platform has 19 different product capabilities, in the same platform using the same user interface model and the VMDR takes many of those and bring it together in that single bundle on a per asset basis. >> Okay great, thanks for that clarification. Slight shift of focus. Another thing that came up in Philippe's keynote was kind of re-architecting the sales side and the market bundles that you guys are going to go to market with over time. And he broke it down into really only four big buckets of categories. Cloud providers, I think managed security service providers, enterprises, and I can't remember what the the last one was. Oh, OT and IOT vendors. >> Chris: IOT, correct, yes. >> So as you kind of look forward in the way that you're going to develop your products to go to market, how is that impacting your strategy, and are you seeing that start to play out in the marketplace? >> Yes, when we look at security technology and actually part of his keynote, he had this slide that had, you couldn't zoom in, because there's a million logos on this slide, security companies. And you go to some of the security shows, there's 800 vendors in the exhibit hall. >> Jeff: Oh yeah, we go to RSAC. I mean that that's why, it's chaos, right. >> So it's crazy, it's crazy. And there was an analyst that actually said a couple years ago that whenever there's a new threat, there's a new tech. Here's a new threat vector, now there's five new startups. And is that new threat vector super narrow, and it's only a feature, or is it a product, but our view of Qualys was a little bit different in that while the buying centers may be different, while some of the assets may be different, an OT asset versus a cloud asset versus the endpoint asset, the ability to discover it, identify it, categorize it, assess it, prioritize and remediate it is the same. That is the same. So whether it is a PLC on a shop floor from a car manufacturing, or a ecommerce web server that's running in a public cloud, or an end-user machine, the process to identify assess and remediate is exactly the same through us at Qualys with their platform. Different sensors for different asset types, normalized security data and different remediation approaches for different asset types, but all the same platform. >> But it sounds like you're doing some special stuff with Azure. >> Chris: Yes. >> So, tell us a little bit about kind of what's special about that relationship, what's special about that solution. >> Yeah, and that integration was announced two weeks ago at Microsoft Ignite, which is a big Microsoft show, and that really is a close partnership that we have with Microsoft. We actually did an early integration with them four years ago, but this is a lot deeper. And that really is Phillipe's and Qualys vision that security needs to be built in and not bolted on. >> Jeff: Right. >> That if you take, let's take a car for example. When you buy a car, you don't buy the car without a seat belt, an airbag, maybe a radio. You don't buy it without tires, it all comes together. You don't buy a car, then go to the seatbelt shop, and then buy a car and then go to the airbag shop. It all comes together, and that's what we're very excited about this announcement with Microsoft and Azure is that the vulnerability assessment is powered by Qualys already built into Azure. So there may be a whole set of customers that know nothing about Qualys, know nothing about our 20-year history, know nothing about our conference. they go to Microsoft Azure's, the security center, and it goes, "Assess your vulnerabilities," click a button and there's the vulnerability information. So this opens up a new capability for customers that they may not have used, but more importantly bringing security into IT without them knowing that they're doing security. And that is very powerful. >> So is it like a white label, under the covers or? >> So, it's not a white label, it's a joint integration. >> Chris: Okay. >> And it's a Microsoft Azure. >> Chris: So they eventually have, probably is in the bottom of the report. >> Powered by Qualys, powered by Qualys, right, so we got to have that name in there. >> Right, right, right, good. >> And what's exciting about Microsoft Ignite is that we had a lot of Microsoft IT and dev people come up to our Qualys booth and say, hey I don't know much about Qualys, but I get this report of things that I need to fix, tell me more about what you're doing and how can we help that fix faster. >> Chris: Right. >> And it's really about speed. Time to market, time to acquire customers, time to service customers, but more importantly time to produce new technology, time to secure the new technology, and lastly, unfortunately, time to respond to security events that may have happened in your network. >> And I presume they can buy more of the suite through the, and run it on the Azure stack. >> Yes, that's right. In fact, all of our capabilities can go on there from it, and that really is a strong partnership. In fact the group product manager for Azure is speaking at Qualys Security Conference just later today. That really shows a testament of the deep integration of partnership that we have with them. >> All right, Chris, before I let you go, you're the strategy guy. So as you look down the road in your crystal ball, I won't say more than three years, two years, three years, four years. What are some of the things you're keeping an eye on, what are the things you're excited about, what are the things you're a little concerned about? >> Well, I think that the things that we're excited about is a vision that Philippe and of course Ahmet has painted for it, is that the computing environment is accelerating dramatically, it's fragmenting dramatically. 5g might be a complete game-changer across the board. We have some of our large customers that have a project that they call Data Center Zero. 17 data centers, in two years, no data centers at all. I say that in their corporate offices they have laptops and printers, that's it. How do you secure and assess an environment that is ephemeral and that is virtual and that is remote, and that's where the Qualys platform architecture can move along with those customers. Our very largest customers are the ones leading the charge, not only developing new capabilities, but also using them as they come out. So I think that's what we're very excited about. I think that's some areas that we're working deeper with our customers on, is at the end of the day, it's people, process, and tools. And we're working on the technology capability and stack that can also influence and make the process better, but ultimately the people have to come in and understand that security has to be built in, we have to shift left, integrate it into the dev cycle to really reduce that attack surface and have a stronger, more secure enterprise. >> All right Chris, well, think you're going to be busy for the next couple years. >> It's a exciting time, it's an exciting time for Qualys. >> All right, well again, congrats on the event. >> Thanks very much. >> Thanks for having us. Can't believe it's been here for 19 years and we haven't been here yet. So again, thanks for having us and congrats on all your success. >> Great, fantastic Jeff. >> All right, he's Chris, I'm Jeff. You're watching theCUBE. We're at the Qualys Security Conference in Las Vegas. Thanks for watching. We'll see you next time. (upbeat music)

>>from Las Vegas. It's the Q covering quality security conference 2019. You >>bike, Wallace. Hey, Welcome back. You're ready. Geoffrey here with the Cube were in Las >>Vegas at the Kuala Security Conference here at the Bellagio. 19 years they've been doing this conference star first time here, But we've got a real veteran. Has been here for 16 years who can really add some depth and perspective for happy to welcome submit to car. He's a president and chief product officer for cause like >>to see you. Thank you, >>Jeff. Thanks for having me. >>Pleasure. So just, uh, don't lorry before getting ready for this. Um, this day, listening to the earnings call. And you got a really nice shout out in the nights in the Last Rings call and your promotion just to let everybody know what submits got underneath his plate. R and D. Q A ops, product marketing and customer support and adding worldwide field sales ops. You're busy, guy. >>Yeah, you know. But the good thing is, >>no matter who you are, you only have 24 hours in the >>day. That's true. Just as Leo. But I am curious because you've been here for a >>while, you've seen a lot of technology, you know, kind of waves. And yet here you guys still are. You've got an architecture that's built to take advantage of things like open source to take advantage of things. My cloud is you kind of take a breath between customer meetings and running from panel the panel and you think about kind of the journey. You know what? What kind of strikes you that you know, that you guys are still here, Still successful, Still have a founding CEO. It's >>your position. Yeah, It's actually very interesting >>being here for 16 years. Started a software engineer. And, you know, I've been doing a lot of stuff doing a product management now, engineering and all of that. And I think one thing that's really part of the DNA for us and which is really helped us keep growing, is being innovative continuously, right, because five years ago, nobody would have said container technology docker eso, as new security knew in for sexual pattern times have come about. We've just been on our toes and making sure that we are addressing all these different newer areas. And so the key is not so much about what new technology is going to come, because two years from now there was something that we don't even know about right now. What's key is that we build a platform that we keep adding additional capabilities that continue to quickly and nimbly be able to address customer's needs. From that perspective. >>Yeah, we just had Laureano. She talked quite a bit about your kind of customer engagement model being different than the traditional ones, really trying to build a long lasting relationship and to collect that data from the customers to know what their prairies are all about. >>Yeah, >>and, you know, it's because we've been subscription based since day one. You know, this is the not we're not incentivized to go and try to sell our customers big fact, multimillion dollar deals. Then we don't disappear like enterprise sales usually does on perpetual licenses. So we have to earn our keep, and we want to make sure customers are we understand their needs so that they actually buy and purchase only what they are going to use so we can go back and they can grow more. We show the value. Uh, so that's a very different model on, you know, at the end of the day, that is a model of the cloud. So everybody who was in this consumption based model has to ensure that they are every year, going back and showing the value and earning their subscription back. So in that sense, security. Not a lot of vendors have done that for a long time. We've been the ones since the beginning to kind of follow this model, and it's worked very well for us. It's a great model. Customers were happy as we had more solutions. We showed the value, and it's very easy for them to upgrade and get additional value of quality at a very reasonable of you. No cost to them. >>It's interesting. Feli talked about an early conversation that he had with Marc Benioff details Horse and and I would argue that it was really sales force. That kind of cracked the code in terms of enterprising, being comfortable with a cloud based system and, you know, kind of past the security and the trust in this in that, so to make that gamble on the cloud so early, very, very fortunate and for two days. Thea Other thing I think that does not get enough play which you just touched on is a subscription business model forces you to deliver every month they're paying every month you gotta deliver Your mother is a very different relationship than a once a year. You know, not even once year to go get that big lump sum to get the renewal cause you're in bed with them. Every single say absolutely. Yeah, >>so that's really a very interesting model. >>So as you look forward, I know you're just given Ah, talk on, you know, kind of starting to look at the next big wave of trends. How do you get out ahead of it? What are you thinking about? What keeps you up at night would be excited about. >>So the very cool part about that about my job is that I also heard engineering and product Fork Wallace and Security. So we're living that digital transformation that our customers are going through as well. So we have a massive black farm. We have, like, three trillion data points. Every index, we have one million rights per second on Cassandra Clusters. So we are dealing with the same infrastructure innovation that our customers are doing and so died is helping us also learn how the secular own platform what our customers are thinking. Because as they are moving into Dev ops, we have already moved into that. We have learned our lessons, so we relate to what they're going through. And that's really the next big thing is hard to be enabled. Security tools to really be built into the develops stool chain so that we eliminate a lot of the issues upfront before they ever even become an issue. And, you know, my talk this morning was about started with the notion of t t R, which is the time to remediate, and the best time to the mediator is the time of zero, right? If you don't ever let the issue get into your production environment, you never have to worry about fixing it. And that's really the next big thing for us is how do we create a platform that helps customer not the look at security in multiple silos, but to have a single platform where they can go all the way from develops to production to remediation to response all orchestrated to the same platform, >>right? It's pretty interesting, because that was, uh, Richard Clarke. Keynote the author. You know, we used to always break cos down into two buckets. You know, either those that had that have been breached and those that have been breached just don't know about it yet. Yeah. Yeah. And then, you know, he introduced his third concept, which is those that got breached but actually got on it. Remediated it. Maybe not the time, zero, but in a way that it did not become a big issue. Because, let's face it, you're going to get breached at some level. It's How do you keep it from becoming a big, big nightmare? >>Exactly. And that is really the only measure off effectiveness off your security, right? It's not about how many people you have, how many dollars you spend on security, how big your security team is. Harmony renders you have How quickly can you get in there, find and fix any issue that comes up? That's that. That's the living matter. If you can't do that with no people and no, uh, you know, re sources that are being put to it with automation, then that's great. If you do that with 50 people, that's great. We just need to be able to get to that point. And today, off course with hybrid infrastructure, we are realizing quickly, throwing more people that the problem is not really solving the problem. We just cannot keep going. We need to leverage that seem scalable technology that has been used in the digital transformation to provide that similar stuff from a security perspective through the customers as well, >>right? And even if you even if you wanted to hire the people, there aren't enough people, >>and that's another just our people, right? So the other >>thing that you must be really excited about is on the artificial intelligence of machine learning site and a lot of buzz in the press. Talk about robots and machines and this type of stuff. But, as you know, is we know where that robber really hits. The road is applied a I and bring in the power of that technology to specific problems. Complete game changer, I would assume for which you guys could do looking forward. >>Yeah. I mean, uh, you can really only >>have good machine learning and gold. Aye aye, if you really have a massive historic data that you can really mind to find out trends and understand how patterns have evolved, right, so only cloud based solutions can actually do that because they have a large amount of customer telemetry that they can understand and do that. So from that sense, Wallace Black form is absolutely suited for that. But having said that again, all of these have there specific application. So there's vendors were coming out and claiming that machine learning's going to solve world hunger and everything's gonna be great just because your machine learning but no machine learning and the prediction that comes with that on the privatization is one element off your tool kit. You still have to do your devil options still have to fix things. You still have to do a lot of things. But then how do you predict out of all the chaos, how can you try to focus on some things that may become a real problem, which are not now? So that's really the exciting part is to be able to bring that as an additional tool kit for the customer in their arsenal to be ableto respond to threats much faster and better than they have in the past, >>right? It is a cloud based platform. You guys are sitting in the catbird seat for that. What about on the other side? The on the ed side, Another kind of new thing that's coming rapidly. Edges are are messy. They don't have nice, pristine data. Center your environments. There's connectivity, problems, power problems, all types of issues as you look at kind of edge and an I A. T more generally, you know, increasing the threat surface dramatically. How do you How do you kind of think about that? How do you approach it to make it not necessarily a problem, but really an opportunity for follows? >>I mean, that's Ah, that's a great question because there is no magic pill for that, right? It's like you just have to be able to leverage continuous telemetry collection and the collection to be able to see these devices CDs, patterns on. So that's works really well for us because that to be able to do that right in a global organization to almost every organization is global. Global organization has multiple infrastructure, multiple people in different locations, multiple offices. And, uh, if you look at the eye ot architecture, it is about sensors that are pushing down the one common platform which controls them and which updates them and all of that. That's the platform that Wallace's build since the beginning is multiple of these different sensors that are continuously collecting later, pushing it back into our platform. And that's the only way you can get the visibility across your global infrastructure. So in many ways, we are well suited to do that. And which is the big reason why we gave out of a global ideas and then 20 product for free for customers, because we truly believe that that's the first step for them to start to get secure. And because we have the architecture and the platform and become significantly easier for us to be able to give them that gave every day, which is truly wide and not just say I have visibly in my cloudy here. But then container visibly, somewhere there and I ot visibly somewhere else, we bring all of that together in one place. >>All right, Spencer, I know you've got Thio run off >>to your next commitment. We >>could we could keep going, but I think we have to leave it there again. Congrats on your promotion >>and thank you. All right. He submit. I'm Jeff. You're watching the Cuba Think >>Wallace Security conference in Las Vegas. Thanks for watching. We'll see you next time. Thanks.

>>live from Las Vegas. It's the Cube covering Splunk dot com. 19. Brought to You by spunk. >>Hey, welcome back. Everyone's live Cube coverage in Las Vegas. That's plunks dot com. 2019 thistles their annual customer conference, where they unleash all the new technologies, announce all the new things. Everyone's here. It's the 10th anniversary of Splunk dot com cubes. Seventh year we've been covering slung been quite the journey from scrappy, startup going public growth phase. Now market leader on Outside has to come to success from the products and the engineering. And, of course, the people in the field that that served customers. And we're here with Susan St Leger, who's the president of worldwide field operations. Thanks for coming back to see you. >>Thank you, John. It's exciting to be here. >>So in the keynote, bringing data to every outcome is really the theme. Um, you seem to got a spring to your step here. You excited this year? What an amazing successful show because you got a platform. But the proof is out there. You got that ecosystem. You got people building APS on top of it. It's kind of all coming together this year, >>It sure is experience. It's it's it's just it's a huge leap forward, and I think so. Much of it is a vision of data to everything. And if you think about it, we talk about. We want to bring data to every question, every problem in every action. And the biggest thing you're going to see that you did see in the show is it's no longer just about the Splunk index. We're going to help you get you get value out of data wherever it lives. >>You had some big news on acquisition front Signal FX. Big chunk of change for that company. Private hot category. Observe ability, which really taste is out. That next 20 mile stare in the marketplace, which is cloud native. >>That's a >>cloud Service is, which comes together in the platform with logging coming together. >>Yeah, so exciting Way looked hard at that entire market, and signal FX was definitely the right answer. They operated a scale similar to us. They know how to how to operate it that scale, and so they're gonna be able to serve our customers well. And our view of the world is it's going to be hybrid for a very long time. But they serve that new cloud native world better than anybody else. It's It's when you do monitoring the cloud native world. It's really interesting to think about it. It's all made up of Micro service is right. So thousands of Micro Service's hundreds, thousands of Micro Service's and so in traditional monitoring, it's always you're tryingto monitor things you know could go wrong. In a microt service landscape, you don't know everything that could possibly go wrong. And so it's a level of complexity that's just very different. And so it's all about instrument ing, so that when something does go wrong, you can solve it. >>You guys have a very loyal based customer base, and that's again testament success. But the product has changed, and the value problems is emerging even further with data. That's a big theme. Data to everywhere, everything and security has come up on the radar a few years ago, here, the show. But this almost is a full blown security show at this point, because security center of everything you can't ignore it's become a centerpiece of everything data, the access to the diversity, How is that impacting the field because you're not. I mean, I guess you're a security company enabler and solve security problems. Date is a big part of it. Sure, I was at shaping your operations, >>So I think the thing to understand is correct. We're not just a security company, but we are number one in the security Magic quadrant. We're number one in both I. D. C and Gardner, and so that's important. But what happens is all the data the equal act for security can also be used for all these other use cases. So, generally speaking, whatever you're collecting for security is also valuable for I t operations, and it's also valuable for many other use cases. So I'll give you an example. Dominoes, which is a great customer of ours. They're gone 65% of their orders now come in digitally, okay? And so they monitor the entire intend customer experience. But they monitor it not only from a nightie operations perspective. That same data that they used righty operations also tells them you know what's being ordered, what special orders are being made and they use that data for promotions based upon volume and traffic and timing. they actually create promotion. So now you're talking about the same data that he collected for security night operations you can actually use for promotions, which is marketing is >>not a lot of operating leverage in data. You're getting out this. The old model was is a database. Make a queer. You get a report. Little time problem there. But now you have. Well, that other date is over there in another database. Who runs that data? So the world has certainly changes now, data needs to be addressable. This seems to be a big theme here on undercurrent. I know data to everywhere is kind of global theme, but don't diverse data feeds a I cracked and address ability allows for application access. >>Correct. So we look at the entire data landscape and say, we want to help you get data value out of your data wherever it lives. And it's right now, we've changed to the point where we are operating on data in motion, which is with data stream processor, which is hugely beneficial. You mentioned you know, a I m l way actually do something so unique from an ML perspective because we're actually doing the ml on the live streaming so, so much more valuable than doing it in batch mode. And so the ability to create those ML models by working on live data is super powerful. >>Good announcement. So you guys had the data processor. You have the search fabric, >>data fabric search, >>real time and acceleration our themes there. I want to get your thoughts on your new pricing options. Yes. Why now? What's that mean for customers? >>So if we want to bring data to everything, we have to allow them to actually get all the data right? So we needed to give them more flexible models and more alternative models. So for some people and just motto is very comfortable. But what they want it was more flexibility. So if you look at our new traunch pricing are predictable pricing, there's a couple of things that we've done with it. Number one is from 125 gig all the way up to unlimited. We'll show your predictable pricing so you don't have to guess. Well, if I move from 20 terabytes 2 50 what's that gonna cost me? We're gonna tell you, and you're gonna know and so That's one. The second thing is you don't have to land on the exact ingest. So before, if you bought a terabyte, you got a terabyte. Right now there's a traunch from 1 to 2 terabytes. There's a trunk from 2 to 5 terabytes. And so it gives the customers flexibility so that they don't have to worry about it coming back to buy more right away. >>So that's kind of cloud by as you go variable pricing. Exactly. I want your thoughts on some of the sales motions and position and you guys have out in the field. Visa VI. The industry has seen a lot of success and say Observe ability. For instance, Southern to Rick and Kartik About this. Yes, you guys are an enterprise software cloud and on premises provider you Enterprise sales motion. >>Yes, >>there's a lot of other competition up there that sells for the SNB. They're like tools. What's the difference between an offering that might look like Splunk but may be targeting the SNB? Small means business and one that needs to be full blown enterprise. >>Yeah, so I think the first and foremost most of the offerings that we see land in S and B. They have scale issues over time, I and so what we look at it and say is and they're mostly point products, right? So you can you can clutter up your environment with a bunch of point products, doing all these different things and try and stitch them together. Or you can go with this fun clock for him. So which allows you thio perform all of the same operations, whether B I t Security or Data Analytics in general. But it really isn't. It's about having the platform. >>You guys, what reduced the steps it takes to implement our What's the value? I guess. Here's Here's the thing. What's the pitch? So I'm on Enterprise. I'm like, Okay, I kept Dad. I got a lot of potential things going on platform. I need to make my data work for me any day to be everywhere. I au g Enterprise Cloud. What's the Splunk pitch? >>So our pitches were bringing dated everything, and first and foremost it's important. Understand why? Because we believe at the heart of every problem is a data problem. And we're not just talking t and security. As you know, you saw so many examples. I think you talk to his own haven earlier this week. Right? Wildfires is a data problem New York Presbyterian is using using us for opioid crisis. Right? That's a data problem. So everything's a data problem. What you want is a platform that can operate against that data and remove the barriers between data and action. And that's really what we're focused on. >>He mentions own haven that was part of Splunk Ventures Fund. You have a social impact fund? Yes, what's the motivation line that is just for social good? Is there a business reason behind it or both? >>What's this? So we actually have to social focuses. One is long for good, and that is non profit. What we announced this, what we announced a couple weeks ago that we reiterated yesterday was the spunk, social impact funds, a splint venture social impact fund, and this is to invest in for profit companies using data for social good. And the whole reason is that we look at it and so we say we're a platform. If you're a platform, you want to build out the ecosystem, right? And so the Splunk Innovation Fund splint Ventures Innovation Fund is to invest in new technology focused on that that brings value out of data. And on the other side, it's the spunk. Social impact. Thio get data companies that are taking data and creating such a >>Splunk for good as Splunk employees or a separate nonprofit. And >>it's not a separate nonprofit entity, but it is what we what we invest in. Okay. >>Oh, investing in >>investing in non for profit. Exactly like when we talked about the Global Emancipation Network right, which uses Splunk to fight human trafficking. That's on the nonprofit side. >>So take me through. This is a really hot area we've been covering for good because all roads I want now is for bad. Mark Zuckerberg's testifying from the Congress this morning kind of weird to watch that, actually, but there's a lot of good use cases. Tech tech can be shaped for good. A lot of companies are starting and getting off the ground for good things, but they're kind of like SMB, but they want the Splunk benefit. How do they engage with spunk if I'm gonna do ah social impact thing say cube for good? I got all this Tech. How do I engage punk? I wanted, but I don't know what to do. Have access to tools? How do I buy or engage with Splunk? >>Yes, start parties. Fund managers is making sure it's not just money, right? It's money, its access to talent. It's access to our product. And it's, you know, help with actually thinking through what they're trying to achieve, so it really is the entire focus. It's not just about the tech, Thea. Other thing I would say is you saw that we put out a Splunk investigate, and you also saw us talking about spunk, business slow and mission control. Those air now all built on a native SAS platform. And so the ability for our ecosystem now to go build on a native son platform is going to be incredibly powerful. >>So you expect more accelerated opportunities that all right, what's your favorite customer success stories? I know it's hard to pick your favorites, like picking a favorite child may be filled with the categories. Most ambitious class clown class favorite me. What's the ones you would call a really strong, >>so hit on a couple of my lover Domino story and the other one that I love, that I touched on. But I want to expand on because I think it's an amazing story. Is New York Presbyterian on using the Yes See you sprung for traditional security for private patient privacy. They also use it for medical devices. But here's the thing they use it for to help the opioid crisis. And you're like, How is opioid crisis a data problem? What they do is they actually correlate all the data that so doctors are prescribing the opioids who they're prescribing them to a number of prescriptions being building their pharmacy and then the inventory of opioids. Because they actually have sensors on all the cabinets where they get the opioids, they correlate all the data, and they make sure that if they understand if opioids being stolen from the hospital, because what people don't understand is that the opioid a lot of big part of the opioid crisis starts with hospitals to say of such a big volume of opioids. And so that, to me, is just I guess I love it because it's a great customer success story. But it's also again, it's so much fun doing good problem. >>A lot of deaths. I gotta ask you around your favorite moments here dot com, and you're a lot of conversations in your customer conversations this year. Let's do a little Splunk of the Cube right now can take the patterns, all the data, your meetings. What's the top patterns that are emerging? What are some of the top conversation themes that just keep popping up with customer? Specifically, >>I think the biggest thing is that they have seen more innovation unleash this year than they have ever seen in one year from Splunk. The other thing is that we've gone far outside of our traditional spunk index right and that the portfolio has grown so much and that we're allowing them to operate and get value out of the data wherever it lives. So data in motion and then you saw in data fabric search. We'll let you query not only the Splunk indices, but also H D. F s and s three buckets and more buckets to come. So more sinks if you will. So, really, what we're trying to do is say, we're just going to be your date a platform to help you get value >>Susan, you're a great leader and slung. Congratulations on your success again. They continue to grow every year. Splunk defies the critics. Now you're a market leader. Culture is a big part of this. What is your plans this year To take it to the next level? You're president of field worldwide, field operations, global business landscape. What are some of your goals and objectives on culture >>and the culture? So thank you, Jon. First of all, for your comments and were so committed to our culture, I think you know, as you grow so quickly, it takes a real effort to stay focused on culture way, have an incredible diversity and inclusion program. Onda We do way. It's a business imperative for us. Every single leader has diversity, diversity, inclusion, focuses and targets. And so I think that's a huge part of our culture. And the reason I say that, John, I don't know if you've ever heard about a 1,000,000 data points. Did anybody ever way Always talk about, you know in different different settings will share a couple of our 1,000,000 data points. What we want to make sure is a culture is that way. >>We >>have our employees showing up with their authentic self and because you do your best work when you can show up is your authentic self. And so we have people share a handful of their 1,000,000 data points at all different times throughout the year to get to know each other as individuals, as human beings and really understand what matters to each other. And I love that 1,000,000 data points culture, and I got that. We truly live it. And again it's It's about authenticity. And so I think that's what makes us incredibly special. >>And inclusion helps that trust >>fund elaboration, yes, and also just add to that. We're very proud of the fact that we made the fortune list this year for best places to work for women. So it shows that our focus, you know, we started. We started revealing our metrics just about two years ago, and we've had significant improvement way. Believe that what you focus on what you measure is what you improve. So we started measuring and improving it, and this year we made the list for a fortune that's called walking. It is Congratulations. Thank you. We're very excited about >>awesome on global expansion. I'm assuming is on the radar. Well, >>always, especially at this point. We're ready to double down and some of the tier one mark. It's a lovely for sure >>wasn't saying. Legend. President of worldwide field operations here inside the Cube. Where day to slung dot com 10th anniversary of their customer conference Our seventh year covering Splunk Amazing Ride They continue to ride the big wave. Thats a Q bring you all the data on insights here. I'm John Ferrier. Thanks for watching.

>> Announcer: From Seattle, Washington, it's theCUBE! Covering AWS IMAGINE Nonprofit. Brought to you by Amazon Web Services. >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're in the waterfront in Seattle, Washington, it's absolutely gorgeous here the last couple of days. We're here for the AWS IMAGINE Nonprofit event. We were here a couple weeks ago for the education event, now they have a whole separate track for nonprofits, and what's really cool about nonprofits is these people, these companies are attacking very, very big, ugly problems. It's not advertising, it's not click here and get something, these are big things, and one of the biggest issues is human trafficking. You probably hear a lot about it, it's way bigger than I ever thought it was, and we're really excited to have an expert in the field that, again, is using the power of AWS technology as well as their organization to help fight this cause. And we're excited to have Brad Myles, he is the CEO of Polaris and just coming off a keynote, we're hearing all about your keynote. So Brad, first off, welcome. >> Yeah, well thank you, thank you for having me. >> Absolutely, so Polaris, give us a little bit about kind of what's the mission for people that aren't familiar with the company. >> Yeah, so Polaris, we are a nonprofit that works full-time on this issue. We both combat the issue and try to get to long-term solutions, and respond to the issue and restore freedom to survivors by operating the National Human Trafficking Hotline for the United States, so, it's part kind of big data and long-term solutions, and it's part responding to day-to-day cases that break across the country every day. >> Right, in preparing for this interview and spending some time on the site there was just some amazing things that just jump right off the page. 24.9 million people are involved in this. Is that just domestically here in the States, or is that globally? >> That's a global number. So when you're thinking about human trafficking, think about three buckets. The first bucket is any child, 17 or younger, being exploited in the commercial sex trade. The second bucket is any adult, 18 or over, who's in the sex trade by force, fraud, or coercion. And the third bucket is anyone forced to work in some sort of other labor or service industry by force, fraud, or coercion. So you've got the child sex trafficking bucket, you've got the adult sex trafficking bucket, and then you've got all the labor trafficking bucket, right? You add up those three buckets globally, that's the number that the International Labour Organization came out and said 25 million around the world are those three buckets in a given year. >> Right, and I think again, going through the website, some of the just crazy discoveries, it's the child sex trafficking you can kind of understand that that's part of the problem, the adult sex trafficking. But you had like 25 different human trafficking business models, I forget the term that was used, for a whole host of things well beyond just the sex trade. It's a very big and unfortunately mature industry. >> Totally, yeah, so we, so the first thing that we do that we're kind of known for is operating the National Human Trafficking Hotline. The National Human Trafficking Hotline leads to having a giant data set on trafficking, it's 50,000 cases of trafficking that we've worked on. So then we analyzed that data set and came to the breakthrough conclusion that there are these 25 major forms, and almost any single call that we get in to the National Hotline is going to be one of those 25 types. And once you know that then the problem doesn't seem so overwhelming, it's not, you know, thousands of different types, it's these 25 things, so, it's 18 labor trafficking types and seven sex trafficking types. And it enables a little bit more granular analysis than just saying sex trafficking or labor trafficking which is kind of too broad and general. Let's get really specific about it, we're talking about these late night janitors, or we're talking about these people in agriculture, or we're talking about these women in illicit massage businesses. It enables the conversation to get more focused. >> Right, it's so interesting right, that's such a big piece of the big data trend that we see all over the place, right? It used to be, you know, you had old data, a sample of old data that you took an aggregate of and worked off the averages. And now, because of big data, and the other tools that we have today, now actually you can work on individual cases. So as you look at it from a kind of a big data point of view, what are some of the things that you're able to do? And that lead directly to, everyone's talking about the presentation that you just got off of, in terms of training people to look for specific behaviors that fit the patterns, so you can start to break some of these cases. >> Exactly, so, I think that the human trafficking field risks being too generic. So if you're just saying to the populace, "Look for trafficking, look for someone who's scared." People are like, that's not enough, that's too vague, it's kind of slipping through my fingers. But if you say, "In this particular type of trafficking, "with traveling magazine sales crews, "if someone comes to your door "trying to sell you a magazine with these specific signs." So now instead of talking about general red flag indicators across all 25 types, we're coming up with red flag indicators for each of the 25 types. So instead of speaking in aggregate we're getting really specific, it's almost like specific gene therapy. And the data analysis on our data set is enabling that to happen, which makes the trafficking field smarter, we could get smarter about where victims are recruited from, we could get smarter about intervention points, and we could get smarter about where survivors might have a moment to kind of get help and get out. >> Right, so I got to dig into the magazine salesperson, 'cause I think we've all had the kid-- >> Brad: Have you had a kid come to you yet? >> Absolutely, and you know, you think first they're hustlin' but their papers are kind of torn up, and they've got their little certificate, certification. How does that business model work? >> Yeah, so that's one of the 25 types, they're called mag crews. There was a New York Times article written by a journalist named Ian Urbina who really studied this and it came out a number of years ago. Then they made a movie about it called "American Honey," if you watch with a number of stars. But essentially this is a very long-standing business model, it goes back 30 or 40 years of like the door-to-door salesperson, and like trying to win sympathy from people going to door-to-door sales. And then these kind of predatory groups decided to prey on disaffected U.S. citizen youth that are kind of bored, or are kind of working a low-wage job. And so they go up to these kids and they say, "Tired of working at the Waffle House? "Well why don't you join our crew and travel the country, "and party every night, and you'll be outdoors every day, "and it's coed, you get to hang out with girls, "you get to hang out with guys, "we'll drink every night and all you have to do "is sell magazines during the day." And it's kind of this alluring pitch, and then the crews turn violent, and there's sometimes quotas on the crew, there's sometimes coercion on the crew. We get a lot of calls from kids who are abandoned by the crew. Where the crew says, "If you act up "or if you don't adhere to our rules, "we'll just drive away and leave you in this city." >> Wherever. >> Is the crews are very mobile they have this whole language, they call it kind of jumping territory. So they'll drive from like Kansas City to a nearby state, and we'll get this call from this kid, they're like, "I'm totally homeless, my crew just left me behind "because I kind of didn't obey one of the rules." So a lot of people, when they think of human trafficking they're not thinking of like U.S. citizen kids knocking on your door. And we're not saying that every single magazine crew is human trafficking, but we are saying that if there's force, and coercion, and fraud, and lies, and people feel like they can't leave, and people feel like they're being coerced to work, this is actually a form of human trafficking of U.S. citizen youth which is not very well-known but we hear about it on the Hotline quite a lot. >> Right, so then I wonder if you could tell us more about the Delta story 'cause most of the people that are going to be watching this interview weren't here today to hear your keynote. So I wonder if you can explain kind of that whole process where you identified a specific situation, you train people that are in a position to make a difference and in fact they're making a big difference. >> Yeah. So the first big report that we released based on the Hotline data was the 25 types, right? We decided to do a followup to that called Intersections, where we reached out to survivors of trafficking and we said, "Can you tell us about "the legitimate businesses that your trafficker used "while you were being trafficked?" And all these survivors were like, "Yeah, sure, "we'll tell you about social media, "we'll tell you about transportation, "we'll tell you about banks, "we'll tell you about hotels." And so we then identified these six major industries that traffickers use that are using legitimate companies, like rental car companies, and airlines, and ridesharing companies. So then we reached out to a number of those corporate partners and said, "You don't want this stuff on your services, right?" And Delta really just jumped at this, they were just like, "We take this incredibly seriously. "We want our whole workforce trained. "We don't want any trafficker to feel like "they can kind of get away with it on our flights. "We want to be a leader in transportation." And then they began taking all these steps. Their CEO, Ed Bastian, took it very seriously. They launched a whole corporate-wide taskforce across departments, they hosted listening sessions with survivor leaders so survivors could coach them, and then they started launching this whole strategy around training their flight attendants, and then training their whole workforce, and then supporting the National Human Trafficking Hotline, they made some monetary donations to Polaris. We get situations on the Hotline where someone is in a dangerous situation and needs to be flown across the country, like an escape flight almost, and Delta donated SkyMiles for us to give to survivors who are trying to flee a situation, who needs a flight. They can go to an airport and get on a flight for free that will fly them across the country. So it's almost like a modern day Underground Railroad, kind of flying people on planes. >> Jeff: Right, right. >> So they've just been an amazing partner, and they even then took the bold step of saying, "Well let's air a PSA on our flights "so the customer base can see this." So when you're on a Delta flight you'll see this PSA about human trafficking. And it just kept going and going and going. So it's now been about a five-year partnership and lots of great work together. >> And catching bad guys. >> Yeah, I mean, their publicity of the National Human Trafficking Hotline has led to a major increase in calls. Airport signage, more employees looking for it, and I actually do believe that the notion of flying, if you're going to be a trafficker, flying on a Delta flight is now a much more harrowing experience because everyone's kind of trained, and eyes and ears are looking. So you're going to pivot towards another airline that hasn't done that training yet, which now speaks to the need that once one member of an industry steps up, all different members of the industry need to follow suit. So we're encouraging a lot of the other airlines to do similar training and we're seeing some others do that, which is great. >> Yeah, and how much of it was from the CEO, or did he kind of come on after the fact, or was there kind of a champion catalyst that was pushing this through the organization, or is that often the case, or what do you find in terms of adoption of a company to help you on your mission? >> That's a great question. I mean, the bigger picture here is trafficking is a $150 billion industry, right? A group of small nonprofits and cops are not going to solve it on their own. We need the big businesses to enter the fight, because the big businesses have the resources, they have the brand, they have the customer base, they have the scale to make it a fair fight, right? So in the past few years we're seeing big businesses really enter the fight against trafficking, whether or not that's big data companies like AWS, whether or not that's social media companies, Facebook, whether or not that's hotel companies, like Wyndham and Marriott, airlines like Delta. And that's great because now the big hitters are joining the trafficking fight, and it happens in different ways, sometimes it's CEO-led, I think in the case of Delta, Ed Bastian really does take this issue very seriously, he was hosting events on this at his home, he's hosted roundtables of other CEOs in the Atlanta area like UPS, and Chick-fil-A, and Home Depot, and Coca-Cola, all those Atlanta-based CEOs know each other well, he'll host roundtables about that, and I think it was kind of CEO-led. But in other corporations it's one die hard champion who might be like a mid-level employee, or a director, who just says, "We really got to do this," and then they drive more CEO attention. So we've seen it happen both ways, whether or not it's top-down, or kind of middle-driven-up. But the big picture is if we could get some of the biggest corporations in the world to take this issue seriously, to ask questions about who they contract with, to ask questions about what's in their supply chain, to educate their workforce, to talk about this in front of their millions of customers, it just puts the fight against trafficking on steroids than a group of nonprofits would be able to do alone. So I think we're in a whole different realm of the fight now that business is at the table. >> And is that pretty much your strategy in terms of where you get the leverage, do you think? Is to execute via a lot of these well-resourced companies that are at this intersection point, I think that's a really interesting way to address the problem. >> Yeah, well, it's back to the 25 types, right? So the strategies depend on type. Like, I don't think big businesses being at the table are necessarily going to solve magazine sales crews, right? They're not necessarily going to solve begging on the street. But they can solve late night janitors that sometimes are trafficked, where lots of big companies are contracting with late night janitorial crews, and they come at 2:00 a.m., and they buff the floors, and they kind of change out the trash, and no one's there in the office building to see those workers, right? And so asking different questions of who you procure contracts with, to say, "Hey, before we contract with you guys, "we're going to need to ask you a couple questions "about where these workers got here, "and what these workers thought they were coming to do, "and we need to ID these workers." The person holding the purse strings, who's buying that contract, has the power to demand the conditions of that contract. Especially in agriculture and large retail buyers. So I think that big corporations, it's definitely part of the strategy for certain types, it's not going to solve other types of trafficking. But let's say banks and financial institutions, if they start asking different questions of who's banking with them, just like they've done with terrorism financing they could wipe out trafficking financing, could actually play a gigantic role in changing the course of how that type of trafficking exists. >> So we could talk all day, I'm sure, but we don't have time, but I'm just curious, what should people do, A, if they just see something suspicious, you know, reach out to one of these kids selling magazines, or begging on the street, or looking suspicious at an airport, so, A, that's the question. And then two, if people want to get involved more generically, whether in their company, or personally, how do they get involved? >> Yeah, so there are thousands of nonprofit groups across the country, Polaris is in touch with 3,000 of them. We're one of thousands. I would say find an organization in your area that you care about and volunteer, get involved, donate, figure out what they need. Our website is polarisproject.org, we have a national Referral Directory of organizations across the country, and so that's one way. The other way is the National Human Trafficking Hotline, the number, 1-888-373-7888. The Hotline depends on either survivors calling in directly as a lifeline, or community members calling in who saw something suspicious. So we get lots of calls from people who were getting their nails done, and the woman was crying and talking about how she's not being paid, or people who are out to eat as a family and they see something in the restaurant, or people who are traveling and they see something that doesn't make, kind of, quite sense in a hotel or an airport. So we need an army of eyes and ears calling tips into the National Human Trafficking Hotline and identifying these cases, and we need survivors to know the number themselves too so that they can call in on their own behalf. We need to respond to the problem in the short-term, help get these people connected to help, and then we need to do the long-term solutions which involves data, and business, and changing business practice, and all of that. But I do think that if people want to kind of educate themselves, polarisproject.org, there are some kind of meta-organizations, there's a group called Freedom United that's kind of starting a grassroots movement against trafficking, freedomunited.org. So lots of great organizations to look into, and this is a bipartisan issue, this is an issue that most people care about, it's one of the top headlines in the newspapers every day these days. And it's something that I think people in this country naturally care about because it references kind of the history of chattel slavery, and some of those forms of slavery that morphed but never really went away, and we're still fighting that same fight today. >> In terms of, you know, we're here at AWS IMAGINE, and they're obviously putting a lot of resources behind this, Teresa Carlson and the team. How are you using them, have you always been on AWS? Has that platform enabled you to accomplish your mission better? >> Yeah, oh for sure, I mean, Polaris crunches over 60 terabytes of data per day, of just like the computing that we're doing, right? >> Jeff: And what types of data are you crunching? >> It's the data associated with Hotline calls, we collect up to 150 variables on each Hotline call. The Hotline calls come in, we have this data set of 50,000 cases of trafficking with very sensitive data, and the protections of that data, the cybersecurity associated with that data, the storage of that data. So since 2017, Polaris has been in existence since 2002, so we're in our 17th year now, but starting three years ago in 2017 we started really partnering with AWS, where we're migrating more of our data onto AWS, building some AI tools with AWS to help us process Hotline calls more efficiently. And then talking about potentially moving our, all of our data storage onto AWS so that we don't have our own server racks in our office, we still need to go through a number of steps to get there. But having AWS at the table, and then talking about the Impact Computing team and this, like, real big data crunching of like millions of trafficking cases globally, we haven't even started talking about that yet but I think that's like a next stage. So for now, it's getting our data stronger, more secure, building some of those AI bots to help us with our work, and then potentially considering us moving completely serverless, and all of those things are conversations we're having with AWS, and thrilled that AWS is making this an issue to the point that it was prioritized and featured at this conference, which was a big deal, to get in front of the whole audience and do a keynote, and we're very, very grateful for that. >> And you mentioned there's so many organizations involved, are you guys doing data aggregation, data consolidation, sharing, I mean there must be with so many organizations, that adds a lot of complexity, and a lot of data silos, to steal classic kind of IT terms. Are you working towards some kind of unification around that, or how does that look in the future? >> We would love to get to the point where different organizations are sharing their data set. We'd love to get to the point where different organizations are using, like, a shared case management tool, and collecting the same data so it's apples to apples. There are different organizations, like, Thorn is doing some amazing big data-- >> Jeff: Right, we've had Thorn on a couple of times. >> How do we merge Polaris's data set with Thorn's data set? We're not doing that yet, right? I think we're only doing baby steps. But I think the AWS platform could enable potentially a merger of Thorn's data with Polaris's data in some sort of data lake, right? So that's a great idea, we would love to get to that. I think the field isn't there yet. The field has kind of been, like, tech-starved for a number of years, but in the past five years has made a lot of progress. The field is mostly kind of small shelters and groups responding to survivors, and so this notion of like infusing the trafficking field with data is somewhat of a new concept, but it's enabling us to think much bigger about what's possible. >> Well Brad, again, we could go on all day, you know, really thankful for what you're doing for a whole lot of people that we don't see, or maybe we see and we're not noticing, so thank you for that, and uh. >> Absolutely. >> Look forward to catching up when you move the ball a little bit further down the field. >> Yeah, thank you for having me on. It's a pleasure to be here. >> All right, my pleasure. He's Brad, I'm Jeff, you're watching theCUBE. We're at AWS IMAGINE Nonprofits, thanks for watching, we'll see you next time. (futuristic music)

>> from Cambridge, Massachusetts. It's the Cube covering M. I. T. Chief Data officer and Information Quality Symposium 2019. Brought to you by Silicon Angle Media. >> Welcome back to M. I. T. In Cambridge, Massachusetts. Everybody You're watching The Cube, the Leader and Live Tech coverage. My name is Dave Volante, and it's my pleasure to introduce Matt Kobe, who's the vice president of business strategy Analytics of Chicago Bulls. We love talking sports. We love talking data. Matt. Thanks for coming on. >> No problem getting a date. So talk about >> your role. Is the head of analytics for the Bulls? >> Sure. So I work exclusively on the business side of the operation. So we have a separate team that those the basketball side, which is kind of your players stuff. But on the business side, um, what we're focused on is really two things. One is being essentially internal consultants for the rest of the customer facing functions. So we work a lot with ticketing, allow its sponsorship, um, marketing digital, all of those folks that engage with our customer base and then on the backside back end of it, we're building out the technical infrastructure for the organization right. So everything from data warehouse to C. R M to email marketing All of that sits with my team. And so we were a lot of hats, which is exciting. But at the end of the day, we're trying to use data to enhance the customer and fan experience. Um and that's our aim. And that's what we're driving towards >> success in sports. In a larger respect. It's come down to don't be offended by this. Who's got the best geeks? So now your side of the house is not about like you say, player performance about the business performances. But that's it. That's a big part of getting the best players. I mean, if it's successful and all the nuances of the N B, A salary cap and everything else, but I think there is one, and so that makes it even more important. But you're helping fund. You know that in various ways, but so are the other two teams that completely separate. Is there a Chinese wall between them? Are you part of the sort of same group? >> Um, we're pretty separate. So the basketball folks do their thing. The business folks do their thing from an analytic standpoint. We meet and we collaborate on tools and other methods of actually doing the analysis. But in terms of, um, the analysis itself, there is a little bit of separation there, and mainly that is from priority standpoint. Obviously, the basketball stuff is the most important stuff. And so if we're working on both sides that we'd always be doing the basketball stuff and the business stuff needs to get done, >> drag you into exactly okay. But which came first? The chicken or the egg was It was the sort of post Moneyball activity applied to the N B. A. And I want to ask you a question about that. And then somebody said, Hey, we should do this for the business side. Or was the business side of sort of always there? >> I think I think, the business side and probably the last 5 to 7 years you've really seen it grown. So if you look at the N. B. A. I've been with the Bulls for five years. If you look at the N. B. A. 78 years ago, there was a handful of Business analytics teams and those those teams had one or two people at him. Now every single team in the NBA has some sort of business analytics team, and the average staff is seven. So my staff is six full time folks pushed myself, so we'll write it right at the average. And I think what you've seen is everything has become more complex in sports. Right? If you look at ticketing, you've got all the secondary markets. You have all this data flowing in, and they need someone to make sense of all that data. If you look at sponsorship sponsorship, his transition from selling a sign that sits on the side of the court for these truly integrated partnerships, where our partners are coming to us and saying, What do we get out of? This was our return. And so you're seeing a lot more part lot more collaboration between analytics and sponsorship to go back to those partners and say, Hey, here's what we delivered And so I think you it started on the basketball side, certainly because that's that's where the, you know that is the most important piece. But it quickly followed on the business side because they saw the value that that type of thinking can bring in the business. >> So I know this is not, you know, your swim lane, but But, you know, the lore of Billy Beane and Moneyball and all that, a sort of the starting point for sports analytics. Is that Is that Is that a fair characterization? Yeah. I mean, was that Was that really the main spring? >> I think it It probably started even before that. I think if you have got to see Billy being at the M I t Sports Analytics conference and him thought he always references kind of Bill James is first, and so I think it started. Baseball was I wouldn't say the easiest place to start, But it was. It's a one versus one, right? It's pitcher versus batter. In a lot of cases, basketball is a little bit more fluid. It's a team. Sport is a little harder, but I think as technology has advanced, there's been more and more opportunities to do the analytics on the basketball side and on the business side. I think what you're seeing is this huge. What we've heard the first day and 1/2 here, this huge influx of data, not nearly to the levels of the MasterCard's and others of the world. But as more and more things moved to the mobile phone, I think you're going to see this huge influx of data on the business side, and you're going to need the same systems in the same sort of approach to tackle it. >> S O. Bill James is the ultimate sports geek, and he's responsible for all these stats that, no, none of us understand. He's why we don't pay attention to batting average anymore. Of course, I still do. So let's talk about the business side of things. If you think about the business of baseball, you know it's all about maximizing the gate. Yeah, there's there's some revenue, a lot of revenue course from TV. But it's not like football, which is dominated by the by the TV. Basketball, I think, is probably a mix right. You got 80 whatever 82 game season, so filling up the stadium is important. Obviously, N v A has done a great job of of really getting it right. Free agency is like, fascinating. Now >> it's 12 months a year >> scored way. Talk about the NBA all the time and of course, you know, people like celebrities like LeBron have certainly helped, and now a whole batch of others. But what's the money side of the n ba look like? Where's the money coming from? >> Yeah, I mean, I think you certainly have broadcast right, but in many ways, like national broadcast sort of takes care of it itself. In some ways, from the standpoint of my team, doesn't have a lot of control over national broadcast money. That's a league level thing. And so the things that we have control over the two big buckets are ticketing and sponsorship. Those those are the two big buckets of revenue that my team spends a lot of time on. Ticketing is, is one that is important from the standpoint, as you say, which is like, How do we fill the building right? We've got 41 home game, supposed three preseason games. We got 44 events a year. Our goal is to fill the building for all 44 of those events. We do a pretty good job of doing it, but that has cascading effects into other revenue streams. Right, As you think about concessions and merchandise and sponsorship, it's a lot easier to spell spot cell of sponsorship when you're building is full, then if you're building isn't full. And so our focus is on. How do we? How do we fill the building in the most efficient way possible? And as you have things like the secondary market and people have access to tickets in different ways than they did 10 to 15 years ago, I think that becomes increasingly complex. Um, but that's the fun area that's like, That's where we spend a lot of time. There's the pricing, There's inventory management. It's a lot of, you know, is you look a traditional cpg. There's there's some of those same principles being applied, which is how do you are you looking airline right there? They're selling a plane. It's an asset you have to fill. We have ah, building. That's an asset we have to fill, and how do we fill it in the most optimal way? >> So the idea of surge pricing demand supply, But so several years ago, the Red Sox went to a tiered pricing. You guys do the same If the Sox are playing Kansas City Royals tickets way cheaper than if they're playing the Yankees. You guys do a similar. So >> we do it for single game tickets. So far are season ticket holders. It's the same price for every game, but on the price for primary tickets for single games, right? So if we're playing, you know this year will be the Clippers and the Lakers. That price is going to be much more expensive, so we dynamically price on a game to game basis. But our season ticket holders pay this. >> Why don't you do it for the season ticket holders? Um, just haven't gone there yet. >> Yeah, I mean, there's some teams have, right, so there's a few different approaches you convey. Lovely price. Those tickets, I think, for for us, the there's in years past. In the last few years, in particular, there's been a couple of flagship games, and then every other game feels similar. I think this will be the first year where you have 8 to 10 teams that really have a shot at winning the title, and so I think you'll see a more balanced schedule. Um, and so we've We've talked about it a lot. We just haven't gone to that made that move yet? >> Well, a season ticket holder that shares his tickets with seven other guys with red sauce. You could buy a BMW. You share the tickets, so but But I would love it if they didn't do the tiered. Pricing is a season ticket holder, so hope you hold off a while, but I don't know. It could maximize revenues if the Red Sox that was probably not a stupid thing is they're smart people. What about the sponsorships? Is fascinating about the partners looking for our ally. How are you measuring that? You're building your forging a tighter relationship, obviously, with the sponsors in these partners. Yeah, what's that are? Why look like it's >> measured? A variety of relies, largely based on the assets that they deliver. But I think every single partner we talk to these days, I also leave the sponsorship team. So I oversee. It's It's rare in sports, but I stayed over business strategy and Alex and sponsorship team. Um, it's not my title, but in practice, that's what I do. And I think everyone we talked to wants digital right? They want we've got over 25,000,000 social media followers with the Bulls, right? We've got 19,000,000 on Facebook alone. And so sponsors see those numbers and they know that we can deliver impression. They know we can deliver engagement and they want access to those channels. And so, from a return on, I always call a return on objectives, right? Return on investment is a little bit tricky, but return on objectives is if we're trying to reel brand awareness, we're gonna go back to them and say, Here's how many people came to our arena and saw your logo and saw the feature that you had on the scoreboard. If you're on our social media channels or a website, here's the number of impressions you got. Here is the number of engagements you got. I think where we're at now is Maura's Bad Morris. Still better, right? Everyone wants the big numbers. I think where you're starting to see it move, though, is that more isn't always better. We want the right folks engaging with our brands, and that's really what we're starting to think about is if you get 10,000,000 impressions, but they're 10,000,000 impressions to the wrong group of potential customers, that's not terribly helpful. for a brand. We're trying to work with our brands to reach the right demographics that they want to reach in order to actually build that brand awareness they want to build. >> What, What? Your primary social channels. Twitter, Obviously. >> So every platform has a different purpose way. Have Facebook, Twitter, instagram, Snapchat. We're in a week. We bow in in China and you know, every platform has a different function. Twitter's obviously more real time news. Um, you know the timeline stuff, it falls off really quick. Instagram is really the artistic piece of it on, and then Facebook is a blend of both, and so that's kind of how we deploy our channels. We have a whole social team that generates content and pushes that content out. But those are the channels we use and those air incredibly valuable. Now what you're starting to see is those channels are changing very rapidly, based on their own set of algorithms, of how they deliver content of fans. And so we're having to continue to adapt to those changing environments in those social >> show impressions. In the term, impressions varies by various platforms. So so I know. I know I'm more familiar with Twitter impressions. They have the definition. It's not just somebody who might have seen it. It's somebody that they believe actually spent a few seconds looking at. They have some algorithm to figure that out. Yeah. Is that a metric that you finding your brands are are buying into, for example? >> Yeah. I mean, I think certainly there they view it's kind of the old, you know, when you bought TV ads, it's how many households. So my commercial right, it's It's a similar type of metric of how many eyeballs saw a piece of content that we put out. I think we're the metrics. More people are starting to care about his engagements, which is how many of you actually engaged with that piece of content, whether it's a like a common a share, because then that's actual. Yeah, you might have seen it for three seconds, but we know how things work. You're scrolling pretty fast, But if you actually stopped to engage it with something, that's where I think brands are starting to see value. And as we think about our content, we have ah framework that our digital team uses. But one of the pillars of that is thumb stopping. We want to create content that is some stopping that people actually engage with. And that's been a big focus of ours. Last couple years, >> I presume. Using video, huge >> video We've got a whole graphics team that does custom graphics for whether it's stats or for history, historical anniversaries. We have a hole in house production team that does higher end, and then our digital team does more kind of straight from the phone raw footage. So we're using a variety of different mediums toe reach our fans >> that What's your background? How'd you get into all of this? >> I spent seven years in consulting, so I worked for Deloitte on their strategy group out of Chicago, And I worked for CPG companies like at the intersection of Retailer and CPG. So a lot of in store promotional work helping brands think through just General Revenue management, pricing strategy, promotional strategy and, um stumbled upon greatness with the Bulls job. A friend gave me the heads up that they were looking to fill this type of role and I was able to get my resume in the mix and I was lucky enough to get get the job, and it's been when I started. We're single, single, single, so it's a team of one. Five years later, we're a team of six, and we'll probably keep growing. So it's been an exciting ride and >> your background is >> maths. That's eyes business. Undergrad. And then I got a went Indian undergrad business and then went to Kellogg. Northwestern got an MBA on strategy, so that's my background. But it's, you know, I've dabbled in sports. I worked for the Chicago 2016 Olympic bid back in the day when I was at Deloitte. Um, and so it's been It's always been a dream of mine. I just never knew how I get there like I was wanted to work in sports. They just don't know the path. And I'm lucky enough to find the path a lot earlier than I thought. >> How about this conference? I know you have been the other M I T. Event. How about this one? How we found some of the key takeaways. Think you >> think it's been great because a lot of the conferences we go to our really sports focus? So you've got the M. I T Sports Analytics conference. You have seat. You have n b a type, um, programming that they put on. But it's nice to get out of sports and sort of see how other bigger industries are thinking about some of the problems specifically around data management and the influx of data and how they're thinking about it. It's always nice to kind of elevated. Just have some room to breathe and think and meet people that are not in sports and start to build those, you know, relationships and with thought leaders and things like that. So it's been great. It's my first time here. What are probably back >> good that Well, hopefully get to see a game, even though that stocks are playing that well. Thanks so much for coming in Cuba. No problems here on your own. You have me. It was great to have you. All right. Keep right, everybody. I'll be back with our next guest with Paul Gill on day Volante here in the house. You're watching the cue from M I T CEO. I cube. Right back

>> Live from San Diego, California It's the queue covering Sisqo Live US 2019 Tio by Cisco and its ecosystem. Barker's >> Welcome Back to San Diego. Everybody watching the Cube, the leader in live tech coverage. This day. One of our coverage of Sisqo Live 2019 from San Diego. I'm Dave a lot with my co host to minimum. Lisa Martin is also here. Kip Compton is the senior vice president of Cisco's Cloud Platform and Solutions, and he's joined by Fabio Gori was the senior director of Cloud Solutions Marketing. Gentlemen, thanks so much for coming on the Cube. >> Thanks. Great to be here having us. >> You're very welcome, Fabio. So, Kip, Let's start with you. I want to start with a customer perspective. People are transforming. Cloud is part of that innovation cocktail, if you will. Absolutely. How would you summarize your customers? Cloud strategies? >> Well, I mean, in one word, I'd say Multi cloud, and it's what I've been saying for some time. Is Custer's air really expanding into the cloud and it really expanding into multiple clouds? And what's driving that is the need to take advantage of the innovation in the economics that are offered in the various clouds, and we sit like to say that they're expanding into the cloud because for the vast majority, their coast of our coasters, they have data centers. They're going to continue to have data centers. Nothing's going to keep running in those data centers now. What's happening is they thought it would be easy to start with everyone here. CEO Chuck likes to talk about, however, and thought they just moved to the cloud like moving to another neighborhood. Everything would be great. Well, when they're multiple clouds, you leaving some stuff on him. All of a sudden, what was supposed to be simple and easy becomes quite complex. >> Yeah, I've often said Well, multi club was kind of a symptom of multi vendor. But what you're saying is, essentially, it's it's becoming horses for courses, the workload matching the workload with the best cloud to solve that problem. >> I think it's a feature not above. I think it's here to stay. >> So how is that informing your strategy is Cisco? >> Well, you know, we're very customer responsive, and we see this problem and we look at how we can solve it and what customs have told us is that they want access to the different innovation in these different clouds and the different economic offers in each of these clouds. But they want to do it with less complexity, and they want to do it with less friction. And there's a bunch of areas where they're not looking for innovation. They don't need things work differently in networking. They want one way for networking to work across the multiple clouds and, frankly, to integrate with their own primus. Well. Likewise, for Security. A lot of Custer's air a little freaked out by the idea that there be different security regimes in every cloud that they use and maybe even different than what they already have on him. So they want that to be connected and to work management an application lifecycle. They're worried about that. They're like they don't want it to be different in every single cloud. A map Dynamics is a great example of an asset here. We got strong feedback for our customers that they needed to be able to measure the application performance in a common way across the environments. When imagine going to your CEO and talking about the performance of applications and having different metrics. 2,000,000,000 where it's hosted. It doesn't make any sense in terms of getting business insights. So I've dynamics is another example of something that Custer's one across all of that. So we really see Cisco's role is bringing all of those common capabilities and really reducing the complexity and friction of multi Cobb, enabling our customers to really take the most advantage possible. Multiple cloud. >> So Fabio kept talked about how moving to cloud is a little bit more complex than moving house from one neighborhood to the other. What are some of the key challenges that you guys are seeing? And how specifically is Cisco helping to ameliorate some of those challenges? >> Well, there are some challenges that are squarely in the camp where we can help. Others are related, and probably they're the toughest in clouds to fundamentally acquisition of talent. Right way can help with our custom off course with our partner ecosystem in this case, but a lot of that is really the culture of the company needs to change, right? We keep talking about develops way, keep talking about what does he mean operating this infrastructure in the cloud. It's a whole different ballgame, right? It's a continues integration, continues. Development is actually moving toe agile, kind of softer. The album models. And, you know, I very often do the analogy or what we've seen a few years ago in the data center space where we so actually, the end off the super specialization, like people on Lino in storage, all innit, working on ly computing. And then we saw the rise of people fundamentally expert in in the entire stack. We're seeing the same in the cloud with the rise of the Cloud Architect. These guys now are the ones they're behind building Cloud Centre of excellence. The issue. If you want guidance, where's the control remains into the other team's right. But this is very, very important. So it's overcoming, overcoming the talent gap and knowing how to deal with that on the bottom of that on the other side, so you get a free economy is technology challenges. For instance, embracing Q Burnett is becomes an embracing open source is a big, big challenge, right? You've gotta be able to master this kind of science if you want and trusting partners like, for instance, ourselves and others that will give you a curated versions of the softer image in life. Very often do customer meetings, and I ask how many how many tools to use in production for your Cuban Embassy plantation? And the answer ranges from 20 to 25. It's crazy, right? So imagine if 12 or three of these stools go away. What are you going to do? So you know, it's it's a whole different ball game really going to go into this kind of world. So Kip, we understand >> today, customers are multi cloud and future. It's going to be multi cloud. Think So. >> How do we make >> sure that multi cloud doesn't become least Domine, Denominator Cloud? Or, you know, you really say All I have is this combination of a bunch of pieces like the old multi vendor. How does multi cloud become more powerful than just the sum of its components? Is a good question, and we've really, I mean, way support a lot of different ways of accessing a cloud, Francisco, because we have such a broad Custer base and our goal is really to support our customers. However, they want to work. But we have made a bet in terms of avoiding the lowest common denominator on DH. Some people look ATT, accessing multiple clouds as sort of laying down one software platform and writing their software to one set of AP eyes that they didn't somehow implement in every cloud. And I think that does tend to get you to lowest common denominator because, you know, if you want to be on the Alexis Smart speaker, you have to be on the Lambda Service at a job. Yes, that's it. It doesn't exist anywhere else. And so if you're trying to create a common layer across so your clouds and that's your approach, you have to give up unique capabilities like that. And almost every consumer brand wants to be our needs to be on that election. Smart speaker. So we actually see it is more taking the functions that are not points of innovation, reducing the friction and leaving our customers with the time and energy to focus on taking advantage of their unique capabilities. And Fabio, you're partnering at Cisco with a number of their providers out there. Where are we with the maturity of all this? We were at the Cube con show and you know you're right. There's a lot of different tools. Simple is not what we're discussing, mostly out that show. So what do we solve today? And what kind of things does Cisco and its partners look to be solving kind of in the next 6 to 12 months? >> Partner? Partnering with this big players is absolutely a company priority for us, for Cisco, and one thing that's important is you, said multi vendor at the beginning. That was an interesting common, because if you think about it, multiple out is really business need, right? You want a hardness, innovation wherever it comes from. But then when you work with a specific provider in your reach, critical mass you want tohave integrations with this with this different providers, and that is the hybrid world. So hybrid is more of a technology need to streamline things like networking or security, or the way you storage because the poor things of this nature so that's three. Liza is a big need, and we'll continue, of course, adding more and more from the standpoint of partnerships every every one of the environments in our customers want to uses of interest for us, right to extend their policies to extend our reach. >> So just following up on that partnership, You guys air cloud agnostic, You don't own your own clouds, right? Not selling that. So you were at Google Cloud next to Europe on stage David Gettler, you've got a relationship with as your you got relationship with a W s. Obviously so talking about the importance of partnerships and specific strategy there in terms of your go to market, >> Well, you know, first, all the partnerships or critical I mean, it's you said we're not trying to move the workload Stark filed. And by the way, a lot of our customers has said that something that they value they see us is one of the biggest, most capable companies on the planet. That still is someone. I got sick and ableto work with them on. What's the right answer for their business? Not trying to move everything to one place and those partnerships a critical. So you're going to see us continue Teo building this partnerships. In fact, it's only day one here. I wouldn't be surprised if you saw some news this week on that. >> We were wondering if we're going to see somebody parachute in, that would be exciting. So why Cisco? Uh, ask each of you guys Maybe maybe, kid, you could You could give us the answer from your perspective and an Aussie. The same question. >> Well, from my perspective, it's based on what our customers tell us that again. You know, the things that were very good at things like networking and security are some of the biggest problems that our customs face in taking advantage of clouds and are some of things that they most want common across clouds. So we have a very natural role in this. I actually think back to the founding of Cisco, if you know the story. But it was Sandy Lerner and Limbo zakat Stanford. Their networks couldn't talk each other. You didn't remember back to the days like deck net and apple talk and all these things. It's hard to even recall because this new thing called peace pipe he obviously took over. That was the beginning of Sisko is building the multi protocol router that let those different islands talk each other. In many ways, Custer's see us doing sort of the same thing or want us to do the same thing in a multi cloud world. >> Well, just aside before I ask you, Fabian, a lot of people think that, you know, the microprocessor revolution killed many computers. IPads. Cisco kind of killed many computers to your point. But, Fabio, anything you would add to the sort of wisest >> guy would say, If you want my three seconds elevator peaches, we make multiple easier and more secure. Multiple this complex. So we definitely make it easier through our software. And we have three big buckets if you want there really compelling for for our customers, the 1st 1 is all of our software. Arsenal around weapon on his cloud center work looked a musician manager that helps last summer in building a unified application management kind of soft or sweet across home Prem and any of the public clouds that we've been talking about. The 2nd 1 is, as you said, we build on our DNA, which is, if you want and you heard Gettler today are multi domain kind of architecture, right, which is incredibly relevant in this case, you are not working in security. Fabric really is important there, and the thirties are ability because we don't compete with any other big players to partner with them and solve problems for our customers. So these three buckets are really, really important that deliver. Ah hi business value to >> our customers if I want to come back to something we're talking about is the Customs said the customers don't want a different security regime for each cloud, right? So it's complicated because, first of all, they're trying to struggle with their own security regime anyway, Right? Right? And that's transforming. What is the right right? Sorry security regime in this cloud here. How is it evolving? >> Well, me, What we're doing is we're bringing tools like Te Trae Shen, which now runs on prim and in the clouds. Things like stealth watch what's runs on permanent cloud and simply bringing them security frameworks that are very effective where I think a very capable of well known security vendor, but bringing them the capability to run the same capabilities in there on prem environments in their data centers as well as a multiple public clouds, and that just eliminates the scenes that hackers could maybe get into. It makes common policy possibles. They going to find policy around an application once and have it apply across Balto environments, which not only is easier for them but eliminates potential mistakes that they might make that might leave things open. Joe Hacker. So for us, it's that simple bringing very effective common frameworks for security across all these >> years. You certainly see the awareness of the security imperative moving beyond the SEC ops team. There's no question about that. It's now board level lines of business are worried about. For their digital transformation was data, but our organizations at the point where there operationalize ing security practices and the like, you know, to the extent that they should be >> well, I mean, I think when you say they should be, there's always room for improvement. Okay, but we're seeing just about all of our customers. I mean, as you said, securities is a sea level, if not a board level discussion and just about all of our customers. It's routinely top first or second concern on a survey when Custer's saw about what's concerning them with the clouds. And so we're seeing them really view, you know, security's foundational to what they're doing. >> I mean, it used to be. This sort of failure equals fire mentality. You somebody cracks through, you're fired. And so nobody talked about it. Now I think people realize, look, bad guys are going to get through. It's how you respond to them. Don't you think about how you using analytics, but yeah. So >> when we start just the >> way you were moving quickly >> towards, well, more or less quickly to a zero trust kind ofwork thie action assist you in this area every since the acquisition ofthe duo is performing exceptionally well. And if you want at the top of the security ecosystem in a multi polar world, you find identity because if you don't know who the user or the thing is, they're trying to use a certain application, you're in trouble because perimeter, all security off course is important. But you know that you're going to be penetrated, right? So it boils down to understanding who's doing what and re mediating a soon as possible. So it's a whole different paradigm >> of a security huge tail. When Francisco it's a business growing 21% a year, it's three more than three times the growth of the company. Overall, which is actually still pretty good. Five or 6%. So security rocketship? >> Yeah, Fabio, Just I noticed before we did the interview here that everybody is wearing the T shirts. The cloud takeover is happening here at the definite zone. So give those of us that you know aren't among the 28,000 you know here at the show. A little bit of what's happening from you're >> gonna do something unusual going, gonna turn that question to keep because he was actually on stage >> the second single. Why don't you just get that off? You know, I think it links back to it. Bobby. Always talking about what talent I mean, obviously the most important thing we bring our customers is the technology. We are a technology company, but so many of our customers were asking us to help them with this talent cap. And I think the growth of definite I mean, we're actually sitting here in the definite zone. It's got its own area Here. It's Sisk alive. It's gotten bigger every single year. Here it's just go live. The growth of definite is a sign of how important talent issue is as well as the new certifications that we announce we expanded our certification program to include software conjuncture with Dev. Net. So now people be able to get professional certifications Francisco not just on networking but on software capabilities and skills. And this is something both our partners, our customers have told us. They're really looking for now in terms of the takeover, it's something fun that the definite crew does. I think you're doing five of them during this week. I was really excited, Suzy. We asked us to be the first Eso es the opportunity. Kick it off. It does include beer. So that's one of the nice things. It includes T shirts, both things that I think are prevalent in the developer community. I'll say, Andi, just have an hour where the focus is on cloud technology. So we got everyone in cloud T shirts, a bunch of the experts for my product enduring teams on hand. We had some special presentations, were just many an hour focused on cloud >> Well, and I love that you're doing that definite zone. We've always been super impressed with this whole notion of infrastructures code. I think I've said many times of all the traditional enterprise cos you know computer companies, if you will hae t companies Cisco has done a better job of anybody than making its infrastructure programmable. We're talking about security before it's critical. If you're still tossing stuff over to the operations team, you're gonna be have exposures. Whereas you guys are in a position now and you talk talent, you're transitioning. You know the role of the C C I. A. And now is becoming essentially a developer of infrastructure is code, and it's a very powerful absolutely. I think we're >> helping our partners and our customers transform. Justus were transforming. I think it's kind of a symbiotic relationship that's super important to us. >> It's also important you think about the balancing act between agility, cost, called security or even data assurance. There. Tradeoffs involved the nobs. You have to turn, but you can. You can you achieve all three, you know, to optimize your business. >> Look, there may always be trade offs, but it's not sort of a zero sum game. All those we sing customers who've automated that through things like C I. D. Move Teo, you know, a different place in a much better place where They're not necessarily making trade offs on security to get better agility if they fully off if they fully automated their deployment chains. So they know that there are no mistakes there. They know that they have the ability to roll out fixes if they need to. They know that they're containers, for instance. They're being scanned from a security perspective, very every time they deploy them. They're actually able to build automated infrastructures that are more agile and more secure so that it's pretty exciting. >> So it involves the automated change management and date assurance talking about containers. That's interesting. Spinning up containers. You want to spend it down frequently. So the bad guys that makes it harder for them to get through. >> You talk about BM sprawling, right? Yeah, right. The Janus sprawling biggest issues out there. And by the way, you know, as you automate this infrastructure, rightly so you mention infrastructures code that you can do the other magic, which is introducing machine learning artificial intelligence. And today they get learn such Gupta gave school. Harold, thank you. Have a terrific demonstration off. You know, finding Rocco's analysis for very, very complex kind of problems that will take forever in the old fashion world. Now, all of a sudden you have the management system. In this case, the nation tells you actually where the problem is, and if you value there that you click a button and instantaneously you deploy, you know, new policies and configuration. That's a dream come true. Literally, you may say, probably we're the last ones to the party in terms of infrastructure players, the industry means. But we're getting there very quickly, and this is a whole new set of possibilities now, >> way talking the cube a lot, and I think it's really relevant for what I'm hearing about your strategies. This cloud is about bringing the cloud operating model to your data wherever your data lives. And that seems to be kind of underscore your your strategy. Absolutely. It's so edge cloud on Prem hybrid, you guys, Your strategy is really to enable customers to bring that operating model wherever they need to. Absolutely right >> that transparency is a big deal. I mean, application anywhere, eating. Did I anywhere? That's a world where we're going to >> guys thoughts. Final thoughts on Sisqo live this year. No, it's only day one gets a customer meetings tonight, but initial impression San Diego >> Well, it's It's a well, it's always great to be in San Diego on DH. It's a great facility, and we know our customers really enjoy San Diego is Well, I think we'll have a great customer appreciation event on Wednesday night. Um, but, you know, I was struck. Uh, you just have to the keynote. I mean, the world solutions was buzzing, and there seems to be is always a lot of energy. It's just go live. But somehow so far this season, maybe even a little bit more energy. I know we've got a number of announcements coming this week across a bunch different areas, including clouds. So we're excited for next few days. >> Well, you got the double whammy first half. We were in February when Barcelona guys don't waste any time. You come right back. And June, your final thoughts value. >> Oh, it's just so exciting to speak with customers and partners. Over here, you can touch their excitement. People love to come together and get old. The news, you know, in one place it's this tremendous amount of energy here. >> Keep copter Fabio Gori. Thanks so much for coming on The Cube. Appreciate it. Thank you for having your walkabout, keeper. Right, everybody. We'll be back with our next guest. David Out. A student of Aunt Lisa Martin. We're live from Cisco Live 2019 in San Diego, right back.

>> Live from Las Vegas It's theCUBE! Covering the AWS Accenture Executive Summit. Brought to you by Accenture. >> Welcome back everyone to theCUBE's live coverage of the AWS Executive Summit here at the Venetian. I'm your host, Rebecca Knight. We have two guests for this segment. We have Akhtar Saeed, VP Solution Delivery, Southern Glazers Wine and Spirits, and Michael Noel, Managing Director Applied Intelligence at Accenture. Thank you so much for coming on the show. >> Thank you. >> Thank you for having us. >> I think this is going to be a fun one. We're talking about wine and spirits. >> Absolutely. (laughs) >> Akhtar, tell our viewers a little bit about Southern Glazer. >> Yeah, so Southern Glazer Wine and Spirits is a privately held company. We are in about 44 states, and we are the largest distributor of wine and spirits. >> Okay, in 44 states. What was the business problem you were trying to solve in terms of the partnership that you formed with Accenture? >> Yeah, so we started this initiative before Southern and Glazer merged. >> And that was in? >> It was 2016. So southern was already looking at how to enhance our technology, how to provide better data analytics, and how to create one source of truth. So that's what drove this and we were looking to partner with appropriate system integrator and right technology to be able to help deliver well if the company to be able to do analytics and data analysis. >> So you had two separate companies merging together and I like this idea, one source of truth. What does that mean, what did that mean for you? >> Well what it means to us is that since you have quite a few data marts out there and everybody is looking at the numbers a little differently, we spend a lot of time trying to say, hey is this right or is this right? So we want to bring all the data together saying this is what the data is and this is how we're going to standardize it, that's what we're trying to do. >> Okay, so this one source, now, Michael, in terms of that, is that a common, common issue particularly among companies that are merging would you say? >> No absolutely you have businesses that might be in the same industry but they might have different processes to try to get to the same answer, right, and the answer's never really the same. So having this concept of a clean room that allows you to take your various aspects of a business and combine that from a data point of view, a business metrics point of view and a business process point of view, this one source, helps you consolidate and streamline that so you can see that integrated view across your new business model really. >> So where do you begin? So you bring in Accenture and AWS and where do you start? >> So like you've mentioned, in 2016, Glazer and Southern Wine Spirits came together and merged, it actually accelerated process because we needed what Mike mentioned as a clean room where we could put this data and won't have to merge at data centers on day one and have the reporting, common reporting platform being available for the new SGWS and that's what we started so we said, okay what is the key performance indicators, the key metrics that we need going into day one? and that's what we want to populate the data with to begin with to make sure that information is available when the day one for merger comes through. >> Okay and so what were those indicators? >> There were several indicators, there were several business reports, people needed the supply chain, they needed to understand the data, what the inventory looks like they needed to know how we were doing across the markets. So all those indicators, that's what we put together. >> Okay, okay, and so how do you work with the client in this respect, how do you and AWS sort of help the client look at what the core business challenges are and then say okay, this is how we're going to attack this problem? >> Right, no that's a good question. I think the main thing is understanding, what does the business need? and how is the technology going to support what the business needs, right? that's first and foremost, right, and then getting alignment and understanding that is really what drives a roadmap to say here's what we're going to do, here's the order we're going to do it in and here's the value that we expect to get out of following these steps one by one and I think one thing we learned is you have to be directionally correct, you may not be exact but as long as we're making progress in the right direction, you course correct as you need to, right, based upon as the business learns new things and as the market changes and what not and that's really how we accomplish this. >> And is it a co-creative process or, how closely are you working with Accenture and AWS? >> Oh, very closely with Accenture and AWS, it's very co-creative, I mean we are really working hand-in-hand. I mean, as Mike alluded, you start certain ways a journey and you realize, gee, this may work but I have to change a little bit here and there's several time we had to change team's direction how to get there and how to approach it and to deliver value. >> Well let's talk, let's get into the nitty gritty with the architecture and components. So what did this entail, coming to this clean room, this one source of truth? >> Yeah, AWR architecture is based on AWS' platform or Accenture's AIP, Accenture Insights platform which runs on AWS and we have, what we did right from the beginning we said we're going to have a data link, we're going to have a hadoop environment where we're going to all our data there And then for analytics research we're going to use Redshift, on top of that for reporting we use Tableau, and we have a homegrown tool called Compass for reporting also that we use. So that's how we initially started, initially we were feeding data directly into it, because we needed to stand the system up relatively quickly. The advantage to us, we didn't have to deal with infrastructure, that was all set up at AWS, we just to need to make sure we load our data and make sure we make the reports available. >> Were you going to add something to that? >> Yeah I know that the concept around, because the merger is expediting this clean room which allows you to stand up an analytics as a service model, to start bringing your data, to start building out your reporting analytics quickly right, which should really speak to market to understanding their position, as an integrated company was so important. So building the Accenture Insights platform on the AWS platform, was a huge success in order to allow them to start going down that path.. >> Yeah I want to hear about some of the innovative stuff you're doing around data analytics and really let's bring it back down to earth too and say actually so this is what we could learn and see, in terms of what was selling what was not selling, what were you finding out? >> So at this point we have about 6000 users on the platform approximately. Initially we had some challenges, I'll be very frank upfront, that everything does not go smooth. That's where we then say "Okay what do I do differently?" We started with dense storage, nodes and we soon found it's not meeting our needs. Then we enhanced Tougaloo dense cluster, and they helped us by about by 70%, that it drove the speed, but the queue length was still long, with Redshift we were still not getting the performance we needed. Then we went to second generation of dense computers and clusters and we got some more leverage, but really the breakthrough came when we said "we need to really reevaluate "how we've been doing our workload management." Some of our queries were very short term report queries real quick, others were loading data that took a while. And that's the challenge we had to overcome, with the workload management we were able to create, where we were able to bump queries and send them to different directions and create that capacity. And that's what really had a breakthrough in terms of technology for us, till that time we were struggling, I'll be honest, but once we got that breakthrough, we were able to comfortably deliver what business needed from data perspective and from businesses perspective. Mike would you like to add... >> Yeah, in addition to AWS, using Redshift has really been a really important, I guess decision and solution in place here, because not only are we using it for loading massive amounts of data, but it's also being used for power users, to generate very adhoc and large queries, to be able to support other analytic type needs right? And I think Redshift has allowed us to scale quickly as we needed to based upon certain times of year, certain market conditions or whatever, Redshift has really allowed us to do that. In order to support where the business demands have really grown exponentially since we've been putting this in place. And it all starts with architecting, and we said, and delivering all around the data. And then how do you enable the capabilities, not just data as a foundation but you know real time analytics, and looking at what looking at what could be, you know, forecasting and predicting what's happening in the future, using artificial intelligence, machine learning and that's really where the platform is taking us next. >> I want to talk about that, but I want to ask you quickly about the skills challenge, because introducing a new technology, there's going to be maybe some resistance and maybe simply your workers aren't quite up to speed. So can you talk a little bit about what you experienced, and then also how you overcame it? >> Yeah, I mean we had several challenges, I mean I'll put it in two big buckets, one is just change management. Anytime you're changing technology on this many users, they're comfortable with something they know, a known commodity, here's something new, that's a challenge. And one should not ignore, we need to pay a lot of attention on how to manage change. That's one, second challenge was within the technical group itself, because we were changing technology on them also right, and we had to overcome the skill sets, we were not the company, who were using open source a lot. So we had to overcome that and say how do we train our folks, how do we get knowledge? And in that case Accenture was great partner with us, they helped us tremendously and AWS professional services, they were able to help us and we had a couple of folks from professional services, they had really helped us with our technology to help drive that change. So you have to tackle from both sides, but we're doing pretty well at this point, we have found our own place, where we can drive through this together. >> In terms of what you were talking about earlier, in terms of what is next with predictive analytics and machine learning, can you talk a little bit about the most exciting things that are coming down the pipeline in terms of Southern Glazer? >> I think that's a great question, I think there's multiple way to look at it. From a business point of view right it's, how do they gain further insights by looking at as much different data sets as possible, right, whether it be internal data, external data, how do we combine that to really understand the customers better? And looking at how they approach things from a future point of view, we've been able to predict what's going to happen in the marketplace so I think it's about looking at all the different possible datasets out there and combining that to really understand what they can do from an art of the possible point of view. >> Can you give us some examples of terms of combining data sets so you're looking at, I mean, drinking patterns or what do we have here? >> I mean you have third party data, right, and TD links and those kind of things, you pull that data in and then you have our own data, then we have data from suppliers right, so that where we combine it and say okay what is this telling me, what story is this putting together telling me? I don't think we are there all the way, we have started on the journey, right now we are at what I call the, this one source of truth and we still have some more sub-editors loading to it, but that's the vision that, how do we pull in all that information and create predictive analysis down the road and be able to see what that means and how we'll be driving? >> And so you're really in the infancy of this? >> Yes, I mean it's a journey right, some may say that you're not in infancy, you're in the middle somewhere, somebody said, if they were ahead of us, it's all depending where you want to put this on that chart but we at least have taken first steps and we have one place where the data's available to us now, we're just going to keep adding to it and now it's a matter of how should we start to use it? >> In terms of lessons that you've learned along the way and you've been very candid in talking about some of the challenges that you've had to overcome but what would you say are some of the biggest takeaways that you have from this process? >> Yeah the biggest takeaway for me would be, as I've already mentioned, change management, don't ignore that, pay attention to that because that's what really drives it, second one that I'll say is probably, have a broader vision but when you execute make sure you look at the smaller things that you can measure, you can deliver against because you would have to take some steps to adjust to that so those are the two things, the third have the right partners with you because you can't go alone on this, you need to make sure you understand who you're going to work with and create a relation with them and saying "hey it's okay to have tough conversations", we have plenty of challenging conversations when we were having issues but it's as a team how you overcome those and deliver value, that's what matters. >> High praise for you Michael (laughs) at Accenture here, but what would you say in terms of being a partner with Southern Glazer and having helped and observed this company, what would you say are some of the biggest learnings from your perspective? >> Oddly enough I think the technology's the easier part of all this, right, I think that's fair to say without a doubt but really I think, really focusing on making the business successful, right, if everything you do is tied around making the business successful, then the rest will just kind of, you know, go along the way right because that's really the guiding principles right and then you saw that with technology right and that's really I think what we've learned most and foremost is, bring the business along, right, educating them and understanding what they really need and focusing on listening, alright, and trying to answer those specific questions, right, I think that's really the biggest factor we've learned over the past journey, yeah. >> And finally so we're here at AWS re:Invent, 60,000 people descending here on Sin City, what most excites you about, why do you come first of all and most excites you about the many announcements and innovations that we're seeing here this week? >> Yeah, so I'll be honest, this is the first time I've come to this conference but it's been really exciting, what excites me about these things is the new innovation, you learn new things, you say "hey, how can I go back "and apply this and do something different "and add more value back?" That's what excites me. >> Now, no I think you're absolutely right, I think, AWS is obviously a massive disruptor across any industry and their commitment to new technology, new innovation and the practicality of how we can start using some of that quickly I think is really exciting, right, because we've been working on this journey for a while and now there's some things that they've announced today, I think that we can go back and apply it pretty quickly, right, to really even further accelerate Southern Glazer's, you know, pivot to being a fully digital company. >> So a fully digital company, this is my last question (laughs) sorry, your advice for a company that is like yours, about to embark on this huge transformation, as you said, don't ignore the change management, the technology can sometimes be the easy part but do you have any other words of wisdom for a company that's in your shoes? >> All the words of wisdom I'll have is just I think I've already mentioned, three things they'll probably need to focus on, just take the first step, right, that's the hardest part, I think Anne even said this morning that some companies just never take the first step, take that first step and you have to, this is where the industry is going and data is going to be very important so you have to take the first step saying how do I get better, handle on the data. >> Excellent, great. Well Michael, Akhtar, thank you so much for coming on theCUBE this has been a real pleasure, thinking about Southern Glazer, next time bring some alchohol. >> Absolutely. (laughs) It's Vegas! >> Thank you, appreciate it. >> Great. I'm Rebecca Knight, we'll have more of theCUBE's live coverage of the AWS executive summit coming up in just a few moments, stay with us. (light music)

>> Man: Let me check. >> Announcer: Live from Las Vegas, it's The Cube. Covering InterConnect 20 17. Brought to you by IBM. >> Okay, welcome back everyone. Day two, we are here live in Las Vegas for IBM InterConnect. This is Silicon Angle's The Cube coverage of IBM's cloud event. The CEO, Ginni Rometty, was just on stage. We're kickin' off wall to wall coverage for three days. I'm John Furrier, my co-host, Dave Vellante, here for all three days. >> And, our next guest is Andy Lin, who's the VP of (mumbles) Mark Three Systems. A, 20 plus year IBM platinum partner. Doin' some real cutting edge work with cognitive as Ginny Rometty said cognitive to the core, is IBM's core strategy. Data first, enterprise strong is kind of the buzz words. Andy, welcome to The Cube. Appreciate you comin' on. >> Thanks for havin' me. >> So, obviously, enterprise strong, you know, it's, it's a kind of whole nother, you know, conversation that we can go deep on, but data first and cognitive to the core is really kind of the things that you guys are really getting into. All kinds of data types. Automating it and making it almost frictionless to move insights out. So, take a minute to explain what Mark Three's doing and what your role is with the company. >> Sure. Absolutely. So, I'm Vice President of strategy in Mark Three, so I work sort of across all our initiatives, especially areas that are emerging. Just a little bit about Mark Three, just historically for background purposes. So, we're a 22 year IBM platinum partner, as you pointed out. We actually started in the mid 90's, actually doing IT infrastructure around the IBM stack at that time. So, we sort of been with IBM over the last 20 years since the beginning. We've sort of grown up throughout the stack as IBM's evolved over the last two decades. About two and a half years ago, we started a digital development unit, called BlueChasm. And what BlueChasm does, is it basically builds open digital and cognitive platforms on the IBM cloud that are around a lot of services you pointed out. And, we basically designed it based on use cases that the ecosystem and our clients talk about. And, to give you a couple examples, one of the, one of the big ones that we're seeing a lot of interest around is called video recon. Video recon is a video analytics platform that's API enabled and open at it's core. So, regardless of where the video comes from, if it's a content management system, if it's a camera, we're able to basically take in that video, basically watch and listen to the video using Watson and some elements of our own intellectual property. And, then basically return insights based on what it sees and hears along with time stamps, back to the user to actually take action. >> Yeah. I love the name BlueChasm. It brings up, you know, Jeffrey Moore's Crossing the Chasm. Blue, IBM, big blue, so you know, it's a nice clever play. The BlueChasm opportunity. So, in your mind, for people watching, squint through some of the trends and extract out where you see these opportunities. Because if you're talkin' about new opportunities are emerging because of cloud horsepower and compute and storage and all the greatness of cloud, and you got real time analytics kind of really hittin' the main stream. That's going to, that's highlighted by internet of things is you can't go anywhere these days without hearing about autonomous vehicles, industrial (mumbles) things, AI, Mark Benioff was sayin', you know, we've seen the movies like Terminator and we've all dreamed about AI, so we can kind of get excited about the prospects. But, the chasm you're talkin' about, this is where these things that were ungettable before, unreachable new things, what are some of those things that you guys are doin' in that chasm? >> Yeah, so I think some of the things that we're doing are basically enabling, like I'll use video recon as an example, right, we're enabling a class to be able to get new insights using basically computer vision, but in an open and accessible way, that they've never had been able to do before. Vision itself, I don't think is new or revolutionary. You know, a lot of folks are doing it, self driving cars, etcetera. >> John: Yeah. >> But, I think what is new is being able to make it open and easily accessible to the normal enterprise, the normal service provider. Up to now, it's been, you know you've had, really had to have your own team of, you know, really, really deep AI develops or PHD's to be able to produce it for your own platform. What we're trying to do is basically demarketize that. >> John: Yeah. >> So, to give you an example, some use cases that we're, we're sort of working on today, the ability to do things like read meters and gages, as an example, with a camera. That way you can avoid a situation where somebody has to walk around all the time, you know, look at different things that could be dangerous. That there could be issues actually looking at what you see from a metering perspective. Or to be able to, for instance, for in the media entertainment industry or the video production industry, be able to do things like identify shot types, be able to more quickly allow our enterprise users in that particular space to be able to create video content quickly. And, the underlying theme with all this, I think it's really about speed to market. And, how quickly can you iterate and please whatever your customers in that particular space that you're in. >> So with the video recon, so your, your videos are searchable, essentially. >> (Andy) Correct. >> So, so what do you do? Use Watson, natural language processing to sort of translate them? Now (mumbles), of course, you know, NLP is maybe I don't know 75, 80 percent accurate, how do you close that gap? >> Yeah, so video recon does both visual and audio. So, the audio portion you are correct. There is some degree of trade off in accuracy relative to what I think the average human can do today. Assuming the human is focused and able to really tag these videos accurately. So, we are able to train it based on things like proper words and things that are enterprise focused. Because I know there, there are a lot of different ways that I think you can maybe attack this today from a video analytics perspective, where we're focused primarily just on the enterprise, solving business problems with, with video analytics. So, you know, taking advantage of if Watson improves, cause we do use (mumbles) tech at it's core from, on the audio perspective. Applying some of our own techniques to basically improve the accuracy of certain words that matter most to the enterprise. One of the things we've noticed is it's an entirely collaborative relationship with our, with our, with our enterprise clients but really partners. Because what works well for one, may not work well for another. One thing about cognitive is it really depends on the end user as to if this is a good idea or not. Or if this will work for their use case, just based on error, as you pointed out. >> So, to your point, you're identifying enterprise use cases and then tuning the system. Building solutions, essentially, for those use cases. >> Andy: Absolutely. >> Now, you said 22 year IBM platinum partner, so you obviously started well before this so-called digital transformation. >> Andy: Yes. >> You see digital transformation as, you know, revolutionary, or is it more of an evolution of your business? >> I'd definitely say it's an evolution. I think, you know, a lot of the industry buzz words out there are all around, you know, transformation or transition, but for us it's been completely additive. You know, at the end of the day we're just doing what our clients want, you know. And, we're still continuing the core part of our business around modernizing and optimizing IT infrastructure, tech sacks in the data center, also infrastructure service in the cloud. Also, up through the middle where it's still really as strong as ever. I mean, in fact that business has actually been very much reinforced by some of these capabilities that we brought in on the digital development side. Because, at the end of the day, you know, clients may have a digital unit and they may have, you know, IT, but they're really viewed sort of all in the same. A lot of people try to put 'em in two different buckets bimodal or whatever you want to use. But, you know, inevitably, you know, clients just see a business problem they want to address. >> Yep. >> And, they're saying how can I address it the fastest and the most effectively as relative to what their stakeholders want. And, we just realized early on that we had to have that development capability, be able to build platforms, but also guide out clients. If they don't want one of our platforms, if they don't want video recon or cognitive call center platform, that's perfectly fine. We're more than happy to guide them on how to build something similar for their developers with our developers relative to their tech stack, you know, hopefully on the IBM cloud. >> Andy, one of the things you were pointing out that I think is worth highlighting is the digital transformation buzz word, which has been around for a few years now, really is in main stream right now. >> Andy: Yes. >> People are really working hard to figure this out. We're seeing the disruption on the business model side. You mentioned speed and time to market, that's agility. That's not just a technical development term anymore. It's actually business model. It's business related. >> Andy: Yes. >> But there's two axes of things going on. There's the under the hood, heavy lifting stuff that goes on around getting stuff digitally to work. That's IT, security, and you know, Ginni Rometty talks about a lot of that on stage. That's being enterprise grade or enterprise strong. The other one is this digitization of the real world, right? So, that's creative. That requires insights. That requires kind of a different, it's actually probably maybe more fun for some people, but I mean it depends on who your profile is, but you have kind of two spectrums. Cool and relevant and exciting and intoxicating, creative, user experience driven. You mentioned reading meters. >> Andy: Yeah. >> That's the analog world. >> Andy: Yes. >> That's actually space. That's the world. That's like, you got the sky you got the meter. >> Andy: Yeah. >> You got physical impressions. This is the digitization of our world. What's your perspective? How do you talk to customers when they say, "Hey I want to digitize my business." >> Andy: Mm hmm. >> How does it go? What do you say? I mean, do you break it down into those axes? Do you go, did they see it that way? Can you share some color on this digital transformation of digitizing business? >> Yeah, so I mean it really depends on, I think, it normally it has to do with interacting with some other stakeholders in a certain way, you know. I think from our perspective it really is about, you know, how they want to interface. And, most of the time you pointed out speed. Speed I think is the number one reason why people are doing the digital transformation. It's not really about cost or these other factors. It's how quickly can I adjust my business model so I can win in the market place? And, you know, I think I pointed this earlier, but like, you know IOT is huge now. It covers what I call three out of the five senses in my mind. It covers basically touch, smell and taste in many ways. And, for us, I think we're basically trying to help them even get beyond IOT with video. Video really covers, you know, sight and hearing as well. It covers all the five senses. And, then you take that and figure out how do I digitize that experience and be able to allow you to interact with your stakeholders. Whether it be your customers, your suppliers or your partners out in the market place. And, then based on that we'll take these building blocks on how we, you know, extend the experience, and work with them on their specific use case. >> So, you got to ingest the data, which is the, you know, the images or data coming in. >> Correct. >> Then you got to prep it available for insights. >> Correct. >> And, produce them in, like really fast. >> Andy: Yep. >> That's hard. >> Andy: It is, yeah. >> It's not trivial. >> No it is not, it's not a trivial problem. Yeah, absolutely. And, I think, you know, there's a lot of opportunity here in the space over the next I think two to two to five years. But you're absolutely right. >> John: Yeah. >> I mean it is, it is a challenging. >> And, I want to get your thoughts too, and if you can share your reaction to some of the trends around machine learning, for instance. It's really kind of fueling this democratization. >> Andy: Yeah. >> You mention in the old days it was really hard, there was kind of a black art to, to machine learning or unique special, specialties. And, even data science that's at one level was really, really hard. Now you have common people doing things with visualization. What's the same with machine learning? I mean, you got more data sets coming in. Do you see that trend relevant to what you guys are working on in BlueChasm? >> Absolutely. I think at the core of it, and this wasn't our plan initially three years ago, we didn't realize that this was happen, but every single one of the platforms or prototypes or apps we've built, they all incorporate some degree of machine learning, deep learning within it's core. And, this is primarily just driven by I think what, to give a client a unique platform or a unique service on the market. Because, much of the base digitization, I mean Ginny likes to talk a lot about, you know, the key to being, differentiating yourself from digital world is being cognitive. And, we've seen this really play out in practice. And, I think what's changed, as you pointed out is, that it's easily accessible now to sort of the common man, as I put it. In years past, you really had to have people that are highly specialized. You build your own product. But now through open source- >> There's building blocks out there. >> Absolutely. >> You can just take an open source library and say hey, and then tweak the machine learning. >> Absolutely. And, the ramp up time has come down, you know, dramatically, even for our developers. Just watching them work. I mean, the prototype to video recon was built over the course of a weekend by one of our developers. He just came in one Monday and said, you know, is this, is this interesting? >> He's fired. >> Exactly. And, we were like, yes I think this is interesting. >> Well this is the whole inspiration thing that I talk about, the creativity. This is the two axes, right? >> You try to do that in the old days, I got to get a server provision. >> Andy: Yeah. >> I'm done. >> Andy: Right. >> You know, I'm going to go have a a beer. Whatever. I mean, there's almost an abandonment going on. We talked to Indiegogo yesterday about how they're funding companies. >> Andy: Yeah. >> You have this new creative action. >> Andy: Mm hmm. >> So you guys are seeing that. Any other examples you can share in terms of color around this kind of innovation? >> Yeah, so we, at BlueChasm we try to let our developers sort of have free reign over what they like to create. So video recon was spawned literally by a, on a side project, you know as with a lot of companies. It was, you know, a platform that sort of evolved into a commercial product, almost by accident, right? And, we've had others that have been anchored by like what clients had done, but like around the cognitive call center, which basically takes phone calls that are recorded and then basically transcribes and makes them easily searchable for audit reasons, training reasons, etcetera. Same kind of idea. We built things around like cognitive drones. A lot of folks are trying to do things with drones. Drones themselves aren't really not novel anymore, but being able to utilize them to collect data in unique ways, I think that industry is definitely evolving. We've built other things like, what I call the minority report board, after the scene in the movie where the board sort of looks at you and then based on what it sees of you, of different data points, it shows you an ad or shows you a piece of visual content to allow you to interact. >> John: Yeah. >> I mean, these are, these are examples. You know, we have others. But, you know we've just seen like in this organization if we allow creativity to sort of reign, you know, have free reign. We're able to sort of bring it back in along with some of the strengths of core Mark Three about being (mumbles). >> I mean the cognitive is really interesting. It's a programmatic approach to life. And, if you think about it, it's like if you have this collective intelligence with the data, you could offer an augmented reality experience- >> Andy: Yes. >> To anybody now, based upon what you're doin'. >> Absolutely. So I mean, I think that the toughest part I think right now is figuring out which of the opportunities to pursue. Because, there are so many out there and everyone has some interest in some degree, you know. You have to figure out how to prioritize about, you know, which, which of the ones you want to address first. >> John: Yeah. >> And, in what order. Because, what we've noticed is that a lot of these are building blocks that lead to other greater and greater platform concepts, and part of the challenge is figuring out what order you want to actually build these into. And, through you know, microservices through retainerization all these, you know, awesome evolutions as far as like with cloud and infrastructure technology, you're really able to piece together these pieces to build amazing (mumbles) quickly. >> The cloud native stuff is booming right now. >> Yeah. >> It's really fun to watch. Microservices, (mumbles), this orchestration, composability is just kickin' ass. >> Absolutely. >> And, all your clients are basically becoming software companies. They're takin' your services and building out their own sas capabilities. >> Andy: Right. >> Right? >> Without a doubt. I mean, you know the cloud (mumbles), container revolution's been significant for us. I mean we, we added the audio component to video recon based on some of the work we've been doing on the call center side. It was almost by accident. And, we were able to really put them together in a day because we were able to basically easily compose the overall platform at that time, or the prototype of the platform at that time just by linking together those services. So, we see this as a pattern moving forward. >> Andy, thanks for coming on The Cube. Really appreciate it. In the quick 30 seconds, what are you doin' here at the show? What are you guys talkin' about? What's some of the activity? Coolest thing you're seeing? Share some insight, what's going on here in Las Vegas. Share some perspective. >> Yeah, absolutely. So, we have a booth here in Vegas. We're demoing some of the platforms we talked about: video recon, cognitive call center. We're at booth six 87, which is toward the center back of the expo center. We have four break outs that we'll be doing as well. Talking about some of these concepts, as well as some of our projects that involve, you know, modernization of the data center as well. So, the true what I call IBM full stack. >> And, for the folks that aren't here watching, is there, the website address? Where can they go to get more information? >> Yeah, absolutely. You can go to Mark Three sys. M A R K triple I S Y S dot com, which is our website. If you want to learn a little bit more about video recon you can go to video recon dot I O. We have a very simple demo page, but you know, if you're interested in learning more or you want to explore if we can accommodate your specific use case, please feel free to reach out to me. Also, Mark Three systems, M A R K triple I systems at Twitter as well, and I can get back to you. >> Well, you know we're going to follow up with you. Going to get all of our Cube videos into the cognitive era. You'll be seeing us, pinging you online for that. >> Yeah. >> Love the video recon, just great. BlueChasm, great, great initiative. Congratulations on that. >> Thank you. >> Thanks for comin' on. Its The Cube live here in Las Vegas. Day two of coverage, wall to wall. I'm John Furrier with Dave Vellante. Stay with us. More great interviews after this short break.